openssl.git
10 years agoNew initial DH algorithm test driver.
Dr. Stephen Henson [Tue, 8 Mar 2011 19:10:17 +0000 (19:10 +0000)]
New initial DH algorithm test driver.

10 years agoNew SP 800-56A compliant version of DH_compute_key().
Dr. Stephen Henson [Tue, 8 Mar 2011 19:07:26 +0000 (19:07 +0000)]
New SP 800-56A compliant version of DH_compute_key().

10 years agoAdd meaningful error codes to DRBG.
Dr. Stephen Henson [Tue, 8 Mar 2011 14:16:30 +0000 (14:16 +0000)]
Add meaningful error codes to DRBG.

10 years agoAdd file I/O to fips_drbgvs program.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:51:34 +0000 (13:51 +0000)]
Add file I/O to fips_drbgvs program.

10 years agoSupport I/O with files in new fips_gcmtest program.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:42:21 +0000 (13:42 +0000)]
Support I/O with files in new fips_gcmtest program.

10 years agoRemove redirection from fipsalgtest.pl script.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:29:46 +0000 (13:29 +0000)]
Remove redirection from fipsalgtest.pl script.

10 years agoRemove need for redirection on RNG and DSS algorithm test programs: some
Dr. Stephen Henson [Tue, 8 Mar 2011 13:27:29 +0000 (13:27 +0000)]
Remove need for redirection on RNG and DSS algorithm test programs: some
platforms don't support it.

10 years agoUninstantiate and free functions for DRBG.
Dr. Stephen Henson [Mon, 7 Mar 2011 16:51:17 +0000 (16:51 +0000)]
Uninstantiate and free functions for DRBG.

10 years agoFix couple of bugs in CTR DRBG implementation.
Dr. Stephen Henson [Sun, 6 Mar 2011 13:10:37 +0000 (13:10 +0000)]
Fix couple of bugs in CTR DRBG implementation.

10 years agoUpdates to DRBG: fix bugs in infrastructure. Add initial experimental
Dr. Stephen Henson [Sun, 6 Mar 2011 12:35:09 +0000 (12:35 +0000)]
Updates to DRBG: fix bugs in infrastructure. Add initial experimental
algorithm test generator.

10 years agoInitial, provisional, subject to wholesale change, untested, probably
Dr. Stephen Henson [Fri, 4 Mar 2011 18:00:21 +0000 (18:00 +0000)]
Initial, provisional, subject to wholesale change, untested, probably
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.

Did I say this was untested?

10 years agoia64-mont.pl: optimize short-key performance.
Andy Polyakov [Fri, 4 Mar 2011 13:27:29 +0000 (13:27 +0000)]
ia64-mont.pl: optimize short-key performance.

10 years agoghash-x86.pl: optimize for Sandy Bridge.
Andy Polyakov [Fri, 4 Mar 2011 13:21:41 +0000 (13:21 +0000)]
ghash-x86.pl: optimize for Sandy Bridge.

10 years agoxts128.c: minor optimization.
Andy Polyakov [Fri, 4 Mar 2011 13:17:19 +0000 (13:17 +0000)]
xts128.c: minor optimization.

10 years agos390x assembler pack: tune-up and support for new z196 hardware.
Andy Polyakov [Fri, 4 Mar 2011 13:09:16 +0000 (13:09 +0000)]
s390x assembler pack: tune-up and support for new z196 hardware.

10 years agoUpdate status information.
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:50 +0000 (16:06 +0000)]
Update status information.

10 years agoStop warnings.
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:33 +0000 (16:06 +0000)]
Stop warnings.

10 years agoUse more portable options when making links in Makefile.fips
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:07 +0000 (16:06 +0000)]
Use more portable options when making links in Makefile.fips

10 years agoAdd DllMain to fips symbols: will need to call this in FIPS capable OpenSSL.
Dr. Stephen Henson [Wed, 23 Feb 2011 15:16:12 +0000 (15:16 +0000)]
Add DllMain to fips symbols: will need to call this in FIPS capable OpenSSL.

10 years agoAdd new symbols to fipssyms.h
Dr. Stephen Henson [Wed, 23 Feb 2011 15:04:06 +0000 (15:04 +0000)]
Add new symbols to fipssyms.h

10 years agoMake -DOPENSSL_FIPSSYMS work under WIN32: run perl script when
Dr. Stephen Henson [Wed, 23 Feb 2011 15:03:43 +0000 (15:03 +0000)]
Make -DOPENSSL_FIPSSYMS work under WIN32: run perl script when
WIN32 assembly language files are created, add norunasm option
to just translate and not run the assembler.

