Dr. Stephen Henson [Sat, 12 Feb 2011 17:38:06 +0000 (17:38 +0000)]
Disable some functions in headers with no-ec2m
Dr. Stephen Henson [Sat, 12 Feb 2011 17:23:32 +0000 (17:23 +0000)]
New option to disable characteristic two fields in EC code.
Andy Polyakov [Sat, 12 Feb 2011 16:43:41 +0000 (16:43 +0000)]
dso_dlfcn.c: make it work on Tru64 4.0.
PR: 2316
Andy Polyakov [Sat, 12 Feb 2011 16:13:59 +0000 (16:13 +0000)]
Configure: engage assembler in Android target.
Andy Polyakov [Sat, 12 Feb 2011 11:47:55 +0000 (11:47 +0000)]
gcm128.c: make it work with no-sse2.
Dr. Stephen Henson [Fri, 11 Feb 2011 20:56:24 +0000 (20:56 +0000)]
Add Makefile.fips.
Dr. Stephen Henson [Fri, 11 Feb 2011 19:02:34 +0000 (19:02 +0000)]
New "fispcanisteronly" build option: only build fipscanister.o and
associated utilities. This functionality will be used by the validated
tarball.
Dr. Stephen Henson [Fri, 11 Feb 2011 16:49:01 +0000 (16:49 +0000)]
Make Windows build work with GCM.
Dr. Stephen Henson [Fri, 11 Feb 2011 15:19:54 +0000 (15:19 +0000)]
In FIPS mode only use "Generation by Testing Candidates" equivalent.
Dr. Stephen Henson [Fri, 11 Feb 2011 14:38:39 +0000 (14:38 +0000)]
Return security strength for supported DSA parameters: will be used
later.
Dr. Stephen Henson [Fri, 11 Feb 2011 14:21:01 +0000 (14:21 +0000)]
Free keys if DSA pairwise error.
Andy Polyakov [Thu, 10 Feb 2011 21:24:24 +0000 (21:24 +0000)]
x86gas.pl: make data_short work on legacy systems.
Andy Polyakov [Thu, 10 Feb 2011 21:16:21 +0000 (21:16 +0000)]
xts128.c: initial draft.
Dr. Stephen Henson [Thu, 10 Feb 2011 01:46:25 +0000 (01:46 +0000)]
Disable FIPS restrictions when doing GCM testing.
Dr. Stephen Henson [Wed, 9 Feb 2011 16:21:43 +0000 (16:21 +0000)]
Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest.
Andy Polyakov [Tue, 8 Feb 2011 23:08:02 +0000 (23:08 +0000)]
ccm128.c: initialize ctx->block (what I was smoking?).
Andy Polyakov [Tue, 8 Feb 2011 23:02:45 +0000 (23:02 +0000)]
ccm128.c: initial draft.
Dr. Stephen Henson [Tue, 8 Feb 2011 19:25:24 +0000 (19:25 +0000)]
Equally experimental encrypt side for fips_gcmtest. Currently this uses IVs
in the request file need to update it to generate IVs once we have an IV
generator in place.
Bodo Möller [Tue, 8 Feb 2011 19:09:08 +0000 (19:09 +0000)]
Sync with 1.0.1 branch.
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
Dr. Stephen Henson [Tue, 8 Feb 2011 18:25:57 +0000 (18:25 +0000)]
Set values to NULL after freeing them.
Dr. Stephen Henson [Tue, 8 Feb 2011 18:15:59 +0000 (18:15 +0000)]
Experimental incomplete AES GCM algorithm test program.
Bodo Möller [Tue, 8 Feb 2011 17:48:57 +0000 (17:48 +0000)]
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
Dr. Stephen Henson [Tue, 8 Feb 2011 15:10:42 +0000 (15:10 +0000)]
Link GCM into FIPS module. Check return value in EVP gcm.
Bodo Möller [Tue, 8 Feb 2011 08:48:51 +0000 (08:48 +0000)]
Synchronize with 1.0.0 branch
Andy Polyakov [Mon, 7 Feb 2011 19:11:13 +0000 (19:11 +0000)]
gcm128.c: add boundary condition checks.
Dr. Stephen Henson [Mon, 7 Feb 2011 18:16:33 +0000 (18:16 +0000)]
Initial *very* experimental EVP support for AES-GCM. Note: probably very
broken and subject to change.
