mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-09 05:51:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
9,799 Commits 34 Branches 385 Tags 509 MiB
1f2502eb58
Commit Graph

5184 Commits

Author SHA1 Message Date
Andy Polyakov
1f2502eb58 gcm128.c: add boundary condition checks. 2011-02-07 19:11:13 +00:00
Dr. Stephen Henson
bdaa54155c Initial *very* experimental EVP support for AES-GCM. Note: probably very 
broken and subject to change.
 2011-02-07 18:16:33 +00:00
Dr. Stephen Henson
fd3dbc1dbf Add CRYPTO_gcm128_tag() function to retrieve the tag. 2011-02-07 18:05:27 +00:00
Dr. Stephen Henson
d45087c672 Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher: 
the NULL value for the input buffer is sufficient to notice this case.
 2011-02-07 18:04:27 +00:00
Dr. Stephen Henson
3da0ca796c New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying 
cipher handles all cipher symantics itself.
 2011-02-07 14:36:08 +00:00
Dr. Stephen Henson
f9678b8b57 Fix memory leak. 2011-02-07 13:34:00 +00:00
Dr. Stephen Henson
83e9c36261 Use default ASN1 if flag set. 2011-02-07 12:47:16 +00:00
Andy Polyakov
b68c13154e gcm128.c: allow multiple calls to CRYPTO_gcm128_aad. 2011-02-06 23:50:05 +00:00
Andy Polyakov
68e2586bd3 gcm128.c: fix bug in OPENSSL_SMALL_FOOTPRINT decrypt. 
PR: 2432
Submitted by: Michael Heyman
 2011-02-06 23:48:32 +00:00
Dr. Stephen Henson
06b433acad Add FIPS support to the WIN32 build system. 2011-02-03 23:12:04 +00:00
Dr. Stephen Henson
14ae26f2e4 Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files 
that use it.
 2011-02-03 17:00:24 +00:00
Dr. Stephen Henson
3710d1aae9 Rename crypto/fips_err.c to fips_ers.c to avoid clash with other fips_err.c 2011-02-03 16:16:30 +00:00
Dr. Stephen Henson
cc5c772abd Include fips header file in err_all.c if needed. 2011-02-03 16:03:21 +00:00
Dr. Stephen Henson
65041aa27e Add FIPS error codes. 2011-02-03 15:58:43 +00:00
Dr. Stephen Henson
65847ca378 For now disable EC_GFp_nistp224_method() for WIN32 so the WIN32 build 
completes without linker errors.
 2011-02-03 13:00:08 +00:00
Dr. Stephen Henson
c2a459315a Use single X931 key generation source file for FIPS and non-FIPS builds. 2011-02-03 12:47:56 +00:00
Bodo Möller
e2b798c8b3 Assorted bugfixes: 
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
 2011-02-03 12:03:51 +00:00
Bodo Möller
9d0397e977 make update 2011-02-03 10:17:53 +00:00
Bodo Möller
2440d8b1db Fix error codes. 2011-02-03 10:03:23 +00:00
Dr. Stephen Henson
7a4ec19a5f Make no-asm work in fips mode. Add android platform. 2011-02-02 15:07:13 +00:00
Dr. Stephen Henson
a5b196a22c Add sign/verify digest API to handle an explicit digest instead of finalising 
a context.
 2011-02-02 14:21:33 +00:00
Dr. Stephen Henson
3c2c4cc5f2 fixes for DSA2 parameter generation 2011-02-01 17:15:19 +00:00
Dr. Stephen Henson
7f64c26588 Since FIPS 186-3 specifies we use the leftmost bits of the digest 
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
 2011-02-01 12:52:01 +00:00
Dr. Stephen Henson
3dd9b31dc4 Provisional, experimental support for DSA2 parameter generation algorithm. 
Not properly integrated or tested yet.
 2011-01-31 19:44:09 +00:00
Dr. Stephen Henson
eb164d0b12 stop warnings about no previous prototype when compiling shared engines 2011-01-30 01:30:48 +00:00
Dr. Stephen Henson
7edfe67456 Move all FIPSAPI renames into fips.h header file, include early in 
crypto.h if needed.

