Andy Polyakov [Sat, 4 Jul 2015 19:17:45 +0000 (15:17 -0400)]
Add new VxWorks x86 platform
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Andy Polyakov [Mon, 11 May 2015 10:16:01 +0000 (12:16 +0200)]
util/incore update that allows FINGERPRINT_premain-free build.
As for complementary fips.c modification. Goal is to ensure that
FIPS_signature does not end up in .bss segment, one guaranteed to
be zeroed upon program start-up. One would expect explicitly
initialized values to end up in .data segment, but it turned out
that values explicitly initialized with zeros can end up in .bss.
The modification does not affect program flow, because first byte
was the only one of significance [to FINGERPRINT_premain].
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Andy Polyakov [Mon, 11 May 2015 10:04:12 +0000 (12:04 +0200)]
Add support for Android 5, both 32- and 64-bit cases.
Special note about additional -pie flag in android-armv7. The initial
reason for adding it is that Android 5 refuses to execute non-PIE
binaries. But what about older systems and previously validated
platforms? It should be noted that flag is not used when compiling
object code, fipscanister.o in this context, only when linking
applications, *supplementary* fips_algvs used during validation
procedure.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Andy Polyakov [Mon, 11 May 2015 09:56:30 +0000 (11:56 +0200)]
Additional vxWorks target.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Andy Polyakov [Mon, 11 May 2015 09:55:19 +0000 (11:55 +0200)]
fipsalgtest.pl update.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Andy Polyakov [Mon, 11 May 2015 09:53:41 +0000 (11:53 +0200)]
Configure: add ios-cross target with ARM assembly support.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Andy Polyakov [Mon, 11 May 2015 09:50:29 +0000 (11:50 +0200)]
Add iOS-specific armv4cpud.S module.
Normally it would be generated from a perlasm module, but doing so
would affect existing armv4cpuid.S, which in turn would formally void
previously validated platforms. Hense separate module is generated.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Andy Polyakov [Mon, 11 May 2015 09:43:55 +0000 (11:43 +0200)]
Adapt ARM assembly pack for iOS.
This is achieved by filtering perlasm output through arm-xlate.pl. But note
that it's done only if "flavour" argument is not 'void'. As 'void' is
default value for other ARM targets, permasm output is not actually
filtered on previously validated platforms.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Andy Polyakov [Mon, 11 May 2015 09:20:52 +0000 (11:20 +0200)]
crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on iOS.
While ARMv7 in general is capable of unaligned access, not all instructions
actually are. And trouble is that compiler doesn't seem to differentiate
those capable and incapable of unaligned access. As result exceptions could
be observed in xts128.c and ccm128.c modules. Contemporary Linux kernels
handle such exceptions by performing requested operation and resuming
execution as is if it succeeded. While on iOS exception is fatal.
Correct solution is to let STRICT_ALIGNMENT be on all ARM platforms,
but doing so is in formal conflict with FIPS maintenance policy.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Andy Polyakov [Mon, 11 May 2015 09:39:04 +0000 (11:39 +0200)]
Add iOS-specific fips_algvs application.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Andy Polyakov [Mon, 11 May 2015 09:36:48 +0000 (11:36 +0200)]
Configure: engage ARMv8 assembly pack in ios64-cross target.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Andy Polyakov [Mon, 11 May 2015 09:34:56 +0000 (11:34 +0200)]
Engage ARMv8 assembly pack.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Andy Polyakov [Mon, 11 May 2015 09:18:04 +0000 (11:18 +0200)]
Add ARMv8 assembly pack.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Dr. Stephen Henson [Fri, 24 Oct 2014 19:41:49 +0000 (20:41 +0100)]
support for iOS 7.x/ARMv8
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Steve Marquess <marquess@openssl.org
Dr. Stephen Henson [Fri, 24 Oct 2014 19:32:27 +0000 (20:32 +0100)]
Update fipsalgtest.pl to cope with changes in file names and format
X9.31 tests need to look in files for '9.31'
RSA-PSS tests may contain additonal text as well as "salt len: n".
We now just look at the start of a filename for a match.
Separate ECDSA2 test list.
Reorder test to handle new formats: for example PQGVer for DSA2 can be
detected based on file format but if this fails revert to PQGVER.
For future debugging add a --debug-detect option which prints out more
details of the test detection including the first few lines of each
request file.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Steve Marquess <marquess@openssl.org
Dr. Stephen Henson [Fri, 11 Jul 2014 18:12:21 +0000 (19:12 +0100)]
Remove Dual EC DRBG again...
Dual EC DRBG removal now accepted for 2.0.8 onwards.
Dr. Stephen Henson [Mon, 12 May 2014 17:38:41 +0000 (18:38 +0100)]
Add linux-x86_64-cross target.
