oweals/openssl.git
13 years ago* fips/cmac/fips_cmac_selftest.c: Because the examples in SP_800-38B
Richard Levitte [Fri, 25 Mar 2011 09:24:02 +0000 (09:24 +0000)]
* fips/cmac/fips_cmac_selftest.c: Because the examples in SP_800-38B
  aren't trustworthy (see examples 13 and 14, they have the same mac,
  as do examples 17 and 18), use examples from official test vectors
  instead.

13 years ago* fips/fipsalgtest.pl: Test the testvectors for all the CMAC ciphers
Richard Levitte [Fri, 25 Mar 2011 08:48:26 +0000 (08:48 +0000)]
* fips/fipsalgtest.pl: Test the testvectors for all the CMAC ciphers
  we support.

13 years ago* fips/cmac/fips_cmactest.c: Some say TDEA, others say TDES. Support
Richard Levitte [Fri, 25 Mar 2011 08:44:37 +0000 (08:44 +0000)]
* fips/cmac/fips_cmactest.c: Some say TDEA, others say TDES.  Support
  both names.

13 years ago* fips/cmac/fips_cmactest.c: Changed to accept all the ciphers we
Richard Levitte [Fri, 25 Mar 2011 08:40:33 +0000 (08:40 +0000)]
* fips/cmac/fips_cmactest.c: Changed to accept all the ciphers we
  support (Two Key TDEA is not supported), to handle really big
  messages (some of the test vectors have messages 65536 bytes long),
  and to handle cases where there are several keys (Three Key TDEA)

13 years ago* Makefile.fips: Update and add details about cmac.
Richard Levitte [Fri, 25 Mar 2011 07:17:17 +0000 (07:17 +0000)]
* Makefile.fips: Update and add details about cmac.

13 years agomake update
Richard Levitte [Thu, 24 Mar 2011 22:59:02 +0000 (22:59 +0000)]
make update

13 years agoImplement FIPS CMAC.
Richard Levitte [Thu, 24 Mar 2011 22:57:52 +0000 (22:57 +0000)]
Implement FIPS CMAC.

* fips/fips_test_suite.c, fips/fipsalgtest.pl, test/Makefile: Hook in
  test cases and build test program.

13 years agoImplement FIPS CMAC.
Richard Levitte [Thu, 24 Mar 2011 22:55:02 +0000 (22:55 +0000)]
Implement FIPS CMAC.

* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
  an example.
* crypto/cmac/cmac.c: Enable the FIPS API.  Change to use M_EVP macros
  where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
  macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.

13 years agomake update (1.1.0-dev)
Richard Levitte [Wed, 23 Mar 2011 00:11:32 +0000 (00:11 +0000)]
make update (1.1.0-dev)

This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable.  However, since there's
been no release on this branch yet, it should be harmless.

13 years ago* crypto/crypto-lib.com: Add a few more missing modules.
Richard Levitte [Wed, 23 Mar 2011 00:10:16 +0000 (00:10 +0000)]
* crypto/crypto-lib.com: Add a few more missing modules.

13 years ago* util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h. Maybe some
Richard Levitte [Tue, 22 Mar 2011 23:54:18 +0000 (23:54 +0000)]
* util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h.  Maybe some
  more need to be added...

13 years agoUse a signed value to check return value of do_cipher().
Dr. Stephen Henson [Mon, 21 Mar 2011 17:37:27 +0000 (17:37 +0000)]
Use a signed value to check return value of do_cipher().

13 years agoFree DRBG context in self tests.
Dr. Stephen Henson [Mon, 21 Mar 2011 14:40:57 +0000 (14:40 +0000)]
Free DRBG context in self tests.

13 years ago* apps/makeapps.com: Add srp.
Richard Levitte [Sun, 20 Mar 2011 17:34:04 +0000 (17:34 +0000)]
* apps/makeapps.com: Add srp.

13 years ago* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV
Richard Levitte [Sun, 20 Mar 2011 14:02:20 +0000 (14:02 +0000)]
* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV
  with turning trapping back on.
* test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV
  here.
* test/clean-test.com: A new script for cleaning up.

13 years ago* apps/openssl.c: For VMS, take care of copying argv if needed much earlier,
Richard Levitte [Sun, 20 Mar 2011 13:15:33 +0000 (13:15 +0000)]
* apps/openssl.c: For VMS, take care of copying argv if needed much earlier,
  directly in main().  'if needed' also includes when argv is a 32 bit
  pointer in an otherwise 64 bit environment.
* apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional
  =ARGV, but only if it's supported.  Fortunately, DCL is very helpful
  telling us in this case.

13 years agoA few more long symbols need shortening.
Richard Levitte [Sun, 20 Mar 2011 10:23:51 +0000 (10:23 +0000)]
A few more long symbols need shortening.