Dr. Stephen Henson [Mon, 7 Feb 2011 18:05:27 +0000 (18:05 +0000)]
Add CRYPTO_gcm128_tag() function to retrieve the tag.
Dr. Stephen Henson [Mon, 7 Feb 2011 18:04:27 +0000 (18:04 +0000)]
Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:
the NULL value for the input buffer is sufficient to notice this case.
Dr. Stephen Henson [Mon, 7 Feb 2011 14:36:55 +0000 (14:36 +0000)]
Typo.
Dr. Stephen Henson [Mon, 7 Feb 2011 14:36:08 +0000 (14:36 +0000)]
New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying
cipher handles all cipher symantics itself.
Dr. Stephen Henson [Mon, 7 Feb 2011 13:34:00 +0000 (13:34 +0000)]
Fix memory leak.
Dr. Stephen Henson [Mon, 7 Feb 2011 12:47:16 +0000 (12:47 +0000)]
Use default ASN1 if flag set.
Andy Polyakov [Sun, 6 Feb 2011 23:50:05 +0000 (23:50 +0000)]
gcm128.c: allow multiple calls to CRYPTO_gcm128_aad.
Andy Polyakov [Sun, 6 Feb 2011 23:48:32 +0000 (23:48 +0000)]
gcm128.c: fix bug in OPENSSL_SMALL_FOOTPRINT decrypt.
PR: 2432
Submitted by: Michael Heyman
Dr. Stephen Henson [Sun, 6 Feb 2011 00:51:05 +0000 (00:51 +0000)]
Fix duplicate code and typo.
Dr. Stephen Henson [Fri, 4 Feb 2011 17:56:57 +0000 (17:56 +0000)]
Remove unneeded functions, make some functions and variables static.
Dr. Stephen Henson [Thu, 3 Feb 2011 23:12:04 +0000 (23:12 +0000)]
Add FIPS support to the WIN32 build system.
Dr. Stephen Henson [Thu, 3 Feb 2011 17:00:24 +0000 (17:00 +0000)]
Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files
that use it.
Dr. Stephen Henson [Thu, 3 Feb 2011 16:16:30 +0000 (16:16 +0000)]
Rename crypto/fips_err.c to fips_ers.c to avoid clash with other fips_err.c
Dr. Stephen Henson [Thu, 3 Feb 2011 16:03:21 +0000 (16:03 +0000)]
Include fips header file in err_all.c if needed.
Dr. Stephen Henson [Thu, 3 Feb 2011 15:58:43 +0000 (15:58 +0000)]
Add FIPS error codes.
Dr. Stephen Henson [Thu, 3 Feb 2011 14:57:51 +0000 (14:57 +0000)]
add -stripcr option to copy.pl from 0.9.8
Dr. Stephen Henson [Thu, 3 Feb 2011 14:20:59 +0000 (14:20 +0000)]
Add Windows FIPS build utilities.
Dr. Stephen Henson [Thu, 3 Feb 2011 13:00:08 +0000 (13:00 +0000)]
For now disable EC_GFp_nistp224_method() for WIN32 so the WIN32 build
completes without linker errors.
Dr. Stephen Henson [Thu, 3 Feb 2011 12:59:01 +0000 (12:59 +0000)]
Add FIPS support to mkdef.pl script, update ordinals.
Dr. Stephen Henson [Thu, 3 Feb 2011 12:47:56 +0000 (12:47 +0000)]
Use single X931 key generation source file for FIPS and non-FIPS builds.
Bodo Möller [Thu, 3 Feb 2011 12:03:51 +0000 (12:03 +0000)]
Assorted bugfixes:
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check
Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
Bodo Möller [Thu, 3 Feb 2011 11:13:29 +0000 (11:13 +0000)]
fix omissions
Bodo Möller [Thu, 3 Feb 2011 10:43:00 +0000 (10:43 +0000)]
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
Bodo Möller [Thu, 3 Feb 2011 10:17:53 +0000 (10:17 +0000)]
make update
Bodo Möller [Thu, 3 Feb 2011 10:03:23 +0000 (10:03 +0000)]
Fix error codes.
Dr. Stephen Henson [Wed, 2 Feb 2011 17:48:03 +0000 (17:48 +0000)]
Cope with new DSA2 file format where some p/q only tests are made.
Dr. Stephen Henson [Wed, 2 Feb 2011 15:11:40 +0000 (15:11 +0000)]
Fix target config errors.
