Dr. Stephen Henson [Wed, 25 May 2011 15:20:49 +0000 (15:20 +0000)]
PR: 2533
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.
Dr. Stephen Henson [Wed, 25 May 2011 15:16:10 +0000 (15:16 +0000)]
PR: 2529
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve
Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
Dr. Stephen Henson [Wed, 25 May 2011 15:05:39 +0000 (15:05 +0000)]
PR: 2527
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve
Set cnf to NULL to avoid possible double free.
Dr. Stephen Henson [Wed, 25 May 2011 14:52:21 +0000 (14:52 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
Dr. Stephen Henson [Wed, 25 May 2011 14:41:56 +0000 (14:41 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
Dr. Stephen Henson [Wed, 25 May 2011 14:31:47 +0000 (14:31 +0000)]
Some nextproto patches broke DTLS: fix
Dr. Stephen Henson [Wed, 25 May 2011 14:30:20 +0000 (14:30 +0000)]
Oops use up to date patch for PR#2506
Dr. Stephen Henson [Wed, 25 May 2011 12:37:07 +0000 (12:37 +0000)]
PR: 2512
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix BIO_accept so it can be bound to IPv4 or IPv6 sockets consistently.
Dr. Stephen Henson [Wed, 25 May 2011 12:28:06 +0000 (12:28 +0000)]
PR: 2506
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fully implement SSL_clear for DTLS.
Dr. Stephen Henson [Wed, 25 May 2011 12:25:01 +0000 (12:25 +0000)]
PR: 2505
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS session resumption timer bug.
Dr. Stephen Henson [Wed, 25 May 2011 11:43:07 +0000 (11:43 +0000)]
use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS
Andy Polyakov [Wed, 25 May 2011 10:02:20 +0000 (10:02 +0000)]
e_padlock.c: fix typo.
Andy Polyakov [Wed, 25 May 2011 09:36:13 +0000 (09:36 +0000)]
rc4-586.pl: optimize unused code path.
Andy Polyakov [Tue, 24 May 2011 17:18:19 +0000 (17:18 +0000)]
e_padlock.c: last x86_64 commit didn't work with some optimizers.
Andy Polyakov [Tue, 24 May 2011 13:07:29 +0000 (13:07 +0000)]
rc4-586.pl: 50% improvement on Core2 and 80% on Westmere.
Dr. Stephen Henson [Mon, 23 May 2011 12:27:43 +0000 (12:27 +0000)]
PR: 2522
Submitted by: Henrik Grindal Bakken <henribak@cisco.com>
Don't compare past end of buffer.
Andy Polyakov [Mon, 23 May 2011 08:14:32 +0000 (08:14 +0000)]
spacrv9cap.c: addenum to recent EC optimizations.
Andy Polyakov [Sun, 22 May 2011 18:38:00 +0000 (18:38 +0000)]
aesni-x86[_64].pl: optimize for Sandy Bridge and add XTS mode.
Andy Polyakov [Sun, 22 May 2011 18:29:11 +0000 (18:29 +0000)]
x86_64-gf2m.pl: add Win64 SEH.
Andy Polyakov [Sat, 21 May 2011 10:17:02 +0000 (10:17 +0000)]
ppccap.c: addenum to recent EC optimizations.
Andy Polyakov [Sat, 21 May 2011 08:40:18 +0000 (08:40 +0000)]
ec_cvt.c: ARM comparison results were wrong, clarify the background.
Andy Polyakov [Fri, 20 May 2011 20:31:37 +0000 (20:31 +0000)]
ec_cvt.c: avoid EC_GFp_nist_method on platforms with bn_mul_mont [see
commentary for details].
Dr. Stephen Henson [Fri, 20 May 2011 14:56:29 +0000 (14:56 +0000)]
PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
Dr. Stephen Henson [Thu, 19 May 2011 18:10:25 +0000 (18:10 +0000)]
Add CHANGES entry: add FIPS support to ssl
Dr. Stephen Henson [Thu, 19 May 2011 18:09:02 +0000 (18:09 +0000)]
Implement FIPS_mode and FIPS_mode_set
Dr. Stephen Henson [Thu, 19 May 2011 17:55:15 +0000 (17:55 +0000)]
oops
Dr. Stephen Henson [Thu, 19 May 2011 17:53:04 +0000 (17:53 +0000)]
update date
Dr. Stephen Henson [Thu, 19 May 2011 17:38:25 +0000 (17:38 +0000)]
inherit HMAC flags from MD_CTX
Dr. Stephen Henson [Thu, 19 May 2011 16:17:47 +0000 (16:17 +0000)]
set encodedPoint to NULL after freeing it
Andy Polyakov [Wed, 18 May 2011 17:05:24 +0000 (17:05 +0000)]
aesni-x86_64.pl: make it compile on MacOS X.
