oweals/openssl.git
7 years agoAdd linux-mips32be target for new platform
Steve Marquess [Tue, 25 Apr 2017 12:15:14 +0000 (08:15 -0400)]
Add linux-mips32be target for new platform

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3300)

8 years agoFIPS MIPS assembly pack refresh.
Andy Polyakov [Fri, 24 Jun 2016 10:53:54 +0000 (12:53 +0200)]
FIPS MIPS assembly pack refresh.

Backport CVE-2014-3570 bug and postability fixes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years agoPowerPC assembly pack: add POWER8 support.
Andy Polyakov [Tue, 21 Jun 2016 21:05:16 +0000 (23:05 +0200)]
PowerPC assembly pack: add POWER8 support.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
9 years agocrypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7.
Andy Polyakov [Sat, 13 Apr 2013 18:57:37 +0000 (20:57 +0200)]
crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7.

While ARMv7 in general is capable of unaligned access, not all instructions
actually are. And trouble is that compiler doesn't seem to differentiate
those capable and incapable of unaligned access. Side effect is that kernel
goes into endless loop retrying same instruction triggering unaligned trap.
Problem was observed in xts128.c and ccm128.c modules. It's possible to
resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT
be feels more appropriate.

(cherry picked from commit 3bdd80521a81d50ade4214053cd9b293f920a77b)
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoutil/incore update that allows FINGERPRINT_premain-free build.
Andy Polyakov [Mon, 11 May 2015 10:16:01 +0000 (12:16 +0200)]
util/incore update that allows FINGERPRINT_premain-free build.

As for complementary fips.c modification. Goal is to ensure that
FIPS_signature does not end up in .bss segment, one guaranteed to
be zeroed upon program start-up. One would expect explicitly
initialized values to end up in .data segment, but it turned out
that values explicitly initialized with zeros can end up in .bss.
The modification does not affect program flow, because first byte
was the only one of significance [to FINGERPRINT_premain].

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 34f39b062c76fbd3082521b26edee7f53afc061d)

9 years agoAdd support for Android 5, both 32- and 64-bit cases.
Andy Polyakov [Mon, 11 May 2015 10:04:12 +0000 (12:04 +0200)]
Add support for Android 5, both 32- and 64-bit cases.

Special note about additional -pie flag in android-armv7. The initial
reason for adding it is that Android 5 refuses to execute non-PIE
binaries. But what about older systems and previously validated
platforms? It should be noted that flag is not used when compiling
object code, fipscanister.o in this context, only when linking
applications, *supplementary* fips_algvs used during validation
procedure.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 6db8e3bdc9ef83d83b83f3eec9722c96daa91f82)

Resolved conflicts:
test/fips_algvs.c

9 years agoAdditional vxWorks target.
Andy Polyakov [Mon, 11 May 2015 09:56:30 +0000 (11:56 +0200)]
Additional vxWorks target.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 50e2a0ea4615124aa159e8f43317dedcf0cfcaa2)

9 years agoConfigure: add ios-cross target with ARM assembly support.
Andy Polyakov [Mon, 11 May 2015 09:53:41 +0000 (11:53 +0200)]
Configure: add ios-cross target with ARM assembly support.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 97fbb0c88c2f601f98e25e57b9f6f9679d14f3a8)

Resolved conflicts:
Configure
config

9 years agoAdd iOS-specific armv4cpud.S module.
Andy Polyakov [Mon, 11 May 2015 09:50:29 +0000 (11:50 +0200)]
Add iOS-specific armv4cpud.S module.

Normally it would be generated from a perlasm module, but doing so
would affect existing armv4cpuid.S, which in turn would formally void
previously validated platforms. Hense separate module is generated.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 5837e90f08ffcf5ad84933793bc285630018ce26)

9 years agoAdapt ARM assembly pack for iOS.
Andy Polyakov [Mon, 11 May 2015 09:43:55 +0000 (11:43 +0200)]
Adapt ARM assembly pack for iOS.

