mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-03 05:41:46 +08:00
Code Issues Packages Projects Releases Wiki Activity
9,984 Commits 33 Branches 385 Tags 507 MiB
cab0595c14
Commit Graph

9984 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dr. Stephen Henson
cab0595c14 Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be 
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
 2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
856650deb0 FIPS mode support for openssl utility: doesn't work properly yet due 
to missing DRBG support in libcrypto.
 2011-04-04 17:16:28 +00:00
Dr. Stephen Henson
ab1415d2f5 Updated error codes for FIPS library. 2011-04-04 17:05:09 +00:00
Dr. Stephen Henson
f4bd65dae3 Set error code is additional data callback fails. 2011-04-04 17:03:35 +00:00
Dr. Stephen Henson
ac1ee8e877 Use environment when builds libcrypto shared library so CC value is picked up 
in FIPS builds.
 2011-04-04 17:01:58 +00:00
Dr. Stephen Henson
8776ef63c1 Change FIPS locking functions to macros so we get useful line information. 
Set fips_thread_set properly.
 2011-04-04 15:38:21 +00:00
Andy Polyakov
7af0400297 gcm128.c: fix shadow warnings. 2011-04-04 15:24:09 +00:00
Dr. Stephen Henson
1d59fe5267 Disable test fprintf. 2011-04-04 14:52:20 +00:00
Dr. Stephen Henson
ded1999702 Change RNG test to block oriented instead of request oriented, add option 
to test a "stuck" DRBG.
 2011-04-04 14:47:31 +00:00
Dr. Stephen Henson
a255e5bc98 check RAND_pseudo_bytes return value 2011-04-04 14:43:20 +00:00
Dr. Stephen Henson
4058861f69 PR: 2462 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug
 2011-04-03 17:14:35 +00:00
Dr. Stephen Henson
f74a0c0c93 PR: 2458 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.
 2011-04-03 16:25:29 +00:00
Dr. Stephen Henson
6e28b60aa5 PR: 2457 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS fragment reassembly bug.
 2011-04-03 15:47:58 +00:00
Dr. Stephen Henson
3b5c1dc565 Make WIN32 static builds work again. 2011-04-02 16:51:04 +00:00
Andy Polyakov
e512375186 ARM assembler pack: add missing arm_arch.h. 2011-04-01 21:09:09 +00:00
Andy Polyakov
1e86318091 ARM assembler pack: profiler-assisted optimizations and NEON support. 2011-04-01 20:58:34 +00:00
Andy Polyakov
d8d958323b gcm128.c: tidy up, minor optimization, rearrange gcm128_context. 2011-04-01 20:52:35 +00:00
Dr. Stephen Henson
30b26b551f restore .cvsignore 2011-04-01 18:49:24 +00:00
Dr. Stephen Henson
7d48743b95 restore .cvsignore 2011-04-01 18:40:30 +00:00
Dr. Stephen Henson
b26f324824 delete lib file 2011-04-01 18:40:05 +00:00
Dr. Stephen Henson
02eb92abad temporarily update .cvsignore 2011-04-01 18:38:51 +00:00
Dr. Stephen Henson
e5cadaf8db Only zeroise sensitive parts of DRBG context, so the type and flags 
are undisturbed.

Allow setting of "rand" callbacks for DRBG.
 2011-04-01 17:49:45 +00:00
Dr. Stephen Henson
8cf88778ea Allow FIPS malloc callback setting. Automatically set some callbacks 
in OPENSSL_init().
 2011-04-01 16:23:16 +00:00
Dr. Stephen Henson
c4acfb1fd0 Add additional OPENSSL_init() handling add dummy call to (hopefully) 
ensure OPENSSL_init() is always linked into an application.
 2011-04-01 15:46:03 +00:00
Dr. Stephen Henson
3f7468318d Provisional support for auto called OPENSSL_init() function. This can be 
used to set up any appropriate functions such as FIPS callbacks without
requiring an explicit application call.
 2011-04-01 14:49:30 +00:00
Dr. Stephen Henson
011c865640 Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for 
test applications.
