Dr. Stephen Henson
6f1a3a310c
FIPS changes to test/Makefile: rules to build FIPS test applications.
2011-01-26 16:47:51 +00:00
Dr. Stephen Henson
6f4b3e7c09
Use ARX in crypto/Makefile
2011-01-26 16:22:03 +00:00
Dr. Stephen Henson
6dff52e858
FIPS HMAC changes:
...
Use EVP macros.
Use tiny EVP in FIPS mode.
2011-01-26 16:15:38 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
5ca9cb7cbd
FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR
...
library dependencies.
2011-01-26 15:53:07 +00:00
Dr. Stephen Henson
83c3410b94
FIPS DH changes: selftest checks and key range checks.
2011-01-26 15:47:19 +00:00
Dr. Stephen Henson
20818e00fd
FIPS mode DSA changes:
...
Check for selftest failures.
Pairwise consistency test for RSA key generation.
Use some EVP macros instead of EVP functions.
Use minimal FIPS EVP where needed.
Key size restrictions.
2011-01-26 15:46:26 +00:00
Dr. Stephen Henson
c553721e8b
FIPS mode RSA changes:
...
Check for selftest failures.
Pairwise consistency test for RSA key generation.
Use some EVP macros instead of EVP functions.
Use minimal FIPS EVP where needed.
2011-01-26 15:37:41 +00:00
Dr. Stephen Henson
1588a3cae7
add new RAND errors
2011-01-26 15:33:51 +00:00
Dr. Stephen Henson
7a4bd34a4f
FIPS mode EVP changes:
...
Set EVP_CIPH_FLAG_FIPS on approved ciphers.
Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.
Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.
Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.
2011-01-26 15:25:33 +00:00
Dr. Stephen Henson
4ead4e5241
FIPS mode changes to make RNG compile (this will need updating later as we
...
need a whole new PRNG for FIPS).
1. avoid use of ERR_peek().
2. If compiling with FIPS use small FIPS EVP and disable ENGINE
2011-01-26 14:52:04 +00:00
Dr. Stephen Henson
1ab2f7f1cb
Add fipscanisterbuild configuration option and update Makefile.org: doesn't compile yet
2011-01-26 12:31:30 +00:00
Dr. Stephen Henson
9bafd8f7b3
FIPS_allow_md5() no longer exists and is no longer required
2011-01-26 12:23:58 +00:00
Richard Levitte
373048395e
Add rsa_crpt
2011-01-26 06:51:35 +00:00
Dr. Stephen Henson
3d6a8954f8
update mkerr.pl for use fips directory, add arx.pl script
2011-01-26 01:35:07 +00:00
Dr. Stephen Henson
c11845a4ab
add fips_premain.c.sha1
2011-01-26 01:15:54 +00:00
Dr. Stephen Henson
ec3657f81f
add fips_sha1_selftest.c
2011-01-26 01:11:12 +00:00
Dr. Stephen Henson
d69c6653ef
add fips/sha files
2011-01-26 01:09:52 +00:00
Dr. Stephen Henson
aaff7a0464
add fips/aes/Makefile
2011-01-26 01:05:48 +00:00
Dr. Stephen Henson
1d44454d6d
add fips/des/Makefile
2011-01-26 01:04:53 +00:00
Dr. Stephen Henson
5d3bfb9066
add fips/Makefile
2011-01-26 01:03:54 +00:00
Dr. Stephen Henson
aeb8996c38
add some missing fips files
2011-01-26 00:58:09 +00:00
Dr. Stephen Henson
2b4b28dc32
And so it begins... again.
...
Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have
missing files, extraneous files and other nastiness.
In other words: it's experimental ATM, OK?
2011-01-26 00:56:19 +00:00
Dr. Stephen Henson
72a267331a
Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate
...
crypto and ENGINE dependencies in RSA library.
2011-01-25 17:35:10 +00:00
Dr. Stephen Henson
13a5519208
Move BN_options function to bn_print.c to remove dependency for BIO printf
...
routines from bn_lib.c
2011-01-25 17:10:30 +00:00
Dr. Stephen Henson
f7a2afa652
Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of
...
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().
2011-01-25 16:55:15 +00:00
Dr. Stephen Henson
245a7eee17
recalculate DSA signature if r or s is zero (FIPS 186-3 requirement)
2011-01-25 16:01:29 +00:00
Dr. Stephen Henson
6e0375d504
revert Makefile change
2011-01-25 12:15:10 +00:00
Dr. Stephen Henson
7d05edd12e
PR: 2433
...
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve
Constify ASN1_STRING_set_default_mask_asc().
2011-01-24 16:19:52 +00:00
Dr. Stephen Henson
fef1c40bf1
New function EC_KEY_set_affine_coordinates() this performs all the
...
NIST PKV tests.
2011-01-24 16:07:40 +00:00
Dr. Stephen Henson
a428ac4750
check EC public key isn't point at infinity
2011-01-24 15:04:34 +00:00
Dr. Stephen Henson
0aa1aedbce
PR: 1612
...
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve
Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
2011-01-24 14:41:34 +00:00
Dr. Stephen Henson
dd616752a1
oops, revert mistakenly committed EC changes
2011-01-19 14:42:42 +00:00
Dr. Stephen Henson
198ce9a611
Add additional parameter to dsa_builtin_paramgen to output the generated
...
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.
The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
2011-01-19 14:35:53 +00:00
Dr. Stephen Henson
78c4572296
add va_list version of ERR_add_error_data
2011-01-14 15:13:37 +00:00
Dr. Stephen Henson
d3f17e5ed3
stop warning with no-engine
2011-01-13 15:41:58 +00:00
Richard Levitte
ff66ff0a9b
PR: 2425
...
Synchronise VMS build with Unixly build.
2011-01-10 20:55:21 +00:00
Ben Laurie
105d62cbf1
Constify.
2011-01-09 17:50:18 +00:00
Ben Laurie
c13d7c0296
Fix warning.
2011-01-09 17:50:06 +00:00
Dr. Stephen Henson
114f511f17
missed change in ACKNOWLEDGEMENTS file
2011-01-09 13:37:09 +00:00
Dr. Stephen Henson
778b14b72d
move some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch).
2011-01-09 13:32:57 +00:00
Dr. Stephen Henson
7b1a04519f
add X9.31 prime generation routines from 0.9.8 branch
2011-01-09 13:02:14 +00:00
Richard Levitte
5b301b2fe3
PR: 2407
...
Fix fault include.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
2011-01-06 20:56:02 +00:00
Dr. Stephen Henson
722521594c
Don't use decryption_failed alert for TLS v1.1 or later.
2011-01-04 19:39:27 +00:00
Dr. Stephen Henson
a47577164c
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
...
alert.
2011-01-04 19:34:20 +00:00
Dr. Stephen Henson
09d84e03e8
oops missed an assert
2011-01-03 12:54:08 +00:00
Dr. Stephen Henson
85881c1d92
PR: 2411
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Fix corner cases in RFC3779 code.
2011-01-03 01:40:53 +00:00
Dr. Stephen Henson
968062b7d3
Fix escaping code for string printing. If *any* escaping is enabled we
...
must escape the escape character itself (backslash).
2011-01-03 01:31:24 +00:00
Dr. Stephen Henson
e82f75577b
PR: 2410
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Use OPENSSL_assert() instead of assert().
2011-01-03 01:22:41 +00:00
Dr. Stephen Henson
88ea810e25
PR: 2413
...
Submitted by: Michael Bergandi <mbergandi@gmail.com>
Reviewed by: steve
Fix typo in crypto/bio/bss_dgram.c
2011-01-03 01:07:35 +00:00