This is achieved by filtering perlasm output through arm-xlate.pl. But note
that it's done only if "flavour" argument is not 'void'. As 'void' is
default value for other ARM targets, permasm output is not actually
filtered on previously validated platforms.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 874faf2ffb22187ad5483d9691a3a2eb7112f161)

9 years agoConfigure: engage ARMv8 assembly pack in ios64-cross target.
Andy Polyakov [Mon, 11 May 2015 09:36:48 +0000 (11:36 +0200)]
Configure: engage ARMv8 assembly pack in ios64-cross target.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit c6d109051d1c2b9a453427a2a53ad3d40acc9276)

Resolved Conflicts:
Configure

9 years agoEngage ARMv8 assembly pack.
Andy Polyakov [Mon, 11 May 2015 09:34:56 +0000 (11:34 +0200)]
Engage ARMv8 assembly pack.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 083ed53defb42ab4d3488bc7f80d9170d22293e7)

9 years agoAdd ARMv8 assembly pack.
Andy Polyakov [Mon, 11 May 2015 09:18:04 +0000 (11:18 +0200)]
Add ARMv8 assembly pack.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b84813ec017cb03b8dd0b85bce2bb3e021c45685)

10 years agoConfigure: add ios64 target.
Andy Polyakov [Thu, 23 Oct 2014 14:04:01 +0000 (16:04 +0200)]
Configure: add ios64 target.

Reviewed-by: Steve Marquess <marquess@openssl.org>
(cherry picked from commit b06f7d9ac0752083e7443dddc9e5ac3e198063d4)

10 years agoAdd iOS-specific FIPS addendum code.
Andy Polyakov [Sat, 4 Oct 2014 21:40:37 +0000 (23:40 +0200)]
Add iOS-specific FIPS addendum code.

Reviewed-by: Steve Marquess <marquess@openssl.org>
10 years agoRT2849: Redundant check of "dsa" variable.
Rich Salz [Thu, 4 Sep 2014 16:55:31 +0000 (12:55 -0400)]
RT2849: Redundant check of "dsa" variable.

In the current code, the check isn't redundant.
And in fact the REAL check was missing.
This avoids a NULL-deref crash.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
10 years agoFix copy for CCM, GCM and XTS.
Dr. Stephen Henson [Sun, 29 Jun 2014 21:01:28 +0000 (22:01 +0100)]
Fix copy for CCM, GCM and XTS.

Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.

Combination of 2 commits:
370bf1d708e6d7af42e1752fb078d0822c9bc73d
c2fd5d79ffc4fc9d120a0faad579ce96473e6a2f

10 years agoOnly cleanse sbuf if it is not NULL.
Dr. Stephen Henson [Sat, 5 Jul 2014 21:32:39 +0000 (22:32 +0100)]
Only cleanse sbuf if it is not NULL.

PR#2339

10 years agoCheck return smaller of ret and f.
Alan Hryngle [Sat, 5 Jul 2014 21:24:03 +0000 (22:24 +0100)]
Check return smaller of ret and f.

PR#3418.
(cherry picked from commit d4909f9a8dbbda9c5d140476b34a8f80b02b51f3)

10 years agocryptlib.c: fix typo in WIN32 version of OPENSSL_showfatal.
Andy Polyakov [Wed, 2 Apr 2014 19:48:56 +0000 (21:48 +0200)]
cryptlib.c: fix typo in WIN32 version of OPENSSL_showfatal.

11 years agoAdd verbose option to fips_test_suite to give additional details of
Dr. Stephen Henson [Wed, 23 Jan 2013 02:57:36 +0000 (02:57 +0000)]
Add verbose option to fips_test_suite to give additional details of
all operations.

Add ecdsa test.

Test crypto operations are inhibited on test failures.

Test on demand POST.

11 years agoNow GMAC is fixed remove workaround.
Dr. Stephen Henson [Wed, 16 Jan 2013 14:20:01 +0000 (14:20 +0000)]
Now GMAC is fixed remove workaround.

11 years agoAdd .gitignore
Dr. Stephen Henson [Thu, 10 Jan 2013 23:29:59 +0000 (23:29 +0000)]
Add .gitignore

11 years agoMake DES3 and ECDSA self tests continue with remaining cases on
Dr. Stephen Henson [Fri, 28 Dec 2012 20:19:10 +0000 (20:19 +0000)]
Make DES3 and ECDSA self tests continue with remaining cases on
failure.

Make fips_test_suite induced failure work on every possible subtest instead
of just categories of subtest.

11 years agoVC-32.pl: fix typo [from HEAD].
Andy Polyakov [Sun, 16 Dec 2012 19:42:44 +0000 (19:42 +0000)]
VC-32.pl: fix typo [from HEAD].

Submitted by: Pierre Delaage

12 years agoCumulative updates from HEAD.
Andy Polyakov [Mon, 29 Oct 2012 22:26:27 +0000 (22:26 +0000)]
Cumulative updates from HEAD.

