oweals/openssl.git
13 years agoFix warnings about ignored return values.
Dr. Stephen Henson [Thu, 17 Mar 2011 14:43:13 +0000 (14:43 +0000)]
Fix warnings about ignored return values.

13 years agoFix broken SRP error/function code assignment.
Dr. Stephen Henson [Wed, 16 Mar 2011 16:17:46 +0000 (16:17 +0000)]
Fix broken SRP error/function code assignment.

13 years agoAdd extensive DRBG selftest data and option to corrupt it in fips_test_suite.
Dr. Stephen Henson [Wed, 16 Mar 2011 15:52:12 +0000 (15:52 +0000)]
Add extensive DRBG selftest data and option to corrupt it in fips_test_suite.

13 years agoMissing SRP files.
Ben Laurie [Wed, 16 Mar 2011 11:50:33 +0000 (11:50 +0000)]
Missing SRP files.

13 years agoFix Tom Wu's email.
Ben Laurie [Wed, 16 Mar 2011 11:28:43 +0000 (11:28 +0000)]
Fix Tom Wu's email.

13 years agoPR: 2469
Dr. Stephen Henson [Sun, 13 Mar 2011 18:20:01 +0000 (18:20 +0000)]
PR: 2469
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve

Check mac is present before trying to retrieve mac iteration count.

13 years agoFix warnings: signed/unisgned comparison, shadowing (in some cases global
Dr. Stephen Henson [Sat, 12 Mar 2011 17:27:03 +0000 (17:27 +0000)]
Fix warnings: signed/unisgned comparison, shadowing (in some cases global
functions such as rand() ).

13 years agoRemove redundant check to stop compiler warning.
Dr. Stephen Henson [Sat, 12 Mar 2011 17:06:35 +0000 (17:06 +0000)]
Remove redundant check to stop compiler warning.

13 years agoNote SRP support.
Ben Laurie [Sat, 12 Mar 2011 17:04:07 +0000 (17:04 +0000)]
Note SRP support.

13 years agoAdd SRP support.
Ben Laurie [Sat, 12 Mar 2011 17:01:19 +0000 (17:01 +0000)]
Add SRP support.

13 years agoFix warning.
Ben Laurie [Sat, 12 Mar 2011 13:55:24 +0000 (13:55 +0000)]
Fix warning.

13 years agoCheck requested security strength in DRBG. Add function to retrieve the
Dr. Stephen Henson [Fri, 11 Mar 2011 17:42:11 +0000 (17:42 +0000)]
Check requested security strength in DRBG. Add function to retrieve the
security strength.

13 years agomake no-dsa work again
Dr. Stephen Henson [Thu, 10 Mar 2011 18:26:50 +0000 (18:26 +0000)]
make no-dsa work again

13 years agoUpdate status.
Dr. Stephen Henson [Thu, 10 Mar 2011 14:01:34 +0000 (14:01 +0000)]
Update status.

13 years agoMake no-ec2m work again.
Dr. Stephen Henson [Thu, 10 Mar 2011 01:00:30 +0000 (01:00 +0000)]
Make no-ec2m work again.

13 years agoAdd a few more symbol renames.
Dr. Stephen Henson [Wed, 9 Mar 2011 23:53:41 +0000 (23:53 +0000)]
Add a few more symbol renames.

13 years agoAdd ECDH to validated module.
Dr. Stephen Henson [Wed, 9 Mar 2011 23:44:06 +0000 (23:44 +0000)]
Add ECDH to validated module.

13 years agoEnter FIPS mode in fips_dhvs. Support file I/O in fips_ecdsavs.
Dr. Stephen Henson [Wed, 9 Mar 2011 14:55:10 +0000 (14:55 +0000)]
Enter FIPS mode in fips_dhvs. Support file I/O in fips_ecdsavs.

13 years agoUpdate fips_dhvs to handle functional test by generating keys.
Dr. Stephen Henson [Wed, 9 Mar 2011 14:39:54 +0000 (14:39 +0000)]
Update fips_dhvs to handle functional test by generating keys.

13 years agoUpdate .cvsignore
Dr. Stephen Henson [Wed, 9 Mar 2011 14:35:31 +0000 (14:35 +0000)]
Update .cvsignore

13 years agoTypo.
Dr. Stephen Henson [Tue, 8 Mar 2011 21:29:07 +0000 (21:29 +0000)]
Typo.

