oweals/openssl.git
13 years agocrypto/aes/Makefile: make it work on IRIX.
Andy Polyakov [Tue, 28 Jun 2011 12:55:39 +0000 (12:55 +0000)]
crypto/aes/Makefile: make it work on IRIX.

13 years agocrypto/whrlpool/wp_block.c: harmonize OPENSSL_ia32cap_P.
Andy Polyakov [Tue, 28 Jun 2011 12:42:10 +0000 (12:42 +0000)]
crypto/whrlpool/wp_block.c: harmonize OPENSSL_ia32cap_P.

13 years agocrypto/sha/asm/sha[1|512]-mips.pl: minor updates.
Andy Polyakov [Tue, 28 Jun 2011 12:41:19 +0000 (12:41 +0000)]
crypto/sha/asm/sha[1|512]-mips.pl: minor updates.

13 years agorc4-586.pl: add Atom performance results.
Andy Polyakov [Tue, 28 Jun 2011 12:36:10 +0000 (12:36 +0000)]
rc4-586.pl: add Atom performance results.

13 years agomd5-x86_86.pl: remove redundant instructions.
Andy Polyakov [Tue, 28 Jun 2011 12:33:58 +0000 (12:33 +0000)]
md5-x86_86.pl: remove redundant instructions.

13 years agocrypto/bn/Makefile: fix typo.
Andy Polyakov [Tue, 28 Jun 2011 08:52:36 +0000 (08:52 +0000)]
crypto/bn/Makefile: fix typo.

13 years agoauto detect configuration using KERNEL_BITS and CC
Dr. Stephen Henson [Mon, 27 Jun 2011 11:38:48 +0000 (11:38 +0000)]
auto detect configuration using KERNEL_BITS and CC

13 years agoConfigure: clean up linux32-s390x line.
Andy Polyakov [Mon, 27 Jun 2011 10:53:27 +0000 (10:53 +0000)]
Configure: clean up linux32-s390x line.

13 years agos390x assembler pack: add s390x-gf2m.pl and harmonize AES_xts_[en|de]crypt.
Andy Polyakov [Mon, 27 Jun 2011 10:00:31 +0000 (10:00 +0000)]
s390x assembler pack: add s390x-gf2m.pl and harmonize AES_xts_[en|de]crypt.

13 years agorc4-x86_64.pl: commentary update.
Andy Polyakov [Mon, 27 Jun 2011 09:46:16 +0000 (09:46 +0000)]
rc4-x86_64.pl: commentary update.

13 years agoMinor x86_64 perlasm update.
Andy Polyakov [Mon, 27 Jun 2011 09:45:10 +0000 (09:45 +0000)]
Minor x86_64 perlasm update.

13 years agoFix CPRNG test for Hash DRBG.
Dr. Stephen Henson [Sun, 26 Jun 2011 12:29:26 +0000 (12:29 +0000)]
Fix CPRNG test for Hash DRBG.

13 years agotypo
Dr. Stephen Henson [Fri, 24 Jun 2011 15:30:21 +0000 (15:30 +0000)]
typo

13 years agoAdd stub for HMAC DRBG.
Dr. Stephen Henson [Fri, 24 Jun 2011 14:28:34 +0000 (14:28 +0000)]
Add stub for HMAC DRBG.

13 years agoallow KERNEL_BITS to be specified in the environment
Dr. Stephen Henson [Fri, 24 Jun 2011 14:04:03 +0000 (14:04 +0000)]
allow KERNEL_BITS to be specified in the environment

13 years agoget the filename right
Dr. Stephen Henson [Fri, 24 Jun 2011 13:48:18 +0000 (13:48 +0000)]
get the filename right

13 years agoAdd sparcv9cap.c to restricted tarball.
Dr. Stephen Henson [Fri, 24 Jun 2011 13:45:44 +0000 (13:45 +0000)]
Add sparcv9cap.c to restricted tarball.

