openssl.git
9 years agoAES-NI backport from HEAD. Note that e_aes.c doesn't implement all modes
Andy Polyakov [Tue, 28 Jun 2011 14:49:35 +0000 (14:49 +0000)]
AES-NI backport from HEAD. Note that e_aes.c doesn't implement all modes
from HEAD yet, more will be back-ported later.

9 years agox86[_64] assembler pack: back-port SHA1 and RC4 from HEAD.
Andy Polyakov [Tue, 28 Jun 2011 13:53:50 +0000 (13:53 +0000)]
x86[_64] assembler pack: back-port SHA1 and RC4 from HEAD.

9 years agox86[_64]cpuid.pl: harmonize OPENSSL_ia32_cpuid [from HEAD].
Andy Polyakov [Tue, 28 Jun 2011 13:40:19 +0000 (13:40 +0000)]
x86[_64]cpuid.pl: harmonize OPENSSL_ia32_cpuid [from HEAD].

9 years agox86[_64] perlasm: pull-in from HEAD.
Andy Polyakov [Tue, 28 Jun 2011 13:33:47 +0000 (13:33 +0000)]
x86[_64] perlasm: pull-in from HEAD.

9 years agoExpand OPENSSL_ia32cap_P to 64 bits. It might appear controversial, because
Andy Polyakov [Tue, 28 Jun 2011 13:31:58 +0000 (13:31 +0000)]
Expand OPENSSL_ia32cap_P to 64 bits. It might appear controversial, because
such operation can be considered as breaking binary compatibility. However!
OPNESSL_ia32cap_P is accessed by application through pointer returned by
OPENSSL_ia32cap_loc() and such change of *internal* OPENSSL_ia32cap_P
declaration is possible specifically on little-endian platforms, such as
x86[_64] ones in question. In addition, if 32-bit application calls
OPENSSL_ia32cap_loc(), it clears upper half of capability vector maintaining
the illusion that it's still 32 bits wide.

9 years agoauto detect configuration using KERNEL_BITS and CC
Dr. Stephen Henson [Mon, 27 Jun 2011 11:39:01 +0000 (11:39 +0000)]
auto detect configuration using KERNEL_BITS and CC

9 years agoallow KERNEL_BITS to be specified in the environment
Dr. Stephen Henson [Fri, 24 Jun 2011 14:04:18 +0000 (14:04 +0000)]
allow KERNEL_BITS to be specified in the environment

9 years agoPR: 2470
Dr. Stephen Henson [Wed, 22 Jun 2011 15:38:40 +0000 (15:38 +0000)]
PR: 2470
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve

Don't call ERR_remove_state from DllMain.

9 years agoPR: 2543
Dr. Stephen Henson [Wed, 22 Jun 2011 15:30:04 +0000 (15:30 +0000)]
PR: 2543
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()

9 years agoPR: 2540
Dr. Stephen Henson [Wed, 22 Jun 2011 15:23:40 +0000 (15:23 +0000)]
PR: 2540
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Prevent infinite loop in BN_GF2m_mod_inv().

9 years agocorrectly encode OIDs near 2^32
Dr. Stephen Henson [Wed, 22 Jun 2011 15:15:48 +0000 (15:15 +0000)]
correctly encode OIDs near 2^32

9 years agoallow MD5 use for computing old format hash links
Dr. Stephen Henson [Wed, 22 Jun 2011 02:18:06 +0000 (02:18 +0000)]
allow MD5 use for computing old format hash links

9 years agoDon't set FIPS rand method at same time as RAND method as this can cause
Dr. Stephen Henson [Tue, 21 Jun 2011 17:08:25 +0000 (17:08 +0000)]
Don't set FIPS rand method at same time as RAND method as this can cause
the FIPS library to fail. Applications that want to set the FIPS rand
method can do so explicitly and presumably they know what they are doing...

9 years agoAdd FIPS error codes.
Dr. Stephen Henson [Tue, 21 Jun 2011 16:58:10 +0000 (16:58 +0000)]
Add FIPS error codes.

9 years agoStop warning.
Dr. Stephen Henson [Tue, 21 Jun 2011 16:42:15 +0000 (16:42 +0000)]
Stop warning.

