Commits · 5024b79f5c41d97f023a5dbb6142af906129bf86 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

09 May, 2011 1 commit

Initial TLS v1.2 client support. Include a default supported signature · a2f9200f

Dr. Stephen Henson authored May 09, 2011

algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.

a2f9200f

06 May, 2011 1 commit

Continuing TLS v1.2 support: add support for server parsing of · 6b7be581

Dr. Stephen Henson authored May 06, 2011

signature algorithms extension and correct signature format for
server key exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.

6b7be581

29 Apr, 2011 2 commits

Initial incomplete TLS v1.2 support. New ciphersuites added, new version · 7409d7ad

Dr. Stephen Henson authored Apr 29, 2011

checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.

7409d7ad

Initial "opaque SSL" framework. If an application defines · 08557cf2

Dr. Stephen Henson authored Apr 29, 2011

OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.

The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.

08557cf2

23 Apr, 2011 2 commits
- Always return multiple of block length bytes from default DRBG seed · e0d1a2f8
  Dr. Stephen Henson authored Apr 23, 2011
```
callback.

Handle case where no multiple of the block size is in the interval
[min_len, max_len].
```
  e0d1a2f8
- Add PRNG security strength checking. · cac4fb58
  Dr. Stephen Henson authored Apr 23, 2011
  
  cac4fb58
18 Apr, 2011 2 commits
- Fix EVP CCM decrypt. Add decrypt support to algorithm test program. · b5dd1787
  Dr. Stephen Henson authored Apr 18, 2011
  
  b5dd1787
- Initial untested CCM support via EVP. · 23916810
  Dr. Stephen Henson authored Apr 18, 2011
  
  23916810
15 Apr, 2011 1 commit
- Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation. · 06b7e5a0
  Dr. Stephen Henson authored Apr 15, 2011
  
  06b7e5a0
14 Apr, 2011 1 commit
- Initial incomplete POST overhaul: add support for POST callback to · ac892b7a
  Dr. Stephen Henson authored Apr 14, 2011
```
allow status of POST to be monitored and/or failures induced.
```
  ac892b7a
12 Apr, 2011 1 commit
- Provisional AES XTS support. · 32a2d8dd
  Dr. Stephen Henson authored Apr 12, 2011
  
  32a2d8dd
06 Apr, 2011 1 commit
- Update CHANGES. · d7a3ce98
  Dr. Stephen Henson authored Apr 06, 2011
  
  d7a3ce98
05 Apr, 2011 2 commits

Extensive reorganisation of PRNG handling in FIPS module: all calls · 05e24c87

Dr. Stephen Henson authored Apr 05, 2011

now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".

05e24c87

Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be · cab0595c
Dr. Stephen Henson authored Apr 05, 2011
```
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
```
cab0595c

17 Mar, 2011 1 commit
- Implement health checks needed by SP800-90. · 96ec46f7
  Dr. Stephen Henson authored Mar 17, 2011
```
Fix warnings.

Instantiate DRBGs at maximum strength.
```
  96ec46f7
16 Mar, 2011 1 commit
- Fix Tom Wu's email. · d4f3dd5f
  Ben Laurie authored Mar 16, 2011
  
  d4f3dd5f
12 Mar, 2011 1 commit
- Note SRP support. · 0deea0e0
  Ben Laurie authored Mar 12, 2011
  
  0deea0e0
09 Mar, 2011 1 commit
- Add ECDH to validated module. · 8857b380
  Dr. Stephen Henson authored Mar 09, 2011
  
  8857b380
08 Mar, 2011 1 commit
- New initial DH algorithm test driver. · 11e80de3
  Dr. Stephen Henson authored Mar 08, 2011
  