13 years agoAdd a symbol for the first parameter to OPENSSL_showfatal().
Richard Levitte [Thu, 23 Jun 2011 09:46:27 +0000 (09:46 +0000)]
Add a symbol for the first parameter to OPENSSL_showfatal().

13 years agoAdd symbols for the parameters on a couple more functions.
Richard Levitte [Thu, 23 Jun 2011 09:43:54 +0000 (09:43 +0000)]
Add symbols for the parameters on a couple more functions.

13 years agoPR: 2470
Dr. Stephen Henson [Wed, 22 Jun 2011 15:38:21 +0000 (15:38 +0000)]
PR: 2470
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve

Don't call ERR_remove_state from DllMain.

13 years agoPR: 2543
Dr. Stephen Henson [Wed, 22 Jun 2011 15:30:14 +0000 (15:30 +0000)]
PR: 2543
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()

13 years agoPR: 2540
Dr. Stephen Henson [Wed, 22 Jun 2011 15:24:05 +0000 (15:24 +0000)]
PR: 2540
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Prevent infinite loop in BN_GF2m_mod_inv().

13 years agocorrectly encode OIDs near 2^32
Dr. Stephen Henson [Wed, 22 Jun 2011 15:15:58 +0000 (15:15 +0000)]
correctly encode OIDs near 2^32

13 years agotypo
Dr. Stephen Henson [Wed, 22 Jun 2011 12:59:53 +0000 (12:59 +0000)]
typo

13 years agostop complaints about no CVS version
Dr. Stephen Henson [Wed, 22 Jun 2011 12:38:39 +0000 (12:38 +0000)]
stop complaints about no CVS version

13 years agoNow the FIPS capable OpenSSL is available simplify the various FIPS test
Dr. Stephen Henson [Wed, 22 Jun 2011 12:30:18 +0000 (12:30 +0000)]
Now the FIPS capable OpenSSL is available simplify the various FIPS test
build options.

All fispcanisterbuild builds only build fipscanister.o and include symbol
renaming.

Move all renamed symbols to fipssyms.h

Update README.FIPS

13 years agoadd symbol rename
Dr. Stephen Henson [Wed, 22 Jun 2011 11:41:31 +0000 (11:41 +0000)]
add symbol rename

13 years agoallow MD5 use for computing old format hash links
Dr. Stephen Henson [Wed, 22 Jun 2011 02:18:19 +0000 (02:18 +0000)]
allow MD5 use for computing old format hash links

13 years agoDon't set FIPS rand method at same time as RAND method as this can cause the
Dr. Stephen Henson [Tue, 21 Jun 2011 17:10:21 +0000 (17:10 +0000)]
Don't set FIPS rand method at same time as RAND method as this can cause the
FIPS library to fail. Applications that want to set the FIPS rand method can do
so explicitly and presumably they know what they are doing...

13 years agoAdd prototype for null cipher.
Dr. Stephen Henson [Tue, 21 Jun 2011 16:14:01 +0000 (16:14 +0000)]
Add prototype for null cipher.

13 years agomake EVP_dss() work for DSA signing
Dr. Stephen Henson [Mon, 20 Jun 2011 20:05:51 +0000 (20:05 +0000)]
make EVP_dss() work for DSA signing

13 years agotypo
Dr. Stephen Henson [Mon, 20 Jun 2011 19:58:12 +0000 (19:58 +0000)]
typo

13 years agoadd null cipher to FIPS module
Dr. Stephen Henson [Mon, 20 Jun 2011 19:48:44 +0000 (19:48 +0000)]
add null cipher to FIPS module

13 years agoCorrection.
Dr. Stephen Henson [Sat, 18 Jun 2011 17:21:27 +0000 (17:21 +0000)]
Correction.

13 years agoStrip CRs when installing fips_premain.c Correct compat library rule
Dr. Stephen Henson [Sat, 18 Jun 2011 17:18:25 +0000 (17:18 +0000)]
Strip CRs when installing fips_premain.c Correct compat library rule
in FIPS mode.