9 years agoRename all AES_set*() functions using private_ prefix.
Dr. Stephen Henson [Tue, 21 Jun 2011 16:23:42 +0000 (16:23 +0000)]
Rename all AES_set*() functions using private_ prefix.

9 years agomake EVP_dss() work for DSA signing
Dr. Stephen Henson [Mon, 20 Jun 2011 20:05:13 +0000 (20:05 +0000)]
make EVP_dss() work for DSA signing

9 years agoRedirect null cipher to FIPS module.
Dr. Stephen Henson [Mon, 20 Jun 2011 20:00:10 +0000 (20:00 +0000)]
Redirect null cipher to FIPS module.

9 years agoDon't set default public key methods in FIPS mode so applications
Dr. Stephen Henson [Mon, 20 Jun 2011 19:41:13 +0000 (19:41 +0000)]
Don't set default public key methods in FIPS mode so applications
can switch between modes.

9 years agoSet FIPSLINK correctly now trailing slash is removed from FIPSDIR.
Dr. Stephen Henson [Sat, 18 Jun 2011 19:35:03 +0000 (19:35 +0000)]
Set FIPSLINK correctly now trailing slash is removed from FIPSDIR.

9 years agoDon't add trailing slash to FIPSDIR: it causes problems with Windows builds.
Dr. Stephen Henson [Sat, 18 Jun 2011 19:02:12 +0000 (19:02 +0000)]
Don't add trailing slash to FIPSDIR: it causes problems with Windows builds.

9 years agoPreliminary WIN32 support for FIPS capable OpenSSL building.
Dr. Stephen Henson [Fri, 17 Jun 2011 12:50:40 +0000 (12:50 +0000)]
Preliminary WIN32 support for FIPS capable OpenSSL building.

9 years agoFix the version history: given that 1.0.1 has yet to be released,
Bodo Möller [Wed, 15 Jun 2011 14:23:44 +0000 (14:23 +0000)]
Fix the version history: given that 1.0.1 has yet to be released,
we should list "Changes between 1.0.0e and 1.0.1",
not "between 1.0.0d and 1.0.1".

9 years agoUpdate key sizes to 2048 bits.
Dr. Stephen Henson [Tue, 14 Jun 2011 15:35:49 +0000 (15:35 +0000)]
Update key sizes to 2048 bits.

Only build ssltest with fipsld.

Include FIPS mode test for ssltest.

9 years agoset FIPS allow before initialising ctx
Dr. Stephen Henson [Tue, 14 Jun 2011 15:25:41 +0000 (15:25 +0000)]
set FIPS allow before initialising ctx

9 years agotypo
Dr. Stephen Henson [Tue, 14 Jun 2011 13:47:25 +0000 (13:47 +0000)]
typo

9 years agoUse include dir when copiling fips_premain_dso.
Dr. Stephen Henson [Tue, 14 Jun 2011 12:58:35 +0000 (12:58 +0000)]
Use include dir when copiling fips_premain_dso.

9 years agoFix warnings in shared builds.
Dr. Stephen Henson [Tue, 14 Jun 2011 12:58:00 +0000 (12:58 +0000)]
Fix warnings in shared builds.

9 years agomake sure custom cipher flag doesn't use any mode bits
Dr. Stephen Henson [Mon, 13 Jun 2011 23:10:34 +0000 (23:10 +0000)]
make sure custom cipher flag doesn't use any mode bits

9 years agoSet rand method in FIPS_mode_set() not in rand library.
Dr. Stephen Henson [Mon, 13 Jun 2011 21:18:00 +0000 (21:18 +0000)]
Set rand method in FIPS_mode_set() not in rand library.

9 years agoRedirect RAND to FIPS module in FIPS mode.
Dr. Stephen Henson [Mon, 13 Jun 2011 20:40:52 +0000 (20:40 +0000)]
Redirect RAND to FIPS module in FIPS mode.

9 years agoRedirect HMAC and CMAC operations to module.
Dr. Stephen Henson [Sun, 12 Jun 2011 15:07:26 +0000 (15:07 +0000)]
Redirect HMAC and CMAC operations to module.

