Dr. Stephen Henson [Mon, 14 Feb 2011 16:55:28 +0000 (16:55 +0000)]
Don't use FIPS api for ec2_oct.c
Dr. Stephen Henson [Mon, 14 Feb 2011 16:52:12 +0000 (16:52 +0000)]
Reorganise ECC code for inclusion in FIPS module.
Move compression, point2oct and oct2point functions into separate files.
Add a flags field to EC_METHOD.
Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct
functions (all existing methods do this). This removes dependencies from
EC_METHOD while keeping original functionality.
Dr. Stephen Henson [Mon, 14 Feb 2011 16:45:28 +0000 (16:45 +0000)]
Use BN_nist_mod_func to avoid need to peek error queue.
Dr. Stephen Henson [Mon, 14 Feb 2011 16:44:29 +0000 (16:44 +0000)]
New function BN_nist_mod_func which returns an appropriate function
if the passed prime is a NIST prime.
Dr. Stephen Henson [Sun, 13 Feb 2011 18:45:41 +0000 (18:45 +0000)]
Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new
and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.
Dr. Stephen Henson [Sat, 12 Feb 2011 18:25:18 +0000 (18:25 +0000)]
Change FIPS source and utilities to use the "FIPS_" names directly
instead of using regular OpenSSL API names.
Dr. Stephen Henson [Sat, 12 Feb 2011 17:38:40 +0000 (17:38 +0000)]
Make no-ec2m work on Win32 build. Add nexprotoneg support too.
Dr. Stephen Henson [Sat, 12 Feb 2011 17:38:06 +0000 (17:38 +0000)]
Disable some functions in headers with no-ec2m
Dr. Stephen Henson [Sat, 12 Feb 2011 17:23:32 +0000 (17:23 +0000)]
New option to disable characteristic two fields in EC code.
Andy Polyakov [Sat, 12 Feb 2011 16:43:41 +0000 (16:43 +0000)]
dso_dlfcn.c: make it work on Tru64 4.0.
PR: 2316
Andy Polyakov [Sat, 12 Feb 2011 16:13:59 +0000 (16:13 +0000)]
Configure: engage assembler in Android target.
Andy Polyakov [Sat, 12 Feb 2011 11:47:55 +0000 (11:47 +0000)]
gcm128.c: make it work with no-sse2.
Dr. Stephen Henson [Fri, 11 Feb 2011 20:56:24 +0000 (20:56 +0000)]
Add Makefile.fips.
Dr. Stephen Henson [Fri, 11 Feb 2011 19:02:34 +0000 (19:02 +0000)]
New "fispcanisteronly" build option: only build fipscanister.o and
associated utilities. This functionality will be used by the validated
tarball.
Dr. Stephen Henson [Fri, 11 Feb 2011 16:49:01 +0000 (16:49 +0000)]
Make Windows build work with GCM.
Dr. Stephen Henson [Fri, 11 Feb 2011 15:19:54 +0000 (15:19 +0000)]
In FIPS mode only use "Generation by Testing Candidates" equivalent.
Dr. Stephen Henson [Fri, 11 Feb 2011 14:38:39 +0000 (14:38 +0000)]
Return security strength for supported DSA parameters: will be used
later.
Dr. Stephen Henson [Fri, 11 Feb 2011 14:21:01 +0000 (14:21 +0000)]
Free keys if DSA pairwise error.
Andy Polyakov [Thu, 10 Feb 2011 21:24:24 +0000 (21:24 +0000)]
x86gas.pl: make data_short work on legacy systems.
Andy Polyakov [Thu, 10 Feb 2011 21:16:21 +0000 (21:16 +0000)]
xts128.c: initial draft.
Dr. Stephen Henson [Thu, 10 Feb 2011 01:46:25 +0000 (01:46 +0000)]
Disable FIPS restrictions when doing GCM testing.
Dr. Stephen Henson [Wed, 9 Feb 2011 16:21:43 +0000 (16:21 +0000)]
Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest.
Andy Polyakov [Tue, 8 Feb 2011 23:08:02 +0000 (23:08 +0000)]
ccm128.c: initialize ctx->block (what I was smoking?).
Andy Polyakov [Tue, 8 Feb 2011 23:02:45 +0000 (23:02 +0000)]
ccm128.c: initial draft.