13 years agoNew initial DH algorithm test driver.
Dr. Stephen Henson [Tue, 8 Mar 2011 19:10:17 +0000 (19:10 +0000)]
New initial DH algorithm test driver.

13 years agoNew SP 800-56A compliant version of DH_compute_key().
Dr. Stephen Henson [Tue, 8 Mar 2011 19:07:26 +0000 (19:07 +0000)]
New SP 800-56A compliant version of DH_compute_key().

13 years agoAdd meaningful error codes to DRBG.
Dr. Stephen Henson [Tue, 8 Mar 2011 14:16:30 +0000 (14:16 +0000)]
Add meaningful error codes to DRBG.

13 years agoAdd file I/O to fips_drbgvs program.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:51:34 +0000 (13:51 +0000)]
Add file I/O to fips_drbgvs program.

13 years agoSupport I/O with files in new fips_gcmtest program.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:42:21 +0000 (13:42 +0000)]
Support I/O with files in new fips_gcmtest program.

13 years agoRemove redirection from fipsalgtest.pl script.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:29:46 +0000 (13:29 +0000)]
Remove redirection from fipsalgtest.pl script.

13 years agoRemove need for redirection on RNG and DSS algorithm test programs: some
Dr. Stephen Henson [Tue, 8 Mar 2011 13:27:29 +0000 (13:27 +0000)]
Remove need for redirection on RNG and DSS algorithm test programs: some
platforms don't support it.

13 years agoUninstantiate and free functions for DRBG.
Dr. Stephen Henson [Mon, 7 Mar 2011 16:51:17 +0000 (16:51 +0000)]
Uninstantiate and free functions for DRBG.

13 years agoFix couple of bugs in CTR DRBG implementation.
Dr. Stephen Henson [Sun, 6 Mar 2011 13:10:37 +0000 (13:10 +0000)]
Fix couple of bugs in CTR DRBG implementation.

13 years agoUpdates to DRBG: fix bugs in infrastructure. Add initial experimental
Dr. Stephen Henson [Sun, 6 Mar 2011 12:35:09 +0000 (12:35 +0000)]
Updates to DRBG: fix bugs in infrastructure. Add initial experimental
algorithm test generator.

13 years agoInitial, provisional, subject to wholesale change, untested, probably
Dr. Stephen Henson [Fri, 4 Mar 2011 18:00:21 +0000 (18:00 +0000)]
Initial, provisional, subject to wholesale change, untested, probably
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.

Did I say this was untested?

13 years agoia64-mont.pl: optimize short-key performance.
Andy Polyakov [Fri, 4 Mar 2011 13:27:29 +0000 (13:27 +0000)]
ia64-mont.pl: optimize short-key performance.

13 years agoghash-x86.pl: optimize for Sandy Bridge.
Andy Polyakov [Fri, 4 Mar 2011 13:21:41 +0000 (13:21 +0000)]
ghash-x86.pl: optimize for Sandy Bridge.

13 years agoxts128.c: minor optimization.
Andy Polyakov [Fri, 4 Mar 2011 13:17:19 +0000 (13:17 +0000)]
xts128.c: minor optimization.

13 years agos390x assembler pack: tune-up and support for new z196 hardware.
Andy Polyakov [Fri, 4 Mar 2011 13:09:16 +0000 (13:09 +0000)]
s390x assembler pack: tune-up and support for new z196 hardware.

13 years agoUpdate status information.
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:50 +0000 (16:06 +0000)]
Update status information.

13 years agoStop warnings.
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:33 +0000 (16:06 +0000)]
Stop warnings.

13 years agoUse more portable options when making links in Makefile.fips
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:07 +0000 (16:06 +0000)]
Use more portable options when making links in Makefile.fips

13 years agoAdd DllMain to fips symbols: will need to call this in FIPS capable OpenSSL.
Dr. Stephen Henson [Wed, 23 Feb 2011 15:16:12 +0000 (15:16 +0000)]
Add DllMain to fips symbols: will need to call this in FIPS capable OpenSSL.