10 years agoMake mkfiles.pl work with fipscanisteronly.
Dr. Stephen Henson [Tue, 22 Feb 2011 17:02:14 +0000 (17:02 +0000)]
Make mkfiles.pl work with fipscanisteronly.

10 years agoInclude ms directory for fips distribution.
Dr. Stephen Henson [Tue, 22 Feb 2011 16:48:30 +0000 (16:48 +0000)]
Include ms directory for fips distribution.

10 years agoMake fipscanisteronly work with WIN32 build system.
Dr. Stephen Henson [Tue, 22 Feb 2011 16:36:20 +0000 (16:36 +0000)]
Make fipscanisteronly work with WIN32 build system.

10 years agoAdd fips/ecdsa directory to mkfiles.pl
Dr. Stephen Henson [Tue, 22 Feb 2011 14:52:23 +0000 (14:52 +0000)]
Add fips/ecdsa directory to mkfiles.pl

10 years agoRemove duplicate test rule.
Dr. Stephen Henson [Tue, 22 Feb 2011 14:50:05 +0000 (14:50 +0000)]
Remove duplicate test rule.

10 years agoAdd modes_lcl.h to header list.
Dr. Stephen Henson [Tue, 22 Feb 2011 14:06:54 +0000 (14:06 +0000)]
Add modes_lcl.h to header list.

10 years agoRemoving debugging print.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:46:17 +0000 (12:46 +0000)]
Removing debugging print.

10 years agoDon't try and update c_rehash for fipscanisteronly builds.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:44:29 +0000 (12:44 +0000)]
Don't try and update c_rehash for fipscanisteronly builds.

10 years agoMake "make links" work in fipscanisteronly builds.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:34:46 +0000 (12:34 +0000)]
Make "make links" work in fipscanisteronly builds.

10 years agotypo
Dr. Stephen Henson [Mon, 21 Feb 2011 19:58:54 +0000 (19:58 +0000)]
typo

10 years agoInitial perl script to filter out unneeded files for a fips tarball.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:36:55 +0000 (19:36 +0000)]
Initial perl script to filter out unneeded files for a fips tarball.

10 years agoCall Makefile.fips when making a fips tarball.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:30:13 +0000 (19:30 +0000)]
Call Makefile.fips when making a fips tarball.

10 years agoRemove debugging option.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:29:48 +0000 (19:29 +0000)]
Remove debugging option.

10 years ago*** empty log message ***
Dr. Stephen Henson [Mon, 21 Feb 2011 18:14:59 +0000 (18:14 +0000)]
*** empty log message ***

10 years agoRemove unnecessary link directories.
Dr. Stephen Henson [Mon, 21 Feb 2011 18:07:28 +0000 (18:07 +0000)]
Remove unnecessary link directories.

10 years agoUpdate dependencies.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:51:59 +0000 (17:51 +0000)]
Update dependencies.

10 years agoCreate fips links even if not compiling in fips mode.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:45:45 +0000 (17:45 +0000)]
Create fips links even if not compiling in fips mode.

10 years agoRemove unnecessary dependencies.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:35:53 +0000 (17:35 +0000)]
Remove unnecessary dependencies.

10 years agoNeed to link additional directories for fipscanisteronly build.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:37:42 +0000 (16:37 +0000)]
Need to link additional directories for fipscanisteronly build.

10 years agox509v3.h header file not needed in fips algorithm test utilities.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:36:47 +0000 (16:36 +0000)]
x509v3.h header file not needed in fips algorithm test utilities.

10 years agotools and rehash not needed for fips build.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:00:21 +0000 (16:00 +0000)]
tools and rehash not needed for fips build.

10 years ago*** empty log message ***
Dr. Stephen Henson [Mon, 21 Feb 2011 15:15:58 +0000 (15:15 +0000)]
*** empty log message ***

10 years agoMake fipscanisteronly build only required files.
Dr. Stephen Henson [Mon, 21 Feb 2011 14:07:15 +0000 (14:07 +0000)]
Make fipscanisteronly build only required files.

