Commit Graph

10265 Commits

Author SHA1 Message Date
Dr. Stephen Henson
6cdcb92513 Initial FIPS capable OpenSSL information 2011-06-17 21:08:15 +00:00
Dr. Stephen Henson
9945b460e2 Give parameters names in prototypes. 2011-06-17 16:47:41 +00:00
Dr. Stephen Henson
b234848879 Option "fipscheck" which checks to see if FIPS is autodetected in
a build. Use this for WIN32 builds.
2011-06-16 16:27:36 +00:00
Dr. Stephen Henson
fdb65c836c Don't include des.h any more: it is not needed. 2011-06-16 14:12:42 +00:00
Dr. Stephen Henson
c3de647e7d Update to mk1mf.pl and ms\do_fips.bat to install relevant files for
WIN32 FIPS builds.
2011-06-15 21:04:09 +00:00
Bodo Möller
e66cb363d6 Fix the version history: changes going into 1.1.0 that are also going
into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0".

This makes the OpenSSL_1_0_1-stable and HEAD versions of this file
consistent with each other (the HEAD version has the additional 1.1.0
section, but doesn't otherwise differ).
2011-06-15 14:49:17 +00:00
Dr. Stephen Henson
70051b1d88 set FIPS allow before initialising ctx 2011-06-14 15:25:21 +00:00
Dr. Stephen Henson
bd6386f59c make sure custom cipher flag doesn't use any mode bits 2011-06-13 23:06:43 +00:00
Dr. Stephen Henson
1d55dd86dd Allow applications to specify alternative FIPS RAND methods if they
are sure they are OK.

API to retrieve FIPS rand method.
2011-06-13 20:28:45 +00:00
Dr. Stephen Henson
38f90d06d7 sync and update ordinals 2011-06-12 15:40:06 +00:00
Dr. Stephen Henson
19cd2049f7 Don't export functions marked as FIPSCAPABLE. 2011-06-12 15:38:36 +00:00
Dr. Stephen Henson
b08e372bf6 Use FIPSCAPABLE for FIPS module functions used in FIPS capable OpenSSL. 2011-06-12 15:37:51 +00:00
Dr. Stephen Henson
0435dc1902 HMAC fips prototypes 2011-06-12 15:02:53 +00:00
Dr. Stephen Henson
e6e7b4e825 CMAC FIPS prototypes. 2011-06-12 14:11:57 +00:00
Dr. Stephen Henson
f41154b206 #undef bn_div_words as it is defined for FIPS builds. 2011-06-10 14:03:27 +00:00
Dr. Stephen Henson
3096d53b46 Update dependencies for m_dss.c too. 2011-06-10 14:00:02 +00:00
Dr. Stephen Henson
068291cd44 Remove x509.h from SHA1 clone digests, update dependencies. 2011-06-10 13:52:44 +00:00
Dr. Stephen Henson
a1a8a71cf7 Install FIPS module in FIPSDIR if set. 2011-06-09 21:52:44 +00:00
Dr. Stephen Henson
603bc9395c more prototypes in fips.h 2011-06-09 15:18:55 +00:00
Dr. Stephen Henson
da9234130a Add more prototypes. 2011-06-09 13:50:53 +00:00
Dr. Stephen Henson
ca9335760b fix memory leak 2011-06-08 15:55:43 +00:00
Dr. Stephen Henson
4960411e1f Add flags for DH FIPS method.
Update/fix prototypes in fips.h
2011-06-08 15:53:08 +00:00
Dr. Stephen Henson
6b6abd627c Set flags in ECDH and ECDSA methods for FIPS. 2011-06-08 13:52:36 +00:00
Andy Polyakov
7eabad423c rc4_skey.c: remove dead/redundant code (it's never compiled) and
misleading/obsolete comment.
2011-06-06 20:02:26 +00:00
Dr. Stephen Henson
7f0d1be3a6 Add prototypes for some FIPS EC functions. 2011-06-06 15:24:02 +00:00
Dr. Stephen Henson
1c13c122d8 Set SSL_FIPS flag in ECC ciphersuites. 2011-06-06 14:14:41 +00:00
Dr. Stephen Henson
644ce07ecd Move function prototype to fips.h 2011-06-06 11:56:58 +00:00
Andy Polyakov
17f121de9d e_aes.c: move AES-NI run-time switch and implement the switch for remaining modes. 2011-06-06 11:40:03 +00:00
Andy Polyakov
4d01f2761d x86_64cpuid.pl: fix typo. 2011-06-04 13:08:25 +00:00
Andy Polyakov
301799b803 x86[_64]cpuid.pl: add function accessing rdrand instruction. 2011-06-04 12:20:45 +00:00
Richard Levitte
8d515259e2 No spaces in assignements in a shell script... 2011-06-04 09:00:59 +00:00
Dr. Stephen Henson
4f8f8bf3a4 fix error discrepancy 2011-06-03 18:50:24 +00:00
Dr. Stephen Henson
b8b90804b6 license correction, no EAY code included in this file 2011-06-03 17:56:17 +00:00
Dr. Stephen Henson
549c4ad35b Add "OPENSSL_FIPSCAPABLE" define for a version of OpenSSL which is
FIPS capable: i.e. FIPS module is supplied externally.
2011-06-03 16:26:58 +00:00
Dr. Stephen Henson
267229b141 Constify RSA signature buffer. 2011-06-03 12:38:18 +00:00
Dr. Stephen Henson
946f57105f Typo. 2011-06-02 18:20:55 +00:00
Dr. Stephen Henson
2280dc7c43 Remove FIPS RSA functions from crypto/rsa. 2011-06-02 17:52:39 +00:00
Dr. Stephen Henson
0cabe4e172 Move FIPS RSA function definitions to fips.h
New function to lookup digests by NID in module.