9 years agoupdate ordinals
Dr. Stephen Henson [Fri, 10 Jun 2011 17:17:55 +0000 (17:17 +0000)]
update ordinals

9 years agoDisable GCM, CCM, XTS outside FIPS mode this will be updated
Dr. Stephen Henson [Fri, 10 Jun 2011 14:22:42 +0000 (14:22 +0000)]
Disable GCM, CCM, XTS outside FIPS mode this will be updated
when backported.

9 years agoadd cmac to Windows build, update ordinals
Dr. Stephen Henson [Fri, 10 Jun 2011 14:12:55 +0000 (14:12 +0000)]
add cmac to Windows build, update ordinals

9 years agoAdd android platforms. Let fipsdir come from environment.
Dr. Stephen Henson [Thu, 9 Jun 2011 21:54:13 +0000 (21:54 +0000)]
Add android platforms. Let fipsdir come from environment.

9 years agoadd android support to DSO (from HEAD)
Dr. Stephen Henson [Thu, 9 Jun 2011 21:49:24 +0000 (21:49 +0000)]
add android support to DSO (from HEAD)

9 years agoAdd -attime.
Ben Laurie [Thu, 9 Jun 2011 17:09:31 +0000 (17:09 +0000)]
Add -attime.

9 years agoFix warnings/errors(!).
Ben Laurie [Thu, 9 Jun 2011 17:09:08 +0000 (17:09 +0000)]
Fix warnings/errors(!).

9 years agoFix warnings.
Ben Laurie [Thu, 9 Jun 2011 16:03:18 +0000 (16:03 +0000)]
Fix warnings.

9 years agoRedirect DH key and parameter generation.
Dr. Stephen Henson [Thu, 9 Jun 2011 15:21:46 +0000 (15:21 +0000)]
Redirect DH key and parameter generation.

9 years agoRedirect DSA operations to FIPS module in FIPS mode.
Dr. Stephen Henson [Thu, 9 Jun 2011 13:54:09 +0000 (13:54 +0000)]
Redirect DSA operations to FIPS module in FIPS mode.

9 years agoUse method rsa keygen first if FIPS mode if it is a FIPS method.
Dr. Stephen Henson [Thu, 9 Jun 2011 13:18:07 +0000 (13:18 +0000)]
Use method rsa keygen first if FIPS mode if it is a FIPS method.

9 years agoRedirect DH operations to FIPS module. Block non-FIPS methods.
Dr. Stephen Henson [Wed, 8 Jun 2011 15:58:59 +0000 (15:58 +0000)]
Redirect DH operations to FIPS module. Block non-FIPS methods.
Sync DH error codes with HEAD.

9 years agofix memory leak
Dr. Stephen Henson [Wed, 8 Jun 2011 15:55:57 +0000 (15:55 +0000)]
fix memory leak

9 years agoCheck fips method flags for ECDH, ECDSA.
Dr. Stephen Henson [Wed, 8 Jun 2011 14:01:00 +0000 (14:01 +0000)]
Check fips method flags for ECDH, ECDSA.

9 years agoImplement Camellia_set_key properly for FIPS builds.
Dr. Stephen Henson [Wed, 8 Jun 2011 13:11:46 +0000 (13:11 +0000)]
Implement Camellia_set_key properly for FIPS builds.

9 years agorc4_skey.c: remove dead/redundant code (it's never compiled) and
Andy Polyakov [Mon, 6 Jun 2011 20:04:33 +0000 (20:04 +0000)]
rc4_skey.c: remove dead/redundant code (it's never compiled) and
misleading/obsolete comment [from HEAD].

9 years agoRecognise "fips" in mkdef.pl script.
Dr. Stephen Henson [Mon, 6 Jun 2011 15:46:25 +0000 (15:46 +0000)]
Recognise "fips" in mkdef.pl script.

9 years agoRedirection of ECDSA, ECDH operations to FIPS module.
Dr. Stephen Henson [Mon, 6 Jun 2011 15:39:17 +0000 (15:39 +0000)]
Redirection of ECDSA, ECDH operations to FIPS module.

Also use FIPS EC methods unconditionally for now: might want to use them
only in FIPS mode or with a switch later.