10 years agoMove gcm128_context definition to modes_lcl.h (along with some related
Dr. Stephen Henson [Sat, 19 Feb 2011 22:16:52 +0000 (22:16 +0000)]
Move gcm128_context definition to modes_lcl.h (along with some related
definitions) so we can use it in EVP GCM code avoiding need to allocate
it.

10 years agoadd ECDSA POST
Dr. Stephen Henson [Fri, 18 Feb 2011 17:25:00 +0000 (17:25 +0000)]
add ECDSA POST

10 years agoAES GCM selftests.
Dr. Stephen Henson [Fri, 18 Feb 2011 17:09:33 +0000 (17:09 +0000)]
AES GCM selftests.

10 years agoMake -DOPENSSL_FIPSSYMS work for assembly language builds.
Dr. Stephen Henson [Thu, 17 Feb 2011 19:03:52 +0000 (19:03 +0000)]
Make -DOPENSSL_FIPSSYMS work for assembly language builds.

10 years agoExperimental perl script to edit assembly language source files,
Dr. Stephen Henson [Thu, 17 Feb 2011 18:08:59 +0000 (18:08 +0000)]
Experimental perl script to edit assembly language source files,
call the assembler, then restore original file.

This makes OPENSSL_FIPSSYMS work for assembly language builds.

10 years agoCorrect fipssyms.h for more assembly language symbols.
Dr. Stephen Henson [Thu, 17 Feb 2011 17:45:09 +0000 (17:45 +0000)]
Correct fipssyms.h for more assembly language symbols.

10 years agoUpdate auto generated comment.
Dr. Stephen Henson [Thu, 17 Feb 2011 15:35:43 +0000 (15:35 +0000)]
Update auto generated comment.

10 years agoRemove debugging command.
Dr. Stephen Henson [Thu, 17 Feb 2011 15:33:32 +0000 (15:33 +0000)]
Remove debugging command.

Reorder fipssyms.h to include assembly language symbols at the end.

10 years agoDon't need err library for Makefile.fips
Dr. Stephen Henson [Wed, 16 Feb 2011 18:07:57 +0000 (18:07 +0000)]
Don't need err library for Makefile.fips

10 years agoInclude openssl/crypto.h first in several other files so FIPS renaming
Dr. Stephen Henson [Wed, 16 Feb 2011 17:25:01 +0000 (17:25 +0000)]
Include openssl/crypto.h first in several other files so FIPS renaming
is picked up.

10 years agoExperimental FIPS symbol renaming.
Dr. Stephen Henson [Wed, 16 Feb 2011 14:49:50 +0000 (14:49 +0000)]
Experimental FIPS symbol renaming.

Fixups under fips/ to make symbol renaming work.

10 years agoExperimental symbol renaming to avoid clashes with regular OpenSSL.
Dr. Stephen Henson [Wed, 16 Feb 2011 14:40:06 +0000 (14:40 +0000)]
Experimental symbol renaming to avoid clashes with regular OpenSSL.

Make sure crypto.h is included first in any affected files.

10 years agoAdd pairwise consistency test to EC.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:58:28 +0000 (16:58 +0000)]
Add pairwise consistency test to EC.

10 years agoUse SHA-256 in fips_test_suite.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:58:06 +0000 (16:58 +0000)]
Use SHA-256 in fips_test_suite.

10 years agoUpdate pairwise consistency checks to use SHA-256.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:18:18 +0000 (16:18 +0000)]
Update pairwise consistency checks to use SHA-256.

10 years agoAdd non-FIPS algorithm blocking and selftest checking.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:03:47 +0000 (16:03 +0000)]
Add non-FIPS algorithm blocking and selftest checking.

10 years agoAdd FIPS flags to AES ciphers and SHA* digests.
Dr. Stephen Henson [Tue, 15 Feb 2011 15:57:54 +0000 (15:57 +0000)]
Add FIPS flags to AES ciphers and SHA* digests.

10 years agoIgnore final '\n' when checking if hex line length is odd.
Dr. Stephen Henson [Tue, 15 Feb 2011 15:56:13 +0000 (15:56 +0000)]
Ignore final '\n' when checking if hex line length is odd.

10 years agoAdd support for SigGen and KeyPair tests.
Dr. Stephen Henson [Tue, 15 Feb 2011 14:16:57 +0000 (14:16 +0000)]
Add support for SigGen and KeyPair tests.