Dr. Stephen Henson [Mon, 12 May 2014 17:35:30 +0000 (18:35 +0100)]
Revert "Remove Dual EC DRBG from FIPS module."
Revert Dual EC DRBG removal commit as it was not accepted for 2.0.7
version of the module.
This reverts commit
200f249b8c3b6439e0200d01caadc24806f1a983.
Dr. Stephen Henson [Mon, 16 Dec 2013 21:41:07 +0000 (21:41 +0000)]
QNX6-armv4 support.
Dr. Stephen Henson [Mon, 9 Dec 2013 21:54:50 +0000 (21:54 +0000)]
Remove Dual EC DRBG from FIPS module.
Dr. Stephen Henson [Mon, 16 Dec 2013 14:29:20 +0000 (14:29 +0000)]
eCos ARMv4/5 support
Andy Polyakov [Fri, 17 Aug 2012 19:57:04 +0000 (19:57 +0000)]
sha1-armv4-large.pl: comply with ABI.
(cherry picked from commit
1a9d60d2e3b02d5e1954fc71c92bf3a6af691495)
Dr. Stephen Henson [Tue, 16 Oct 2012 22:46:08 +0000 (22:46 +0000)]
Don't require tag before ciphertext in AESGCM mode
(cherry picked from commit
964eaad78ccdc6c4537664924e6082b08cc1c8ee)
Dr. Stephen Henson [Mon, 16 Dec 2013 14:07:18 +0000 (14:07 +0000)]
Add MIPS support.
Dr. Stephen Henson [Wed, 10 Apr 2013 14:38:24 +0000 (15:38 +0100)]
Support for WinEC7.
Dr. Stephen Henson [Sun, 14 Oct 2012 12:02:53 +0000 (12:02 +0000)]
Add BSD-ppc85xx support and avoid copying overlapping buffers in fips_dssvs.c
Dr. Stephen Henson [Thu, 4 Oct 2012 14:10:12 +0000 (14:10 +0000)]
update CHANGES
Dr. Stephen Henson [Thu, 4 Oct 2012 13:27:11 +0000 (13:27 +0000)]
Add support for Windows CE and C64+ to FIPS module.
Dr. Stephen Henson [Wed, 23 May 2012 17:07:25 +0000 (17:07 +0000)]
file msincore was added on branch OpenSSL-fips-2_0-stable on 2012-10-04 13:27:10 +0000
Dr. Stephen Henson [Wed, 23 May 2012 17:07:24 +0000 (17:07 +0000)]
file hmac_sha1.pl was added on branch OpenSSL-fips-2_0-stable on 2012-10-04 13:27:10 +0000
Dr. Stephen Henson [Wed, 18 Jan 2012 15:07:11 +0000 (15:07 +0000)]
revert fipslink.pl unlink retry change
Dr. Stephen Henson [Wed, 18 Jan 2012 14:54:20 +0000 (14:54 +0000)]
give a hand old assemblers assembling loop instruction. (original by Andy)
Dr. Stephen Henson [Tue, 3 Jan 2012 19:43:06 +0000 (19:43 +0000)]
typo
Dr. Stephen Henson [Tue, 3 Jan 2012 14:23:54 +0000 (14:23 +0000)]
Prepare RC8
Dr. Stephen Henson [Tue, 3 Jan 2012 14:22:45 +0000 (14:22 +0000)]
unlink target and retry to avoid intermittent Win32 failures
Dr. Stephen Henson [Mon, 12 Dec 2011 14:02:57 +0000 (14:02 +0000)]
set version to rc8-dev
Dr. Stephen Henson [Mon, 12 Dec 2011 13:44:05 +0000 (13:44 +0000)]
Prepare for RC7.
Dr. Stephen Henson [Sat, 10 Dec 2011 18:06:55 +0000 (18:06 +0000)]
Retry rename operation with a slight delay to workaround problems on
some versions of Windows.
Dr. Stephen Henson [Sat, 10 Dec 2011 13:29:23 +0000 (13:29 +0000)]
use different names for asm temp files to avoid problems on some platforms
Dr. Stephen Henson [Thu, 8 Dec 2011 15:14:38 +0000 (15:14 +0000)]
Close file streams in FIPS algorithm test utilities.
Dr. Stephen Henson [Sun, 4 Dec 2011 21:29:08 +0000 (21:29 +0000)]
prepare for RC6
Dr. Stephen Henson [Sun, 4 Dec 2011 15:26:26 +0000 (15:26 +0000)]
For FIPS builds we don't use the normal test files (and in the restricted
tarball some don't exist) so set TEST='' to avoid linking to them. This also
avoids problems on platforms that copy instead of symlink.
