wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9708 commits 20 branches 302 tags 153 MiB
Commit graph

5057 commits

Author SHA1 Message Date
Dr. Stephen Henson
ed9b0e5cba Redirect DH key and parameter generation. 2011-06-09 15:21:46 +00:00
Dr. Stephen Henson
752c1a0ce9 Redirect DSA operations to FIPS module in FIPS mode. 2011-06-09 13:54:09 +00:00
Dr. Stephen Henson
cc30415d0c Use method rsa keygen first if FIPS mode if it is a FIPS method. 2011-06-09 13:18:07 +00:00
Dr. Stephen Henson
03e16611a3 Redirect DH operations to FIPS module. Block non-FIPS methods. 
Sync DH error codes with HEAD.
 2011-06-08 15:58:59 +00:00
Dr. Stephen Henson
b6d63b2516 Check fips method flags for ECDH, ECDSA. 2011-06-08 14:01:00 +00:00
Dr. Stephen Henson
e6b88d02bd Implement Camellia_set_key properly for FIPS builds. 2011-06-08 13:11:46 +00:00
Andy Polyakov
125060ca63 rc4_skey.c: remove dead/redundant code (it's never compiled) and 
misleading/obsolete comment [from HEAD].
 2011-06-06 20:04:33 +00:00
Dr. Stephen Henson
6342b6e332 Redirection of ECDSA, ECDH operations to FIPS module. 
Also use FIPS EC methods unconditionally for now: might want to use them
only in FIPS mode or with a switch later.
 2011-06-06 15:39:17 +00:00
Dr. Stephen Henson
59bc67052b Add flags field to EC_KEY structure (backport from HEAD). 2011-06-06 13:18:03 +00:00
Dr. Stephen Henson
c090562828 Make no-ec2m work again (backport from HEAD). 2011-06-06 13:00:30 +00:00
Dr. Stephen Henson
69e2ec63c5 Reorganise ECC code so it can use FIPS module. 
Move compression, point2oct and oct2point functions into separate files.

Add a flags field to EC_METHOD.

Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct functions
(all existing methods do this). This removes dependencies from EC_METHOD while
keeping original functionality.

Backport from HEAD with minor changes.
 2011-06-06 12:54:51 +00:00
Dr. Stephen Henson
f610a516a0 Backport from HEAD: 
New option to disable characteristic two fields in EC code.

Make no-ec2m work on Win32 build.
 2011-06-06 11:49:36 +00:00
Dr. Stephen Henson
2e51a4caa3 Function not used outside FIPS builds. 2011-06-06 11:24:47 +00:00
Dr. Stephen Henson
c6fa97a6d6 FIPS low level blocking for AES, RC4 and Camellia. This is complicated by 
use of assembly language routines: rename the assembly language function
to the private_* variant unconditionally and perform tests from a small
C wrapper.
 2011-06-05 17:36:44 +00:00
Dr. Stephen Henson
24d7159abd Backport libcrypto audit: check return values of EVP functions instead 
of assuming they will always suceed.
 2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
d99e6b5014 New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) from a digest algorithm (backport from HEAD). 2011-06-03 18:35:49 +00:00
Dr. Stephen Henson
2cf40fc2b8 license correction, no EAY code included in this file 2011-06-03 17:56:51 +00:00
Dr. Stephen Henson
260d08b814 Backport CMAC support from HEAD. 2011-06-03 15:08:42 +00:00
Dr. Stephen Henson
53dd05d8f6 Redirect RSA keygen, sign, verify to FIPS module. 2011-06-03 13:16:16 +00:00
Dr. Stephen Henson
fbe7055370 Redirection of low level APIs to FIPS module. 
Digest sign, verify operations are not redirected at this stage.
 2011-06-02 18:22:42 +00:00
Dr. Stephen Henson
a5b386205f Backport extended PSS support from HEAD: allow setting of mgf1Hash explicitly. 
This is needed to handle FIPS redirection fully.
 2011-06-02 18:13:33 +00:00
Dr. Stephen Henson
916bcab28e Prohibit low level cipher APIs in FIPS mode. 
Not complete: ciphers with assembly language key setup are not
covered yet.
 2011-06-01 16:54:06 +00:00
Dr. Stephen Henson
c7373c3dee For consistency define clone digests in evp_fips.c 2011-06-01 15:11:00 +00:00
Dr. Stephen Henson
9f2c8eb2a1 Redirect clone digests to FIPS module for FIPS builds. 2011-06-01 14:28:21 +00:00
Dr. Stephen Henson
65300dcfb0 Prohibit use of low level digest APIs in FIPS mode. 2011-06-01 13:39:45 +00:00
Dr. Stephen Henson
5792219d1d Redirect cipher operations to FIPS module for FIPS builds. 2011-05-29 16:18:38 +00:00
Dr. Stephen Henson
293c58c1e7 Use approved API for EVP digest operations in FIPS builds. 
Call OPENSSL_init() in a few more places to make sure it is always called
at least once.