10 years agoUpdate ECDSA test program to handle ECDSA2 format files.
Dr. Stephen Henson [Mon, 14 Feb 2011 19:42:49 +0000 (19:42 +0000)]
Update ECDSA test program to handle ECDSA2 format files.
Correctly handle hex strings with an odd number of digits.

10 years agoAdd .cvsignore.
Dr. Stephen Henson [Mon, 14 Feb 2011 17:28:28 +0000 (17:28 +0000)]
Add .cvsignore.

10 years agoAdd ECDSA functionality to fips module. Initial very incomplete version
Dr. Stephen Henson [Mon, 14 Feb 2011 17:14:55 +0000 (17:14 +0000)]
Add ECDSA functionality to fips module. Initial very incomplete version
of algorithm test program.

10 years agoInclude support for an add_lock callback to tiny FIPS locking API.
Dr. Stephen Henson [Mon, 14 Feb 2011 17:05:42 +0000 (17:05 +0000)]
Include support for an add_lock callback to tiny FIPS locking API.

10 years agoDon't use FIPS api for ec2_oct.c
Dr. Stephen Henson [Mon, 14 Feb 2011 16:55:28 +0000 (16:55 +0000)]
Don't use FIPS api for ec2_oct.c

10 years agoReorganise ECC code for inclusion in FIPS module.
Dr. Stephen Henson [Mon, 14 Feb 2011 16:52:12 +0000 (16:52 +0000)]
Reorganise ECC code for inclusion in FIPS module.

Move compression, point2oct and oct2point functions into separate files.

Add a flags field to EC_METHOD.

Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct
functions (all existing methods do this). This removes dependencies from
EC_METHOD while keeping original functionality.

10 years agoUse BN_nist_mod_func to avoid need to peek error queue.
Dr. Stephen Henson [Mon, 14 Feb 2011 16:45:28 +0000 (16:45 +0000)]
Use BN_nist_mod_func to avoid need to peek error queue.

10 years agoNew function BN_nist_mod_func which returns an appropriate function
Dr. Stephen Henson [Mon, 14 Feb 2011 16:44:29 +0000 (16:44 +0000)]
New function BN_nist_mod_func which returns an appropriate function
if the passed prime is a NIST prime.

10 years agoRemove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new
Dr. Stephen Henson [Sun, 13 Feb 2011 18:45:41 +0000 (18:45 +0000)]
Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.

10 years agoChange FIPS source and utilities to use the "FIPS_" names directly
Dr. Stephen Henson [Sat, 12 Feb 2011 18:25:18 +0000 (18:25 +0000)]
Change FIPS source and utilities to use the "FIPS_" names directly
instead of using regular OpenSSL API names.

10 years agoMake no-ec2m work on Win32 build. Add nexprotoneg support too.
Dr. Stephen Henson [Sat, 12 Feb 2011 17:38:40 +0000 (17:38 +0000)]
Make no-ec2m work on Win32 build. Add nexprotoneg support too.

10 years agoDisable some functions in headers with no-ec2m
Dr. Stephen Henson [Sat, 12 Feb 2011 17:38:06 +0000 (17:38 +0000)]
Disable some functions in headers with no-ec2m

10 years agoNew option to disable characteristic two fields in EC code.
Dr. Stephen Henson [Sat, 12 Feb 2011 17:23:32 +0000 (17:23 +0000)]
New option to disable characteristic two fields in EC code.

10 years agodso_dlfcn.c: make it work on Tru64 4.0.
Andy Polyakov [Sat, 12 Feb 2011 16:43:41 +0000 (16:43 +0000)]
dso_dlfcn.c: make it work on Tru64 4.0.
PR: 2316

10 years agoConfigure: engage assembler in Android target.
Andy Polyakov [Sat, 12 Feb 2011 16:13:59 +0000 (16:13 +0000)]
Configure: engage assembler in Android target.

10 years agogcm128.c: make it work with no-sse2.
Andy Polyakov [Sat, 12 Feb 2011 11:47:55 +0000 (11:47 +0000)]
gcm128.c: make it work with no-sse2.

10 years agoAdd Makefile.fips.
Dr. Stephen Henson [Fri, 11 Feb 2011 20:56:24 +0000 (20:56 +0000)]
Add Makefile.fips.

10 years agoNew "fispcanisteronly" build option: only build fipscanister.o and
Dr. Stephen Henson [Fri, 11 Feb 2011 19:02:34 +0000 (19:02 +0000)]
New "fispcanisteronly" build option: only build fipscanister.o and
associated utilities. This functionality will be used by the validated
tarball.

