Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Implement internally opaque bn access from dsa | Matt Caswell | 2014-12-08 | 5 | -56/+82 |
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> | ||||
* | remove OPENSSL_FIPSAPI | Dr. Stephen Henson | 2014-12-08 | 4 | -4/+4 |
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> | ||||
* | remove FIPS module code from crypto/dsa | Dr. Stephen Henson | 2014-12-08 | 4 | -198/+0 |
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> | ||||
* | Remove fips_constseg references. | Dr. Stephen Henson | 2014-12-08 | 1 | -1/+0 |
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> | ||||
* | Remove fipscanister build functionality from makefiles. | Dr. Stephen Henson | 2014-12-08 | 1 | -1/+1 |
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> | ||||
* | Remove all .cvsignore files | Rich Salz | 2014-11-28 | 1 | -4/+0 |
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> | ||||
* | RT3192: spurious error in DSA verify | Matt Caswell | 2014-09-09 | 1 | -3/+1 |
| | | | | | | | This is funny; Ben commented in the source, Matt opend a ticket, and Rich is doing the submit. Need more code-review? :) Reviewed-by: Dr. Stephen Henson <steve@openssl.org> | ||||
* | RT2626: Change default_bits from 1K to 2K | Kurt Roeckx | 2014-09-08 | 1 | -1/+1 |
| | | | | | | | | | | This is a more comprehensive fix. It changes all keygen apps to use 2K keys. It also changes the default to use SHA256 not SHA1. This is from Kurt's upstream Debian changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> | ||||
* | Remove some outdated README files, to avoid confusing people. | Rich Salz | 2014-08-30 | 1 | -4/+0 |
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> | ||||
* | RT3061: slightly amend patch | Emilia Kasper | 2014-08-22 | 1 | -2/+1 |
| | | | | | | Add an extra NULL dereference check Reviewed-by: Viktor Dukhovni <viktor@openssl.org> | ||||
* | Add functions returning security bits. | Dr. Stephen Henson | 2014-03-28 | 3 | -0/+12 |
| | | | | | Add functions to return the "bits of security" for various public key algorithms. Based on SP800-57. | ||||
* | misspellings fixes by https://github.com/vlajos/misspell_fixer | Veres Lajos | 2013-09-05 | 1 | -1/+1 |
| | |||||
* | Return correct enveloped data type in ASN1 methods. | Dr. Stephen Henson | 2013-07-17 | 1 | -0/+4 |
| | | | | | | For RSA and DSA keys return an appropriate RecipientInfo type. By setting CMS_RECIPINFO_NONE for DSA keys an appropriate error is returned if an attempt is made to use DSA with enveloped data. | ||||
* | Avoid need to change function code. | Dr. Stephen Henson | 2013-07-17 | 1 | -7/+7 |
| | | | | | Keep original function names for nonce versions so we don't have to change error function codes. | ||||
* | Make `safe' (EC)DSA nonces the default. | Adam Langley | 2013-07-15 | 4 | -31/+19 |
| | | | | | | | | | This change updates 8a99cb29 to make the generation of (EC)DSA nonces using the message digest the default. It also reverts the changes to (EC)DSA_METHOD structure. In addition to making it the default, removing the flag from EC_KEY means that FIPS modules will no longer have an ABI mismatch. | ||||
* | Add control to retrieve signature MD. | Dr. Stephen Henson | 2013-06-21 | 1 | -0/+4 |
| | |||||
* | Add secure DSA nonce flag. | Adam Langley | 2013-06-13 | 4 | -15/+58 |
| | | | | | | This change adds the option to calculate (EC)DSA nonces by hashing the message and private key along with entropy to avoid leaking the private key if the PRNG fails. | ||||
* | Don't SEGFAULT when trying to export a public DSA key as a private key. | Adam Langley | 2013-06-13 | 1 | -0/+6 |
| | |||||