13 years agoInitial FIPS capable OpenSSL information
Dr. Stephen Henson [Fri, 17 Jun 2011 21:08:15 +0000 (21:08 +0000)]
Initial FIPS capable OpenSSL information

13 years agoGive parameters names in prototypes.
Dr. Stephen Henson [Fri, 17 Jun 2011 16:47:41 +0000 (16:47 +0000)]
Give parameters names in prototypes.

13 years agoOption "fipscheck" which checks to see if FIPS is autodetected in
Dr. Stephen Henson [Thu, 16 Jun 2011 16:27:36 +0000 (16:27 +0000)]
Option "fipscheck" which checks to see if FIPS is autodetected in
a build. Use this for WIN32 builds.

13 years agoDon't include des.h any more: it is not needed.
Dr. Stephen Henson [Thu, 16 Jun 2011 14:12:42 +0000 (14:12 +0000)]
Don't include des.h any more: it is not needed.

13 years agoUpdate to mk1mf.pl and ms\do_fips.bat to install relevant files for
Dr. Stephen Henson [Wed, 15 Jun 2011 21:04:09 +0000 (21:04 +0000)]
Update to mk1mf.pl and ms\do_fips.bat to install relevant files for
WIN32 FIPS builds.

13 years agoFix the version history: changes going into 1.1.0 that are also going
Bodo Möller [Wed, 15 Jun 2011 14:49:17 +0000 (14:49 +0000)]
Fix the version history: changes going into 1.1.0 that are also going
into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0".

This makes the OpenSSL_1_0_1-stable and HEAD versions of this file
consistent with each other (the HEAD version has the additional 1.1.0
section, but doesn't otherwise differ).

13 years agoset FIPS allow before initialising ctx
Dr. Stephen Henson [Tue, 14 Jun 2011 15:25:21 +0000 (15:25 +0000)]
set FIPS allow before initialising ctx

13 years agomake sure custom cipher flag doesn't use any mode bits
Dr. Stephen Henson [Mon, 13 Jun 2011 23:06:43 +0000 (23:06 +0000)]
make sure custom cipher flag doesn't use any mode bits

13 years agoAllow applications to specify alternative FIPS RAND methods if they
Dr. Stephen Henson [Mon, 13 Jun 2011 20:28:45 +0000 (20:28 +0000)]
Allow applications to specify alternative FIPS RAND methods if they
are sure they are OK.

API to retrieve FIPS rand method.

13 years agosync and update ordinals
Dr. Stephen Henson [Sun, 12 Jun 2011 15:40:06 +0000 (15:40 +0000)]
sync and update ordinals

13 years agoDon't export functions marked as FIPSCAPABLE.
Dr. Stephen Henson [Sun, 12 Jun 2011 15:38:36 +0000 (15:38 +0000)]
Don't export functions marked as FIPSCAPABLE.

13 years agoUse FIPSCAPABLE for FIPS module functions used in FIPS capable OpenSSL.
Dr. Stephen Henson [Sun, 12 Jun 2011 15:37:51 +0000 (15:37 +0000)]
Use FIPSCAPABLE for FIPS module functions used in FIPS capable OpenSSL.

13 years agoHMAC fips prototypes
Dr. Stephen Henson [Sun, 12 Jun 2011 15:02:53 +0000 (15:02 +0000)]
HMAC fips prototypes

13 years agoCMAC FIPS prototypes.
Dr. Stephen Henson [Sun, 12 Jun 2011 14:11:57 +0000 (14:11 +0000)]
CMAC FIPS prototypes.

13 years ago#undef bn_div_words as it is defined for FIPS builds.
Dr. Stephen Henson [Fri, 10 Jun 2011 14:03:27 +0000 (14:03 +0000)]
#undef bn_div_words as it is defined for FIPS builds.