Dr. Stephen Henson [Sun, 4 Dec 2011 15:14:13 +0000 (15:14 +0000)]
use BUILD_ONE_CMD for fips specific links otherwise we effectively do 'make links' twice
Dr. Stephen Henson [Sun, 4 Dec 2011 15:11:44 +0000 (15:11 +0000)]
Workaround for VxWorks
Dr. Stephen Henson [Sun, 4 Dec 2011 15:04:20 +0000 (15:04 +0000)]
avoid use of symlinks on Windows: it causes problems on some build environments
Dr. Stephen Henson [Sat, 3 Dec 2011 21:47:48 +0000 (21:47 +0000)]
Fix x86cpuid so it doesn't fail for some (currently theoretical) virtual
machines.
Dr. Stephen Henson [Sat, 3 Dec 2011 21:44:01 +0000 (21:44 +0000)]
Change EVP_MAXCHUNK so it doesn't wraparound to 0 on some platforms (IP32L64).
Dr. Stephen Henson [Sat, 3 Dec 2011 19:51:52 +0000 (19:51 +0000)]
Prepare for RC6.
Dr. Stephen Henson [Sat, 3 Dec 2011 19:41:28 +0000 (19:41 +0000)]
Add tests to ensure ECDSA key gen and DSA signing fails if DRBG
entropy source fails.
Dr. Stephen Henson [Sat, 3 Dec 2011 19:19:34 +0000 (19:19 +0000)]
functions aren't unused: revert
Dr. Stephen Henson [Sat, 3 Dec 2011 18:27:31 +0000 (18:27 +0000)]
remove unused functions from module
Dr. Stephen Henson [Sat, 3 Dec 2011 18:26:26 +0000 (18:26 +0000)]
bn/asm/mips.pl: fix typos [from HEAD], original by Andy
Dr. Stephen Henson [Fri, 25 Nov 2011 16:27:19 +0000 (16:27 +0000)]
prepare for rc5
Dr. Stephen Henson [Fri, 25 Nov 2011 16:03:27 +0000 (16:03 +0000)]
return error if counter exceeds limit and seed value supplied
Dr. Stephen Henson [Fri, 25 Nov 2011 15:00:20 +0000 (15:00 +0000)]
check counter value against 4 * L, not 4096
Dr. Stephen Henson [Mon, 21 Nov 2011 00:05:15 +0000 (00:05 +0000)]
bump version for rc5-dev: hopefully will never be needed...
Dr. Stephen Henson [Sat, 19 Nov 2011 17:04:28 +0000 (17:04 +0000)]
prepare for rc4
Dr. Stephen Henson [Sat, 19 Nov 2011 17:03:44 +0000 (17:03 +0000)]
Add flag to support cofactor ECDH
Dr. Stephen Henson [Fri, 18 Nov 2011 21:59:36 +0000 (21:59 +0000)]
bump version to rc4-dev
Dr. Stephen Henson [Fri, 18 Nov 2011 18:50:57 +0000 (18:50 +0000)]
prepare for RC3
Dr. Stephen Henson [Wed, 16 Nov 2011 13:28:11 +0000 (13:28 +0000)]
In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed components do not exceed field order
Dr. Stephen Henson [Fri, 11 Nov 2011 19:01:11 +0000 (19:01 +0000)]
portability fix for some perl versions
Dr. Stephen Henson [Wed, 9 Nov 2011 14:23:17 +0000 (14:23 +0000)]
fclose streams in fips_drbvs.c
Produced error message for unsupported curves in fips_ecdhvs.c
Dr. Stephen Henson [Tue, 8 Nov 2011 19:08:40 +0000 (19:08 +0000)]
Prepare for RC3 (which may never happen).
Andy Polyakov [Tue, 8 Nov 2011 14:44:55 +0000 (14:44 +0000)]
Platform update from HEAD.
Dr. Stephen Henson [Mon, 7 Nov 2011 13:54:30 +0000 (13:54 +0000)]
add fips_algvs.c to restricted tarball
Dr. Stephen Henson [Mon, 7 Nov 2011 13:18:12 +0000 (13:18 +0000)]
Prepare for RC2
Dr. Stephen Henson [Mon, 7 Nov 2011 13:16:55 +0000 (13:16 +0000)]
MacOS and iOS support
Andy Polyakov [Mon, 7 Nov 2011 00:22:59 +0000 (00:22 +0000)]
fipsld, incore: switch to new cross-compile support [from HEAD].
Andy Polyakov [Sun, 6 Nov 2011 19:49:58 +0000 (19:49 +0000)]
e_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's
return value after custom flag was rightly reverted [from HEAD].
Dr. Stephen Henson [Sun, 6 Nov 2011 13:08:54 +0000 (13:08 +0000)]
check for unset entropy and nonce callbacks
Dr. Stephen Henson [Sun, 6 Nov 2011 12:52:27 +0000 (12:52 +0000)]
Update fips_test_suite to take multiple command line options and
an induced error checking function.
