Age | Commit message (Collapse) | Author | |
---|---|---|---|
2011-08-26 | Add support for canonical generation of DSA parameter g. | Dr. Stephen Henson | |
Modify fips_dssvs to support appropriate file format. | |||
2011-08-23 | Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. | Andy Polyakov | |
2011-08-14 | Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA | Dr. Stephen Henson | |
using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites. | |||
2011-08-08 | Add HMAC DRBG from SP800-90 | Dr. Stephen Henson | |
2011-08-03 | Expand range of ctrls for AES GCM to support retrieval and setting of | Dr. Stephen Henson | |
invocation field. Add complete support for AES GCM ciphersuites including all those in RFC5288 and RFC5289. | |||
2011-07-25 | Update CHANGES. | Dr. Stephen Henson | |
2011-07-04 | Add functions to return FIPS module version. | Dr. Stephen Henson | |
2011-06-15 | Fix the version history: changes going into 1.1.0 that are also going | Bodo Möller | |
into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0". This makes the OpenSSL_1_0_1-stable and HEAD versions of this file consistent with each other (the HEAD version has the additional 1.1.0 section, but doesn't otherwise differ). | |||
2011-05-30 | Output supported curves in preference order instead of numerically. | Dr. Stephen Henson | |
2011-05-25 | Fix the ECDSA timing attack mentioned in the paper at: | Dr. Stephen Henson | |
http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention. | |||
2011-05-20 | PR: 2295 | Dr. Stephen Henson | |
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com> Reviewed by: steve OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code elimination. | |||
2011-05-19 | Add CHANGES entry: add FIPS support to ssl | Dr. Stephen Henson | |
2011-05-19 | Implement FIPS_mode and FIPS_mode_set | Dr. Stephen Henson | |
2011-05-12 | Provisional support for TLS v1.2 client authentication: client side only. | Dr. Stephen Henson | |
Parse certificate request message and set digests appropriately. Generate new TLS v1.2 format certificate verify message. Keep handshake caches around for longer as they are needed for client auth. | |||
2011-05-11 | Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in | Dr. Stephen Henson | |
the FIPS capable OpenSSL. | |||
2011-05-09 | Initial TLS v1.2 client support. Include a default supported signature | Dr. Stephen Henson | |
algorithms extension (including everything we support). Swicth to new signature format where needed and relax ECC restrictions. Not TLS v1.2 client certifcate support yet but client will handle case where a certificate is requested and we don't have one. | |||
2011-05-06 | Continuing TLS v1.2 support: add support for server parsing of | Dr. Stephen Henson | |
signature algorithms extension and correct signature format for server key exchange. All ciphersuites should now work on the server but no client support and no client certificate support yet. | |||
2011-04-29 | Initial incomplete TLS v1.2 support. New ciphersuites added, new version | Dr. Stephen Henson | |
checking added, SHA256 PRF support added. At present only RSA key exchange ciphersuites work with TLS v1.2 as the new signature format is not yet implemented. | |||
2011-04-29 | Initial "opaque SSL" framework. If an application defines | Dr. Stephen Henson | |
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL. The advantage of this option is that any application supporting it will still be binary compatible if SSL structures change. | |||
2011-04-23 | Always return multiple of block length bytes from default DRBG seed | Dr. Stephen Henson | |
callback. Handle case where no multiple of the block size is in the interval [min_len, max_len]. | |||
2011-04-23 | Add PRNG security strength checking. | Dr. Stephen Henson | |
2011-04-18 | Fix EVP CCM decrypt. Add decrypt support to algorithm test program. | Dr. Stephen Henson | |
2011-04-18 | Initial untested CCM support via EVP. | Dr. Stephen Henson | |
2011-04-15 | Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation. | Dr. Stephen Henson | |
2011-04-14 | Initial incomplete POST overhaul: add support for POST callback to | Dr. Stephen Henson | |
allow status of POST to be monitored and/or failures induced. | |||
2011-04-12 | Provisional AES XTS support. | Dr. Stephen Henson | |
2011-04-06 | Update CHANGES. | Dr. Stephen Henson | |
2011-04-05 | Extensive reorganisation of PRNG handling in FIPS module: all calls | Dr. Stephen Henson | |
now use an internal RAND_METHOD. All dependencies to OpenSSL standard PRNG are now removed: it is the applications resposibility to setup the FIPS PRNG and initalise it. Initial OpenSSL RAND_init_fips() function that will setup the DRBG for the "FIPS capable OpenSSL". | |||
2011-04-05 | Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be | Dr. Stephen Henson | |
used by applications directly and the X9.31 PRNG is deprecated by new FIPS140-2 rules anyway. | |||
2011-03-17 | Implement health checks needed by SP800-90. | Dr. Stephen Henson | |
Fix warnings. Instantiate DRBGs at maximum strength. | |||
2011-03-16 | Fix Tom Wu's email. | Ben Laurie | |
2011-03-12 | Note SRP support. | Ben Laurie | |
2011-03-09 | Add ECDH to validated module. | Dr. Stephen Henson | |
2011-03-08 | New initial DH algorithm test driver. | Dr. Stephen Henson | |
2011-03-04 | Initial, provisional, subject to wholesale change, untested, probably | Dr. Stephen Henson | |
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes. Did I say this was untested? | |||
2011-02-21 | Make fipscanisteronly build only required files. | Dr. Stephen Henson | |
2011-02-17 | Make -DOPENSSL_FIPSSYMS work for assembly language builds. | Dr. Stephen Henson | |
2011-02-16 | Experimental FIPS symbol renaming. | Dr. Stephen Henson | |
Fixups under fips/ to make symbol renaming work. | |||
2011-02-15 | Add non-FIPS algorithm blocking and selftest checking. | Dr. Stephen Henson | |
2011-02-14 | Add ECDSA functionality to fips module. Initial very incomplete version | Dr. Stephen Henson | |
of algorithm test program. | |||
2011-02-12 | New option to disable characteristic two fields in EC code. | Dr. Stephen Henson | |
2011-02-11 | New "fispcanisteronly" build option: only build fipscanister.o and | Dr. Stephen Henson | |
associated utilities. This functionality will be used by the validated tarball. | |||
2011-02-09 | Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest. | Dr. Stephen Henson | |
2011-02-08 | Sync with 1.0.1 branch. | Bodo Möller | |
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.) | |||
2011-02-07 | Initial *very* experimental EVP support for AES-GCM. Note: probably very | Dr. Stephen Henson | |
broken and subject to change. | |||
2011-02-07 | Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher: | Dr. Stephen Henson | |
the NULL value for the input buffer is sufficient to notice this case. | |||
2011-02-07 | New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying | Dr. Stephen Henson | |
cipher handles all cipher symantics itself. | |||
2011-02-03 | fix omissions | Bodo Möller | |
2011-02-03 | CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) | Bodo Möller | |
2011-01-03 | Fix escaping code for string printing. If *any* escaping is enabled we | Dr. Stephen Henson | |
must escape the escape character itself (backslash). |