openssl.git
8 years agoAdd "OPENSSL_FIPSCAPABLE" define for a version of OpenSSL which is
Dr. Stephen Henson [Fri, 3 Jun 2011 16:26:58 +0000 (16:26 +0000)]
Add "OPENSSL_FIPSCAPABLE" define for a version of OpenSSL which is
FIPS capable: i.e. FIPS module is supplied externally.

8 years agoConstify RSA signature buffer.
Dr. Stephen Henson [Fri, 3 Jun 2011 12:38:18 +0000 (12:38 +0000)]
Constify RSA signature buffer.

8 years agoTypo.
Dr. Stephen Henson [Thu, 2 Jun 2011 18:20:55 +0000 (18:20 +0000)]
Typo.

8 years agoRemove FIPS RSA functions from crypto/rsa.
Dr. Stephen Henson [Thu, 2 Jun 2011 17:52:39 +0000 (17:52 +0000)]
Remove FIPS RSA functions from crypto/rsa.

8 years agoMove FIPS RSA function definitions to fips.h
Dr. Stephen Henson [Thu, 2 Jun 2011 17:30:22 +0000 (17:30 +0000)]
Move FIPS RSA function definitions to fips.h

New function to lookup digests by NID in module.

Minor optimisation: if supplied hash is NULL to FIPS RSA functions and
we are using PKCS padding get digest NID from otherwise unused saltlen
parameter instead.

8 years agoSimple automated certificate creation demo.
Dr. Stephen Henson [Wed, 1 Jun 2011 18:36:49 +0000 (18:36 +0000)]
Simple automated certificate creation demo.

8 years agoClone digest prototypes.
Dr. Stephen Henson [Wed, 1 Jun 2011 14:18:28 +0000 (14:18 +0000)]
Clone digest prototypes.

8 years agoAdd DSA and ECDSA "clone digests" to module for compatibility with old
Dr. Stephen Henson [Wed, 1 Jun 2011 14:07:32 +0000 (14:07 +0000)]
Add DSA and ECDSA "clone digests" to module for compatibility with old
applications.

8 years agotypo
Dr. Stephen Henson [Wed, 1 Jun 2011 11:10:35 +0000 (11:10 +0000)]
typo

8 years agoset FIPS permitted flag before initalising digest
Dr. Stephen Henson [Tue, 31 May 2011 16:24:19 +0000 (16:24 +0000)]
set FIPS permitted flag before initalising digest

8 years agoFake CPU caps so fips_standalone_sha1 compiles.
Dr. Stephen Henson [Tue, 31 May 2011 16:22:21 +0000 (16:22 +0000)]
Fake CPU caps so fips_standalone_sha1 compiles.

Initialise update function for bad digest inits.

8 years agoDon't round up partitioned premaster secret length if there is only one
Dr. Stephen Henson [Tue, 31 May 2011 10:34:43 +0000 (10:34 +0000)]
Don't round up partitioned premaster secret length if there is only one
digest in use: this caused the PRF to fail for an odd premaster secret
length.

8 years agoOutput supported curves in preference order instead of numerically.
Dr. Stephen Henson [Mon, 30 May 2011 17:58:13 +0000 (17:58 +0000)]
Output supported curves in preference order instead of numerically.

8 years agoe_aes.c: fix typo.
Andy Polyakov [Mon, 30 May 2011 10:13:42 +0000 (10:13 +0000)]
e_aes.c: fix typo.

8 years agoe_aes.c: fix aes_cfb1_cipher.
Andy Polyakov [Mon, 30 May 2011 10:10:05 +0000 (10:10 +0000)]
e_aes.c: fix aes_cfb1_cipher.

8 years agoe_aes.c: integrate AESNI directly into EVP.
Andy Polyakov [Mon, 30 May 2011 09:16:01 +0000 (09:16 +0000)]
e_aes.c: integrate AESNI directly into EVP.