Dr. Stephen Henson [Tue, 8 Feb 2011 19:25:24 +0000 (19:25 +0000)]
Equally experimental encrypt side for fips_gcmtest. Currently this uses IVs
in the request file need to update it to generate IVs once we have an IV
generator in place.
Bodo Möller [Tue, 8 Feb 2011 19:09:08 +0000 (19:09 +0000)]
Sync with 1.0.1 branch.
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
Dr. Stephen Henson [Tue, 8 Feb 2011 18:25:57 +0000 (18:25 +0000)]
Set values to NULL after freeing them.
Dr. Stephen Henson [Tue, 8 Feb 2011 18:15:59 +0000 (18:15 +0000)]
Experimental incomplete AES GCM algorithm test program.
Bodo Möller [Tue, 8 Feb 2011 17:48:57 +0000 (17:48 +0000)]
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
Dr. Stephen Henson [Tue, 8 Feb 2011 15:10:42 +0000 (15:10 +0000)]
Link GCM into FIPS module. Check return value in EVP gcm.
Bodo Möller [Tue, 8 Feb 2011 08:48:51 +0000 (08:48 +0000)]
Synchronize with 1.0.0 branch
Andy Polyakov [Mon, 7 Feb 2011 19:11:13 +0000 (19:11 +0000)]
gcm128.c: add boundary condition checks.
Dr. Stephen Henson [Mon, 7 Feb 2011 18:16:33 +0000 (18:16 +0000)]
Initial *very* experimental EVP support for AES-GCM. Note: probably very
broken and subject to change.
Dr. Stephen Henson [Mon, 7 Feb 2011 18:05:27 +0000 (18:05 +0000)]
Add CRYPTO_gcm128_tag() function to retrieve the tag.
Dr. Stephen Henson [Mon, 7 Feb 2011 18:04:27 +0000 (18:04 +0000)]
Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:
the NULL value for the input buffer is sufficient to notice this case.
Dr. Stephen Henson [Mon, 7 Feb 2011 14:36:55 +0000 (14:36 +0000)]
Typo.
Dr. Stephen Henson [Mon, 7 Feb 2011 14:36:08 +0000 (14:36 +0000)]
New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying
cipher handles all cipher symantics itself.
Dr. Stephen Henson [Mon, 7 Feb 2011 13:34:00 +0000 (13:34 +0000)]
Fix memory leak.
Dr. Stephen Henson [Mon, 7 Feb 2011 12:47:16 +0000 (12:47 +0000)]
Use default ASN1 if flag set.
Andy Polyakov [Sun, 6 Feb 2011 23:50:05 +0000 (23:50 +0000)]
gcm128.c: allow multiple calls to CRYPTO_gcm128_aad.
Andy Polyakov [Sun, 6 Feb 2011 23:48:32 +0000 (23:48 +0000)]
gcm128.c: fix bug in OPENSSL_SMALL_FOOTPRINT decrypt.
PR: 2432
Submitted by: Michael Heyman
Dr. Stephen Henson [Sun, 6 Feb 2011 00:51:05 +0000 (00:51 +0000)]
Fix duplicate code and typo.
Dr. Stephen Henson [Fri, 4 Feb 2011 17:56:57 +0000 (17:56 +0000)]
Remove unneeded functions, make some functions and variables static.
Dr. Stephen Henson [Thu, 3 Feb 2011 23:12:04 +0000 (23:12 +0000)]
Add FIPS support to the WIN32 build system.
Dr. Stephen Henson [Thu, 3 Feb 2011 17:00:24 +0000 (17:00 +0000)]
Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files
that use it.
Dr. Stephen Henson [Thu, 3 Feb 2011 16:16:30 +0000 (16:16 +0000)]
Rename crypto/fips_err.c to fips_ers.c to avoid clash with other fips_err.c
Dr. Stephen Henson [Thu, 3 Feb 2011 16:03:21 +0000 (16:03 +0000)]
Include fips header file in err_all.c if needed.
Dr. Stephen Henson [Thu, 3 Feb 2011 15:58:43 +0000 (15:58 +0000)]
Add FIPS error codes.
Dr. Stephen Henson [Thu, 3 Feb 2011 14:57:51 +0000 (14:57 +0000)]
add -stripcr option to copy.pl from 0.9.8
Dr. Stephen Henson [Thu, 3 Feb 2011 14:20:59 +0000 (14:20 +0000)]
Add Windows FIPS build utilities.