13 years agoUpdate dependencies for m_dss.c too.
Dr. Stephen Henson [Fri, 10 Jun 2011 14:00:02 +0000 (14:00 +0000)]
Update dependencies for m_dss.c too.

13 years agoRemove x509.h from SHA1 clone digests, update dependencies.
Dr. Stephen Henson [Fri, 10 Jun 2011 13:52:44 +0000 (13:52 +0000)]
Remove x509.h from SHA1 clone digests, update dependencies.

13 years agoInstall FIPS module in FIPSDIR if set.
Dr. Stephen Henson [Thu, 9 Jun 2011 21:52:44 +0000 (21:52 +0000)]
Install FIPS module in FIPSDIR if set.

13 years agomore prototypes in fips.h
Dr. Stephen Henson [Thu, 9 Jun 2011 15:18:55 +0000 (15:18 +0000)]
more prototypes in fips.h

13 years agoAdd more prototypes.
Dr. Stephen Henson [Thu, 9 Jun 2011 13:50:53 +0000 (13:50 +0000)]
Add more prototypes.

13 years agofix memory leak
Dr. Stephen Henson [Wed, 8 Jun 2011 15:55:43 +0000 (15:55 +0000)]
fix memory leak

13 years agoAdd flags for DH FIPS method.
Dr. Stephen Henson [Wed, 8 Jun 2011 15:53:08 +0000 (15:53 +0000)]
Add flags for DH FIPS method.

Update/fix prototypes in fips.h

13 years agoSet flags in ECDH and ECDSA methods for FIPS.
Dr. Stephen Henson [Wed, 8 Jun 2011 13:52:36 +0000 (13:52 +0000)]
Set flags in ECDH and ECDSA methods for FIPS.

13 years agorc4_skey.c: remove dead/redundant code (it's never compiled) and
Andy Polyakov [Mon, 6 Jun 2011 20:02:26 +0000 (20:02 +0000)]
rc4_skey.c: remove dead/redundant code (it's never compiled) and
misleading/obsolete comment.

13 years agoAdd prototypes for some FIPS EC functions.
Dr. Stephen Henson [Mon, 6 Jun 2011 15:24:02 +0000 (15:24 +0000)]
Add prototypes for some FIPS EC functions.

13 years agoSet SSL_FIPS flag in ECC ciphersuites.
Dr. Stephen Henson [Mon, 6 Jun 2011 14:14:41 +0000 (14:14 +0000)]
Set SSL_FIPS flag in ECC ciphersuites.

13 years agoMove function prototype to fips.h
Dr. Stephen Henson [Mon, 6 Jun 2011 11:56:58 +0000 (11:56 +0000)]
Move function prototype to fips.h

13 years agoe_aes.c: move AES-NI run-time switch and implement the switch for remaining modes.
Andy Polyakov [Mon, 6 Jun 2011 11:40:03 +0000 (11:40 +0000)]
e_aes.c: move AES-NI run-time switch and implement the switch for remaining modes.

13 years agox86_64cpuid.pl: fix typo.
Andy Polyakov [Sat, 4 Jun 2011 13:08:25 +0000 (13:08 +0000)]
x86_64cpuid.pl: fix typo.

13 years agox86[_64]cpuid.pl: add function accessing rdrand instruction.
Andy Polyakov [Sat, 4 Jun 2011 12:20:45 +0000 (12:20 +0000)]
x86[_64]cpuid.pl: add function accessing rdrand instruction.

13 years agoNo spaces in assignements in a shell script...
Richard Levitte [Sat, 4 Jun 2011 09:00:59 +0000 (09:00 +0000)]
No spaces in assignements in a shell script...

