openssl.git
8 years agoFix warnings: signed/unisgned comparison, shadowing (in some cases global
Dr. Stephen Henson [Sat, 12 Mar 2011 17:27:03 +0000 (17:27 +0000)]
Fix warnings: signed/unisgned comparison, shadowing (in some cases global
functions such as rand() ).

8 years agoRemove redundant check to stop compiler warning.
Dr. Stephen Henson [Sat, 12 Mar 2011 17:06:35 +0000 (17:06 +0000)]
Remove redundant check to stop compiler warning.

8 years agoNote SRP support.
Ben Laurie [Sat, 12 Mar 2011 17:04:07 +0000 (17:04 +0000)]
Note SRP support.

8 years agoAdd SRP support.
Ben Laurie [Sat, 12 Mar 2011 17:01:19 +0000 (17:01 +0000)]
Add SRP support.

8 years agoFix warning.
Ben Laurie [Sat, 12 Mar 2011 13:55:24 +0000 (13:55 +0000)]
Fix warning.

8 years agoCheck requested security strength in DRBG. Add function to retrieve the
Dr. Stephen Henson [Fri, 11 Mar 2011 17:42:11 +0000 (17:42 +0000)]
Check requested security strength in DRBG. Add function to retrieve the
security strength.

8 years agomake no-dsa work again
Dr. Stephen Henson [Thu, 10 Mar 2011 18:26:50 +0000 (18:26 +0000)]
make no-dsa work again

8 years agoUpdate status.
Dr. Stephen Henson [Thu, 10 Mar 2011 14:01:34 +0000 (14:01 +0000)]
Update status.

8 years agoMake no-ec2m work again.
Dr. Stephen Henson [Thu, 10 Mar 2011 01:00:30 +0000 (01:00 +0000)]
Make no-ec2m work again.

8 years agoAdd a few more symbol renames.
Dr. Stephen Henson [Wed, 9 Mar 2011 23:53:41 +0000 (23:53 +0000)]
Add a few more symbol renames.

8 years agoAdd ECDH to validated module.
Dr. Stephen Henson [Wed, 9 Mar 2011 23:44:06 +0000 (23:44 +0000)]
Add ECDH to validated module.

8 years agoEnter FIPS mode in fips_dhvs. Support file I/O in fips_ecdsavs.
Dr. Stephen Henson [Wed, 9 Mar 2011 14:55:10 +0000 (14:55 +0000)]
Enter FIPS mode in fips_dhvs. Support file I/O in fips_ecdsavs.

8 years agoUpdate fips_dhvs to handle functional test by generating keys.
Dr. Stephen Henson [Wed, 9 Mar 2011 14:39:54 +0000 (14:39 +0000)]
Update fips_dhvs to handle functional test by generating keys.

8 years agoUpdate .cvsignore
Dr. Stephen Henson [Wed, 9 Mar 2011 14:35:31 +0000 (14:35 +0000)]
Update .cvsignore

8 years agoTypo.
Dr. Stephen Henson [Tue, 8 Mar 2011 21:29:07 +0000 (21:29 +0000)]
Typo.

8 years agoNew initial DH algorithm test driver.
Dr. Stephen Henson [Tue, 8 Mar 2011 19:10:17 +0000 (19:10 +0000)]
New initial DH algorithm test driver.

8 years agoNew SP 800-56A compliant version of DH_compute_key().
Dr. Stephen Henson [Tue, 8 Mar 2011 19:07:26 +0000 (19:07 +0000)]
New SP 800-56A compliant version of DH_compute_key().

8 years agoAdd meaningful error codes to DRBG.
Dr. Stephen Henson [Tue, 8 Mar 2011 14:16:30 +0000 (14:16 +0000)]
Add meaningful error codes to DRBG.

8 years agoAdd file I/O to fips_drbgvs program.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:51:34 +0000 (13:51 +0000)]
Add file I/O to fips_drbgvs program.

8 years agoSupport I/O with files in new fips_gcmtest program.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:42:21 +0000 (13:42 +0000)]
Support I/O with files in new fips_gcmtest program.

8 years agoRemove redirection from fipsalgtest.pl script.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:29:46 +0000 (13:29 +0000)]
Remove redirection from fipsalgtest.pl script.

