Dr. Stephen Henson [Thu, 22 Sep 2011 14:01:25 +0000 (14:01 +0000)]
Use function name FIPS_drbg_health_check() for health check function.
Add explanatory comments to health check code.
Dr. Stephen Henson [Wed, 21 Sep 2011 18:42:12 +0000 (18:42 +0000)]
Don't print out errors in cases where errors are expected: testing
DSA parameter validity and EC public key validity.
Dr. Stephen Henson [Wed, 21 Sep 2011 18:36:53 +0000 (18:36 +0000)]
Remove unused variable.
Dr. Stephen Henson [Wed, 21 Sep 2011 18:24:12 +0000 (18:24 +0000)]
Perform health check on all reseed operations not associated with
prediction resistance requests. Although SP 800-90 is arguably unclear
on whether this is necessary adding an additional check has minimal
penalty (very few applications will make an explicit reseed request).
Dr. Stephen Henson [Wed, 21 Sep 2011 17:04:56 +0000 (17:04 +0000)]
Revise DRBG to split between internal and external flags.
One demand health check function.
Perform generation test in fips_test_suite.
Option to skip dh test if fips_test_suite.
Dr. Stephen Henson [Wed, 21 Sep 2011 16:17:18 +0000 (16:17 +0000)]
Update error codes.
Dr. Stephen Henson [Sun, 18 Sep 2011 19:36:27 +0000 (19:36 +0000)]
Allow reseed interval to be set.
Andy Polyakov [Sun, 18 Sep 2011 15:40:11 +0000 (15:40 +0000)]
Make latest assembler additions (vpaes and e_padlock) work in Windows build.
Andy Polyakov [Sat, 17 Sep 2011 12:57:33 +0000 (12:57 +0000)]
sha256-586.pl: minor optimization, +0-2% on all CPUs, +7% on Westmere.
Andy Polyakov [Sat, 17 Sep 2011 11:30:28 +0000 (11:30 +0000)]
sha512-x86_64.pl: +15% better performance on Westmere and incidentally Atom.
Other Intel processors +5%, Opteron -2%.
Dr. Stephen Henson [Sat, 17 Sep 2011 00:17:46 +0000 (00:17 +0000)]
Sync error codes with 1.0.1-stable.
Dr. Stephen Henson [Fri, 16 Sep 2011 17:40:16 +0000 (17:40 +0000)]
clarify comment
Dr. Stephen Henson [Fri, 16 Sep 2011 17:35:40 +0000 (17:35 +0000)]
Minor code tidy and bug fix: need to set t = s after first pass and
t and s do not need to have independent values after the first pass
so set t = s.
Dr. Stephen Henson [Thu, 15 Sep 2011 21:06:37 +0000 (21:06 +0000)]
Don't use vpaes in fips builds and exclude from restricted tarball.
Andy Polyakov [Thu, 15 Sep 2011 20:22:59 +0000 (20:22 +0000)]
Integrate Vector Permutation AES into build system.
Dr. Stephen Henson [Thu, 15 Sep 2011 14:28:46 +0000 (14:28 +0000)]
Make HMAC kat symbols static.
Dr. Stephen Henson [Thu, 15 Sep 2011 14:08:24 +0000 (14:08 +0000)]
Fix warning.
Andy Polyakov [Wed, 14 Sep 2011 20:48:49 +0000 (20:48 +0000)]
Allow for dynamic base in Win64 FIPS module.
Dr. Stephen Henson [Wed, 14 Sep 2011 15:49:50 +0000 (15:49 +0000)]
Update CMAC/HMAC sefltests to use NIDs instead of function pointers.
Simplify HMAC selftest as each test currently uses the same key and
hash data.
Dr. Stephen Henson [Wed, 14 Sep 2011 15:20:59 +0000 (15:20 +0000)]
Remove fipsdso target: it isn't supported in the 2.0 module.
Dr. Stephen Henson [Wed, 14 Sep 2011 13:25:48 +0000 (13:25 +0000)]
new function to lookup FIPS supported ciphers by NID
Dr. Stephen Henson [Mon, 12 Sep 2011 18:47:39 +0000 (18:47 +0000)]
More extensive DRBG health check. New function to call health check
for all DRBG combinations.
Dr. Stephen Henson [Mon, 12 Sep 2011 18:45:05 +0000 (18:45 +0000)]
Check length of additional input in DRBG generate function.