8 years agoaesni-x86[_64].pl: relax alignment requirement.
Andy Polyakov [Mon, 30 May 2011 09:15:16 +0000 (09:15 +0000)]
aesni-x86[_64].pl: relax alignment requirement.

8 years agoAdd more cipher prototypes.
Dr. Stephen Henson [Sun, 29 May 2011 16:16:55 +0000 (16:16 +0000)]
Add more cipher prototypes.

8 years agoPrototypes for more FIPS functions for use in FIPS capable OpenSSL.
Dr. Stephen Henson [Sun, 29 May 2011 15:56:23 +0000 (15:56 +0000)]
Prototypes for more FIPS functions for use in FIPS capable OpenSSL.

8 years agoVarious mingw64 fixes.
Andy Polyakov [Sun, 29 May 2011 13:51:14 +0000 (13:51 +0000)]
Various mingw64 fixes.

8 years agosha1-586|x86_64.pl: minor portability fix.
Andy Polyakov [Sun, 29 May 2011 13:48:57 +0000 (13:48 +0000)]
sha1-586|x86_64.pl: minor portability fix.

8 years agox86cpuid.pl: last commit broke platforms with perl with 64-bit integer.
Andy Polyakov [Sun, 29 May 2011 12:50:02 +0000 (12:50 +0000)]
x86cpuid.pl: last commit broke platforms with perl with 64-bit integer.

8 years agosha1-586|x86_64.pl: add SSSE3 and AVX code paths.
Andy Polyakov [Sun, 29 May 2011 12:39:48 +0000 (12:39 +0000)]
sha1-586|x86_64.pl: add SSSE3 and AVX code paths.

8 years agoAdd FIPS_digestinit prototype for FIPS capable OpenSSL.
Dr. Stephen Henson [Sat, 28 May 2011 23:02:23 +0000 (23:02 +0000)]
Add FIPS_digestinit prototype for FIPS capable OpenSSL.

8 years agoAdd prototypes for FIPS EVP implementations: for use in FIPS capable
Dr. Stephen Henson [Sat, 28 May 2011 21:03:31 +0000 (21:03 +0000)]
Add prototypes for FIPS EVP implementations: for use in FIPS capable
OpenSSL.

8 years agoaes-ppc.pl: handle unaligned data on page boundaries.
Andy Polyakov [Sat, 28 May 2011 09:41:36 +0000 (09:41 +0000)]
aes-ppc.pl: handle unaligned data on page boundaries.

8 years agoRename many internal only module functions from FIPS_* to fips_*.
Dr. Stephen Henson [Fri, 27 May 2011 21:11:54 +0000 (21:11 +0000)]
Rename many internal only module functions from FIPS_* to fips_*.

8 years agorc4-x86_64.pl: fix due credit.
Andy Polyakov [Fri, 27 May 2011 18:58:37 +0000 (18:58 +0000)]
rc4-x86_64.pl: fix due credit.

8 years agorc4-x86_64.pl: RC4_options fix-up.
Andy Polyakov [Fri, 27 May 2011 16:15:12 +0000 (16:15 +0000)]
rc4-x86_64.pl: RC4_options fix-up.

8 years agox86[_64]cpuid.pl: harmonize usage of reserved bits #20 and #30.
Andy Polyakov [Fri, 27 May 2011 15:32:43 +0000 (15:32 +0000)]
x86[_64]cpuid.pl: harmonize usage of reserved bits #20 and #30.

8 years agoPPC assembler pack: adhere closer to ABI specs, add PowerOpen traceback data.
Andy Polyakov [Fri, 27 May 2011 13:32:34 +0000 (13:32 +0000)]
PPC assembler pack: adhere closer to ABI specs, add PowerOpen traceback data.

8 years agorc4-x86_64.pl: major optimization for contemporary Intel CPUs.
Andy Polyakov [Fri, 27 May 2011 09:51:09 +0000 (09:51 +0000)]
rc4-x86_64.pl: major optimization for contemporary Intel CPUs.

