root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
10,996 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

288 Commits

Author SHA1 Message Date
Ben Laurie 71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Dr. Stephen Henson f6c0bd641c return error if counter exceeds limit and seed value supplied 2011-11-25 16:03:42 +00:00
Dr. Stephen Henson ea7fe214c4 check counter value against 4 * L, not 4096 2011-11-25 15:01:23 +00:00
Dr. Stephen Henson f4324e51dd Add single call public key sign and verify functions. 2011-11-05 01:34:36 +00:00
Dr. Stephen Henson bc1b04d255 L=3072, N=256 provides 128 bits of security not 112. 2011-10-16 12:31:49 +00:00
Andy Polyakov 03e389cf04 Allow for dynamic base in Win64 FIPS module. 2011-09-14 20:48:49 +00:00
Bodo Möller ae53b299fa make update 2011-09-05 09:46:15 +00:00
Dr. Stephen Henson 2abaa9caaf Add support for DSA2 PQG generation of g parameter. 2011-08-27 12:30:47 +00:00
Dr. Stephen Henson f55f5f775e Add support for canonical generation of DSA parameter g. 
Modify fips_dssvs to support appropriate file format.
 2011-08-26 14:51:49 +00:00
Dr. Stephen Henson af17d99245 make EVP_dss() work for DSA signing 2011-06-20 20:05:51 +00:00
Dr. Stephen Henson c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in 
the FIPS capable OpenSSL.
 2011-05-11 14:43:38 +00:00
Dr. Stephen Henson fc683d7213 allow SHA384, SHA512 wit DSA 2011-05-08 12:38:35 +00:00
Dr. Stephen Henson 7c50694f05 Fix warning. 2011-04-24 12:40:26 +00:00
Richard Levitte ce67647605 fips_check_dsa_prng() should only be built when OPENSSL_FIPS is defined. 2011-04-24 10:07:17 +00:00
Dr. Stephen Henson 69a80f7d5e More fixes for DSA FIPS overrides. 2011-04-23 21:59:12 +00:00
Dr. Stephen Henson dc03504d09 Make sure overrides work for RSA/DSA. 2011-04-23 21:15:05 +00:00
Dr. Stephen Henson cac4fb58e0 Add PRNG security strength checking. 2011-04-23 19:55:55 +00:00
Dr. Stephen Henson 8c7096835b Use 0 for tbslen to perform strlen. 2011-04-19 11:10:54 +00:00
Dr. Stephen Henson a6311f856b Remove several of the old obsolete FIPS_corrupt_*() functions. 2011-04-14 11:30:51 +00:00
Dr. Stephen Henson ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to 
allow status of POST to be monitored and/or failures induced.
 2011-04-14 11:15:10 +00:00
Dr. Stephen Henson 31360957fb DH keys have an (until now) unused 'q' parameter. When creating 
from DSA copy q across and if q present generate DH key in the
correct range.
 2011-04-07 15:01:48 +00:00
Dr. Stephen Henson a255e5bc98 check RAND_pseudo_bytes return value 2011-04-04 14:43:20 +00:00
Richard Levitte c6dbe90895 make update 2011-03-24 22:59:02 +00:00
Ben Laurie edc032b5e3 Add SRP support. 2011-03-12 17:01:19 +00:00
Dr. Stephen Henson b7056b6414 Update dependencies. 2011-02-21 17:51:59 +00:00
Dr. Stephen Henson 225a9e296b Update pairwise consistency checks to use SHA-256. 2011-02-15 16:18:18 +00:00
Dr. Stephen Henson e990b4f838 Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new 
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.
 2011-02-13 18:45:41 +00:00
Dr. Stephen Henson 16a7fcc447 Return security strength for supported DSA parameters: will be used 
later.
 2011-02-11 14:38:39 +00:00
Dr. Stephen Henson a1a5885b64 Free keys if DSA pairwise error. 2011-02-11 14:21:01 +00:00
Dr. Stephen Henson 14ae26f2e4 Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files 
that use it.
 2011-02-03 17:00:24 +00:00
Bodo Möller 9d0397e977 make update 2011-02-03 10:17:53 +00:00
Dr. Stephen Henson a5b196a22c Add sign/verify digest API to handle an explicit digest instead of finalising 
a context.
 2011-02-02 14:21:33 +00:00
Dr. Stephen Henson 3c2c4cc5f2 fixes for DSA2 parameter generation 2011-02-01 17:15:19 +00:00
Dr. Stephen Henson 7f64c26588 Since FIPS 186-3 specifies we use the leftmost bits of the digest 
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
 2011-02-01 12:52:01 +00:00
Dr. Stephen Henson 3dd9b31dc4 Provisional, experimental support for DSA2 parameter generation algorithm. 
Not properly integrated or tested yet.
 2011-01-31 19:44:09 +00:00
Dr. Stephen Henson 7edfe67456 Move all FIPSAPI renames into fips.h header file, include early in 
crypto.h if needed.

Modify source tree to handle change.
 2011-01-27 19:10:56 +00:00
Dr. Stephen Henson 7cc684f4f7 Redirect FIPS memory allocation to FIPS_malloc() routine, remove 
OpenSSL malloc dependencies.
 2011-01-27 17:23:43 +00:00
Dr. Stephen Henson 7c8ced94c3 Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer 
to EVP any more.

Move locking #define into fips.h.

Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
 2011-01-27 15:22:26 +00:00
Dr. Stephen Henson 20818e00fd FIPS mode DSA changes: 
Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.

Key size restrictions.
 2011-01-26 15:46:26 +00:00
Dr. Stephen Henson f7a2afa652 Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of 
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().
 2011-01-25 16:55:15 +00:00
Dr. Stephen Henson 245a7eee17 recalculate DSA signature if r or s is zero (FIPS 186-3 requirement) 2011-01-25 16:01:29 +00:00
Dr. Stephen Henson 198ce9a611 Add additional parameter to dsa_builtin_paramgen to output the generated 
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
 2011-01-19 14:35:53 +00:00
Dr. Stephen Henson 776654adff PR: 2295 
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
 2010-10-11 23:49:22 +00:00
Dr. Stephen Henson 8ec3fa0597 fix signature printing routines 2010-10-04 13:58:41 +00:00
Ben Laurie c8bbd98a2b Fix warnings. 2010-06-12 14:13:23 +00:00
Dr. Stephen Henson 9a8a7d58af PR: 2241 
Submitted By: Artemy Lebedev <vagran.ast@gmail.com>

Typo.
 2010-04-20 12:53:18 +00:00
Dr. Stephen Henson a4d9c12f99 correct error code 2010-03-08 18:07:05 +00:00
Dr. Stephen Henson fa1ba589f3 Add algorithm specific signature printing. An individual ASN1 method can 
now print out signatures instead of the standard hex dump.

More complex signatures (e.g. PSS) can print out more meaningful information.

Sample DSA version included that prints out the signature parameters r, s.

[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
 new fields in the middle has no compatibility issues]
 2010-03-06 18:05:05 +00:00
Dr. Stephen Henson ba64ae6cd1 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:12 +00:00
Dr. Stephen Henson 6732e14278 check DSA_sign() return value properly 2009-12-01 18:39:33 +00:00