Modify source tree to handle change.
 2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
7cc684f4f7 Redirect FIPS memory allocation to FIPS_malloc() routine, remove 
OpenSSL malloc dependencies.
 2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
aa87945f47 Update source files to handle new FIPS_lock() location. Add FIPS_lock() 
definition. Remove stale function references from fips.h
 2011-01-27 15:57:31 +00:00
Dr. Stephen Henson
7c8ced94c3 Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer 
to EVP any more.

Move locking #define into fips.h.

Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
 2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
ad6019d6c0 Move locking and thread ID functions into new files lock.c and thr_id.c, 
redirect locking to minimal FIPS_lock() function where required.
 2011-01-27 14:27:24 +00:00
Dr. Stephen Henson
a27de7b7fd use FIPSEVP in some bn and rsa files 2011-01-27 14:24:42 +00:00
Dr. Stephen Henson
879bd6e38c Internal version of BN_mod_inverse allowing checking of no-inverse without 
need to inspect error queue.
 2011-01-26 16:59:47 +00:00
Dr. Stephen Henson
6f4b3e7c09 Use ARX in crypto/Makefile 2011-01-26 16:22:03 +00:00
Dr. Stephen Henson
6dff52e858 FIPS HMAC changes: 
Use EVP macros.

Use tiny EVP in FIPS mode.
 2011-01-26 16:15:38 +00:00
Dr. Stephen Henson
df6de39fe7 Change AR to ARX to allow exclusion of fips object modules 2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
5ca9cb7cbd FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR 
library dependencies.
 2011-01-26 15:53:07 +00:00
Dr. Stephen Henson
83c3410b94 FIPS DH changes: selftest checks and key range checks. 2011-01-26 15:47:19 +00:00
Dr. Stephen Henson
20818e00fd FIPS mode DSA changes: 
Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.

Key size restrictions.
 2011-01-26 15:46:26 +00:00
Dr. Stephen Henson
c553721e8b FIPS mode RSA changes: 
Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.
 2011-01-26 15:37:41 +00:00
Dr. Stephen Henson
1588a3cae7 add new RAND errors 2011-01-26 15:33:51 +00:00
Dr. Stephen Henson
7a4bd34a4f FIPS mode EVP changes: 
Set EVP_CIPH_FLAG_FIPS on approved ciphers.

Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.

Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.

Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.
 2011-01-26 15:25:33 +00:00
Dr. Stephen Henson
4ead4e5241 FIPS mode changes to make RNG compile (this will need updating later as we 
need a whole new PRNG for FIPS).

1. avoid use of ERR_peek().

2. If compiling with FIPS use small FIPS EVP and disable ENGINE
 2011-01-26 14:52:04 +00:00
Richard Levitte
373048395e Add rsa_crpt 2011-01-26 06:51:35 +00:00
Dr. Stephen Henson
72a267331a Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate 
crypto and ENGINE dependencies in RSA library.
 2011-01-25 17:35:10 +00:00
Dr. Stephen Henson
13a5519208 Move BN_options function to bn_print.c to remove dependency for BIO printf 
routines from bn_lib.c
 2011-01-25 17:10:30 +00:00
Dr. Stephen Henson
f7a2afa652 Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of 
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().
 2011-01-25 16:55:15 +00:00
Dr. Stephen Henson
245a7eee17 recalculate DSA signature if r or s is zero (FIPS 186-3 requirement) 2011-01-25 16:01:29 +00:00
Dr. Stephen Henson
6e0375d504 revert Makefile change 2011-01-25 12:15:10 +00:00
Dr. Stephen Henson
7d05edd12e PR: 2433 
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve

Constify ASN1_STRING_set_default_mask_asc().
 2011-01-24 16:19:52 +00:00
Dr. Stephen Henson
fef1c40bf1 New function EC_KEY_set_affine_coordinates() this performs all the 
NIST PKV tests.
 2011-01-24 16:07:40 +00:00