generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
9,750 Commits 16 Branches 258 Tags
Commit Graph

5159 Commits

Author SHA1 Message Date
Dr. Stephen Henson
7edfe67456 Move all FIPSAPI renames into fips.h header file, include early in 
crypto.h if needed.

Modify source tree to handle change.
 2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
7cc684f4f7 Redirect FIPS memory allocation to FIPS_malloc() routine, remove 
OpenSSL malloc dependencies.
 2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
aa87945f47 Update source files to handle new FIPS_lock() location. Add FIPS_lock() 
definition. Remove stale function references from fips.h
 2011-01-27 15:57:31 +00:00
Dr. Stephen Henson
7c8ced94c3 Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer 
to EVP any more.

Move locking #define into fips.h.

Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
 2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
ad6019d6c0 Move locking and thread ID functions into new files lock.c and thr_id.c, 
redirect locking to minimal FIPS_lock() function where required.
 2011-01-27 14:27:24 +00:00
Dr. Stephen Henson
a27de7b7fd use FIPSEVP in some bn and rsa files 2011-01-27 14:24:42 +00:00
Dr. Stephen Henson
879bd6e38c Internal version of BN_mod_inverse allowing checking of no-inverse without 
need to inspect error queue.
 2011-01-26 16:59:47 +00:00
Dr. Stephen Henson
6f4b3e7c09 Use ARX in crypto/Makefile 2011-01-26 16:22:03 +00:00
Dr. Stephen Henson
6dff52e858 FIPS HMAC changes: 
Use EVP macros.

Use tiny EVP in FIPS mode.
 2011-01-26 16:15:38 +00:00
Dr. Stephen Henson
df6de39fe7 Change AR to ARX to allow exclusion of fips object modules 2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
5ca9cb7cbd FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR 
library dependencies.
 2011-01-26 15:53:07 +00:00
Dr. Stephen Henson
83c3410b94 FIPS DH changes: selftest checks and key range checks. 2011-01-26 15:47:19 +00:00
Dr. Stephen Henson
20818e00fd FIPS mode DSA changes: 
Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.

Key size restrictions.
 2011-01-26 15:46:26 +00:00
Dr. Stephen Henson
c553721e8b FIPS mode RSA changes: 
Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.
 2011-01-26 15:37:41 +00:00
Dr. Stephen Henson
1588a3cae7 add new RAND errors 2011-01-26 15:33:51 +00:00
Dr. Stephen Henson
7a4bd34a4f FIPS mode EVP changes: 
Set EVP_CIPH_FLAG_FIPS on approved ciphers.

Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.

Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.

Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.
 2011-01-26 15:25:33 +00:00
Dr. Stephen Henson
4ead4e5241 FIPS mode changes to make RNG compile (this will need updating later as we 
need a whole new PRNG for FIPS).

1. avoid use of ERR_peek().

2. If compiling with FIPS use small FIPS EVP and disable ENGINE
 2011-01-26 14:52:04 +00:00
Richard Levitte
373048395e Add rsa_crpt 2011-01-26 06:51:35 +00:00
Dr. Stephen Henson
72a267331a Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate 
crypto and ENGINE dependencies in RSA library.
 2011-01-25 17:35:10 +00:00
Dr. Stephen Henson
13a5519208 Move BN_options function to bn_print.c to remove dependency for BIO printf 
routines from bn_lib.c
 2011-01-25 17:10:30 +00:00
Dr. Stephen Henson
f7a2afa652 Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of 
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().
 2011-01-25 16:55:15 +00:00
Dr. Stephen Henson
245a7eee17 recalculate DSA signature if r or s is zero (FIPS 186-3 requirement) 2011-01-25 16:01:29 +00:00
Dr. Stephen Henson
6e0375d504 revert Makefile change 2011-01-25 12:15:10 +00:00
Dr. Stephen Henson
7d05edd12e PR: 2433 
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve

Constify ASN1_STRING_set_default_mask_asc().
 2011-01-24 16:19:52 +00:00
Dr. Stephen Henson
fef1c40bf1 New function EC_KEY_set_affine_coordinates() this performs all the 
NIST PKV tests.
 2011-01-24 16:07:40 +00:00
Dr. Stephen Henson
a428ac4750 check EC public key isn't point at infinity 2011-01-24 15:04:34 +00:00
Dr. Stephen Henson
0aa1aedbce PR: 1612 
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
 2011-01-24 14:41:34 +00:00
Dr. Stephen Henson
dd616752a1 oops, revert mistakenly committed EC changes 2011-01-19 14:42:42 +00:00
Dr. Stephen Henson
198ce9a611 Add additional parameter to dsa_builtin_paramgen to output the generated 
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
 2011-01-19 14:35:53 +00:00
Dr. Stephen Henson
78c4572296 add va_list version of ERR_add_error_data 2011-01-14 15:13:37 +00:00
Dr. Stephen Henson
d3f17e5ed3 stop warning with no-engine 2011-01-13 15:41:58 +00:00
Richard Levitte
ff66ff0a9b PR: 2425 
Synchronise VMS build with Unixly build.
 2011-01-10 20:55:21 +00:00
Ben Laurie
c13d7c0296 Fix warning. 2011-01-09 17:50:06 +00:00
Dr. Stephen Henson
778b14b72d move some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch). 2011-01-09 13:32:57 +00:00
Dr. Stephen Henson
7b1a04519f add X9.31 prime generation routines from 0.9.8 branch 2011-01-09 13:02:14 +00:00
Dr. Stephen Henson
09d84e03e8 oops missed an assert 2011-01-03 12:54:08 +00:00
Dr. Stephen Henson
85881c1d92 PR: 2411 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Fix corner cases in RFC3779 code.
 2011-01-03 01:40:53 +00:00
Dr. Stephen Henson
968062b7d3 Fix escaping code for string printing. If *any* escaping is enabled we 
must escape the escape character itself (backslash).
 2011-01-03 01:31:24 +00:00
Dr. Stephen Henson
e82f75577b PR: 2410 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Use OPENSSL_assert() instead of assert().
 2011-01-03 01:22:41 +00:00
Dr. Stephen Henson
88ea810e25 PR: 2413 
Submitted by: Michael Bergandi <mbergandi@gmail.com>
Reviewed by: steve

Fix typo in crypto/bio/bss_dgram.c
 2011-01-03 01:07:35 +00:00
Dr. Stephen Henson
2b3936e882 avoid verification loops in trusted store when path building 2010-12-25 20:45:59 +00:00
Richard Levitte
b7ef916c38 First attempt at adding the possibility to set the pointer size for the builds on VMS. 
PR: 2393
 2010-12-14 19:19:04 +00:00
Dr. Stephen Henson
d7d5a55d22 Support routines for ASN1 scanning function, doesn't do much yet. 2010-12-13 18:15:28 +00:00
Andy Polyakov
05e4fbf801 bss_file.c: refine UTF8 logic. 
PR: 2382
 2010-12-11 14:53:14 +00:00
Dr. Stephen Henson
73334e8da1 PR: 2386 
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Correct SKM_ASN1_SET_OF_d2i macro.
 2010-12-02 18:02:29 +00:00
Dr. Stephen Henson
09c1dc850c PR: 2385 
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Zero key->pkey.ptr after it is freed so the structure can be reused.
 2010-11-30 19:37:21 +00:00
Andy Polyakov
e822c756b6 s390x assembler pack: adapt for -m31 build, see commentary in Configure 
for more details.
 2010-11-29 20:52:43 +00:00
Dr. Stephen Henson
300b1d76fe apply J-PKAKE fix to HEAD (original by Ben) 2010-11-29 18:32:05 +00:00
Dr. Stephen Henson
ae3fff5034 Some of the MS_STATIC use in crypto/evp is a legacy from the days when 
EVP_MD_CTX was much larger: it isn't needed anymore.
 2010-11-27 17:37:03 +00:00
Dr. Stephen Henson
fa71cc7bce fix typo in HMAC redirection, add HMAC INIT tracing 2010-11-24 19:14:59 +00:00