8 years agoRemove need for redirection on RNG and DSS algorithm test programs: some
Dr. Stephen Henson [Tue, 8 Mar 2011 13:27:29 +0000 (13:27 +0000)]
Remove need for redirection on RNG and DSS algorithm test programs: some
platforms don't support it.

8 years agoUninstantiate and free functions for DRBG.
Dr. Stephen Henson [Mon, 7 Mar 2011 16:51:17 +0000 (16:51 +0000)]
Uninstantiate and free functions for DRBG.

8 years agoFix couple of bugs in CTR DRBG implementation.
Dr. Stephen Henson [Sun, 6 Mar 2011 13:10:37 +0000 (13:10 +0000)]
Fix couple of bugs in CTR DRBG implementation.

8 years agoUpdates to DRBG: fix bugs in infrastructure. Add initial experimental
Dr. Stephen Henson [Sun, 6 Mar 2011 12:35:09 +0000 (12:35 +0000)]
Updates to DRBG: fix bugs in infrastructure. Add initial experimental
algorithm test generator.

8 years agoInitial, provisional, subject to wholesale change, untested, probably
Dr. Stephen Henson [Fri, 4 Mar 2011 18:00:21 +0000 (18:00 +0000)]
Initial, provisional, subject to wholesale change, untested, probably
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.

Did I say this was untested?

8 years agoia64-mont.pl: optimize short-key performance.
Andy Polyakov [Fri, 4 Mar 2011 13:27:29 +0000 (13:27 +0000)]
ia64-mont.pl: optimize short-key performance.

8 years agoghash-x86.pl: optimize for Sandy Bridge.
Andy Polyakov [Fri, 4 Mar 2011 13:21:41 +0000 (13:21 +0000)]
ghash-x86.pl: optimize for Sandy Bridge.

8 years agoxts128.c: minor optimization.
Andy Polyakov [Fri, 4 Mar 2011 13:17:19 +0000 (13:17 +0000)]
xts128.c: minor optimization.

8 years agos390x assembler pack: tune-up and support for new z196 hardware.
Andy Polyakov [Fri, 4 Mar 2011 13:09:16 +0000 (13:09 +0000)]
s390x assembler pack: tune-up and support for new z196 hardware.

8 years agoUpdate status information.
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:50 +0000 (16:06 +0000)]
Update status information.

8 years agoStop warnings.
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:33 +0000 (16:06 +0000)]
Stop warnings.

8 years agoUse more portable options when making links in Makefile.fips
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:07 +0000 (16:06 +0000)]
Use more portable options when making links in Makefile.fips

8 years agoAdd DllMain to fips symbols: will need to call this in FIPS capable OpenSSL.
Dr. Stephen Henson [Wed, 23 Feb 2011 15:16:12 +0000 (15:16 +0000)]
Add DllMain to fips symbols: will need to call this in FIPS capable OpenSSL.

8 years agoAdd new symbols to fipssyms.h
Dr. Stephen Henson [Wed, 23 Feb 2011 15:04:06 +0000 (15:04 +0000)]
Add new symbols to fipssyms.h

8 years agoMake -DOPENSSL_FIPSSYMS work under WIN32: run perl script when
Dr. Stephen Henson [Wed, 23 Feb 2011 15:03:43 +0000 (15:03 +0000)]
Make -DOPENSSL_FIPSSYMS work under WIN32: run perl script when
WIN32 assembly language files are created, add norunasm option
to just translate and not run the assembler.

8 years agoMake mkfiles.pl work with fipscanisteronly.
Dr. Stephen Henson [Tue, 22 Feb 2011 17:02:14 +0000 (17:02 +0000)]
Make mkfiles.pl work with fipscanisteronly.

8 years agoInclude ms directory for fips distribution.
Dr. Stephen Henson [Tue, 22 Feb 2011 16:48:30 +0000 (16:48 +0000)]
Include ms directory for fips distribution.

8 years agoMake fipscanisteronly work with WIN32 build system.
Dr. Stephen Henson [Tue, 22 Feb 2011 16:36:20 +0000 (16:36 +0000)]
Make fipscanisteronly work with WIN32 build system.

8 years agoAdd fips/ecdsa directory to mkfiles.pl
Dr. Stephen Henson [Tue, 22 Feb 2011 14:52:23 +0000 (14:52 +0000)]
Add fips/ecdsa directory to mkfiles.pl

8 years agoRemove duplicate test rule.
Dr. Stephen Henson [Tue, 22 Feb 2011 14:50:05 +0000 (14:50 +0000)]
Remove duplicate test rule.