12 years agoupdate DRBG to handle new file format OpenSSL-fips-2_0-pl1
Dr. Stephen Henson [Fri, 19 Oct 2012 20:53:35 +0000 (20:53 +0000)]
update DRBG to handle new file format

12 years agoaix[64]-cc: get MT support right (gcc targets are not affected).
Dr. Stephen Henson [Tue, 16 Oct 2012 22:47:44 +0000 (22:47 +0000)]
aix[64]-cc: get MT support right (gcc targets are not affected).
(backport from HEAD)

12 years agoDon't require tag before ciphertext in AESGCM mode
Dr. Stephen Henson [Tue, 16 Oct 2012 22:47:00 +0000 (22:47 +0000)]
Don't require tag before ciphertext in AESGCM mode

12 years agoe_aes.c: uninitialized variable in aes_ccm_init_key.
Dr. Stephen Henson [Mon, 15 Oct 2012 11:28:59 +0000 (11:28 +0000)]
e_aes.c: uninitialized variable in aes_ccm_init_key.

PR: 2874
Submitted by: Tomas Mraz
(backport from HEAD)

12 years agoreset ctx->num for CTR mode for FIPS EVP
Dr. Stephen Henson [Sun, 14 Oct 2012 12:38:58 +0000 (12:38 +0000)]
reset ctx->num for CTR mode for FIPS EVP

12 years agosha1-armv4-large.pl: comply with ABI.
Dr. Stephen Henson [Sun, 14 Oct 2012 12:30:12 +0000 (12:30 +0000)]
sha1-armv4-large.pl: comply with ABI.
(backport from HEAD)

12 years agogcm128.c: fix AAD-only case with AAD length not divisible by 16.
Dr. Stephen Henson [Sun, 14 Oct 2012 12:29:25 +0000 (12:29 +0000)]
gcm128.c: fix AAD-only case with AAD length not divisible by 16.

PR: 2859
Submitted by: John Foley
(backport from HEAD)

12 years agooptimize make_kn (from HEAD, by Andy)
Dr. Stephen Henson [Sun, 14 Oct 2012 12:26:02 +0000 (12:26 +0000)]
optimize make_kn (from HEAD, by Andy)

12 years agoCMAC reset fix (from HEAD)
Dr. Stephen Henson [Sun, 14 Oct 2012 12:24:24 +0000 (12:24 +0000)]
CMAC reset fix (from HEAD)

12 years agoAdd BSD-ppc85xx support and avoid copying overlapping buffers in fips_dssvs.c
Dr. Stephen Henson [Sun, 14 Oct 2012 12:03:34 +0000 (12:03 +0000)]
Add BSD-ppc85xx support and avoid copying overlapping buffers in fips_dssvs.c

12 years agoAdd support for Windows CE and C64+ to FIPS module. (from fips2-stable)
Dr. Stephen Henson [Thu, 4 Oct 2012 14:27:39 +0000 (14:27 +0000)]
Add support for Windows CE and C64+ to FIPS module. (from fips2-stable)

12 years agofile TI_CGTOOLS.pl was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:39...
Dr. Stephen Henson [Thu, 4 Oct 2012 13:27:12 +0000 (13:27 +0000)]
file TI_CGTOOLS.pl was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:39 +0000

12 years agofile fips_standalone_sha1 was added on branch OpenSSL-fips-2_0-dev on 2012-10-04...
Dr. Stephen Henson [Thu, 4 Oct 2012 13:27:10 +0000 (13:27 +0000)]
file fips_standalone_sha1 was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:38 +0000

12 years agofile run6x was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:33 +0000
Dr. Stephen Henson [Thu, 4 Oct 2012 13:27:09 +0000 (13:27 +0000)]
file run6x was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:33 +0000

12 years agofile incore6x was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:33 +0000
Dr. Stephen Henson [Thu, 4 Oct 2012 13:27:08 +0000 (13:27 +0000)]
file incore6x was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:33 +0000

12 years agofile hmac_sha1.pl was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:33...
Dr. Stephen Henson [Thu, 4 Oct 2012 13:27:07 +0000 (13:27 +0000)]
file hmac_sha1.pl was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:33 +0000

12 years agofile fipscanister.cmd was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27...
Dr. Stephen Henson [Thu, 4 Oct 2012 13:27:06 +0000 (13:27 +0000)]
file fipscanister.cmd was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:33 +0000

