| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-05-13 | util/incore update that allows FINGERPRINT_premain-free build.OpenSSL-fips-2_0_10 | Andy Polyakov | |
| As for complementary fips.c modification. Goal is to ensure that FIPS_signature does not end up in .bss segment, one guaranteed to be zeroed upon program start-up. One would expect explicitly initialized values to end up in .data segment, but it turned out that values explicitly initialized with zeros can end up in .bss. The modification does not affect program flow, because first byte was the only one of significance [to FINGERPRINT_premain]. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> | |||
| 2012-10-04 | Add support for Windows CE and C64+ to FIPS module. | Dr. Stephen Henson | |
| 2011-10-21 | fips.c: remove preprocessor artefact. | Andy Polyakov | |
| 2011-10-21 | fix (?) AVX clearing | Dr. Stephen Henson | |
| 2011-10-20 | fips.c: x86[_64] capability masking. | Andy Polyakov | |
| 2011-10-19 | add authentication parameter to FIPS_module_mode_set | Dr. Stephen Henson | |
| 2011-09-14 | Allow for dynamic base in Win64 FIPS module. | Andy Polyakov | |
| 2011-07-25 | Fix warnings. | Dr. Stephen Henson | |
| 2011-07-04 | Add functions to return FIPS module version. | Dr. Stephen Henson | |
| 2011-05-12 | Fix error discrepancy. | Dr. Stephen Henson | |
| 2011-05-11 | Set FIPS mode for values other than 1. The only current effect | Dr. Stephen Henson | |
| is to return a consistent value. So calling FIPS_module_mode_set(n) for n != 0 will result in FIPS_module_mode() returning n. This will support future expansion of more FIPS modes e.g. a Suite B mode. | |||
| 2011-05-11 | Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in | Dr. Stephen Henson | |
| the FIPS capable OpenSSL. | |||
| 2011-04-14 | Initial incomplete POST overhaul: add support for POST callback to | Dr. Stephen Henson | |
| allow status of POST to be monitored and/or failures induced. | |||
| 2011-04-12 | Update fips_pkey_signature_test: use fixed string if supplies tbs is | Dr. Stephen Henson | |
| NULL. Always allocate signature buffer. Update ECDSA selftest to use fips_pkey_signature_test. Add copyright notice to file. | |||
| 2011-04-12 | Update RSA selftest code to use a 2048 bit RSA and only a single KAT | Dr. Stephen Henson | |
| for PSS+SHA256 | |||
| 2011-04-11 | Update copyright year. | Dr. Stephen Henson | |
| Zero ciphertext and plaintext temporary buffers. Check FIPS_cipher() return value. | |||
| 2011-04-05 | Extensive reorganisation of PRNG handling in FIPS module: all calls | Dr. Stephen Henson | |
| now use an internal RAND_METHOD. All dependencies to OpenSSL standard PRNG are now removed: it is the applications resposibility to setup the FIPS PRNG and initalise it. Initial OpenSSL RAND_init_fips() function that will setup the DRBG for the "FIPS capable OpenSSL". | |||
| 2011-04-05 | Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be | Dr. Stephen Henson | |
| used by applications directly and the X9.31 PRNG is deprecated by new FIPS140-2 rules anyway. | |||
| 2011-04-04 | Change FIPS locking functions to macros so we get useful line information. | Dr. Stephen Henson | |
| Set fips_thread_set properly. | |||
| 2011-04-01 | Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for | Dr. Stephen Henson | |
| test applications. | |||
| 2011-03-24 | Implement FIPS CMAC. | Richard Levitte | |
| * fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as an example. * crypto/cmac/cmac.c: Enable the FIPS API. Change to use M_EVP macros where possible. * crypto/evp/evp.h: (some of the macros get added with this change) * fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use macros to have cmac.c use these functions. * Makefile.org, fips/Makefile, fips/fips.c: Hook it in. | |||
| 2011-03-16 | Add extensive DRBG selftest data and option to corrupt it in fips_test_suite. | Dr. Stephen Henson | |
| 2011-02-18 | add ECDSA POST | Dr. Stephen Henson | |
| 2011-02-18 | AES GCM selftests. | Dr. Stephen Henson | |
| 2011-02-16 | Experimental FIPS symbol renaming. | Dr. Stephen Henson | |
| Fixups under fips/ to make symbol renaming work. | |||
| 2011-02-15 | Add pairwise consistency test to EC. | Dr. Stephen Henson | |
| 2011-02-15 | Update pairwise consistency checks to use SHA-256. | Dr. Stephen Henson | |
| 2011-02-13 | Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new | Dr. Stephen Henson | |
| and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1 library. | |||
| 2011-02-12 | Change FIPS source and utilities to use the "FIPS_" names directly | Dr. Stephen Henson | |
| instead of using regular OpenSSL API names. | |||
| 2011-02-04 | Remove unneeded functions, make some functions and variables static. | Dr. Stephen Henson | |
| 2011-01-27 | Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer | Dr. Stephen Henson | |
| to EVP any more. Move locking #define into fips.h. Set FIPS locking callbacks at same time as OpenSSL locking callbacks. | |||
| 2011-01-26 | And so it begins... again. | Dr. Stephen Henson | |
| Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have missing files, extraneous files and other nastiness. In other words: it's experimental ATM, OK? | |||
 |
index : openssl | |
| Mirror of https://github.com/openssl/openssl | matthias |
| summaryrefslogtreecommitdiffstats |