8 years agorc4-586.pl: optimize even further...
Andy Polyakov [Fri, 27 May 2011 09:46:19 +0000 (09:46 +0000)]
rc4-586.pl: optimize even further...

8 years agoTypo.
Dr. Stephen Henson [Thu, 26 May 2011 22:01:49 +0000 (22:01 +0000)]
Typo.

8 years agoUse FIPSLD_LIBCRYPTO for consistency with other env variables in fipsld.
Dr. Stephen Henson [Thu, 26 May 2011 21:20:14 +0000 (21:20 +0000)]
Use FIPSLD_LIBCRYPTO for consistency with other env variables in fipsld.
Use current directory for fips_premain_dso

8 years agoIn fipsld use FIPSLIBCRYPTO environment variable to specify an alternative
Dr. Stephen Henson [Thu, 26 May 2011 21:15:45 +0000 (21:15 +0000)]
In fipsld use FIPSLIBCRYPTO environment variable to specify an alternative
location for libcrypto.a, support shared library builds in different
source tree.

8 years agoInstall fips_standalone_sha1 and make use of it in fipsld script.
Dr. Stephen Henson [Thu, 26 May 2011 13:59:11 +0000 (13:59 +0000)]
Install fips_standalone_sha1 and make use of it in fipsld script.

8 years agox86_64cpuid.pl: get AVX masking right.
Andy Polyakov [Thu, 26 May 2011 13:16:26 +0000 (13:16 +0000)]
x86_64cpuid.pl: get AVX masking right.

8 years agoOnly install FIPS related files for fipscanisteronly build.
Dr. Stephen Henson [Thu, 26 May 2011 11:00:06 +0000 (11:00 +0000)]
Only install FIPS related files for fipscanisteronly build.

8 years agoMore symbol renaming.
Dr. Stephen Henson [Wed, 25 May 2011 16:01:37 +0000 (16:01 +0000)]
More symbol renaming.

8 years agoDon't advertise or use MD5 for TLS v1.2 in FIPS mode
Dr. Stephen Henson [Wed, 25 May 2011 15:31:32 +0000 (15:31 +0000)]
Don't advertise or use MD5 for TLS v1.2 in FIPS mode

8 years agoPR: 2533
Dr. Stephen Henson [Wed, 25 May 2011 15:20:49 +0000 (15:20 +0000)]
PR: 2533
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.

8 years agoPR: 2529
Dr. Stephen Henson [Wed, 25 May 2011 15:16:10 +0000 (15:16 +0000)]
PR: 2529
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.

8 years agoPR: 2527
Dr. Stephen Henson [Wed, 25 May 2011 15:05:39 +0000 (15:05 +0000)]
PR: 2527
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Set cnf to NULL to avoid possible double free.

8 years agoFix the ECDSA timing attack mentioned in the paper at:
Dr. Stephen Henson [Wed, 25 May 2011 14:52:21 +0000 (14:52 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.

8 years agoFix the ECDSA timing attack mentioned in the paper at:
Dr. Stephen Henson [Wed, 25 May 2011 14:41:56 +0000 (14:41 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.

8 years agoSome nextproto patches broke DTLS: fix
Dr. Stephen Henson [Wed, 25 May 2011 14:31:47 +0000 (14:31 +0000)]
Some nextproto patches broke DTLS: fix

8 years agoOops use up to date patch for PR#2506
Dr. Stephen Henson [Wed, 25 May 2011 14:30:20 +0000 (14:30 +0000)]
Oops use up to date patch for PR#2506

8 years agoPR: 2512
Dr. Stephen Henson [Wed, 25 May 2011 12:37:07 +0000 (12:37 +0000)]
PR: 2512
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix BIO_accept so it can be bound to IPv4 or IPv6 sockets consistently.