13 years agoAdd new symbols to fipssyms.h
Dr. Stephen Henson [Wed, 23 Feb 2011 15:04:06 +0000 (15:04 +0000)]
Add new symbols to fipssyms.h

13 years agoMake -DOPENSSL_FIPSSYMS work under WIN32: run perl script when
Dr. Stephen Henson [Wed, 23 Feb 2011 15:03:43 +0000 (15:03 +0000)]
Make -DOPENSSL_FIPSSYMS work under WIN32: run perl script when
WIN32 assembly language files are created, add norunasm option
to just translate and not run the assembler.

13 years agoMake mkfiles.pl work with fipscanisteronly.
Dr. Stephen Henson [Tue, 22 Feb 2011 17:02:14 +0000 (17:02 +0000)]
Make mkfiles.pl work with fipscanisteronly.

13 years agoInclude ms directory for fips distribution.
Dr. Stephen Henson [Tue, 22 Feb 2011 16:48:30 +0000 (16:48 +0000)]
Include ms directory for fips distribution.

13 years agoMake fipscanisteronly work with WIN32 build system.
Dr. Stephen Henson [Tue, 22 Feb 2011 16:36:20 +0000 (16:36 +0000)]
Make fipscanisteronly work with WIN32 build system.

13 years agoAdd fips/ecdsa directory to mkfiles.pl
Dr. Stephen Henson [Tue, 22 Feb 2011 14:52:23 +0000 (14:52 +0000)]
Add fips/ecdsa directory to mkfiles.pl

13 years agoRemove duplicate test rule.
Dr. Stephen Henson [Tue, 22 Feb 2011 14:50:05 +0000 (14:50 +0000)]
Remove duplicate test rule.

13 years agoAdd modes_lcl.h to header list.
Dr. Stephen Henson [Tue, 22 Feb 2011 14:06:54 +0000 (14:06 +0000)]
Add modes_lcl.h to header list.

13 years agoRemoving debugging print.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:46:17 +0000 (12:46 +0000)]
Removing debugging print.

13 years agoDon't try and update c_rehash for fipscanisteronly builds.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:44:29 +0000 (12:44 +0000)]
Don't try and update c_rehash for fipscanisteronly builds.

13 years agoMake "make links" work in fipscanisteronly builds.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:34:46 +0000 (12:34 +0000)]
Make "make links" work in fipscanisteronly builds.

13 years agotypo
Dr. Stephen Henson [Mon, 21 Feb 2011 19:58:54 +0000 (19:58 +0000)]
typo

13 years agoInitial perl script to filter out unneeded files for a fips tarball.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:36:55 +0000 (19:36 +0000)]
Initial perl script to filter out unneeded files for a fips tarball.

13 years agoCall Makefile.fips when making a fips tarball.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:30:13 +0000 (19:30 +0000)]
Call Makefile.fips when making a fips tarball.

13 years agoRemove debugging option.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:29:48 +0000 (19:29 +0000)]
Remove debugging option.

13 years ago*** empty log message ***
Dr. Stephen Henson [Mon, 21 Feb 2011 18:14:59 +0000 (18:14 +0000)]
*** empty log message ***

13 years agoRemove unnecessary link directories.
Dr. Stephen Henson [Mon, 21 Feb 2011 18:07:28 +0000 (18:07 +0000)]
Remove unnecessary link directories.

13 years agoUpdate dependencies.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:51:59 +0000 (17:51 +0000)]
Update dependencies.

13 years agoCreate fips links even if not compiling in fips mode.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:45:45 +0000 (17:45 +0000)]
Create fips links even if not compiling in fips mode.

13 years agoRemove unnecessary dependencies.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:35:53 +0000 (17:35 +0000)]
Remove unnecessary dependencies.

13 years agoNeed to link additional directories for fipscanisteronly build.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:37:42 +0000 (16:37 +0000)]
Need to link additional directories for fipscanisteronly build.

13 years agox509v3.h header file not needed in fips algorithm test utilities.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:36:47 +0000 (16:36 +0000)]
x509v3.h header file not needed in fips algorithm test utilities.

13 years agotools and rehash not needed for fips build.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:00:21 +0000 (16:00 +0000)]
tools and rehash not needed for fips build.

13 years ago*** empty log message ***
Dr. Stephen Henson [Mon, 21 Feb 2011 15:15:58 +0000 (15:15 +0000)]
*** empty log message ***

13 years agoMake fipscanisteronly build only required files.
Dr. Stephen Henson [Mon, 21 Feb 2011 14:07:15 +0000 (14:07 +0000)]
Make fipscanisteronly build only required files.