Dr. Stephen Henson [Sat, 5 Nov 2011 18:25:16 +0000 (18:25 +0000)]
typo
Dr. Stephen Henson [Sat, 5 Nov 2011 18:15:01 +0000 (18:15 +0000)]
make post failure simulation reversible in all cases
Dr. Stephen Henson [Sat, 5 Nov 2011 18:11:16 +0000 (18:11 +0000)]
typo: use key for POST callback
Dr. Stephen Henson [Sat, 5 Nov 2011 18:04:50 +0000 (18:04 +0000)]
fix set but unused warnings
Andy Polyakov [Sat, 5 Nov 2011 13:57:02 +0000 (13:57 +0000)]
armv4cpuid.S, armv4-gf2m.pl: make newest code compilable by older assembler [from HEAD].
Andy Polyakov [Sat, 5 Nov 2011 13:56:10 +0000 (13:56 +0000)]
x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs [from HEAD].
PR: 2633
Andy Polyakov [Sat, 5 Nov 2011 13:55:20 +0000 (13:55 +0000)]
ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
PR: 2636
Submitted by: Charles Bryant
Dr. Stephen Henson [Sat, 5 Nov 2011 01:32:52 +0000 (01:32 +0000)]
Add single call public key sign and verify functions.
Dr. Stephen Henson [Wed, 2 Nov 2011 19:16:43 +0000 (19:16 +0000)]
Add support for memory leak checking in fips_algvs.
Fix many memory leaks in algorithm test utilities.
Dr. Stephen Henson [Wed, 2 Nov 2011 16:35:24 +0000 (16:35 +0000)]
Remove duplicate test from health check. Fix memory leaks by uninstantiating
DRBG before reinitialising it.
Dr. Stephen Henson [Wed, 2 Nov 2011 00:43:45 +0000 (00:43 +0000)]
Print out an error for "make test" in FIPS builds.
Dr. Stephen Henson [Wed, 2 Nov 2011 00:07:15 +0000 (00:07 +0000)]
Replace exit calls with return in fips_test_suite
Dr. Stephen Henson [Tue, 1 Nov 2011 13:45:30 +0000 (13:45 +0000)]
Add support for multicall fips_algvs utility combining functionality
of all fips test utilities in a single binary and some minimal script
parsing for platforms lacking a suitable shell.
In order to keep changes to the build system to a minimum it #includes all
the utilities C source files (yuck).
Dr. Stephen Henson [Wed, 26 Oct 2011 16:46:20 +0000 (16:46 +0000)]
PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
Dr. Stephen Henson [Mon, 24 Oct 2011 16:58:49 +0000 (16:58 +0000)]
Prepare for RC2.
Dr. Stephen Henson [Mon, 24 Oct 2011 16:53:59 +0000 (16:53 +0000)]
prepare for RC1
Dr. Stephen Henson [Mon, 24 Oct 2011 13:24:28 +0000 (13:24 +0000)]
typo
cvs2svn [Mon, 24 Oct 2011 06:00:07 +0000 (06:00 +0000)]
This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
2_0-stable'.
Andy Polyakov [Mon, 24 Oct 2011 06:00:06 +0000 (06:00 +0000)]
e_aes.c: fold even aesni_ccm_cipher.
Andy Polyakov [Sun, 23 Oct 2011 22:58:40 +0000 (22:58 +0000)]
e_aes.c: prevent potential DoS in aes_gcm_tls_cipher.
Andy Polyakov [Sun, 23 Oct 2011 19:41:00 +0000 (19:41 +0000)]
cryptlib.c: remove stdio dependency in Windows fipscanister.lib.
Dr. Stephen Henson [Sun, 23 Oct 2011 17:06:28 +0000 (17:06 +0000)]
No need for custom flag in XTS mode: block length is 1.
Andy Polyakov [Sun, 23 Oct 2011 15:17:30 +0000 (15:17 +0000)]
fips_canister.c: harmonize fingerprinting for all Windows, CE or not.
Andy Polyakov [Sun, 23 Oct 2011 15:12:37 +0000 (15:12 +0000)]
config: in cross-compile case interrogate cross-compiler, not host, work
around sub-shell limitation.
Dr. Stephen Henson [Sat, 22 Oct 2011 17:24:27 +0000 (17:24 +0000)]
Check for selftest failure in various places.
Andy Polyakov [Sat, 22 Oct 2011 10:49:52 +0000 (10:49 +0000)]
x86gas.pl: relax .init segment alignment.
Andy Polyakov [Fri, 21 Oct 2011 19:34:48 +0000 (19:34 +0000)]
mk1mk.pl: cleanup engines' handling and make fips build work on WIN64I.
Dr. Stephen Henson [Fri, 21 Oct 2011 11:46:16 +0000 (11:46 +0000)]
Update error codes.