Andy Polyakov [Wed, 18 May 2011 16:28:53 +0000 (16:28 +0000)]
x86gas.pl: don't omit .comm OPENSSL_ia32cap_P on MacOS X.
Andy Polyakov [Wed, 18 May 2011 16:26:03 +0000 (16:26 +0000)]
x86_64-xlate.pl: add inter-register movq and make x86_64-gfm.s compile on
Solaris, MacOS X, elderly gas...
Andy Polyakov [Wed, 18 May 2011 16:24:19 +0000 (16:24 +0000)]
x86_64cpuid.pl: allow shared build to work without -Bsymbolic.
PR: 2466
Andy Polyakov [Wed, 18 May 2011 16:21:54 +0000 (16:21 +0000)]
e_padlock.c: make it compile on MacOS X.
Andy Polyakov [Mon, 16 May 2011 20:35:11 +0000 (20:35 +0000)]
x86[_64]cpuid.pl: handle new extensions.
Andy Polyakov [Mon, 16 May 2011 19:52:41 +0000 (19:52 +0000)]
ppc-xlate.pl: get linux64 declaration right.
Andy Polyakov [Mon, 16 May 2011 18:11:45 +0000 (18:11 +0000)]
cms-test.pl: make it work with not-so-latest perl.
Andy Polyakov [Mon, 16 May 2011 18:07:00 +0000 (18:07 +0000)]
x86gas.pl: add palignr and move pclmulqdq.
Andy Polyakov [Mon, 16 May 2011 17:46:45 +0000 (17:46 +0000)]
x86_64 assembler pack: add x86_64-gf2m module.
Andy Polyakov [Mon, 16 May 2011 17:44:38 +0000 (17:44 +0000)]
x86_64-xlate.pl: allow "base-less" effective address, add palignr, move
pclmulqdq.
Dr. Stephen Henson [Sun, 15 May 2011 15:56:49 +0000 (15:56 +0000)]
new flag to stop ENGINE methods being registered
Dr. Stephen Henson [Sun, 15 May 2011 11:44:14 +0000 (11:44 +0000)]
NULL is a valid cspname
Dr. Stephen Henson [Fri, 13 May 2011 12:43:41 +0000 (12:43 +0000)]
Typo.
Dr. Stephen Henson [Fri, 13 May 2011 12:37:40 +0000 (12:37 +0000)]
typo
Dr. Stephen Henson [Fri, 13 May 2011 12:35:05 +0000 (12:35 +0000)]
Recognise NO_NISTP224-64-GCC-128
Dr. Stephen Henson [Thu, 12 May 2011 17:59:47 +0000 (17:59 +0000)]
Enter FIPS mode by calling FIPS_module_mode_set in openssl.c until
FIPS_mode_set is implemented.
Dr. Stephen Henson [Thu, 12 May 2011 17:35:03 +0000 (17:35 +0000)]
Provisional support for TLS v1.2 client authentication: client side only.
Parse certificate request message and set digests appropriately.
Generate new TLS v1.2 format certificate verify message.
Keep handshake caches around for longer as they are needed for client auth.
Dr. Stephen Henson [Thu, 12 May 2011 14:38:01 +0000 (14:38 +0000)]
Process signature algorithms during TLS v1.2 client authentication.
Make sure message is long enough for signature algorithms.
Dr. Stephen Henson [Thu, 12 May 2011 14:28:09 +0000 (14:28 +0000)]
Fix error discrepancy.
Dr. Stephen Henson [Thu, 12 May 2011 13:13:07 +0000 (13:13 +0000)]
Add SSL_INTERN definition.
Dr. Stephen Henson [Wed, 11 May 2011 23:04:10 +0000 (23:04 +0000)]
Sync ordinals.