13 years agoMove gcm128_context definition to modes_lcl.h (along with some related
Dr. Stephen Henson [Sat, 19 Feb 2011 22:16:52 +0000 (22:16 +0000)]
Move gcm128_context definition to modes_lcl.h (along with some related
definitions) so we can use it in EVP GCM code avoiding need to allocate
it.

13 years agoadd ECDSA POST
Dr. Stephen Henson [Fri, 18 Feb 2011 17:25:00 +0000 (17:25 +0000)]
add ECDSA POST

13 years agoAES GCM selftests.
Dr. Stephen Henson [Fri, 18 Feb 2011 17:09:33 +0000 (17:09 +0000)]
AES GCM selftests.

13 years agoMake -DOPENSSL_FIPSSYMS work for assembly language builds.
Dr. Stephen Henson [Thu, 17 Feb 2011 19:03:52 +0000 (19:03 +0000)]
Make -DOPENSSL_FIPSSYMS work for assembly language builds.

13 years agoExperimental perl script to edit assembly language source files,
Dr. Stephen Henson [Thu, 17 Feb 2011 18:08:59 +0000 (18:08 +0000)]
Experimental perl script to edit assembly language source files,
call the assembler, then restore original file.

This makes OPENSSL_FIPSSYMS work for assembly language builds.

13 years agoCorrect fipssyms.h for more assembly language symbols.
Dr. Stephen Henson [Thu, 17 Feb 2011 17:45:09 +0000 (17:45 +0000)]
Correct fipssyms.h for more assembly language symbols.

13 years agoUpdate auto generated comment.
Dr. Stephen Henson [Thu, 17 Feb 2011 15:35:43 +0000 (15:35 +0000)]
Update auto generated comment.

13 years agoRemove debugging command.
Dr. Stephen Henson [Thu, 17 Feb 2011 15:33:32 +0000 (15:33 +0000)]
Remove debugging command.

Reorder fipssyms.h to include assembly language symbols at the end.

13 years agoDon't need err library for Makefile.fips
Dr. Stephen Henson [Wed, 16 Feb 2011 18:07:57 +0000 (18:07 +0000)]
Don't need err library for Makefile.fips

13 years agoInclude openssl/crypto.h first in several other files so FIPS renaming
Dr. Stephen Henson [Wed, 16 Feb 2011 17:25:01 +0000 (17:25 +0000)]
Include openssl/crypto.h first in several other files so FIPS renaming
is picked up.

13 years agoExperimental FIPS symbol renaming.
Dr. Stephen Henson [Wed, 16 Feb 2011 14:49:50 +0000 (14:49 +0000)]
Experimental FIPS symbol renaming.

Fixups under fips/ to make symbol renaming work.

13 years agoExperimental symbol renaming to avoid clashes with regular OpenSSL.
Dr. Stephen Henson [Wed, 16 Feb 2011 14:40:06 +0000 (14:40 +0000)]
Experimental symbol renaming to avoid clashes with regular OpenSSL.

Make sure crypto.h is included first in any affected files.

13 years agoAdd pairwise consistency test to EC.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:58:28 +0000 (16:58 +0000)]
Add pairwise consistency test to EC.

13 years agoUse SHA-256 in fips_test_suite.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:58:06 +0000 (16:58 +0000)]
Use SHA-256 in fips_test_suite.

13 years agoUpdate pairwise consistency checks to use SHA-256.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:18:18 +0000 (16:18 +0000)]
Update pairwise consistency checks to use SHA-256.

13 years agoAdd non-FIPS algorithm blocking and selftest checking.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:03:47 +0000 (16:03 +0000)]
Add non-FIPS algorithm blocking and selftest checking.

13 years agoAdd FIPS flags to AES ciphers and SHA* digests.
Dr. Stephen Henson [Tue, 15 Feb 2011 15:57:54 +0000 (15:57 +0000)]
Add FIPS flags to AES ciphers and SHA* digests.

13 years agoIgnore final '\n' when checking if hex line length is odd.
Dr. Stephen Henson [Tue, 15 Feb 2011 15:56:13 +0000 (15:56 +0000)]
Ignore final '\n' when checking if hex line length is odd.