Dr. Stephen Henson [Mon, 12 Sep 2011 13:20:57 +0000 (13:20 +0000)]
Delete strength parameter from FIPS_drbg_generate. It isn't very useful
(strength can be queried using FIPS_drbg_get_strength ) and adds a
substantial extra overhead to health check (need to check every combination
of parameters).
Dr. Stephen Henson [Mon, 12 Sep 2011 12:56:20 +0000 (12:56 +0000)]
Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we
don't set type in FIPS_drbg_new().
Andy Polyakov [Mon, 12 Sep 2011 12:50:00 +0000 (12:50 +0000)]
vpaes-x86[_64]*.pl: fix typo.
Andy Polyakov [Mon, 12 Sep 2011 08:25:14 +0000 (08:25 +0000)]
Add so called Vector Permutation AES x86[_64] assembler, see
http://crypto.stanford.edu/vpaes/ for background information.
It's not integrated into build system yet.
Dr. Stephen Henson [Sun, 11 Sep 2011 18:05:40 +0000 (18:05 +0000)]
Fix 3DES Monte Carlo test file output which previously outputted
extra bogus lines. Update fipsalgtest.pl to tolerate the old format.
Dr. Stephen Henson [Fri, 9 Sep 2011 17:16:43 +0000 (17:16 +0000)]
Add support for Dual EC DRBG from SP800-90. Include updates to algorithm
tests and POST code.
Dr. Stephen Henson [Thu, 8 Sep 2011 13:55:47 +0000 (13:55 +0000)]
Add /fixed option to linker with fips builds.
Dr. Stephen Henson [Wed, 7 Sep 2011 10:26:38 +0000 (10:26 +0000)]
Put quick DRBG selftest return after first generate operation.
Andy Polyakov [Tue, 6 Sep 2011 22:53:34 +0000 (22:53 +0000)]
engines/asm/e_padlock-x86_64.pl: name it right and fix small bug.
Dr. Stephen Henson [Tue, 6 Sep 2011 20:46:27 +0000 (20:46 +0000)]
Add error codes for DRBG KAT failures.
Add abbreviated DRBG KAT for POST which only performs a single generate
operations instead of four.
Andy Polyakov [Tue, 6 Sep 2011 20:45:36 +0000 (20:45 +0000)]
Padlock engine: make it independent of inline assembler.
Dr. Stephen Henson [Tue, 6 Sep 2011 15:15:09 +0000 (15:15 +0000)]
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
produce an error (CVE-2011-3207)
Dr. Stephen Henson [Tue, 6 Sep 2011 13:55:22 +0000 (13:55 +0000)]
Update FAQ.
Andy Polyakov [Mon, 5 Sep 2011 16:31:51 +0000 (16:31 +0000)]
config: don't add -Wa options with no-asm.
Andy Polyakov [Mon, 5 Sep 2011 16:14:43 +0000 (16:14 +0000)]
crypto/bn/bn_gf2m.c: make it work with BN_DEBUG.
Dr. Stephen Henson [Mon, 5 Sep 2011 15:45:13 +0000 (15:45 +0000)]
Check reseed interval before generating output.
Dr. Stephen Henson [Mon, 5 Sep 2011 15:32:32 +0000 (15:32 +0000)]
Place DRBG in error state if health check fails.
Bodo Möller [Mon, 5 Sep 2011 13:43:56 +0000 (13:43 +0000)]
oops
Bodo Möller [Mon, 5 Sep 2011 13:36:23 +0000 (13:36 +0000)]
Fix session handling.
Bodo Möller [Mon, 5 Sep 2011 13:31:17 +0000 (13:31 +0000)]
Fix d2i_SSL_SESSION.
Bodo Möller [Mon, 5 Sep 2011 10:25:31 +0000 (10:25 +0000)]
(EC)DH memory handling fixes.
Submitted by: Adam Langley
Bodo Möller [Mon, 5 Sep 2011 09:57:20 +0000 (09:57 +0000)]
Fix memory leak on bad inputs.
Bodo Möller [Mon, 5 Sep 2011 09:46:15 +0000 (09:46 +0000)]
make update
Bodo Möller [Mon, 5 Sep 2011 09:43:44 +0000 (09:43 +0000)]
Fix expected DEFFLAG for default config.
Bodo Möller [Mon, 5 Sep 2011 09:42:34 +0000 (09:42 +0000)]
Fix error codes.
Bodo Möller [Mon, 5 Sep 2011 09:30:50 +0000 (09:30 +0000)]
Synchronize with 1.0.1 CHANGES file.
Dr. Stephen Henson [Sun, 4 Sep 2011 22:48:06 +0000 (22:48 +0000)]
Don't perform full DRBG health check on all DRBG types on power up, just
one shorter KAT per mechanism.