8 years agoPR: 2506
Dr. Stephen Henson [Wed, 25 May 2011 12:28:06 +0000 (12:28 +0000)]
PR: 2506
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.

8 years agoPR: 2505
Dr. Stephen Henson [Wed, 25 May 2011 12:25:01 +0000 (12:25 +0000)]
PR: 2505
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.

8 years agouse TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with...
Dr. Stephen Henson [Wed, 25 May 2011 11:43:07 +0000 (11:43 +0000)]
use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS

8 years agoe_padlock.c: fix typo.
Andy Polyakov [Wed, 25 May 2011 10:02:20 +0000 (10:02 +0000)]
e_padlock.c: fix typo.

8 years agorc4-586.pl: optimize unused code path.
Andy Polyakov [Wed, 25 May 2011 09:36:13 +0000 (09:36 +0000)]
rc4-586.pl: optimize unused code path.

8 years agoe_padlock.c: last x86_64 commit didn't work with some optimizers.
Andy Polyakov [Tue, 24 May 2011 17:18:19 +0000 (17:18 +0000)]
e_padlock.c: last x86_64 commit didn't work with some optimizers.

8 years agorc4-586.pl: 50% improvement on Core2 and 80% on Westmere.
Andy Polyakov [Tue, 24 May 2011 13:07:29 +0000 (13:07 +0000)]
rc4-586.pl: 50% improvement on Core2 and 80% on Westmere.

8 years agoPR: 2522
Dr. Stephen Henson [Mon, 23 May 2011 12:27:43 +0000 (12:27 +0000)]
PR: 2522
Submitted by: Henrik Grindal Bakken <henribak@cisco.com>

Don't compare past end of buffer.

8 years agospacrv9cap.c: addenum to recent EC optimizations.
Andy Polyakov [Mon, 23 May 2011 08:14:32 +0000 (08:14 +0000)]
spacrv9cap.c: addenum to recent EC optimizations.

8 years agoaesni-x86[_64].pl: optimize for Sandy Bridge and add XTS mode.
Andy Polyakov [Sun, 22 May 2011 18:38:00 +0000 (18:38 +0000)]
aesni-x86[_64].pl: optimize for Sandy Bridge and add XTS mode.

8 years agox86_64-gf2m.pl: add Win64 SEH.
Andy Polyakov [Sun, 22 May 2011 18:29:11 +0000 (18:29 +0000)]
x86_64-gf2m.pl: add Win64 SEH.

8 years agoppccap.c: addenum to recent EC optimizations.
Andy Polyakov [Sat, 21 May 2011 10:17:02 +0000 (10:17 +0000)]
ppccap.c: addenum to recent EC optimizations.

8 years agoec_cvt.c: ARM comparison results were wrong, clarify the background.
Andy Polyakov [Sat, 21 May 2011 08:40:18 +0000 (08:40 +0000)]
ec_cvt.c: ARM comparison results were wrong, clarify the background.

8 years agoec_cvt.c: avoid EC_GFp_nist_method on platforms with bn_mul_mont [see
Andy Polyakov [Fri, 20 May 2011 20:31:37 +0000 (20:31 +0000)]
ec_cvt.c: avoid EC_GFp_nist_method on platforms with bn_mul_mont [see
commentary for details].

8 years agoPR: 2295
Dr. Stephen Henson [Fri, 20 May 2011 14:56:29 +0000 (14:56 +0000)]
PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.