13 years agofix error discrepancy
Dr. Stephen Henson [Fri, 3 Jun 2011 18:50:24 +0000 (18:50 +0000)]
fix error discrepancy

13 years agolicense correction, no EAY code included in this file
Dr. Stephen Henson [Fri, 3 Jun 2011 17:56:17 +0000 (17:56 +0000)]
license correction, no EAY code included in this file

13 years agoAdd "OPENSSL_FIPSCAPABLE" define for a version of OpenSSL which is
Dr. Stephen Henson [Fri, 3 Jun 2011 16:26:58 +0000 (16:26 +0000)]
Add "OPENSSL_FIPSCAPABLE" define for a version of OpenSSL which is
FIPS capable: i.e. FIPS module is supplied externally.

13 years agoConstify RSA signature buffer.
Dr. Stephen Henson [Fri, 3 Jun 2011 12:38:18 +0000 (12:38 +0000)]
Constify RSA signature buffer.

13 years agoTypo.
Dr. Stephen Henson [Thu, 2 Jun 2011 18:20:55 +0000 (18:20 +0000)]
Typo.

13 years agoRemove FIPS RSA functions from crypto/rsa.
Dr. Stephen Henson [Thu, 2 Jun 2011 17:52:39 +0000 (17:52 +0000)]
Remove FIPS RSA functions from crypto/rsa.

13 years agoMove FIPS RSA function definitions to fips.h
Dr. Stephen Henson [Thu, 2 Jun 2011 17:30:22 +0000 (17:30 +0000)]
Move FIPS RSA function definitions to fips.h

New function to lookup digests by NID in module.

Minor optimisation: if supplied hash is NULL to FIPS RSA functions and
we are using PKCS padding get digest NID from otherwise unused saltlen
parameter instead.

13 years agoSimple automated certificate creation demo.
Dr. Stephen Henson [Wed, 1 Jun 2011 18:36:49 +0000 (18:36 +0000)]
Simple automated certificate creation demo.

13 years agoClone digest prototypes.
Dr. Stephen Henson [Wed, 1 Jun 2011 14:18:28 +0000 (14:18 +0000)]
Clone digest prototypes.

13 years agoAdd DSA and ECDSA "clone digests" to module for compatibility with old
Dr. Stephen Henson [Wed, 1 Jun 2011 14:07:32 +0000 (14:07 +0000)]
Add DSA and ECDSA "clone digests" to module for compatibility with old
applications.

13 years agotypo
Dr. Stephen Henson [Wed, 1 Jun 2011 11:10:35 +0000 (11:10 +0000)]
typo

13 years agoset FIPS permitted flag before initalising digest
Dr. Stephen Henson [Tue, 31 May 2011 16:24:19 +0000 (16:24 +0000)]
set FIPS permitted flag before initalising digest

13 years agoFake CPU caps so fips_standalone_sha1 compiles.
Dr. Stephen Henson [Tue, 31 May 2011 16:22:21 +0000 (16:22 +0000)]
Fake CPU caps so fips_standalone_sha1 compiles.

Initialise update function for bad digest inits.

13 years agoDon't round up partitioned premaster secret length if there is only one
Dr. Stephen Henson [Tue, 31 May 2011 10:34:43 +0000 (10:34 +0000)]
Don't round up partitioned premaster secret length if there is only one
digest in use: this caused the PRF to fail for an odd premaster secret
length.

13 years agoOutput supported curves in preference order instead of numerically.
Dr. Stephen Henson [Mon, 30 May 2011 17:58:13 +0000 (17:58 +0000)]
Output supported curves in preference order instead of numerically.

13 years agoe_aes.c: fix typo.
Andy Polyakov [Mon, 30 May 2011 10:13:42 +0000 (10:13 +0000)]
e_aes.c: fix typo.

13 years agoe_aes.c: fix aes_cfb1_cipher.
Andy Polyakov [Mon, 30 May 2011 10:10:05 +0000 (10:10 +0000)]
e_aes.c: fix aes_cfb1_cipher.

13 years agoe_aes.c: integrate AESNI directly into EVP.
Andy Polyakov [Mon, 30 May 2011 09:16:01 +0000 (09:16 +0000)]
e_aes.c: integrate AESNI directly into EVP.