13 years agoAdd missing source. Also, have the compile also use [.MODES] as
Richard Levitte [Sun, 20 Mar 2011 10:23:27 +0000 (10:23 +0000)]
Add missing source.  Also, have the compile also use [.MODES] as
include directory, as other parts (notably, EVP) seem to need it.

13 years agoAfter some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS
Richard Levitte [Sat, 19 Mar 2011 10:58:14 +0000 (10:58 +0000)]
After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS
submitted by Steven M. Schweda <sms@antinode.info>

13 years agoTypo.
Dr. Stephen Henson [Fri, 18 Mar 2011 18:17:55 +0000 (18:17 +0000)]
Typo.

13 years agoImplement continuous RNG test for SP800-90 DRBGs.
Dr. Stephen Henson [Thu, 17 Mar 2011 18:53:33 +0000 (18:53 +0000)]
Implement continuous RNG test for SP800-90 DRBGs.

13 years agoImplement health checks needed by SP800-90.
Dr. Stephen Henson [Thu, 17 Mar 2011 16:55:24 +0000 (16:55 +0000)]
Implement health checks needed by SP800-90.

Fix warnings.

Instantiate DRBGs at maximum strength.

13 years agoFix warnings about ignored return values.
Dr. Stephen Henson [Thu, 17 Mar 2011 14:43:13 +0000 (14:43 +0000)]
Fix warnings about ignored return values.

13 years agoFix broken SRP error/function code assignment.
Dr. Stephen Henson [Wed, 16 Mar 2011 16:17:46 +0000 (16:17 +0000)]
Fix broken SRP error/function code assignment.

13 years agoAdd extensive DRBG selftest data and option to corrupt it in fips_test_suite.
Dr. Stephen Henson [Wed, 16 Mar 2011 15:52:12 +0000 (15:52 +0000)]
Add extensive DRBG selftest data and option to corrupt it in fips_test_suite.

13 years agoMissing SRP files.
Ben Laurie [Wed, 16 Mar 2011 11:50:33 +0000 (11:50 +0000)]
Missing SRP files.

13 years agoFix Tom Wu's email.
Ben Laurie [Wed, 16 Mar 2011 11:28:43 +0000 (11:28 +0000)]
Fix Tom Wu's email.

13 years agoPR: 2469
Dr. Stephen Henson [Sun, 13 Mar 2011 18:20:01 +0000 (18:20 +0000)]
PR: 2469
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve

Check mac is present before trying to retrieve mac iteration count.

13 years agoFix warnings: signed/unisgned comparison, shadowing (in some cases global
Dr. Stephen Henson [Sat, 12 Mar 2011 17:27:03 +0000 (17:27 +0000)]
Fix warnings: signed/unisgned comparison, shadowing (in some cases global
functions such as rand() ).

13 years agoRemove redundant check to stop compiler warning.
Dr. Stephen Henson [Sat, 12 Mar 2011 17:06:35 +0000 (17:06 +0000)]
Remove redundant check to stop compiler warning.

13 years agoNote SRP support.
Ben Laurie [Sat, 12 Mar 2011 17:04:07 +0000 (17:04 +0000)]
Note SRP support.

13 years agoAdd SRP support.
Ben Laurie [Sat, 12 Mar 2011 17:01:19 +0000 (17:01 +0000)]
Add SRP support.

13 years agoFix warning.
Ben Laurie [Sat, 12 Mar 2011 13:55:24 +0000 (13:55 +0000)]
Fix warning.

13 years agoCheck requested security strength in DRBG. Add function to retrieve the
Dr. Stephen Henson [Fri, 11 Mar 2011 17:42:11 +0000 (17:42 +0000)]
Check requested security strength in DRBG. Add function to retrieve the
security strength.

13 years agomake no-dsa work again
Dr. Stephen Henson [Thu, 10 Mar 2011 18:26:50 +0000 (18:26 +0000)]
make no-dsa work again

13 years agoUpdate status.
Dr. Stephen Henson [Thu, 10 Mar 2011 14:01:34 +0000 (14:01 +0000)]
Update status.

13 years agoMake no-ec2m work again.
Dr. Stephen Henson [Thu, 10 Mar 2011 01:00:30 +0000 (01:00 +0000)]
Make no-ec2m work again.

13 years agoAdd a few more symbol renames.
Dr. Stephen Henson [Wed, 9 Mar 2011 23:53:41 +0000 (23:53 +0000)]
Add a few more symbol renames.

13 years agoAdd ECDH to validated module.
Dr. Stephen Henson [Wed, 9 Mar 2011 23:44:06 +0000 (23:44 +0000)]
Add ECDH to validated module.