Minor optimisation: if supplied hash is NULL to FIPS RSA functions and
we are using PKCS padding get digest NID from otherwise unused saltlen
parameter instead.
2011-06-02 17:30:22 +00:00
Dr. Stephen Henson
b6df360b9e Simple automated certificate creation demo. 2011-06-01 18:36:49 +00:00
Dr. Stephen Henson
e7ee10d3dc Clone digest prototypes. 2011-06-01 14:18:28 +00:00
Dr. Stephen Henson
bce1af7762 Add DSA and ECDSA "clone digests" to module for compatibility with old
applications.
2011-06-01 14:07:32 +00:00
Dr. Stephen Henson
654ac273c1 typo 2011-06-01 11:10:35 +00:00
Dr. Stephen Henson
8f119a0357 set FIPS permitted flag before initalising digest 2011-05-31 16:24:19 +00:00
Dr. Stephen Henson
06843f826f Fake CPU caps so fips_standalone_sha1 compiles.
Initialise update function for bad digest inits.
2011-05-31 16:22:21 +00:00
Dr. Stephen Henson
1b2047c5c0 Don't round up partitioned premaster secret length if there is only one
digest in use: this caused the PRF to fail for an odd premaster secret
length.
2011-05-31 10:34:43 +00:00
Dr. Stephen Henson
eda3766b53 Output supported curves in preference order instead of numerically. 2011-05-30 17:58:13 +00:00
Andy Polyakov
62b6c5c404 e_aes.c: fix typo. 2011-05-30 10:13:42 +00:00
Andy Polyakov
e76cbcf686 e_aes.c: fix aes_cfb1_cipher. 2011-05-30 10:10:05 +00:00
Andy Polyakov
d1fff483d6 e_aes.c: integrate AESNI directly into EVP. 2011-05-30 09:16:01 +00:00
Andy Polyakov
8da721ee2b aesni-x86[_64].pl: relax alignment requirement. 2011-05-30 09:15:16 +00:00