13 years agoaesni-x86[_64].pl: relax alignment requirement.
Andy Polyakov [Mon, 30 May 2011 09:15:16 +0000 (09:15 +0000)]
aesni-x86[_64].pl: relax alignment requirement.

13 years agoAdd more cipher prototypes.
Dr. Stephen Henson [Sun, 29 May 2011 16:16:55 +0000 (16:16 +0000)]
Add more cipher prototypes.

13 years agoPrototypes for more FIPS functions for use in FIPS capable OpenSSL.
Dr. Stephen Henson [Sun, 29 May 2011 15:56:23 +0000 (15:56 +0000)]
Prototypes for more FIPS functions for use in FIPS capable OpenSSL.

13 years agoVarious mingw64 fixes.
Andy Polyakov [Sun, 29 May 2011 13:51:14 +0000 (13:51 +0000)]
Various mingw64 fixes.

13 years agosha1-586|x86_64.pl: minor portability fix.
Andy Polyakov [Sun, 29 May 2011 13:48:57 +0000 (13:48 +0000)]
sha1-586|x86_64.pl: minor portability fix.

13 years agox86cpuid.pl: last commit broke platforms with perl with 64-bit integer.
Andy Polyakov [Sun, 29 May 2011 12:50:02 +0000 (12:50 +0000)]
x86cpuid.pl: last commit broke platforms with perl with 64-bit integer.

13 years agosha1-586|x86_64.pl: add SSSE3 and AVX code paths.
Andy Polyakov [Sun, 29 May 2011 12:39:48 +0000 (12:39 +0000)]
sha1-586|x86_64.pl: add SSSE3 and AVX code paths.

13 years agoAdd FIPS_digestinit prototype for FIPS capable OpenSSL.
Dr. Stephen Henson [Sat, 28 May 2011 23:02:23 +0000 (23:02 +0000)]
Add FIPS_digestinit prototype for FIPS capable OpenSSL.

13 years agoAdd prototypes for FIPS EVP implementations: for use in FIPS capable
Dr. Stephen Henson [Sat, 28 May 2011 21:03:31 +0000 (21:03 +0000)]
Add prototypes for FIPS EVP implementations: for use in FIPS capable
OpenSSL.

13 years agoaes-ppc.pl: handle unaligned data on page boundaries.
Andy Polyakov [Sat, 28 May 2011 09:41:36 +0000 (09:41 +0000)]
aes-ppc.pl: handle unaligned data on page boundaries.

13 years agoRename many internal only module functions from FIPS_* to fips_*.
Dr. Stephen Henson [Fri, 27 May 2011 21:11:54 +0000 (21:11 +0000)]
Rename many internal only module functions from FIPS_* to fips_*.

13 years agorc4-x86_64.pl: fix due credit.
Andy Polyakov [Fri, 27 May 2011 18:58:37 +0000 (18:58 +0000)]
rc4-x86_64.pl: fix due credit.

13 years agorc4-x86_64.pl: RC4_options fix-up.
Andy Polyakov [Fri, 27 May 2011 16:15:12 +0000 (16:15 +0000)]
rc4-x86_64.pl: RC4_options fix-up.

13 years agox86[_64]cpuid.pl: harmonize usage of reserved bits #20 and #30.
Andy Polyakov [Fri, 27 May 2011 15:32:43 +0000 (15:32 +0000)]
x86[_64]cpuid.pl: harmonize usage of reserved bits #20 and #30.

13 years agoPPC assembler pack: adhere closer to ABI specs, add PowerOpen traceback data.
Andy Polyakov [Fri, 27 May 2011 13:32:34 +0000 (13:32 +0000)]
PPC assembler pack: adhere closer to ABI specs, add PowerOpen traceback data.

13 years agorc4-x86_64.pl: major optimization for contemporary Intel CPUs.
Andy Polyakov [Fri, 27 May 2011 09:51:09 +0000 (09:51 +0000)]
rc4-x86_64.pl: major optimization for contemporary Intel CPUs.