Loading CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,11 @@ Changes between 0.9.7l and 0.9.7m-fips2 [xx XXX xxxx] *) Replace FIPS PRNG with AES based version based on ANSI X9.31 A.2.4 . This supports larger keys (up to 256 bits) and large seeding and DT vectors (128 bits each). Update tests for modified PRNG. [Steve Henson] *) FIPS portability patches. [Brad House <brad@mainstreetsoftworks.com>] Loading crypto/evp/names.c +0 −3 Original line number Diff line number Diff line Loading @@ -61,9 +61,6 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> #ifdef OPENSSL_FIPS #include <openssl/fips.h> #endif int EVP_add_cipher(const EVP_CIPHER *c) { Loading crypto/fips_err.h +1 −1 Original line number Diff line number Diff line /* crypto/fips_err.c */ /* crypto/fips_err.h */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * Loading crypto/rand/rand.h +7 −0 Original line number Diff line number Diff line Loading @@ -125,13 +125,20 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ /* Function codes. */ #define RAND_F_FIPS_RAND 103 #define RAND_F_FIPS_RAND_BYTES 102 #define RAND_F_FIPS_SET_DT 104 #define RAND_F_FIPS_SET_TEST_MODE 105 #define RAND_F_RAND_GET_RAND_METHOD 101 #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ #define RAND_R_NON_FIPS_METHOD 101 #define RAND_R_NOT_IN_TEST_MODE 106 #define RAND_R_NO_KEY_SET 107 #define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 105 #define RAND_R_PRNG_ERROR 108 #define RAND_R_PRNG_KEYED 109 #define RAND_R_PRNG_NOT_REKEYED 103 #define RAND_R_PRNG_NOT_RESEEDED 104 #define RAND_R_PRNG_NOT_SEEDED 100 Loading crypto/rand/rand_err.c +7 −0 Original line number Diff line number Diff line Loading @@ -70,7 +70,10 @@ static ERR_STRING_DATA RAND_str_functs[]= { {ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"}, {ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"}, {ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"}, {ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"}, {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, {0,NULL} Loading @@ -79,7 +82,11 @@ static ERR_STRING_DATA RAND_str_functs[]= static ERR_STRING_DATA RAND_str_reasons[]= { {ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"}, {ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"}, {ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"}, {ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"}, {ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"}, {ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"}, {ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"}, {ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"}, {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, Loading Loading
CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,11 @@ Changes between 0.9.7l and 0.9.7m-fips2 [xx XXX xxxx] *) Replace FIPS PRNG with AES based version based on ANSI X9.31 A.2.4 . This supports larger keys (up to 256 bits) and large seeding and DT vectors (128 bits each). Update tests for modified PRNG. [Steve Henson] *) FIPS portability patches. [Brad House <brad@mainstreetsoftworks.com>] Loading
crypto/evp/names.c +0 −3 Original line number Diff line number Diff line Loading @@ -61,9 +61,6 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> #ifdef OPENSSL_FIPS #include <openssl/fips.h> #endif int EVP_add_cipher(const EVP_CIPHER *c) { Loading
crypto/fips_err.h +1 −1 Original line number Diff line number Diff line /* crypto/fips_err.c */ /* crypto/fips_err.h */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * Loading
crypto/rand/rand.h +7 −0 Original line number Diff line number Diff line Loading @@ -125,13 +125,20 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ /* Function codes. */ #define RAND_F_FIPS_RAND 103 #define RAND_F_FIPS_RAND_BYTES 102 #define RAND_F_FIPS_SET_DT 104 #define RAND_F_FIPS_SET_TEST_MODE 105 #define RAND_F_RAND_GET_RAND_METHOD 101 #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ #define RAND_R_NON_FIPS_METHOD 101 #define RAND_R_NOT_IN_TEST_MODE 106 #define RAND_R_NO_KEY_SET 107 #define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 105 #define RAND_R_PRNG_ERROR 108 #define RAND_R_PRNG_KEYED 109 #define RAND_R_PRNG_NOT_REKEYED 103 #define RAND_R_PRNG_NOT_RESEEDED 104 #define RAND_R_PRNG_NOT_SEEDED 100 Loading
crypto/rand/rand_err.c +7 −0 Original line number Diff line number Diff line Loading @@ -70,7 +70,10 @@ static ERR_STRING_DATA RAND_str_functs[]= { {ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"}, {ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"}, {ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"}, {ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"}, {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, {0,NULL} Loading @@ -79,7 +82,11 @@ static ERR_STRING_DATA RAND_str_functs[]= static ERR_STRING_DATA RAND_str_reasons[]= { {ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"}, {ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"}, {ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"}, {ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"}, {ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"}, {ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"}, {ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"}, {ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"}, {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, Loading