12 years agofile fips_standalone_sha1 was added on branch OpenSSL-fips-2_0-dev on 2012-10-04...
Dr. Stephen Henson [Thu, 4 Oct 2012 13:27:05 +0000 (13:27 +0000)]
file fips_standalone_sha1 was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:33 +0000

12 years agofile env was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:33 +0000
Dr. Stephen Henson [Thu, 4 Oct 2012 13:27:04 +0000 (13:27 +0000)]
file env was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:33 +0000

12 years agofile do_fips was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:33 +0000
Dr. Stephen Henson [Thu, 4 Oct 2012 13:27:03 +0000 (13:27 +0000)]
file do_fips was added on branch OpenSSL-fips-2_0-dev on 2012-10-04 14:27:33 +0000

12 years agoautomatically make output directory is using minimal script
Dr. Stephen Henson [Thu, 7 Jun 2012 17:14:31 +0000 (17:14 +0000)]
automatically make output directory is using minimal script

12 years agoVersion of "incore" for Windows executables. Original by Andy.
Dr. Stephen Henson [Wed, 23 May 2012 17:07:23 +0000 (17:07 +0000)]
Version of "incore" for Windows executables. Original by Andy.

12 years agoAdd --script-sfprefix option to insert a prefix before the request and
Dr. Stephen Henson [Wed, 23 May 2012 12:44:48 +0000 (12:44 +0000)]
Add --script-sfprefix option to insert a prefix before the request and
response filenames in output script.

12 years agoadd comment
Dr. Stephen Henson [Wed, 23 May 2012 11:47:01 +0000 (11:47 +0000)]
add comment

12 years agofix typo
Dr. Stephen Henson [Wed, 23 May 2012 11:45:21 +0000 (11:45 +0000)]
fix typo

12 years agoDon't install fips_standalone_sha1.exe if it isn't being built
Dr. Stephen Henson [Wed, 23 May 2012 00:39:01 +0000 (00:39 +0000)]
Don't install fips_standalone_sha1.exe if it isn't being built

12 years agoChanges needed to support WinCE compilation:
Dr. Stephen Henson [Tue, 22 May 2012 23:57:22 +0000 (23:57 +0000)]
Changes needed to support WinCE compilation:

Don't try to raise SIGABRT if not defined.
Return from fips_dhvs.c main instead of calling exit.
Workaround for lack of GetSystemFileAsFileTime.
Disable optimisation for part of bn_nist.c to avoid compiler bug.
Remove /WX flag so we don't exist on warnings.

12 years agocross compile target support for do_fips script
Dr. Stephen Henson [Fri, 18 May 2012 15:55:40 +0000 (15:55 +0000)]
cross compile target support for do_fips script

12 years agodon't insert time in response files: it breaks some systems and we shouldn't be doing...
Dr. Stephen Henson [Fri, 18 May 2012 15:05:33 +0000 (15:05 +0000)]
don't insert time in response files: it breaks some systems and we shouldn't be doing this anyway

12 years agoMake Windows FIPS build work more like other builds. Add build_tests
Dr. Stephen Henson [Thu, 17 May 2012 11:09:46 +0000 (11:09 +0000)]
Make Windows FIPS build work more like other builds. Add build_tests
target to build FIPS test utilities and build_algvs target to build the
multicall fips_algvs utility.

12 years agoinitial mk1mf cross compilation support
Dr. Stephen Henson [Wed, 16 May 2012 18:56:33 +0000 (18:56 +0000)]
initial mk1mf cross compilation support

12 years agoThis commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
cvs2svn [Wed, 18 Jan 2012 15:07:12 +0000 (15:07 +0000)]
This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
2_0-dev'.

12 years agorevert fipslink.pl unlink retry change OpenSSL-fips-2_0 OpenSSL-fips-2_0-rc9
Dr. Stephen Henson [Wed, 18 Jan 2012 15:07:11 +0000 (15:07 +0000)]
revert fipslink.pl unlink retry change

12 years agogive a hand old assemblers assembling loop instruction. (original by Andy)
Dr. Stephen Henson [Wed, 18 Jan 2012 14:54:20 +0000 (14:54 +0000)]
give a hand old assemblers assembling loop instruction. (original by Andy)

12 years agotypo OpenSSL-fips-2_0-rc8
Dr. Stephen Henson [Tue, 3 Jan 2012 19:43:06 +0000 (19:43 +0000)]
typo

12 years agoPrepare RC8
Dr. Stephen Henson [Tue, 3 Jan 2012 14:23:54 +0000 (14:23 +0000)]
Prepare RC8