9 years agoSet SSL_FIPS flag in ECC ciphersuites.
Dr. Stephen Henson [Mon, 6 Jun 2011 14:14:14 +0000 (14:14 +0000)]
Set SSL_FIPS flag in ECC ciphersuites.

9 years agoAdd flags field to EC_KEY structure (backport from HEAD).
Dr. Stephen Henson [Mon, 6 Jun 2011 13:18:03 +0000 (13:18 +0000)]
Add flags field to EC_KEY structure (backport from HEAD).

9 years agoMake no-ec2m work again (backport from HEAD).
Dr. Stephen Henson [Mon, 6 Jun 2011 13:00:30 +0000 (13:00 +0000)]
Make no-ec2m work again (backport from HEAD).

9 years agoReorganise ECC code so it can use FIPS module.
Dr. Stephen Henson [Mon, 6 Jun 2011 12:54:51 +0000 (12:54 +0000)]
Reorganise ECC code so it can use FIPS module.

Move compression, point2oct and oct2point functions into separate files.

Add a flags field to EC_METHOD.

Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct functions
(all existing methods do this). This removes dependencies from EC_METHOD while
keeping original functionality.

Backport from HEAD with minor changes.

9 years agoBackport from HEAD:
Dr. Stephen Henson [Mon, 6 Jun 2011 11:49:36 +0000 (11:49 +0000)]
Backport from HEAD:

New option to disable characteristic two fields in EC code.

Make no-ec2m work on Win32 build.

9 years agoFunction not used outside FIPS builds.
Dr. Stephen Henson [Mon, 6 Jun 2011 11:24:47 +0000 (11:24 +0000)]
Function not used outside FIPS builds.

9 years agoFIPS low level blocking for AES, RC4 and Camellia. This is complicated by
Dr. Stephen Henson [Sun, 5 Jun 2011 17:36:44 +0000 (17:36 +0000)]
FIPS low level blocking for AES, RC4 and Camellia. This is complicated by
use of assembly language routines: rename the assembly language function
to the private_* variant unconditionally and perform tests from a small
C wrapper.

9 years agoBackport libcrypto audit: check return values of EVP functions instead
Dr. Stephen Henson [Fri, 3 Jun 2011 20:53:00 +0000 (20:53 +0000)]
Backport libcrypto audit: check return values of EVP functions instead
of assuming they will always suceed.

9 years agofix error discrepancy
Dr. Stephen Henson [Fri, 3 Jun 2011 18:50:49 +0000 (18:50 +0000)]
fix error discrepancy

9 years agoNew function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) from...
Dr. Stephen Henson [Fri, 3 Jun 2011 18:35:49 +0000 (18:35 +0000)]
New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) from a digest algorithm (backport from HEAD).

9 years agolicense correction, no EAY code included in this file
Dr. Stephen Henson [Fri, 3 Jun 2011 17:56:51 +0000 (17:56 +0000)]
license correction, no EAY code included in this file

9 years agoBackport CMAC support from HEAD.
Dr. Stephen Henson [Fri, 3 Jun 2011 15:08:42 +0000 (15:08 +0000)]
Backport CMAC support from HEAD.

9 years agoRedirect RSA keygen, sign, verify to FIPS module.
Dr. Stephen Henson [Fri, 3 Jun 2011 13:16:16 +0000 (13:16 +0000)]
Redirect RSA keygen, sign, verify to FIPS module.

9 years agoRedirection of low level APIs to FIPS module.
Dr. Stephen Henson [Thu, 2 Jun 2011 18:22:42 +0000 (18:22 +0000)]
Redirection of low level APIs to FIPS module.

Digest sign, verify operations are not redirected at this stage.

9 years agoBackport extended PSS support from HEAD: allow setting of mgf1Hash explicitly.
Dr. Stephen Henson [Thu, 2 Jun 2011 18:13:33 +0000 (18:13 +0000)]
Backport extended PSS support from HEAD: allow setting of mgf1Hash explicitly.

This is needed to handle FIPS redirection fully.