Dr. Stephen Henson [Wed, 2 Feb 2011 15:07:13 +0000 (15:07 +0000)]
Make no-asm work in fips mode. Add android platform.
Dr. Stephen Henson [Wed, 2 Feb 2011 14:21:33 +0000 (14:21 +0000)]
Add sign/verify digest API to handle an explicit digest instead of finalising
a context.
Dr. Stephen Henson [Wed, 2 Feb 2011 14:20:45 +0000 (14:20 +0000)]
Remove DSA parameter generation from DSA selftest. It is unnecessary and
can be very slow on embedded platforms. Hard code DSA parameters instead.
Dr. Stephen Henson [Tue, 1 Feb 2011 19:15:12 +0000 (19:15 +0000)]
Don't try to set pmd if it is NULL.
Dr. Stephen Henson [Tue, 1 Feb 2011 18:53:48 +0000 (18:53 +0000)]
Add DSA2 support to final algorithm tests: keypair and keyver.
Dr. Stephen Henson [Tue, 1 Feb 2011 17:54:23 +0000 (17:54 +0000)]
Support more DSA2 tests.
Dr. Stephen Henson [Tue, 1 Feb 2011 17:15:53 +0000 (17:15 +0000)]
Tolerate mixed case and leading zeroes when comparing.
Dr. Stephen Henson [Tue, 1 Feb 2011 17:15:19 +0000 (17:15 +0000)]
fixes for DSA2 parameter generation
Dr. Stephen Henson [Tue, 1 Feb 2011 17:14:07 +0000 (17:14 +0000)]
update README.FIPS
Dr. Stephen Henson [Tue, 1 Feb 2011 12:52:01 +0000 (12:52 +0000)]
Since FIPS 186-3 specifies we use the leftmost bits of the digest
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
Dr. Stephen Henson [Mon, 31 Jan 2011 19:44:09 +0000 (19:44 +0000)]
Provisional, experimental support for DSA2 parameter generation algorithm.
Not properly integrated or tested yet.
Dr. Stephen Henson [Sun, 30 Jan 2011 01:30:48 +0000 (01:30 +0000)]
stop warnings about no previous prototype when compiling shared engines
Dr. Stephen Henson [Sun, 30 Jan 2011 01:14:34 +0000 (01:14 +0000)]
Fix shared build for fips
Dr. Stephen Henson [Sun, 30 Jan 2011 00:01:09 +0000 (00:01 +0000)]
Add fips option into Configure, disable endian code for no-asm and FIPS.
Make shared library default for fips.
Dr. Stephen Henson [Sat, 29 Jan 2011 23:45:02 +0000 (23:45 +0000)]
add fiplibdir and basedir options to Configure
Dr. Stephen Henson [Sat, 29 Jan 2011 23:05:15 +0000 (23:05 +0000)]
use different default fips install directory
Dr. Stephen Henson [Sat, 29 Jan 2011 21:51:59 +0000 (21:51 +0000)]
update version to 2.0
Dr. Stephen Henson [Sat, 29 Jan 2011 21:45:04 +0000 (21:45 +0000)]
typo
Dr. Stephen Henson [Sat, 29 Jan 2011 21:39:33 +0000 (21:39 +0000)]
don't descend fips directory if not in fips mode
Dr. Stephen Henson [Sat, 29 Jan 2011 17:05:25 +0000 (17:05 +0000)]
Add preliminary FIPS information.
Dr. Stephen Henson [Thu, 27 Jan 2011 19:10:56 +0000 (19:10 +0000)]
Move all FIPSAPI renames into fips.h header file, include early in
crypto.h if needed.
Modify source tree to handle change.
Dr. Stephen Henson [Thu, 27 Jan 2011 18:11:36 +0000 (18:11 +0000)]
add .cvsignore
Dr. Stephen Henson [Thu, 27 Jan 2011 18:09:05 +0000 (18:09 +0000)]
add FIPS API malloc/free
Dr. Stephen Henson [Thu, 27 Jan 2011 17:23:43 +0000 (17:23 +0000)]
Redirect FIPS memory allocation to FIPS_malloc() routine, remove
OpenSSL malloc dependencies.
Dr. Stephen Henson [Thu, 27 Jan 2011 16:52:49 +0000 (16:52 +0000)]
add fips_dsatest.c file
Dr. Stephen Henson [Thu, 27 Jan 2011 15:57:31 +0000 (15:57 +0000)]
Update source files to handle new FIPS_lock() location. Add FIPS_lock()
definition. Remove stale function references from fips.h
Dr. Stephen Henson [Thu, 27 Jan 2011 15:22:26 +0000 (15:22 +0000)]
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
to EVP any more.