8 years agoAdd CHANGES entry: add FIPS support to ssl
Dr. Stephen Henson [Thu, 19 May 2011 18:10:25 +0000 (18:10 +0000)]
Add CHANGES entry: add FIPS support to ssl

8 years agoImplement FIPS_mode and FIPS_mode_set
Dr. Stephen Henson [Thu, 19 May 2011 18:09:02 +0000 (18:09 +0000)]
Implement FIPS_mode and FIPS_mode_set

8 years agooops
Dr. Stephen Henson [Thu, 19 May 2011 17:55:15 +0000 (17:55 +0000)]
oops

8 years agoupdate date
Dr. Stephen Henson [Thu, 19 May 2011 17:53:04 +0000 (17:53 +0000)]
update date

8 years agoinherit HMAC flags from MD_CTX
Dr. Stephen Henson [Thu, 19 May 2011 17:38:25 +0000 (17:38 +0000)]
inherit HMAC flags from MD_CTX

8 years agoset encodedPoint to NULL after freeing it
Dr. Stephen Henson [Thu, 19 May 2011 16:17:47 +0000 (16:17 +0000)]
set encodedPoint to NULL after freeing it

8 years agoaesni-x86_64.pl: make it compile on MacOS X.
Andy Polyakov [Wed, 18 May 2011 17:05:24 +0000 (17:05 +0000)]
aesni-x86_64.pl: make it compile on MacOS X.

8 years agox86gas.pl: don't omit .comm OPENSSL_ia32cap_P on MacOS X.
Andy Polyakov [Wed, 18 May 2011 16:28:53 +0000 (16:28 +0000)]
x86gas.pl: don't omit .comm OPENSSL_ia32cap_P on MacOS X.

8 years agox86_64-xlate.pl: add inter-register movq and make x86_64-gfm.s compile on
Andy Polyakov [Wed, 18 May 2011 16:26:03 +0000 (16:26 +0000)]
x86_64-xlate.pl: add inter-register movq and make x86_64-gfm.s compile on
Solaris, MacOS X, elderly gas...

8 years agox86_64cpuid.pl: allow shared build to work without -Bsymbolic.
Andy Polyakov [Wed, 18 May 2011 16:24:19 +0000 (16:24 +0000)]
x86_64cpuid.pl: allow shared build to work without -Bsymbolic.
PR: 2466

8 years agoe_padlock.c: make it compile on MacOS X.
Andy Polyakov [Wed, 18 May 2011 16:21:54 +0000 (16:21 +0000)]
e_padlock.c: make it compile on MacOS X.

8 years agox86[_64]cpuid.pl: handle new extensions.
Andy Polyakov [Mon, 16 May 2011 20:35:11 +0000 (20:35 +0000)]
x86[_64]cpuid.pl: handle new extensions.

8 years agoppc-xlate.pl: get linux64 declaration right.
Andy Polyakov [Mon, 16 May 2011 19:52:41 +0000 (19:52 +0000)]
ppc-xlate.pl: get linux64 declaration right.

8 years agocms-test.pl: make it work with not-so-latest perl.
Andy Polyakov [Mon, 16 May 2011 18:11:45 +0000 (18:11 +0000)]
cms-test.pl: make it work with not-so-latest perl.

8 years agox86gas.pl: add palignr and move pclmulqdq.
Andy Polyakov [Mon, 16 May 2011 18:07:00 +0000 (18:07 +0000)]
x86gas.pl: add palignr and move pclmulqdq.

8 years agox86_64 assembler pack: add x86_64-gf2m module.
Andy Polyakov [Mon, 16 May 2011 17:46:45 +0000 (17:46 +0000)]
x86_64 assembler pack: add x86_64-gf2m module.

8 years agox86_64-xlate.pl: allow "base-less" effective address, add palignr, move
Andy Polyakov [Mon, 16 May 2011 17:44:38 +0000 (17:44 +0000)]
x86_64-xlate.pl: allow "base-less" effective address, add palignr, move
pclmulqdq.

8 years agonew flag to stop ENGINE methods being registered
Dr. Stephen Henson [Sun, 15 May 2011 15:56:49 +0000 (15:56 +0000)]
new flag to stop ENGINE methods being registered

8 years agoNULL is a valid cspname
Dr. Stephen Henson [Sun, 15 May 2011 11:44:14 +0000 (11:44 +0000)]
NULL is a valid cspname

8 years agoTypo.
Dr. Stephen Henson [Fri, 13 May 2011 12:43:41 +0000 (12:43 +0000)]
Typo.