13 years agoAdd support for SigGen and KeyPair tests.
Dr. Stephen Henson [Tue, 15 Feb 2011 14:16:57 +0000 (14:16 +0000)]
Add support for SigGen and KeyPair tests.

13 years agoUpdate ECDSA test program to handle ECDSA2 format files.
Dr. Stephen Henson [Mon, 14 Feb 2011 19:42:49 +0000 (19:42 +0000)]
Update ECDSA test program to handle ECDSA2 format files.
Correctly handle hex strings with an odd number of digits.

13 years agoAdd .cvsignore.
Dr. Stephen Henson [Mon, 14 Feb 2011 17:28:28 +0000 (17:28 +0000)]
Add .cvsignore.

13 years agoAdd ECDSA functionality to fips module. Initial very incomplete version
Dr. Stephen Henson [Mon, 14 Feb 2011 17:14:55 +0000 (17:14 +0000)]
Add ECDSA functionality to fips module. Initial very incomplete version
of algorithm test program.

13 years agoInclude support for an add_lock callback to tiny FIPS locking API.
Dr. Stephen Henson [Mon, 14 Feb 2011 17:05:42 +0000 (17:05 +0000)]
Include support for an add_lock callback to tiny FIPS locking API.

13 years agoDon't use FIPS api for ec2_oct.c
Dr. Stephen Henson [Mon, 14 Feb 2011 16:55:28 +0000 (16:55 +0000)]
Don't use FIPS api for ec2_oct.c

13 years agoReorganise ECC code for inclusion in FIPS module.
Dr. Stephen Henson [Mon, 14 Feb 2011 16:52:12 +0000 (16:52 +0000)]
Reorganise ECC code for inclusion in FIPS module.

Move compression, point2oct and oct2point functions into separate files.

Add a flags field to EC_METHOD.

Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct
functions (all existing methods do this). This removes dependencies from
EC_METHOD while keeping original functionality.

13 years agoUse BN_nist_mod_func to avoid need to peek error queue.
Dr. Stephen Henson [Mon, 14 Feb 2011 16:45:28 +0000 (16:45 +0000)]
Use BN_nist_mod_func to avoid need to peek error queue.

13 years agoNew function BN_nist_mod_func which returns an appropriate function
Dr. Stephen Henson [Mon, 14 Feb 2011 16:44:29 +0000 (16:44 +0000)]
New function BN_nist_mod_func which returns an appropriate function
if the passed prime is a NIST prime.

13 years agoRemove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new
Dr. Stephen Henson [Sun, 13 Feb 2011 18:45:41 +0000 (18:45 +0000)]
Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.

13 years agoChange FIPS source and utilities to use the "FIPS_" names directly
Dr. Stephen Henson [Sat, 12 Feb 2011 18:25:18 +0000 (18:25 +0000)]
Change FIPS source and utilities to use the "FIPS_" names directly
instead of using regular OpenSSL API names.

13 years agoMake no-ec2m work on Win32 build. Add nexprotoneg support too.
Dr. Stephen Henson [Sat, 12 Feb 2011 17:38:40 +0000 (17:38 +0000)]
Make no-ec2m work on Win32 build. Add nexprotoneg support too.

13 years agoDisable some functions in headers with no-ec2m
Dr. Stephen Henson [Sat, 12 Feb 2011 17:38:06 +0000 (17:38 +0000)]
Disable some functions in headers with no-ec2m

13 years agoNew option to disable characteristic two fields in EC code.
Dr. Stephen Henson [Sat, 12 Feb 2011 17:23:32 +0000 (17:23 +0000)]
New option to disable characteristic two fields in EC code.

13 years agodso_dlfcn.c: make it work on Tru64 4.0.
Andy Polyakov [Sat, 12 Feb 2011 16:43:41 +0000 (16:43 +0000)]
dso_dlfcn.c: make it work on Tru64 4.0.
PR: 2316

13 years agoConfigure: engage assembler in Android target.
Andy Polyakov [Sat, 12 Feb 2011 16:13:59 +0000 (16:13 +0000)]
Configure: engage assembler in Android target.

13 years agogcm128.c: make it work with no-sse2.
Andy Polyakov [Sat, 12 Feb 2011 11:47:55 +0000 (11:47 +0000)]
gcm128.c: make it work with no-sse2.