* | Version skew reduction: trivia (I hope). | Ben Laurie | 2012-06-03 | 1 | -0/+1 |
| | |||||
* | return error if counter exceeds limit and seed value supplied | Dr. Stephen Henson | 2011-11-25 | 1 | -0/+6 |
| | |||||
* | check counter value against 4 * L, not 4096 | Dr. Stephen Henson | 2011-11-25 | 1 | -1/+1 |
| | |||||
* | Add single call public key sign and verify functions. | Dr. Stephen Henson | 2011-11-05 | 1 | -0/+5 |
| | |||||
* | L=3072, N=256 provides 128 bits of security not 112. | Dr. Stephen Henson | 2011-10-16 | 1 | -1/+1 |
| | |||||
* | Allow for dynamic base in Win64 FIPS module. | Andy Polyakov | 2011-09-14 | 1 | -0/+1 |
| | |||||
* | make update | Bodo Möller | 2011-09-05 | 1 | -16/+12 |
| | |||||
* | Add support for DSA2 PQG generation of g parameter. | Dr. Stephen Henson | 2011-08-27 | 1 | -12/+17 |
| | |||||
* | Add support for canonical generation of DSA parameter g. | Dr. Stephen Henson | 2011-08-26 | 2 | -13/+111 |
| | | | | Modify fips_dssvs to support appropriate file format. | ||||
* | make EVP_dss() work for DSA signing | Dr. Stephen Henson | 2011-06-20 | 1 | -0/+1 |
| | |||||
* | Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in | Dr. Stephen Henson | 2011-05-11 | 3 | -5/+5 |
| | | | | the FIPS capable OpenSSL. | ||||
* | allow SHA384, SHA512 wit DSA | Dr. Stephen Henson | 2011-05-08 | 1 | -1/+3 |
| | |||||
* | Fix warning. | Dr. Stephen Henson | 2011-04-24 | 1 | -1/+2 |
| | |||||
* | fips_check_dsa_prng() should only be built when OPENSSL_FIPS is defined. | Richard Levitte | 2011-04-24 | 1 | -0/+2 |
| | |||||
* | More fixes for DSA FIPS overrides. | Dr. Stephen Henson | 2011-04-23 | 1 | -1/+2 |
| | |||||
* | Make sure overrides work for RSA/DSA. | Dr. Stephen Henson | 2011-04-23 | 1 | -1/+1 |
| | |||||
* | Add PRNG security strength checking. | Dr. Stephen Henson | 2011-04-23 | 4 | -10/+69 |
| | |||||
* | Use 0 for tbslen to perform strlen. | Dr. Stephen Henson | 2011-04-19 | 1 | -1/+1 |
| | |||||
* | Remove several of the old obsolete FIPS_corrupt_*() functions. | Dr. Stephen Henson | 2011-04-14 | 1 | -9/+0 |
| | |||||
* | Initial incomplete POST overhaul: add support for POST callback to | Dr. Stephen Henson | 2011-04-14 | 1 | -1/+2 |
| | | | | allow status of POST to be monitored and/or failures induced. | ||||
* | DH keys have an (until now) unused 'q' parameter. When creating | Dr. Stephen Henson | 2011-04-07 | 1 | -1/+6 |
| | | | | | from DSA copy q across and if q present generate DH key in the correct range. | ||||
* | check RAND_pseudo_bytes return value | Dr. Stephen Henson | 2011-04-04 | 1 | -2/+6 |
| | |||||
* | make update | Richard Levitte | 2011-03-24 | 1 | -12/+16 |
| | |||||
* | Add SRP support. | Ben Laurie | 2011-03-12 | 1 | -16/+12 |
| | |||||
* | Update dependencies. | Dr. Stephen Henson | 2011-02-21 | 1 | -12/+16 |
| | |||||
* | Update pairwise consistency checks to use SHA-256. | Dr. Stephen Henson | 2011-02-15 | 1 | -2/+1 |
| | |||||
* | Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new | Dr. Stephen Henson | 2011-02-13 | 3 | -27/+2 |
| | | | | | and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1 library. | ||||
* | Return security strength for supported DSA parameters: will be used | Dr. Stephen Henson | 2011-02-11 | 1 | -7/+10 |
| | | | | later. | ||||
* | Free keys if DSA pairwise error. | Dr. Stephen Henson | 2011-02-11 | 1 | -1/+5 |
| | |||||
* | Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files | Dr. Stephen Henson | 2011-02-03 | 2 | -0/+4 |
| | | | | that use it. | ||||
* | make update | Bodo Möller | 2011-02-03 | 1 | -8/+15 |
| | |||||
* | Add sign/verify digest API to handle an explicit digest instead of finalising | Dr. Stephen Henson | 2011-02-02 | 1 | -0/+3 |
| | | | | a context. |