Move locking #define into fips.h.
Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
Dr. Stephen Henson [Thu, 27 Jan 2011 14:50:41 +0000 (14:50 +0000)]
Include thread ID code in fips module.
Dr. Stephen Henson [Thu, 27 Jan 2011 14:29:48 +0000 (14:29 +0000)]
New FIPS_lock() function for minimal FIPS locking API: to avoid dependencies
on OpenSSL locking code. Use API in some internal FIPS files.
Remove redundant ENGINE defines from fips.h
Dr. Stephen Henson [Thu, 27 Jan 2011 14:27:24 +0000 (14:27 +0000)]
Move locking and thread ID functions into new files lock.c and thr_id.c,
redirect locking to minimal FIPS_lock() function where required.
Dr. Stephen Henson [Thu, 27 Jan 2011 14:24:42 +0000 (14:24 +0000)]
use FIPSEVP in some bn and rsa files
Dr. Stephen Henson [Thu, 27 Jan 2011 13:33:47 +0000 (13:33 +0000)]
update .cvsignore
Dr. Stephen Henson [Wed, 26 Jan 2011 16:59:47 +0000 (16:59 +0000)]
Internal version of BN_mod_inverse allowing checking of no-inverse without
need to inspect error queue.
Dr. Stephen Henson [Wed, 26 Jan 2011 16:47:51 +0000 (16:47 +0000)]
FIPS changes to test/Makefile: rules to build FIPS test applications.
Dr. Stephen Henson [Wed, 26 Jan 2011 16:22:03 +0000 (16:22 +0000)]
Use ARX in crypto/Makefile
Dr. Stephen Henson [Wed, 26 Jan 2011 16:15:38 +0000 (16:15 +0000)]
FIPS HMAC changes:
Use EVP macros.
Use tiny EVP in FIPS mode.
Dr. Stephen Henson [Wed, 26 Jan 2011 16:08:08 +0000 (16:08 +0000)]
Change AR to ARX to allow exclusion of fips object modules
Dr. Stephen Henson [Wed, 26 Jan 2011 15:53:07 +0000 (15:53 +0000)]
FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR
library dependencies.
Dr. Stephen Henson [Wed, 26 Jan 2011 15:47:19 +0000 (15:47 +0000)]
FIPS DH changes: selftest checks and key range checks.
Dr. Stephen Henson [Wed, 26 Jan 2011 15:46:26 +0000 (15:46 +0000)]
FIPS mode DSA changes:
Check for selftest failures.
Pairwise consistency test for RSA key generation.
Use some EVP macros instead of EVP functions.
Use minimal FIPS EVP where needed.
Key size restrictions.
Dr. Stephen Henson [Wed, 26 Jan 2011 15:37:41 +0000 (15:37 +0000)]
FIPS mode RSA changes:
Check for selftest failures.
Pairwise consistency test for RSA key generation.
Use some EVP macros instead of EVP functions.
Use minimal FIPS EVP where needed.
Dr. Stephen Henson [Wed, 26 Jan 2011 15:33:51 +0000 (15:33 +0000)]
add new RAND errors
Dr. Stephen Henson [Wed, 26 Jan 2011 15:25:33 +0000 (15:25 +0000)]
FIPS mode EVP changes:
Set EVP_CIPH_FLAG_FIPS on approved ciphers.
Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.
Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.
Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.
Dr. Stephen Henson [Wed, 26 Jan 2011 14:52:04 +0000 (14:52 +0000)]
FIPS mode changes to make RNG compile (this will need updating later as we
need a whole new PRNG for FIPS).
1. avoid use of ERR_peek().
2. If compiling with FIPS use small FIPS EVP and disable ENGINE
Dr. Stephen Henson [Wed, 26 Jan 2011 12:31:30 +0000 (12:31 +0000)]
Add fipscanisterbuild configuration option and update Makefile.org: doesn't compile yet
Dr. Stephen Henson [Wed, 26 Jan 2011 12:23:58 +0000 (12:23 +0000)]
FIPS_allow_md5() no longer exists and is no longer required
Richard Levitte [Wed, 26 Jan 2011 06:51:35 +0000 (06:51 +0000)]
Add rsa_crpt