Dr. Stephen Henson [Sun, 4 Sep 2011 18:44:28 +0000 (18:44 +0000)]
Update dependencies.
Dr. Stephen Henson [Sun, 4 Sep 2011 18:36:20 +0000 (18:36 +0000)]
Add header to Makefile.
Dr. Stephen Henson [Sun, 4 Sep 2011 18:35:33 +0000 (18:35 +0000)]
Extension of DRBG selftests using new data.
Test PR and no PR and test initial generate before the reseed too.
Move selftest data to separate fips_drbg_selftest.h header file.
Dr. Stephen Henson [Fri, 2 Sep 2011 15:10:54 +0000 (15:10 +0000)]
Rename some more symbols for fips module.
Dr. Stephen Henson [Fri, 2 Sep 2011 11:28:27 +0000 (11:28 +0000)]
Don't use *from++ in tolower as this is implemented as a macro on some
platforms. Thanks to Shayne Murray <Shayne.Murray@Polycom.com> for
reporting this issue.
Dr. Stephen Henson [Fri, 2 Sep 2011 11:20:15 +0000 (11:20 +0000)]
PR: 2576
Submitted by: Doug Goldstein <cardoe@gentoo.org>
Reviewed by: steve
Include header file stdlib.h which is needed on some platforms to get
getenv() declaration.
Dr. Stephen Henson [Thu, 1 Sep 2011 17:12:35 +0000 (17:12 +0000)]
Sync ordinals with 1.0.1-stable.
Dr. Stephen Henson [Thu, 1 Sep 2011 15:01:35 +0000 (15:01 +0000)]
PR: 2340
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve
Stop warnings if OPENSSL_NO_DGRAM is defined.
Dr. Stephen Henson [Thu, 1 Sep 2011 14:23:09 +0000 (14:23 +0000)]
make timing attack protection unconditional
Dr. Stephen Henson [Thu, 1 Sep 2011 14:15:47 +0000 (14:15 +0000)]
Stop warnings.
Dr. Stephen Henson [Thu, 1 Sep 2011 14:02:23 +0000 (14:02 +0000)]
PR: 2573
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS buffering and decryption bug.
Dr. Stephen Henson [Thu, 1 Sep 2011 13:52:48 +0000 (13:52 +0000)]
PR: 2589
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Initialise p pointer.
Dr. Stephen Henson [Thu, 1 Sep 2011 13:49:16 +0000 (13:49 +0000)]
PR: 2588
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Close file pointer.
Dr. Stephen Henson [Thu, 1 Sep 2011 13:45:46 +0000 (13:45 +0000)]
PR: 2586
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Zero structure fields properly.
Dr. Stephen Henson [Thu, 1 Sep 2011 13:37:37 +0000 (13:37 +0000)]
PR: 2586
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Fix brace mismatch.
Dr. Stephen Henson [Mon, 29 Aug 2011 16:09:07 +0000 (16:09 +0000)]
Print private key component is -exout parameter is given.
Dr. Stephen Henson [Mon, 29 Aug 2011 15:35:35 +0000 (15:35 +0000)]
Fix ecdh primitives test command line.
Andy Polyakov [Sat, 27 Aug 2011 19:38:55 +0000 (19:38 +0000)]
bn_exp.c: improve portability.
Andy Polyakov [Sat, 27 Aug 2011 19:37:25 +0000 (19:37 +0000)]
util/incore: fix typo.
Dr. Stephen Henson [Sat, 27 Aug 2011 12:30:47 +0000 (12:30 +0000)]
Add support for DSA2 PQG generation of g parameter.
Dr. Stephen Henson [Fri, 26 Aug 2011 14:51:49 +0000 (14:51 +0000)]
Add support for canonical generation of DSA parameter g.
Modify fips_dssvs to support appropriate file format.
Dr. Stephen Henson [Thu, 25 Aug 2011 19:50:51 +0000 (19:50 +0000)]
Fix warning.
Dr. Stephen Henson [Tue, 23 Aug 2011 23:35:30 +0000 (23:35 +0000)]
Don't use some object files in FIPS build.
Dr. Stephen Henson [Tue, 23 Aug 2011 21:06:44 +0000 (21:06 +0000)]
Rename sparc symbols.
Andy Polyakov [Tue, 23 Aug 2011 20:51:38 +0000 (20:51 +0000)]
Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
Andy Polyakov [Mon, 22 Aug 2011 19:01:16 +0000 (19:01 +0000)]
eng_rsax.c: improve portability.