8 years agoAdd modes_lcl.h to header list.
Dr. Stephen Henson [Tue, 22 Feb 2011 14:06:54 +0000 (14:06 +0000)]
Add modes_lcl.h to header list.

8 years agoRemoving debugging print.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:46:17 +0000 (12:46 +0000)]
Removing debugging print.

8 years agoDon't try and update c_rehash for fipscanisteronly builds.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:44:29 +0000 (12:44 +0000)]
Don't try and update c_rehash for fipscanisteronly builds.

8 years agoMake "make links" work in fipscanisteronly builds.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:34:46 +0000 (12:34 +0000)]
Make "make links" work in fipscanisteronly builds.

8 years agotypo
Dr. Stephen Henson [Mon, 21 Feb 2011 19:58:54 +0000 (19:58 +0000)]
typo

8 years agoInitial perl script to filter out unneeded files for a fips tarball.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:36:55 +0000 (19:36 +0000)]
Initial perl script to filter out unneeded files for a fips tarball.

8 years agoCall Makefile.fips when making a fips tarball.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:30:13 +0000 (19:30 +0000)]
Call Makefile.fips when making a fips tarball.

8 years agoRemove debugging option.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:29:48 +0000 (19:29 +0000)]
Remove debugging option.

8 years ago*** empty log message ***
Dr. Stephen Henson [Mon, 21 Feb 2011 18:14:59 +0000 (18:14 +0000)]
*** empty log message ***

8 years agoRemove unnecessary link directories.
Dr. Stephen Henson [Mon, 21 Feb 2011 18:07:28 +0000 (18:07 +0000)]
Remove unnecessary link directories.

8 years agoUpdate dependencies.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:51:59 +0000 (17:51 +0000)]
Update dependencies.

8 years agoCreate fips links even if not compiling in fips mode.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:45:45 +0000 (17:45 +0000)]
Create fips links even if not compiling in fips mode.

8 years agoRemove unnecessary dependencies.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:35:53 +0000 (17:35 +0000)]
Remove unnecessary dependencies.

8 years agoNeed to link additional directories for fipscanisteronly build.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:37:42 +0000 (16:37 +0000)]
Need to link additional directories for fipscanisteronly build.

8 years agox509v3.h header file not needed in fips algorithm test utilities.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:36:47 +0000 (16:36 +0000)]
x509v3.h header file not needed in fips algorithm test utilities.

8 years agotools and rehash not needed for fips build.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:00:21 +0000 (16:00 +0000)]
tools and rehash not needed for fips build.

8 years ago*** empty log message ***
Dr. Stephen Henson [Mon, 21 Feb 2011 15:15:58 +0000 (15:15 +0000)]
*** empty log message ***

8 years agoMake fipscanisteronly build only required files.
Dr. Stephen Henson [Mon, 21 Feb 2011 14:07:15 +0000 (14:07 +0000)]
Make fipscanisteronly build only required files.

8 years agoMove gcm128_context definition to modes_lcl.h (along with some related
Dr. Stephen Henson [Sat, 19 Feb 2011 22:16:52 +0000 (22:16 +0000)]
Move gcm128_context definition to modes_lcl.h (along with some related
definitions) so we can use it in EVP GCM code avoiding need to allocate
it.

8 years agoadd ECDSA POST
Dr. Stephen Henson [Fri, 18 Feb 2011 17:25:00 +0000 (17:25 +0000)]
add ECDSA POST

8 years agoAES GCM selftests.
Dr. Stephen Henson [Fri, 18 Feb 2011 17:09:33 +0000 (17:09 +0000)]
AES GCM selftests.

8 years agoMake -DOPENSSL_FIPSSYMS work for assembly language builds.
Dr. Stephen Henson [Thu, 17 Feb 2011 19:03:52 +0000 (19:03 +0000)]
Make -DOPENSSL_FIPSSYMS work for assembly language builds.

8 years agoExperimental perl script to edit assembly language source files,
Dr. Stephen Henson [Thu, 17 Feb 2011 18:08:59 +0000 (18:08 +0000)]
Experimental perl script to edit assembly language source files,
call the assembler, then restore original file.