  11e80de3
04 Mar, 2011 1 commit
- Initial, provisional, subject to wholesale change, untested, probably · 591cbfae
  Dr. Stephen Henson authored Mar 04, 2011
```
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.

Did I say this was untested?
```
  591cbfae
21 Feb, 2011 1 commit
- Make fipscanisteronly build only required files. · eead69f5
  Dr. Stephen Henson authored Feb 21, 2011
  
  eead69f5
17 Feb, 2011 1 commit
- Make -DOPENSSL_FIPSSYMS work for assembly language builds. · 5d439d69
  Dr. Stephen Henson authored Feb 17, 2011
  
  5d439d69
16 Feb, 2011 1 commit
- Experimental FIPS symbol renaming. · 017bc57b
  Dr. Stephen Henson authored Feb 16, 2011
```
Fixups under fips/ to make symbol renaming work.
```
  017bc57b
15 Feb, 2011 1 commit
- Add non-FIPS algorithm blocking and selftest checking. · 25c65429
  Dr. Stephen Henson authored Feb 15, 2011
  
  25c65429
14 Feb, 2011 1 commit
- Add ECDSA functionality to fips module. Initial very incomplete version · fe26d066
  Dr. Stephen Henson authored Feb 14, 2011
```
of algorithm test program.
```
  fe26d066
12 Feb, 2011 1 commit
- New option to disable characteristic two fields in EC code. · b3310161
  Dr. Stephen Henson authored Feb 12, 2011
  
  b3310161
11 Feb, 2011 1 commit
- New "fispcanisteronly" build option: only build fipscanister.o and · 30b56225
  Dr. Stephen Henson authored Feb 11, 2011
```
associated utilities. This functionality will be used by the validated
tarball.
```
  30b56225
09 Feb, 2011 1 commit
- Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest. · b3d8022e
  Dr. Stephen Henson authored Feb 09, 2011
  
  b3d8022e
08 Feb, 2011 1 commit
- Sync with 1.0.1 branch. · c415adc2
  Bodo Möller authored Feb 08, 2011
```
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
```
  c415adc2
07 Feb, 2011 3 commits
- Initial *very* experimental EVP support for AES-GCM. Note: probably very · bdaa5415
  Dr. Stephen Henson authored Feb 07, 2011
```
broken and subject to change.
```
  bdaa5415
- Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher: · d45087c6
  Dr. Stephen Henson authored Feb 07, 2011
```
the NULL value for the input buffer is sufficient to notice this case.
```
  d45087c6
- New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying · 3da0ca79
  Dr. Stephen Henson authored Feb 07, 2011
```
cipher handles all cipher symantics itself.
```
  3da0ca79
03 Feb, 2011 2 commits
- fix omissions · 9bda7458
  Bodo Möller authored Feb 03, 2011
  
  9bda7458
- CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) · 88f2a4cf
  Bodo Möller authored Feb 03, 2011
  
  88f2a4cf
03 Jan, 2011 1 commit
- Fix escaping code for string printing. If *any* escaping is enabled we · 968062b7
  Dr. Stephen Henson authored Jan 03, 2011
```
must escape the escape character itself (backslash).
```
  968062b7
25 Dec, 2010 1 commit
- avoid verification loops in trusted store when path building · 2b3936e8
  Dr. Stephen Henson authored Dec 25, 2010
  
  2b3936e8
29 Nov, 2010 1 commit
- apply J-PKAKE fix to HEAD (original by Ben) · 300b1d76
  Dr. Stephen Henson authored Nov 29, 2010
  
  300b1d76
24 Nov, 2010 1 commit
- add "missing" functions to copy EVP_PKEY_METHOD and examine info · f830c68f
  Dr. Stephen Henson authored Nov 24, 2010
  
  f830c68f
16 Nov, 2010 1 commit
- bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files · 732d31be
  Dr. Stephen Henson authored Nov 16, 2010
  
  732d31be
10 Oct, 2010 1 commit
- move CHANGES entry to correct place · e49af2ac
  Dr. Stephen Henson authored Oct 10, 2010
  
  e49af2ac