Dr. Stephen Henson [Thu, 3 Feb 2011 13:00:08 +0000 (13:00 +0000)]
For now disable EC_GFp_nistp224_method() for WIN32 so the WIN32 build
completes without linker errors.
Dr. Stephen Henson [Thu, 3 Feb 2011 12:59:01 +0000 (12:59 +0000)]
Add FIPS support to mkdef.pl script, update ordinals.
Dr. Stephen Henson [Thu, 3 Feb 2011 12:47:56 +0000 (12:47 +0000)]
Use single X931 key generation source file for FIPS and non-FIPS builds.
Bodo Möller [Thu, 3 Feb 2011 12:03:51 +0000 (12:03 +0000)]
Assorted bugfixes:
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check
Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
Bodo Möller [Thu, 3 Feb 2011 11:13:29 +0000 (11:13 +0000)]
fix omissions
Bodo Möller [Thu, 3 Feb 2011 10:43:00 +0000 (10:43 +0000)]
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
Bodo Möller [Thu, 3 Feb 2011 10:17:53 +0000 (10:17 +0000)]
make update
Bodo Möller [Thu, 3 Feb 2011 10:03:23 +0000 (10:03 +0000)]
Fix error codes.
Dr. Stephen Henson [Wed, 2 Feb 2011 17:48:03 +0000 (17:48 +0000)]
Cope with new DSA2 file format where some p/q only tests are made.
Dr. Stephen Henson [Wed, 2 Feb 2011 15:11:40 +0000 (15:11 +0000)]
Fix target config errors.
Dr. Stephen Henson [Wed, 2 Feb 2011 15:07:13 +0000 (15:07 +0000)]
Make no-asm work in fips mode. Add android platform.
Dr. Stephen Henson [Wed, 2 Feb 2011 14:21:33 +0000 (14:21 +0000)]
Add sign/verify digest API to handle an explicit digest instead of finalising
a context.
Dr. Stephen Henson [Wed, 2 Feb 2011 14:20:45 +0000 (14:20 +0000)]
Remove DSA parameter generation from DSA selftest. It is unnecessary and
can be very slow on embedded platforms. Hard code DSA parameters instead.
Dr. Stephen Henson [Tue, 1 Feb 2011 19:15:12 +0000 (19:15 +0000)]
Don't try to set pmd if it is NULL.
Dr. Stephen Henson [Tue, 1 Feb 2011 18:53:48 +0000 (18:53 +0000)]
Add DSA2 support to final algorithm tests: keypair and keyver.
Dr. Stephen Henson [Tue, 1 Feb 2011 17:54:23 +0000 (17:54 +0000)]
Support more DSA2 tests.
Dr. Stephen Henson [Tue, 1 Feb 2011 17:15:53 +0000 (17:15 +0000)]
Tolerate mixed case and leading zeroes when comparing.
Dr. Stephen Henson [Tue, 1 Feb 2011 17:15:19 +0000 (17:15 +0000)]
fixes for DSA2 parameter generation
Dr. Stephen Henson [Tue, 1 Feb 2011 17:14:07 +0000 (17:14 +0000)]
update README.FIPS
Dr. Stephen Henson [Tue, 1 Feb 2011 12:52:01 +0000 (12:52 +0000)]
Since FIPS 186-3 specifies we use the leftmost bits of the digest
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
Dr. Stephen Henson [Mon, 31 Jan 2011 19:44:09 +0000 (19:44 +0000)]
Provisional, experimental support for DSA2 parameter generation algorithm.
Not properly integrated or tested yet.
Dr. Stephen Henson [Sun, 30 Jan 2011 01:30:48 +0000 (01:30 +0000)]
stop warnings about no previous prototype when compiling shared engines
Dr. Stephen Henson [Sun, 30 Jan 2011 01:14:34 +0000 (01:14 +0000)]
Fix shared build for fips
Dr. Stephen Henson [Sun, 30 Jan 2011 00:01:09 +0000 (00:01 +0000)]
Add fips option into Configure, disable endian code for no-asm and FIPS.
Make shared library default for fips.