Dr. Stephen Henson [Fri, 19 Aug 2011 23:25:10 +0000 (23:25 +0000)]
Correct maximum request length. SP800-90 quotes maximum bits, not bytes.
Andy Polyakov [Fri, 19 Aug 2011 06:30:32 +0000 (06:30 +0000)]
modexp512-x86_64.pl: make it work with ml64.
Dr. Stephen Henson [Thu, 18 Aug 2011 16:06:24 +0000 (16:06 +0000)]
Fix fipsalgtest.pl to still work with old test vectors.
Dr. Stephen Henson [Tue, 16 Aug 2011 12:45:26 +0000 (12:45 +0000)]
typo
Dr. Stephen Henson [Tue, 16 Aug 2011 11:25:56 +0000 (11:25 +0000)]
Update instructions to recommend use of included incore script.
Andy Polyakov [Tue, 16 Aug 2011 08:56:07 +0000 (08:56 +0000)]
Makefile.org: get commit#21249 right.
Dr. Stephen Henson [Mon, 15 Aug 2011 20:38:16 +0000 (20:38 +0000)]
Delete library install from Makefile.fips: it isn't used.
Revert change to Makefile.org: it breaks install.
Dr. Stephen Henson [Mon, 15 Aug 2011 18:16:55 +0000 (18:16 +0000)]
quote LIBS to copy with empty string
Dr. Stephen Henson [Mon, 15 Aug 2011 14:50:00 +0000 (14:50 +0000)]
Enable rsa-pss0 for non-v2 tests.
Dr. Stephen Henson [Sun, 14 Aug 2011 13:45:19 +0000 (13:45 +0000)]
Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
using OBJ xref utilities instead of string comparison with OID name.
This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
Andy Polyakov [Sun, 14 Aug 2011 11:31:35 +0000 (11:31 +0000)]
bn_div.c: remove duplicate code by merging BN_div and BN_div_no_branch.
Andy Polyakov [Sun, 14 Aug 2011 09:06:06 +0000 (09:06 +0000)]
x86_64-mont5.pl: add missing Win64 support.
Andy Polyakov [Sun, 14 Aug 2011 08:30:56 +0000 (08:30 +0000)]
eng_rdrand.c: make it link in './config 386' case.
Andy Polyakov [Sat, 13 Aug 2011 12:38:41 +0000 (12:38 +0000)]
armv4-mont.pl: profiler-assisted optimization gives 8%-14% improvement
(more for longer keys) on RSA/DSA.
Andy Polyakov [Fri, 12 Aug 2011 21:38:19 +0000 (21:38 +0000)]
SPARC assembler pack: fix FIPS linking errors.
Andy Polyakov [Fri, 12 Aug 2011 21:24:19 +0000 (21:24 +0000)]
x86_64-xlate.pl: fix movzw.
Andy Polyakov [Fri, 12 Aug 2011 16:44:32 +0000 (16:44 +0000)]
This commit completes recent modular exponentiation optimizations on
x86_64 platform. It targets specifically RSA1024 sign (using ideas
from http://eprint.iacr.org/2011/239) and adds more than 10% on most
platforms. Overall performance improvement relative to 1.0.0 is ~40%
in average, with best result of 54% on Westmere. Incidentally ~40%
is average improvement even for longer key lengths.
Andy Polyakov [Fri, 12 Aug 2011 12:28:52 +0000 (12:28 +0000)]
alphacpuid.pl: fix alignment bug.
alpha-mont.pl: fix typo.
PR: 2577
Dr. Stephen Henson [Thu, 11 Aug 2011 23:06:19 +0000 (23:06 +0000)]
aesni TLS GCM support
Dr. Stephen Henson [Thu, 11 Aug 2011 21:12:17 +0000 (21:12 +0000)]
prevent compilation errors and warnings
Dr. Stephen Henson [Thu, 11 Aug 2011 17:30:07 +0000 (17:30 +0000)]
Include armcap.c in fips tarball.
Dr. Stephen Henson [Thu, 11 Aug 2011 13:22:04 +0000 (13:22 +0000)]
Remove redundant assignment.
Andy Polyakov [Wed, 10 Aug 2011 18:52:42 +0000 (18:52 +0000)]
Add provisory support for RDRAND instruction.
Andy Polyakov [Tue, 9 Aug 2011 13:05:05 +0000 (13:05 +0000)]
x86_64-mont.pl: futher optimization resulting in up to 48% improvement
(4096-bit RSA sign benchmark on Core2) in comparison to initial version
from 2005.