This makes OPENSSL_FIPSSYMS work for assembly language builds.

8 years agoCorrect fipssyms.h for more assembly language symbols.
Dr. Stephen Henson [Thu, 17 Feb 2011 17:45:09 +0000 (17:45 +0000)]
Correct fipssyms.h for more assembly language symbols.

8 years agoUpdate auto generated comment.
Dr. Stephen Henson [Thu, 17 Feb 2011 15:35:43 +0000 (15:35 +0000)]
Update auto generated comment.

8 years agoRemove debugging command.
Dr. Stephen Henson [Thu, 17 Feb 2011 15:33:32 +0000 (15:33 +0000)]
Remove debugging command.

Reorder fipssyms.h to include assembly language symbols at the end.

8 years agoDon't need err library for Makefile.fips
Dr. Stephen Henson [Wed, 16 Feb 2011 18:07:57 +0000 (18:07 +0000)]
Don't need err library for Makefile.fips

8 years agoInclude openssl/crypto.h first in several other files so FIPS renaming
Dr. Stephen Henson [Wed, 16 Feb 2011 17:25:01 +0000 (17:25 +0000)]
Include openssl/crypto.h first in several other files so FIPS renaming
is picked up.

8 years agoExperimental FIPS symbol renaming.
Dr. Stephen Henson [Wed, 16 Feb 2011 14:49:50 +0000 (14:49 +0000)]
Experimental FIPS symbol renaming.

Fixups under fips/ to make symbol renaming work.

8 years agoExperimental symbol renaming to avoid clashes with regular OpenSSL.
Dr. Stephen Henson [Wed, 16 Feb 2011 14:40:06 +0000 (14:40 +0000)]
Experimental symbol renaming to avoid clashes with regular OpenSSL.

Make sure crypto.h is included first in any affected files.

8 years agoAdd pairwise consistency test to EC.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:58:28 +0000 (16:58 +0000)]
Add pairwise consistency test to EC.

8 years agoUse SHA-256 in fips_test_suite.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:58:06 +0000 (16:58 +0000)]
Use SHA-256 in fips_test_suite.

8 years agoUpdate pairwise consistency checks to use SHA-256.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:18:18 +0000 (16:18 +0000)]
Update pairwise consistency checks to use SHA-256.

8 years agoAdd non-FIPS algorithm blocking and selftest checking.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:03:47 +0000 (16:03 +0000)]
Add non-FIPS algorithm blocking and selftest checking.

8 years agoAdd FIPS flags to AES ciphers and SHA* digests.
Dr. Stephen Henson [Tue, 15 Feb 2011 15:57:54 +0000 (15:57 +0000)]
Add FIPS flags to AES ciphers and SHA* digests.

8 years agoIgnore final '\n' when checking if hex line length is odd.
Dr. Stephen Henson [Tue, 15 Feb 2011 15:56:13 +0000 (15:56 +0000)]
Ignore final '\n' when checking if hex line length is odd.

8 years agoAdd support for SigGen and KeyPair tests.
Dr. Stephen Henson [Tue, 15 Feb 2011 14:16:57 +0000 (14:16 +0000)]
Add support for SigGen and KeyPair tests.

8 years agoUpdate ECDSA test program to handle ECDSA2 format files.
Dr. Stephen Henson [Mon, 14 Feb 2011 19:42:49 +0000 (19:42 +0000)]
Update ECDSA test program to handle ECDSA2 format files.
Correctly handle hex strings with an odd number of digits.

8 years agoAdd .cvsignore.
Dr. Stephen Henson [Mon, 14 Feb 2011 17:28:28 +0000 (17:28 +0000)]
Add .cvsignore.

8 years agoAdd ECDSA functionality to fips module. Initial very incomplete version
Dr. Stephen Henson [Mon, 14 Feb 2011 17:14:55 +0000 (17:14 +0000)]
Add ECDSA functionality to fips module. Initial very incomplete version
of algorithm test program.

8 years agoInclude support for an add_lock callback to tiny FIPS locking API.
Dr. Stephen Henson [Mon, 14 Feb 2011 17:05:42 +0000 (17:05 +0000)]
Include support for an add_lock callback to tiny FIPS locking API.