12 years agounlink target and retry to avoid intermittent Win32 failures
Dr. Stephen Henson [Tue, 3 Jan 2012 14:22:45 +0000 (14:22 +0000)]
unlink target and retry to avoid intermittent Win32 failures

12 years agoset version to rc8-dev
Dr. Stephen Henson [Mon, 12 Dec 2011 14:02:57 +0000 (14:02 +0000)]
set version to rc8-dev

12 years agoPrepare for RC7. OpenSSL-fips-2_0-rc7
Dr. Stephen Henson [Mon, 12 Dec 2011 13:44:05 +0000 (13:44 +0000)]
Prepare for RC7.

12 years agoRetry rename operation with a slight delay to workaround problems on
Dr. Stephen Henson [Sat, 10 Dec 2011 18:06:55 +0000 (18:06 +0000)]
Retry rename operation with a slight delay to workaround problems on
some versions of Windows.

12 years agouse different names for asm temp files to avoid problems on some platforms
Dr. Stephen Henson [Sat, 10 Dec 2011 13:29:23 +0000 (13:29 +0000)]
use different names for asm temp files to avoid problems on some platforms

12 years agoClose file streams in FIPS algorithm test utilities.
Dr. Stephen Henson [Thu, 8 Dec 2011 15:14:38 +0000 (15:14 +0000)]
Close file streams in FIPS algorithm test utilities.

12 years agoprepare for RC6 OpenSSL-fips-2_0-rc6
Dr. Stephen Henson [Sun, 4 Dec 2011 21:29:08 +0000 (21:29 +0000)]
prepare for RC6

12 years agoFor FIPS builds we don't use the normal test files (and in the restricted
Dr. Stephen Henson [Sun, 4 Dec 2011 15:26:26 +0000 (15:26 +0000)]
For FIPS builds we don't use the normal test files (and in the restricted
tarball some don't exist) so set TEST='' to avoid linking to them. This also
avoids problems on platforms that copy instead of symlink.

12 years agouse BUILD_ONE_CMD for fips specific links otherwise we effectively do 'make links...
Dr. Stephen Henson [Sun, 4 Dec 2011 15:14:13 +0000 (15:14 +0000)]
use BUILD_ONE_CMD for fips specific links otherwise we effectively do 'make links' twice

12 years agoWorkaround for VxWorks
Dr. Stephen Henson [Sun, 4 Dec 2011 15:11:44 +0000 (15:11 +0000)]
Workaround for VxWorks

12 years agoavoid use of symlinks on Windows: it causes problems on some build environments
Dr. Stephen Henson [Sun, 4 Dec 2011 15:04:20 +0000 (15:04 +0000)]
avoid use of symlinks on Windows: it causes problems on some build environments

12 years agoFix x86cpuid so it doesn't fail for some (currently theoretical) virtual
Dr. Stephen Henson [Sat, 3 Dec 2011 21:47:48 +0000 (21:47 +0000)]
Fix x86cpuid so it doesn't fail for some (currently theoretical) virtual
machines.

12 years agoChange EVP_MAXCHUNK so it doesn't wraparound to 0 on some platforms (IP32L64).
Dr. Stephen Henson [Sat, 3 Dec 2011 21:44:01 +0000 (21:44 +0000)]
Change EVP_MAXCHUNK so it doesn't wraparound to 0 on some platforms (IP32L64).

12 years agoPrepare for RC6.
Dr. Stephen Henson [Sat, 3 Dec 2011 19:51:52 +0000 (19:51 +0000)]
Prepare for RC6.

12 years agoAdd tests to ensure ECDSA key gen and DSA signing fails if DRBG
Dr. Stephen Henson [Sat, 3 Dec 2011 19:41:28 +0000 (19:41 +0000)]
Add tests to ensure ECDSA key gen and DSA signing fails if DRBG
entropy source fails.

