Ben Laurie
71fa451343
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
Dr. Stephen Henson
f6c0bd641c
return error if counter exceeds limit and seed value supplied
2011-11-25 16:03:42 +00:00
Dr. Stephen Henson
ea7fe214c4
check counter value against 4 * L, not 4096
2011-11-25 15:01:23 +00:00
Dr. Stephen Henson
f4324e51dd
Add single call public key sign and verify functions.
2011-11-05 01:34:36 +00:00
Dr. Stephen Henson
bc1b04d255
L=3072, N=256 provides 128 bits of security not 112.
2011-10-16 12:31:49 +00:00
Andy Polyakov
03e389cf04
Allow for dynamic base in Win64 FIPS module.
2011-09-14 20:48:49 +00:00
Bodo Möller
ae53b299fa
make update
2011-09-05 09:46:15 +00:00
Dr. Stephen Henson
2abaa9caaf
Add support for DSA2 PQG generation of g parameter.
2011-08-27 12:30:47 +00:00
Dr. Stephen Henson
f55f5f775e
Add support for canonical generation of DSA parameter g.
...
Modify fips_dssvs to support appropriate file format.
2011-08-26 14:51:49 +00:00
Dr. Stephen Henson
af17d99245
make EVP_dss() work for DSA signing
2011-06-20 20:05:51 +00:00
Dr. Stephen Henson
c2fd598994
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
...
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
fc683d7213
allow SHA384, SHA512 wit DSA
2011-05-08 12:38:35 +00:00
Dr. Stephen Henson
7c50694f05
Fix warning.
2011-04-24 12:40:26 +00:00
Richard Levitte
ce67647605
fips_check_dsa_prng() should only be built when OPENSSL_FIPS is defined.
2011-04-24 10:07:17 +00:00
Dr. Stephen Henson
69a80f7d5e
More fixes for DSA FIPS overrides.
2011-04-23 21:59:12 +00:00
Dr. Stephen Henson
dc03504d09
Make sure overrides work for RSA/DSA.
2011-04-23 21:15:05 +00:00
Dr. Stephen Henson
cac4fb58e0
Add PRNG security strength checking.
2011-04-23 19:55:55 +00:00
Dr. Stephen Henson
8c7096835b
Use 0 for tbslen to perform strlen.
2011-04-19 11:10:54 +00:00
Dr. Stephen Henson
a6311f856b
Remove several of the old obsolete FIPS_corrupt_*() functions.
2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6
Initial incomplete POST overhaul: add support for POST callback to
...
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
31360957fb
DH keys have an (until now) unused 'q' parameter. When creating
...
from DSA copy q across and if q present generate DH key in the
correct range.
2011-04-07 15:01:48 +00:00
Dr. Stephen Henson
a255e5bc98
check RAND_pseudo_bytes return value
2011-04-04 14:43:20 +00:00
Richard Levitte
c6dbe90895
make update
2011-03-24 22:59:02 +00:00
Ben Laurie
edc032b5e3
Add SRP support.
2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
b7056b6414
Update dependencies.
2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
225a9e296b
Update pairwise consistency checks to use SHA-256.
2011-02-15 16:18:18 +00:00
Dr. Stephen Henson
e990b4f838
Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new
...
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.
2011-02-13 18:45:41 +00:00
Dr. Stephen Henson
16a7fcc447
Return security strength for supported DSA parameters: will be used
...
later.
2011-02-11 14:38:39 +00:00
Dr. Stephen Henson
a1a5885b64
Free keys if DSA pairwise error.
2011-02-11 14:21:01 +00:00
Dr. Stephen Henson
14ae26f2e4
Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files
...
that use it.
2011-02-03 17:00:24 +00:00
Bodo Möller
9d0397e977
make update
2011-02-03 10:17:53 +00:00
Dr. Stephen Henson
a5b196a22c
Add sign/verify digest API to handle an explicit digest instead of finalising
...
a context.
2011-02-02 14:21:33 +00:00
Dr. Stephen Henson
3c2c4cc5f2
fixes for DSA2 parameter generation
2011-02-01 17:15:19 +00:00
Dr. Stephen Henson
7f64c26588
Since FIPS 186-3 specifies we use the leftmost bits of the digest
...
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
2011-02-01 12:52:01 +00:00
Dr. Stephen Henson
3dd9b31dc4
Provisional, experimental support for DSA2 parameter generation algorithm.
...
Not properly integrated or tested yet.
2011-01-31 19:44:09 +00:00
Dr. Stephen Henson
7edfe67456
Move all FIPSAPI renames into fips.h header file, include early in
...
crypto.h if needed.
Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
7cc684f4f7
Redirect FIPS memory allocation to FIPS_malloc() routine, remove
...
OpenSSL malloc dependencies.
2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
7c8ced94c3
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
...
to EVP any more.
Move locking #define into fips.h.
Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
20818e00fd
FIPS mode DSA changes:
...
Check for selftest failures.
Pairwise consistency test for RSA key generation.
Use some EVP macros instead of EVP functions.
Use minimal FIPS EVP where needed.
Key size restrictions.
2011-01-26 15:46:26 +00:00
Dr. Stephen Henson
f7a2afa652
Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of
...
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().
2011-01-25 16:55:15 +00:00
Dr. Stephen Henson
245a7eee17
recalculate DSA signature if r or s is zero (FIPS 186-3 requirement)
2011-01-25 16:01:29 +00:00
Dr. Stephen Henson
198ce9a611
Add additional parameter to dsa_builtin_paramgen to output the generated
...
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.
The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
2011-01-19 14:35:53 +00:00
Dr. Stephen Henson
776654adff
PR: 2295
...
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:49:22 +00:00
Dr. Stephen Henson
8ec3fa0597
fix signature printing routines
2010-10-04 13:58:41 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
9a8a7d58af
PR: 2241
...
Submitted By: Artemy Lebedev <vagran.ast@gmail.com>
Typo.
2010-04-20 12:53:18 +00:00
Dr. Stephen Henson
a4d9c12f99
correct error code
2010-03-08 18:07:05 +00:00
Dr. Stephen Henson
fa1ba589f3
Add algorithm specific signature printing. An individual ASN1 method can
...
now print out signatures instead of the standard hex dump.
More complex signatures (e.g. PSS) can print out more meaningful information.
Sample DSA version included that prints out the signature parameters r, s.
[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
ba64ae6cd1
Tolerate PKCS#8 DSA format with negative private key.
2010-01-22 20:17:12 +00:00
Dr. Stephen Henson
6732e14278
check DSA_sign() return value properly
2009-12-01 18:39:33 +00:00