8 years agoDon't use FIPS api for ec2_oct.c
Dr. Stephen Henson [Mon, 14 Feb 2011 16:55:28 +0000 (16:55 +0000)]
Don't use FIPS api for ec2_oct.c

8 years agoReorganise ECC code for inclusion in FIPS module.
Dr. Stephen Henson [Mon, 14 Feb 2011 16:52:12 +0000 (16:52 +0000)]
Reorganise ECC code for inclusion in FIPS module.

Move compression, point2oct and oct2point functions into separate files.

Add a flags field to EC_METHOD.

Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct
functions (all existing methods do this). This removes dependencies from
EC_METHOD while keeping original functionality.

8 years agoUse BN_nist_mod_func to avoid need to peek error queue.
Dr. Stephen Henson [Mon, 14 Feb 2011 16:45:28 +0000 (16:45 +0000)]
Use BN_nist_mod_func to avoid need to peek error queue.

8 years agoNew function BN_nist_mod_func which returns an appropriate function
Dr. Stephen Henson [Mon, 14 Feb 2011 16:44:29 +0000 (16:44 +0000)]
New function BN_nist_mod_func which returns an appropriate function
if the passed prime is a NIST prime.

8 years agoRemove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new
Dr. Stephen Henson [Sun, 13 Feb 2011 18:45:41 +0000 (18:45 +0000)]
Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.

8 years agoChange FIPS source and utilities to use the "FIPS_" names directly
Dr. Stephen Henson [Sat, 12 Feb 2011 18:25:18 +0000 (18:25 +0000)]
Change FIPS source and utilities to use the "FIPS_" names directly
instead of using regular OpenSSL API names.

8 years agoMake no-ec2m work on Win32 build. Add nexprotoneg support too.
Dr. Stephen Henson [Sat, 12 Feb 2011 17:38:40 +0000 (17:38 +0000)]
Make no-ec2m work on Win32 build. Add nexprotoneg support too.

8 years agoDisable some functions in headers with no-ec2m
Dr. Stephen Henson [Sat, 12 Feb 2011 17:38:06 +0000 (17:38 +0000)]
Disable some functions in headers with no-ec2m

8 years agoNew option to disable characteristic two fields in EC code.
Dr. Stephen Henson [Sat, 12 Feb 2011 17:23:32 +0000 (17:23 +0000)]
New option to disable characteristic two fields in EC code.

8 years agodso_dlfcn.c: make it work on Tru64 4.0.
Andy Polyakov [Sat, 12 Feb 2011 16:43:41 +0000 (16:43 +0000)]
dso_dlfcn.c: make it work on Tru64 4.0.
PR: 2316

8 years agoConfigure: engage assembler in Android target.
Andy Polyakov [Sat, 12 Feb 2011 16:13:59 +0000 (16:13 +0000)]
Configure: engage assembler in Android target.

8 years agogcm128.c: make it work with no-sse2.
Andy Polyakov [Sat, 12 Feb 2011 11:47:55 +0000 (11:47 +0000)]
gcm128.c: make it work with no-sse2.

8 years agoAdd Makefile.fips.
Dr. Stephen Henson [Fri, 11 Feb 2011 20:56:24 +0000 (20:56 +0000)]
Add Makefile.fips.

8 years agoNew "fispcanisteronly" build option: only build fipscanister.o and
Dr. Stephen Henson [Fri, 11 Feb 2011 19:02:34 +0000 (19:02 +0000)]
New "fispcanisteronly" build option: only build fipscanister.o and
associated utilities. This functionality will be used by the validated
tarball.

8 years agoMake Windows build work with GCM.
Dr. Stephen Henson [Fri, 11 Feb 2011 16:49:01 +0000 (16:49 +0000)]
Make Windows build work with GCM.

8 years agoIn FIPS mode only use "Generation by Testing Candidates" equivalent.
Dr. Stephen Henson [Fri, 11 Feb 2011 15:19:54 +0000 (15:19 +0000)]
In FIPS mode only use "Generation by Testing Candidates" equivalent.

8 years agoReturn security strength for supported DSA parameters: will be used
Dr. Stephen Henson [Fri, 11 Feb 2011 14:38:39 +0000 (14:38 +0000)]
Return security strength for supported DSA parameters: will be used
later.

8 years agoFree keys if DSA pairwise error.
Dr. Stephen Henson [Fri, 11 Feb 2011 14:21:01 +0000 (14:21 +0000)]
Free keys if DSA pairwise error.