12 years agofunctions aren't unused: revert
Dr. Stephen Henson [Sat, 3 Dec 2011 19:19:34 +0000 (19:19 +0000)]
functions aren't unused: revert

12 years agoremove unused functions from module
Dr. Stephen Henson [Sat, 3 Dec 2011 18:27:31 +0000 (18:27 +0000)]
remove unused functions from module

12 years agobn/asm/mips.pl: fix typos [from HEAD], original by Andy
Dr. Stephen Henson [Sat, 3 Dec 2011 18:26:26 +0000 (18:26 +0000)]
bn/asm/mips.pl: fix typos [from HEAD], original by Andy

13 years agoprepare for rc5 OpenSSL-fips-2_0-rc5
Dr. Stephen Henson [Fri, 25 Nov 2011 16:27:19 +0000 (16:27 +0000)]
prepare for rc5

13 years agoreturn error if counter exceeds limit and seed value supplied
Dr. Stephen Henson [Fri, 25 Nov 2011 16:03:27 +0000 (16:03 +0000)]
return error if counter exceeds limit and seed value supplied

13 years agocheck counter value against 4 * L, not 4096
Dr. Stephen Henson [Fri, 25 Nov 2011 15:00:20 +0000 (15:00 +0000)]
check counter value against 4 * L, not 4096

13 years agobump version for rc5-dev: hopefully will never be needed...
Dr. Stephen Henson [Mon, 21 Nov 2011 00:05:15 +0000 (00:05 +0000)]
bump version for rc5-dev: hopefully will never be needed...

13 years agoprepare for rc4 OpenSSL-fips-2_0-rc4
Dr. Stephen Henson [Sat, 19 Nov 2011 17:04:28 +0000 (17:04 +0000)]
prepare for rc4

13 years agoAdd flag to support cofactor ECDH
Dr. Stephen Henson [Sat, 19 Nov 2011 17:03:44 +0000 (17:03 +0000)]
Add flag to support cofactor ECDH

13 years agobump version to rc4-dev
Dr. Stephen Henson [Fri, 18 Nov 2011 21:59:36 +0000 (21:59 +0000)]
bump version to rc4-dev

13 years agoprepare for RC3 OpenSSL-fips-2_0-rc3
Dr. Stephen Henson [Fri, 18 Nov 2011 18:50:57 +0000 (18:50 +0000)]
prepare for RC3

13 years agoIn EC_KEY_set_public_key_affine_coordinates include explicit check to see passed...
Dr. Stephen Henson [Wed, 16 Nov 2011 13:28:11 +0000 (13:28 +0000)]
In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed components do not exceed field order

13 years agoportability fix for some perl versions
Dr. Stephen Henson [Fri, 11 Nov 2011 19:01:11 +0000 (19:01 +0000)]
portability fix for some perl versions

13 years agofclose streams in fips_drbvs.c OpenSSL-fips-2_0-rc2
Dr. Stephen Henson [Wed, 9 Nov 2011 14:23:17 +0000 (14:23 +0000)]
fclose streams in fips_drbvs.c

Produced error message for unsupported curves in fips_ecdhvs.c

13 years agoPrepare for RC3 (which may never happen).
Dr. Stephen Henson [Tue, 8 Nov 2011 19:08:40 +0000 (19:08 +0000)]
Prepare for RC3 (which may never happen).

13 years agoPlatform update from HEAD.
Andy Polyakov [Tue, 8 Nov 2011 14:44:55 +0000 (14:44 +0000)]
Platform update from HEAD.

13 years agoadd fips_algvs.c to restricted tarball
Dr. Stephen Henson [Mon, 7 Nov 2011 13:54:30 +0000 (13:54 +0000)]
add fips_algvs.c to restricted tarball

13 years agoPrepare for RC2
Dr. Stephen Henson [Mon, 7 Nov 2011 13:18:12 +0000 (13:18 +0000)]
Prepare for RC2

13 years agoMacOS and iOS support
Dr. Stephen Henson [Mon, 7 Nov 2011 13:16:55 +0000 (13:16 +0000)]
MacOS and iOS support

13 years agofipsld, incore: switch to new cross-compile support [from HEAD].
Andy Polyakov [Mon, 7 Nov 2011 00:22:59 +0000 (00:22 +0000)]
fipsld, incore: switch to new cross-compile support [from HEAD].

13 years agoe_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's
Andy Polyakov [Sun, 6 Nov 2011 19:49:58 +0000 (19:49 +0000)]
e_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's
return value after custom flag was rightly reverted [from HEAD].

13 years agocheck for unset entropy and nonce callbacks
Dr. Stephen Henson [Sun, 6 Nov 2011 13:08:54 +0000 (13:08 +0000)]
check for unset entropy and nonce callbacks

13 years agoUpdate fips_test_suite to take multiple command line options and
Dr. Stephen Henson [Sun, 6 Nov 2011 12:52:27 +0000 (12:52 +0000)]
Update fips_test_suite to take multiple command line options and
an induced error checking function.