 2011-04-01 14:46:07 +00:00
Dr. Stephen Henson
212a08080c Unused, untested, provisional RAND interface for DRBG. 2011-03-31 18:06:07 +00:00
Dr. Stephen Henson
e06de4dd35 Remove redundant definitions. Give error code if DRBG sefltest fails. 2011-03-31 17:23:12 +00:00
Dr. Stephen Henson
52b6ee8245 Reorganise DRBG API so the entropy and nonce callbacks can return a 
pointer to a buffer instead of copying to a fixed length buffer. This
removes the entropy and nonce length restrictions.
 2011-03-31 17:15:54 +00:00
Dr. Stephen Henson
bb61a6c80d fix warnings 2011-03-31 17:12:49 +00:00
Dr. Stephen Henson
79837e8c10 Update .cvsignore 2011-03-25 16:41:11 +00:00
Dr. Stephen Henson
5198009885 Add .cvsignore 2011-03-25 16:37:30 +00:00
Dr. Stephen Henson
cd22dfbf01 Have all algorithm test programs call fips_algtest_init() at startup: 
this will perform all standalone operations such as setting error
callbacks, entering FIPS mode etc.
 2011-03-25 16:36:46 +00:00
Dr. Stephen Henson
d4178c8fb1 Disable cmac tests by default so the old algorithm test vectors work. 2011-03-25 16:34:20 +00:00
Richard Levitte
3a660e7364 Corrections to the VMS build system. 
Submitted by Steven M. Schweda <sms@antinode.info>
 2011-03-25 16:20:35 +00:00
Dr. Stephen Henson
dad7851485 Allow setting of get_entropy and get_nonce callbacks outside test mode. 
Test mode is now set when a DRBG context is initialised.
 2011-03-25 14:38:37 +00:00
Dr. Stephen Henson
9db6974f77 Add .cvsignore 2011-03-25 14:26:23 +00:00
Dr. Stephen Henson
8e5dbc23df Remove unused function. 2011-03-25 14:24:23 +00:00
Dr. Stephen Henson
bd7e6bd44b Fix compiler warnings. 2011-03-25 12:36:02 +00:00
Dr. Stephen Henson
97057a1a7d Make some Unix builds work again. 2011-03-25 12:09:29 +00:00
Dr. Stephen Henson
8e51aef611 Typo. 2011-03-25 12:00:16 +00:00
Richard Levitte
4ec3e8ca51 For VMS, implement the possibility to choose 64-bit pointers with 
different options:
"64"		The build system will choose /POINTER_SIZE=64=ARGV if
		the compiler supports it, otherwise /POINTER_SIZE=64.
"64="		The build system will force /POINTER_SIZE=64.
"64=ARGV"	The build system will force /POINTER_SIZE=64=ARGV.
 2011-03-25 09:40:48 +00:00
Richard Levitte
5d0137aa14 make update 2011-03-25 09:30:52 +00:00
Richard Levitte
30fafdebf3 * Configure, crypto/ec/ec.h, crypto/ec/ecp_nistp224.c, util/mkdef.pl: 
Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have
  disabled by default.  If we don't do it this way, it screws up
  libeay.num.
* util/libeay.num: make update
 2011-03-25 09:29:46 +00:00
Richard Levitte
e775bbc464 * fips/cmac/fips_cmac_selftest.c: Because the examples in SP_800-38B 
aren't trustworthy (see examples 13 and 14, they have the same mac,
  as do examples 17 and 18), use examples from official test vectors
  instead.
 2011-03-25 09:24:02 +00:00
Richard Levitte
d8ba2a42e9 * fips/fipsalgtest.pl: Test the testvectors for all the CMAC ciphers 
we support.
 2011-03-25 08:48:26 +00:00
Richard Levitte
af267e4315 * fips/cmac/fips_cmactest.c: Some say TDEA, others say TDES. Support 
both names.
 2011-03-25 08:44:37 +00:00
Richard Levitte
d15467d582 * fips/cmac/fips_cmactest.c: Changed to accept all the ciphers we 
support (Two Key TDEA is not supported), to handle really big
  messages (some of the test vectors have messages 65536 bytes long),
  and to handle cases where there are several keys (Three Key TDEA)
 2011-03-25 08:40:33 +00:00
Richard Levitte
9507979228 * Makefile.fips: Update and add details about cmac. 2011-03-25 07:17:17 +00:00
Richard Levitte
c6dbe90895 make update 2011-03-24 22:59:02 +00:00