8 years agotypo
Dr. Stephen Henson [Fri, 13 May 2011 12:37:40 +0000 (12:37 +0000)]
typo

8 years agoRecognise NO_NISTP224-64-GCC-128
Dr. Stephen Henson [Fri, 13 May 2011 12:35:05 +0000 (12:35 +0000)]
Recognise NO_NISTP224-64-GCC-128

8 years agoEnter FIPS mode by calling FIPS_module_mode_set in openssl.c until
Dr. Stephen Henson [Thu, 12 May 2011 17:59:47 +0000 (17:59 +0000)]
Enter FIPS mode by calling FIPS_module_mode_set in openssl.c until
FIPS_mode_set is implemented.

8 years agoProvisional support for TLS v1.2 client authentication: client side only.
Dr. Stephen Henson [Thu, 12 May 2011 17:35:03 +0000 (17:35 +0000)]
Provisional support for TLS v1.2 client authentication: client side only.

Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.

8 years agoProcess signature algorithms during TLS v1.2 client authentication.
Dr. Stephen Henson [Thu, 12 May 2011 14:38:01 +0000 (14:38 +0000)]
Process signature algorithms during TLS v1.2 client authentication.

Make sure message is long enough for signature algorithms.

8 years agoFix error discrepancy.
Dr. Stephen Henson [Thu, 12 May 2011 14:28:09 +0000 (14:28 +0000)]
Fix error discrepancy.

8 years agoAdd SSL_INTERN definition.
Dr. Stephen Henson [Thu, 12 May 2011 13:13:07 +0000 (13:13 +0000)]
Add SSL_INTERN definition.

8 years agoSync ordinals.
Dr. Stephen Henson [Wed, 11 May 2011 23:04:10 +0000 (23:04 +0000)]
Sync ordinals.

8 years agomake kerberos work with OPENSSL_NO_SSL_INTERN
Dr. Stephen Henson [Wed, 11 May 2011 22:50:18 +0000 (22:50 +0000)]
make kerberos work with OPENSSL_NO_SSL_INTERN

8 years agobn_nist.c: fix shadowing warnings.
Andy Polyakov [Wed, 11 May 2011 20:19:00 +0000 (20:19 +0000)]
bn_nist.c: fix shadowing warnings.

8 years agofips_canister.c: pick more neutral macro name.
Andy Polyakov [Wed, 11 May 2011 20:17:06 +0000 (20:17 +0000)]
fips_canister.c: pick more neutral macro name.

8 years agoReorder signature algorithms in strongest hash first order.
Dr. Stephen Henson [Wed, 11 May 2011 16:33:28 +0000 (16:33 +0000)]
Reorder signature algorithms in strongest hash first order.

8 years agoSet FIPS mode for values other than 1. The only current effect
Dr. Stephen Henson [Wed, 11 May 2011 14:49:01 +0000 (14:49 +0000)]
Set FIPS mode for values other than 1. The only current effect
is to return a consistent value. So calling FIPS_module_mode_set(n)
for n != 0 will result in FIPS_module_mode() returning n. This
will support future expansion of more FIPS modes e.g. a Suite B mode.

8 years agoRename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
Dr. Stephen Henson [Wed, 11 May 2011 14:43:38 +0000 (14:43 +0000)]
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
the FIPS capable OpenSSL.

8 years agoInlcude README.ECC in FIPS restricted tarball.
Dr. Stephen Henson [Wed, 11 May 2011 12:52:51 +0000 (12:52 +0000)]
Inlcude README.ECC in FIPS restricted tarball.

8 years agoAdd NSA sublicense info.
Dr. Stephen Henson [Wed, 11 May 2011 12:50:57 +0000 (12:50 +0000)]
Add NSA sublicense info.