9 years agoProhibit low level cipher APIs in FIPS mode.
Dr. Stephen Henson [Wed, 1 Jun 2011 16:54:06 +0000 (16:54 +0000)]
Prohibit low level cipher APIs in FIPS mode.

Not complete: ciphers with assembly language key setup are not
covered yet.

9 years agoFor consistency define clone digests in evp_fips.c
Dr. Stephen Henson [Wed, 1 Jun 2011 15:11:00 +0000 (15:11 +0000)]
For consistency define clone digests in evp_fips.c

9 years agoRedirect clone digests to FIPS module for FIPS builds.
Dr. Stephen Henson [Wed, 1 Jun 2011 14:28:21 +0000 (14:28 +0000)]
Redirect clone digests to FIPS module for FIPS builds.

9 years agoProhibit use of low level digest APIs in FIPS mode.
Dr. Stephen Henson [Wed, 1 Jun 2011 13:39:45 +0000 (13:39 +0000)]
Prohibit use of low level digest APIs in FIPS mode.

9 years agotypo
Dr. Stephen Henson [Wed, 1 Jun 2011 11:10:50 +0000 (11:10 +0000)]
typo

9 years agoset FIPS permitted flag before initalising digest
Dr. Stephen Henson [Tue, 31 May 2011 16:24:06 +0000 (16:24 +0000)]
set FIPS permitted flag before initalising digest

9 years agoDon't round up partitioned premaster secret length if there is only one
Dr. Stephen Henson [Tue, 31 May 2011 10:35:22 +0000 (10:35 +0000)]
Don't round up partitioned premaster secret length if there is only one
digest in use: this caused the PRF to fail for an odd premaster secret
length.

9 years agoOutput supported curves in preference order instead of numerically.
Dr. Stephen Henson [Mon, 30 May 2011 17:58:29 +0000 (17:58 +0000)]
Output supported curves in preference order instead of numerically.

9 years agoRedirect cipher operations to FIPS module for FIPS builds.
Dr. Stephen Henson [Sun, 29 May 2011 16:18:38 +0000 (16:18 +0000)]
Redirect cipher operations to FIPS module for FIPS builds.

9 years agoUse approved API for EVP digest operations in FIPS builds.
Dr. Stephen Henson [Sun, 29 May 2011 15:55:13 +0000 (15:55 +0000)]
Use approved API for EVP digest operations in FIPS builds.

Call OPENSSL_init() in a few more places to make sure it is always called
at least once.

Initial cipher API redirection (incomplete).

9 years agoAdd default ASN1 handling to support FIPS.
Dr. Stephen Henson [Sun, 29 May 2011 02:32:05 +0000 (02:32 +0000)]
Add default ASN1 handling to support FIPS.

9 years agoRedirect digests to FIPS module for FIPS builds.
Dr. Stephen Henson [Sat, 28 May 2011 23:01:26 +0000 (23:01 +0000)]
Redirect digests to FIPS module for FIPS builds.

Use FIPS API when initialising digests.

Sync header file evp.h and error codes with HEAD for necessary FIPS
definitions.

9 years agoUse || instead of && so build doesn't fail.
Dr. Stephen Henson [Thu, 26 May 2011 22:10:28 +0000 (22:10 +0000)]
Use || instead of && so build doesn't fail.

9 years agoSupport shared library builds of FIPS capable OpenSSL, add fipscanister.o
Dr. Stephen Henson [Thu, 26 May 2011 21:23:11 +0000 (21:23 +0000)]
Support shared library builds of FIPS capable OpenSSL, add fipscanister.o
to libcrypto.a so linking to libcrypto.a works.

9 years agoMake test utility link work for fips build.
Dr. Stephen Henson [Thu, 26 May 2011 14:36:56 +0000 (14:36 +0000)]
Make test utility link work for fips build.

9 years agoThe first of many changes to make OpenSSL 1.0.1 FIPS capable.
Dr. Stephen Henson [Thu, 26 May 2011 14:19:19 +0000 (14:19 +0000)]
The first of many changes to make OpenSSL 1.0.1 FIPS capable.

Add static build support to openssl utility.

Add new "fips" option to Configure.

Make use of installed fipsld and fips_standalone_sha1

Initialise FIPS error callbacks, locking and DRBG.