Dr. Stephen Henson [Sat, 29 Jan 2011 23:45:02 +0000 (23:45 +0000)]
add fiplibdir and basedir options to Configure
Dr. Stephen Henson [Sat, 29 Jan 2011 23:05:15 +0000 (23:05 +0000)]
use different default fips install directory
Dr. Stephen Henson [Sat, 29 Jan 2011 21:51:59 +0000 (21:51 +0000)]
update version to 2.0
Dr. Stephen Henson [Sat, 29 Jan 2011 21:45:04 +0000 (21:45 +0000)]
typo
Dr. Stephen Henson [Sat, 29 Jan 2011 21:39:33 +0000 (21:39 +0000)]
don't descend fips directory if not in fips mode
Dr. Stephen Henson [Sat, 29 Jan 2011 17:05:25 +0000 (17:05 +0000)]
Add preliminary FIPS information.
Dr. Stephen Henson [Thu, 27 Jan 2011 19:10:56 +0000 (19:10 +0000)]
Move all FIPSAPI renames into fips.h header file, include early in
crypto.h if needed.
Modify source tree to handle change.
Dr. Stephen Henson [Thu, 27 Jan 2011 18:11:36 +0000 (18:11 +0000)]
add .cvsignore
Dr. Stephen Henson [Thu, 27 Jan 2011 18:09:05 +0000 (18:09 +0000)]
add FIPS API malloc/free
Dr. Stephen Henson [Thu, 27 Jan 2011 17:23:43 +0000 (17:23 +0000)]
Redirect FIPS memory allocation to FIPS_malloc() routine, remove
OpenSSL malloc dependencies.
Dr. Stephen Henson [Thu, 27 Jan 2011 16:52:49 +0000 (16:52 +0000)]
add fips_dsatest.c file
Dr. Stephen Henson [Thu, 27 Jan 2011 15:57:31 +0000 (15:57 +0000)]
Update source files to handle new FIPS_lock() location. Add FIPS_lock()
definition. Remove stale function references from fips.h
Dr. Stephen Henson [Thu, 27 Jan 2011 15:22:26 +0000 (15:22 +0000)]
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
to EVP any more.
Move locking #define into fips.h.
Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
Dr. Stephen Henson [Thu, 27 Jan 2011 14:50:41 +0000 (14:50 +0000)]
Include thread ID code in fips module.
Dr. Stephen Henson [Thu, 27 Jan 2011 14:29:48 +0000 (14:29 +0000)]
New FIPS_lock() function for minimal FIPS locking API: to avoid dependencies
on OpenSSL locking code. Use API in some internal FIPS files.
Remove redundant ENGINE defines from fips.h
Dr. Stephen Henson [Thu, 27 Jan 2011 14:27:24 +0000 (14:27 +0000)]
Move locking and thread ID functions into new files lock.c and thr_id.c,
redirect locking to minimal FIPS_lock() function where required.
Dr. Stephen Henson [Thu, 27 Jan 2011 14:24:42 +0000 (14:24 +0000)]
use FIPSEVP in some bn and rsa files
Dr. Stephen Henson [Thu, 27 Jan 2011 13:33:47 +0000 (13:33 +0000)]
update .cvsignore
Dr. Stephen Henson [Wed, 26 Jan 2011 16:59:47 +0000 (16:59 +0000)]
Internal version of BN_mod_inverse allowing checking of no-inverse without
need to inspect error queue.
Dr. Stephen Henson [Wed, 26 Jan 2011 16:47:51 +0000 (16:47 +0000)]
FIPS changes to test/Makefile: rules to build FIPS test applications.
Dr. Stephen Henson [Wed, 26 Jan 2011 16:22:03 +0000 (16:22 +0000)]
Use ARX in crypto/Makefile
Dr. Stephen Henson [Wed, 26 Jan 2011 16:15:38 +0000 (16:15 +0000)]
FIPS HMAC changes:
Use EVP macros.
Use tiny EVP in FIPS mode.
Dr. Stephen Henson [Wed, 26 Jan 2011 16:08:08 +0000 (16:08 +0000)]
Change AR to ARX to allow exclusion of fips object modules
Dr. Stephen Henson [Wed, 26 Jan 2011 15:53:07 +0000 (15:53 +0000)]
FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR
library dependencies.
Dr. Stephen Henson [Wed, 26 Jan 2011 15:47:19 +0000 (15:47 +0000)]
FIPS DH changes: selftest checks and key range checks.
Dr. Stephen Henson [Wed, 26 Jan 2011 15:46:26 +0000 (15:46 +0000)]
FIPS mode DSA changes:
Check for selftest failures.
Pairwise consistency test for RSA key generation.
Use some EVP macros instead of EVP functions.
Use minimal FIPS EVP where needed.
Key size restrictions.