10 years agoMake Windows build work with GCM.
Dr. Stephen Henson [Fri, 11 Feb 2011 16:49:01 +0000 (16:49 +0000)]
Make Windows build work with GCM.

10 years agoIn FIPS mode only use "Generation by Testing Candidates" equivalent.
Dr. Stephen Henson [Fri, 11 Feb 2011 15:19:54 +0000 (15:19 +0000)]
In FIPS mode only use "Generation by Testing Candidates" equivalent.

10 years agoReturn security strength for supported DSA parameters: will be used
Dr. Stephen Henson [Fri, 11 Feb 2011 14:38:39 +0000 (14:38 +0000)]
Return security strength for supported DSA parameters: will be used
later.

10 years agoFree keys if DSA pairwise error.
Dr. Stephen Henson [Fri, 11 Feb 2011 14:21:01 +0000 (14:21 +0000)]
Free keys if DSA pairwise error.

10 years agox86gas.pl: make data_short work on legacy systems.
Andy Polyakov [Thu, 10 Feb 2011 21:24:24 +0000 (21:24 +0000)]
x86gas.pl: make data_short work on legacy systems.

10 years agoxts128.c: initial draft.
Andy Polyakov [Thu, 10 Feb 2011 21:16:21 +0000 (21:16 +0000)]
xts128.c: initial draft.

10 years agoDisable FIPS restrictions when doing GCM testing.
Dr. Stephen Henson [Thu, 10 Feb 2011 01:46:25 +0000 (01:46 +0000)]
Disable FIPS restrictions when doing GCM testing.

10 years agoAdd GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest.
Dr. Stephen Henson [Wed, 9 Feb 2011 16:21:43 +0000 (16:21 +0000)]
Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest.

10 years agoccm128.c: initialize ctx->block (what I was smoking?).
Andy Polyakov [Tue, 8 Feb 2011 23:08:02 +0000 (23:08 +0000)]
ccm128.c: initialize ctx->block (what I was smoking?).

10 years agoccm128.c: initial draft.
Andy Polyakov [Tue, 8 Feb 2011 23:02:45 +0000 (23:02 +0000)]
ccm128.c: initial draft.

10 years agoEqually experimental encrypt side for fips_gcmtest. Currently this uses IVs
Dr. Stephen Henson [Tue, 8 Feb 2011 19:25:24 +0000 (19:25 +0000)]
Equally experimental encrypt side for fips_gcmtest. Currently this uses IVs
in the request file need to update it to generate IVs once we have an IV
generator in place.

10 years agoSync with 1.0.1 branch.
Bodo Möller [Tue, 8 Feb 2011 19:09:08 +0000 (19:09 +0000)]
Sync with 1.0.1 branch.
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)

10 years agoSet values to NULL after freeing them.
Dr. Stephen Henson [Tue, 8 Feb 2011 18:25:57 +0000 (18:25 +0000)]
Set values to NULL after freeing them.

10 years agoExperimental incomplete AES GCM algorithm test program.
Dr. Stephen Henson [Tue, 8 Feb 2011 18:15:59 +0000 (18:15 +0000)]
Experimental incomplete AES GCM algorithm test program.

10 years agoOCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
Bodo Möller [Tue, 8 Feb 2011 17:48:57 +0000 (17:48 +0000)]
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)

Submitted by: Neel Mehta, Adam Langley, Bodo Moeller

10 years agoLink GCM into FIPS module. Check return value in EVP gcm.
Dr. Stephen Henson [Tue, 8 Feb 2011 15:10:42 +0000 (15:10 +0000)]
Link GCM into FIPS module. Check return value in EVP gcm.

10 years agoSynchronize with 1.0.0 branch
Bodo Möller [Tue, 8 Feb 2011 08:48:51 +0000 (08:48 +0000)]
Synchronize with 1.0.0 branch

10 years agogcm128.c: add boundary condition checks.
Andy Polyakov [Mon, 7 Feb 2011 19:11:13 +0000 (19:11 +0000)]
gcm128.c: add boundary condition checks.

10 years agoInitial *very* experimental EVP support for AES-GCM. Note: probably very
Dr. Stephen Henson [Mon, 7 Feb 2011 18:16:33 +0000 (18:16 +0000)]
Initial *very* experimental EVP support for AES-GCM. Note: probably very
broken and subject to change.