Doesn't do anything much yet: no crypto is redirected to the FIPS module.

Doesn't completely build either but the openssl utility can enter FIPS mode:
which doesn't do anything much either.

9 years agoDon't advertise or use MD5 for TLS v1.2 in FIPS mode
Dr. Stephen Henson [Wed, 25 May 2011 15:33:29 +0000 (15:33 +0000)]
Don't advertise or use MD5 for TLS v1.2 in FIPS mode

9 years agoPR: 2533
Dr. Stephen Henson [Wed, 25 May 2011 15:21:01 +0000 (15:21 +0000)]
PR: 2533
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.

9 years agoPR: 2529
Dr. Stephen Henson [Wed, 25 May 2011 15:16:01 +0000 (15:16 +0000)]
PR: 2529
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.

9 years agoPR: 2527
Dr. Stephen Henson [Wed, 25 May 2011 15:05:56 +0000 (15:05 +0000)]
PR: 2527
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Set cnf to NULL to avoid possible double free.

9 years agoFix the ECDSA timing attack mentioned in the paper at:
Dr. Stephen Henson [Wed, 25 May 2011 14:52:33 +0000 (14:52 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.

9 years agoFix the ECDSA timing attack mentioned in the paper at:
Dr. Stephen Henson [Wed, 25 May 2011 14:42:27 +0000 (14:42 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.

9 years agoOops use up to date patch for PR#2506
Dr. Stephen Henson [Wed, 25 May 2011 14:30:05 +0000 (14:30 +0000)]
Oops use up to date patch for PR#2506

9 years agoPR: 2512
Dr. Stephen Henson [Wed, 25 May 2011 12:36:59 +0000 (12:36 +0000)]
PR: 2512
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix BIO_accept so it can be bound to IPv4 or IPv6 sockets consistently.

9 years agoPR: 2506
Dr. Stephen Henson [Wed, 25 May 2011 12:28:16 +0000 (12:28 +0000)]
PR: 2506
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.

9 years agoPR: 2505
Dr. Stephen Henson [Wed, 25 May 2011 12:24:43 +0000 (12:24 +0000)]
PR: 2505
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.

9 years agouse TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with...
Dr. Stephen Henson [Wed, 25 May 2011 11:43:17 +0000 (11:43 +0000)]
use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS

9 years agoAdd tls12_sigalgs which somehow didn't get added to the backport.
Dr. Stephen Henson [Sat, 21 May 2011 17:40:23 +0000 (17:40 +0000)]
Add tls12_sigalgs which somehow didn't get added to the backport.

9 years agoLIBOBJ contained o_fips.c, now o_fips.o.
Richard Levitte [Sat, 21 May 2011 09:17:54 +0000 (09:17 +0000)]
LIBOBJ contained o_fips.c, now o_fips.o.

9 years agoAdd server client certificate support for TLS v1.2 . This is more complex
Dr. Stephen Henson [Fri, 20 May 2011 14:58:45 +0000 (14:58 +0000)]
Add server client certificate support for TLS v1.2 . This is more complex
than client side as we need to keep the handshake record cache frozen when
it contains all the records need to process the certificate verify message.
(backport from HEAD).

9 years agoadd FIPS support to openssl utility (backport from HEAD)
Dr. Stephen Henson [Thu, 19 May 2011 18:23:24 +0000 (18:23 +0000)]
add FIPS support to openssl utility (backport from HEAD)

9 years agoadd FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS...
Dr. Stephen Henson [Thu, 19 May 2011 18:22:16 +0000 (18:22 +0000)]
add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support

9 years agoImplement FIPS_mode and FIPS_mode_set
Dr. Stephen Henson [Thu, 19 May 2011 18:19:07 +0000 (18:19 +0000)]
Implement FIPS_mode and FIPS_mode_set

9 years agoupdate date
Dr. Stephen Henson [Thu, 19 May 2011 17:56:12 +0000 (17:56 +0000)]
update date

9 years agoinherit HMAC flags from MD_CTX
Dr. Stephen Henson [Thu, 19 May 2011 17:38:57 +0000 (17:38 +0000)]
inherit HMAC flags from MD_CTX