Initial cipher API redirection (incomplete).
 2011-05-29 15:55:13 +00:00
Dr. Stephen Henson
9f375a752e Add default ASN1 handling to support FIPS. 2011-05-29 02:32:05 +00:00
Dr. Stephen Henson
04dc5a9ca6 Redirect digests to FIPS module for FIPS builds. 
Use FIPS API when initialising digests.

Sync header file evp.h and error codes with HEAD for necessary FIPS
definitions.
 2011-05-28 23:01:26 +00:00
Dr. Stephen Henson
ae6cb5483e Use || instead of && so build doesn't fail. 2011-05-26 22:10:28 +00:00
Dr. Stephen Henson
a168ec1d27 Support shared library builds of FIPS capable OpenSSL, add fipscanister.o 
to libcrypto.a so linking to libcrypto.a works.
 2011-05-26 21:23:11 +00:00
Dr. Stephen Henson
7207eca1ee The first of many changes to make OpenSSL 1.0.1 FIPS capable. 
Add static build support to openssl utility.

Add new "fips" option to Configure.

Make use of installed fipsld and fips_standalone_sha1

Initialise FIPS error callbacks, locking and DRBG.

Doesn't do anything much yet: no crypto is redirected to the FIPS module.

Doesn't completely build either but the openssl utility can enter FIPS mode:
which doesn't do anything much either.
 2011-05-26 14:19:19 +00:00
Dr. Stephen Henson
ed67f7b7a7 Fix the ECDSA timing attack mentioned in the paper at: 
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
 2011-05-25 14:52:33 +00:00
Dr. Stephen Henson
6ea8d138d3 Fix the ECDSA timing attack mentioned in the paper at: 
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
 2011-05-25 14:42:27 +00:00
Dr. Stephen Henson
419b09b053 PR: 2512 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix BIO_accept so it can be bound to IPv4 or IPv6 sockets consistently.
 2011-05-25 12:36:59 +00:00
Richard Levitte
ab08405984 LIBOBJ contained o_fips.c, now o_fips.o. 2011-05-21 09:17:54 +00:00
Dr. Stephen Henson
f98d2e5cc1 Implement FIPS_mode and FIPS_mode_set 2011-05-19 18:19:07 +00:00
Dr. Stephen Henson
f4ddbb5ad1 inherit HMAC flags from MD_CTX 2011-05-19 17:38:57 +00:00
Dr. Stephen Henson
676cd3a283 new flag to stop ENGINE methods being registered 2011-05-15 15:58:38 +00:00
Dr. Stephen Henson
e24b01cc6f Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have disabled by 
default. If we don't do it this way, it screws up libeay.num.
(update from HEAD, original from levitte).
 2011-05-12 13:10:27 +00:00
Dr. Stephen Henson
889c2282a5 allow SHA384, SHA512 with DSA 2011-05-08 12:38:51 +00:00
Dr. Stephen Henson
dca30c44f5 no need to include memory.h 2011-04-30 23:38:05 +00:00
Dr. Stephen Henson
f2c358c6ce check buffer is larger enough before overwriting 2011-04-06 18:06:54 +00:00
Richard Levitte
ecff2e5ce1 Corrections to the VMS build system. 
Submitted by Steven M. Schweda <sms@antinode.info>
 2011-03-25 16:21:08 +00:00
Dr. Stephen Henson
c9d630dab6 make some non-VMS builds work again 2011-03-25 15:07:18 +00:00
Richard Levitte
d135906dbc For VMS, implement the possibility to choose 64-bit pointers with 
different options:
"64"		The build system will choose /POINTER_SIZE=64=ARGV if
		the compiler supports it, otherwise /POINTER_SIZE=64.
"64="		The build system will force /POINTER_SIZE=64.
"64=ARGV"	The build system will force /POINTER_SIZE=64=ARGV.
 2011-03-25 09:39:46 +00:00
Richard Levitte
9f427a52cb make update (1.0.1-stable) 
This meant a slight renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable.  However, since there's been no release on
this branch yet, it should be harmless.
 2011-03-23 00:06:04 +00:00
Richard Levitte
9ed8dee71b A few more long symbols needing shortening. 2011-03-19 11:03:41 +00:00
Richard Levitte
4692b3345d Keep file references in the VMS build files in the same order as they 
are in the Unix Makefiles, and add SRP tests.
 2011-03-19 10:46:21 +00:00
Richard Levitte
e59fb00735 SRP was introduced, add it for OpenVMS. 2011-03-19 09:55:35 +00:00