Dr. Stephen Henson [Wed, 11 May 2011 22:50:18 +0000 (22:50 +0000)]
make kerberos work with OPENSSL_NO_SSL_INTERN
Andy Polyakov [Wed, 11 May 2011 20:19:00 +0000 (20:19 +0000)]
bn_nist.c: fix shadowing warnings.
Andy Polyakov [Wed, 11 May 2011 20:17:06 +0000 (20:17 +0000)]
fips_canister.c: pick more neutral macro name.
Dr. Stephen Henson [Wed, 11 May 2011 16:33:28 +0000 (16:33 +0000)]
Reorder signature algorithms in strongest hash first order.
Dr. Stephen Henson [Wed, 11 May 2011 14:49:01 +0000 (14:49 +0000)]
Set FIPS mode for values other than 1. The only current effect
is to return a consistent value. So calling FIPS_module_mode_set(n)
for n != 0 will result in FIPS_module_mode() returning n. This
will support future expansion of more FIPS modes e.g. a Suite B mode.
Dr. Stephen Henson [Wed, 11 May 2011 14:43:38 +0000 (14:43 +0000)]
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
the FIPS capable OpenSSL.
Dr. Stephen Henson [Wed, 11 May 2011 12:52:51 +0000 (12:52 +0000)]
Inlcude README.ECC in FIPS restricted tarball.
Dr. Stephen Henson [Wed, 11 May 2011 12:50:57 +0000 (12:50 +0000)]
Add NSA sublicense info.
Dr. Stephen Henson [Tue, 10 May 2011 10:59:25 +0000 (10:59 +0000)]
Update instructions.
Dr. Stephen Henson [Tue, 10 May 2011 10:57:03 +0000 (10:57 +0000)]
Typo.
Andy Polyakov [Tue, 10 May 2011 10:03:23 +0000 (10:03 +0000)]
fips_canister.c: fix typo.
Andy Polyakov [Tue, 10 May 2011 09:53:59 +0000 (09:53 +0000)]
fips_canister.c: initial support for cross-compiling. "Initial" refers
to the two-entry list of verified platforms in #ifndef
FIPS_REF_POINT_IS_SAFE_TO_CROSS_COMPILE pre-processor section.
Dr. Stephen Henson [Mon, 9 May 2011 21:21:29 +0000 (21:21 +0000)]
Initialise rc.
Dr. Stephen Henson [Mon, 9 May 2011 15:44:01 +0000 (15:44 +0000)]
Initial TLS v1.2 client support. Include a default supported signature
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.
Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
Dr. Stephen Henson [Mon, 9 May 2011 15:23:00 +0000 (15:23 +0000)]
Call fipsas.pl directly for pa-risc targets.
Andy Polyakov [Mon, 9 May 2011 10:16:32 +0000 (10:16 +0000)]
Optimized bn_nist.c. Performance improvement varies from one benchmark
and platform to another. It was measured to deliver 20-30% better
performance on x86 platforms and 30-40% on x86_64, on nistp384 benchmark.
Dr. Stephen Henson [Sun, 8 May 2011 12:38:35 +0000 (12:38 +0000)]
allow SHA384, SHA512 wit DSA
Dr. Stephen Henson [Sat, 7 May 2011 22:56:56 +0000 (22:56 +0000)]
Remove gf2m modules from bn_asm if no-ec2m set.
Dr. Stephen Henson [Sat, 7 May 2011 22:37:58 +0000 (22:37 +0000)]
Remove FIXME comments.
Dr. Stephen Henson [Sat, 7 May 2011 22:36:03 +0000 (22:36 +0000)]
Omit GF2m properly this time ;-)
Dr. Stephen Henson [Sat, 7 May 2011 22:22:37 +0000 (22:22 +0000)]
Don't include GF2m source files is NOEC2M set.
Andy Polyakov [Sat, 7 May 2011 20:36:05 +0000 (20:36 +0000)]
IA-64 assembler pack: fix typos and make it work on HP-UX.
Andy Polyakov [Sat, 7 May 2011 10:31:06 +0000 (10:31 +0000)]
x86 assembler pack: add bn_GF2m_mul_2x2 implementations (see x86-gf2m.pl for
details and performance data).
Dr. Stephen Henson [Fri, 6 May 2011 23:47:23 +0000 (23:47 +0000)]
Fixes for WIN64 FIPS build.
Dr. Stephen Henson [Fri, 6 May 2011 21:42:34 +0000 (21:42 +0000)]
Get OPENSSL_FIPSSYMS from environment in fipsas.pl, include ppccap.c and .S
files in fipsdist.
Dr. Stephen Henson [Fri, 6 May 2011 17:55:59 +0000 (17:55 +0000)]
Don't fail WIN32 builds on warnings.
Dr. Stephen Henson [Fri, 6 May 2011 17:38:39 +0000 (17:38 +0000)]
Return error codes for selftest failure instead of hard assertion errors.
Dr. Stephen Henson [Fri, 6 May 2011 13:00:07 +0000 (13:00 +0000)]
Continuing TLS v1.2 support: add support for server parsing of
signature algorithms extension and correct signature format for
server key exchange.
All ciphersuites should now work on the server but no client support and
no client certificate support yet.
Dr. Stephen Henson [Thu, 5 May 2011 23:10:32 +0000 (23:10 +0000)]
Hide more symbols.
Andy Polyakov [Thu, 5 May 2011 21:57:11 +0000 (21:57 +0000)]
ARM assembler pack: engage newly introduced armv4-gf2m module.
Dr. Stephen Henson [Thu, 5 May 2011 14:47:38 +0000 (14:47 +0000)]
Fix warning of signed/unsigned comparison.
Andy Polyakov [Thu, 5 May 2011 07:21:17 +0000 (07:21 +0000)]
ARM assembler pack. Add bn_GF2m_mul_2x2 implementation (see source code
for details and performance data).
Dr. Stephen Henson [Wed, 4 May 2011 23:17:29 +0000 (23:17 +0000)]
Remove superfluous PRNG self tests.
Print timer resolution.
Andy Polyakov [Wed, 4 May 2011 20:57:43 +0000 (20:57 +0000)]
xts128.c: minor optimizaton.
Dr. Stephen Henson [Wed, 4 May 2011 18:43:32 +0000 (18:43 +0000)]
Update status.
Dr. Stephen Henson [Wed, 4 May 2011 18:33:42 +0000 (18:33 +0000)]
Remove debugging print.
Explicitly use LINKDIRS for fipsdist links.
Andy Polyakov [Wed, 4 May 2011 15:22:53 +0000 (15:22 +0000)]
bn_gf2m.c: optimized BN_GF2m_mod_inv delivers sometimes 2x of ECDSA sign.
Exact improvement coefficients vary from one benchmark and platform to
another, e.g. it performs 70%-33% better on ARM, hereafter less for
longer keys, and 100%-90% better on x86_64.
Dr. Stephen Henson [Wed, 4 May 2011 14:34:36 +0000 (14:34 +0000)]
Fix warning.
Dr. Stephen Henson [Wed, 4 May 2011 14:16:03 +0000 (14:16 +0000)]
Include fipssyms.h for ARM builds to translate symbols.
Translate arm symbol to fips_*.
Dr. Stephen Henson [Wed, 4 May 2011 01:09:52 +0000 (01:09 +0000)]
Remove useless setting.
Dr. Stephen Henson [Mon, 2 May 2011 23:29:57 +0000 (23:29 +0000)]
PR: 2499
Submitted by: "James 'J.C.' Jones" <james.jc.jones@gmail.com>
Typos.
Dr. Stephen Henson [Mon, 2 May 2011 17:11:54 +0000 (17:11 +0000)]
Fix do_fips script.
Dr. Stephen Henson [Mon, 2 May 2011 12:13:04 +0000 (12:13 +0000)]
Use faster curves for ECDSA self test.
Dr. Stephen Henson [Mon, 2 May 2011 11:09:38 +0000 (11:09 +0000)]
Use more portable clock_gettime() for fips_test_suite timing.
Output times of each subtest.
Dr. Stephen Henson [Sun, 1 May 2011 20:55:05 +0000 (20:55 +0000)]
Stop warning in VxWorks.
Dr. Stephen Henson [Sun, 1 May 2011 20:54:42 +0000 (20:54 +0000)]
Quick hack to time POST.
Dr. Stephen Henson [Sun, 1 May 2011 19:07:16 +0000 (19:07 +0000)]
Two more symbol renames.
Dr. Stephen Henson [Sun, 1 May 2011 19:06:39 +0000 (19:06 +0000)]
Handle multiple CPUID_OBJ correctly.
Dr. Stephen Henson [Sun, 1 May 2011 17:51:40 +0000 (17:51 +0000)]
Rename some more symbols.