13 years agoEnter FIPS mode in fips_dhvs. Support file I/O in fips_ecdsavs.
Dr. Stephen Henson [Wed, 9 Mar 2011 14:55:10 +0000 (14:55 +0000)]
Enter FIPS mode in fips_dhvs. Support file I/O in fips_ecdsavs.

13 years agoUpdate fips_dhvs to handle functional test by generating keys.
Dr. Stephen Henson [Wed, 9 Mar 2011 14:39:54 +0000 (14:39 +0000)]
Update fips_dhvs to handle functional test by generating keys.

13 years agoUpdate .cvsignore
Dr. Stephen Henson [Wed, 9 Mar 2011 14:35:31 +0000 (14:35 +0000)]
Update .cvsignore

13 years agoTypo.
Dr. Stephen Henson [Tue, 8 Mar 2011 21:29:07 +0000 (21:29 +0000)]
Typo.

13 years agoNew initial DH algorithm test driver.
Dr. Stephen Henson [Tue, 8 Mar 2011 19:10:17 +0000 (19:10 +0000)]
New initial DH algorithm test driver.

13 years agoNew SP 800-56A compliant version of DH_compute_key().
Dr. Stephen Henson [Tue, 8 Mar 2011 19:07:26 +0000 (19:07 +0000)]
New SP 800-56A compliant version of DH_compute_key().

13 years agoAdd meaningful error codes to DRBG.
Dr. Stephen Henson [Tue, 8 Mar 2011 14:16:30 +0000 (14:16 +0000)]
Add meaningful error codes to DRBG.

13 years agoAdd file I/O to fips_drbgvs program.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:51:34 +0000 (13:51 +0000)]
Add file I/O to fips_drbgvs program.

13 years agoSupport I/O with files in new fips_gcmtest program.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:42:21 +0000 (13:42 +0000)]
Support I/O with files in new fips_gcmtest program.

13 years agoRemove redirection from fipsalgtest.pl script.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:29:46 +0000 (13:29 +0000)]
Remove redirection from fipsalgtest.pl script.

13 years agoRemove need for redirection on RNG and DSS algorithm test programs: some
Dr. Stephen Henson [Tue, 8 Mar 2011 13:27:29 +0000 (13:27 +0000)]
Remove need for redirection on RNG and DSS algorithm test programs: some
platforms don't support it.

13 years agoUninstantiate and free functions for DRBG.
Dr. Stephen Henson [Mon, 7 Mar 2011 16:51:17 +0000 (16:51 +0000)]
Uninstantiate and free functions for DRBG.

13 years agoFix couple of bugs in CTR DRBG implementation.
Dr. Stephen Henson [Sun, 6 Mar 2011 13:10:37 +0000 (13:10 +0000)]
Fix couple of bugs in CTR DRBG implementation.

13 years agoUpdates to DRBG: fix bugs in infrastructure. Add initial experimental
Dr. Stephen Henson [Sun, 6 Mar 2011 12:35:09 +0000 (12:35 +0000)]
Updates to DRBG: fix bugs in infrastructure. Add initial experimental
algorithm test generator.

13 years agoInitial, provisional, subject to wholesale change, untested, probably
Dr. Stephen Henson [Fri, 4 Mar 2011 18:00:21 +0000 (18:00 +0000)]
Initial, provisional, subject to wholesale change, untested, probably
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.

Did I say this was untested?

13 years agoia64-mont.pl: optimize short-key performance.
Andy Polyakov [Fri, 4 Mar 2011 13:27:29 +0000 (13:27 +0000)]
ia64-mont.pl: optimize short-key performance.

13 years agoghash-x86.pl: optimize for Sandy Bridge.
Andy Polyakov [Fri, 4 Mar 2011 13:21:41 +0000 (13:21 +0000)]
ghash-x86.pl: optimize for Sandy Bridge.

13 years agoxts128.c: minor optimization.
Andy Polyakov [Fri, 4 Mar 2011 13:17:19 +0000 (13:17 +0000)]
xts128.c: minor optimization.

13 years agos390x assembler pack: tune-up and support for new z196 hardware.
Andy Polyakov [Fri, 4 Mar 2011 13:09:16 +0000 (13:09 +0000)]
s390x assembler pack: tune-up and support for new z196 hardware.

13 years agoUpdate status information.
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:50 +0000 (16:06 +0000)]
Update status information.

13 years agoStop warnings.
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:33 +0000 (16:06 +0000)]
Stop warnings.

13 years agoUse more portable options when making links in Makefile.fips
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:07 +0000 (16:06 +0000)]
Use more portable options when making links in Makefile.fips

13 years agoAdd DllMain to fips symbols: will need to call this in FIPS capable OpenSSL.
Dr. Stephen Henson [Wed, 23 Feb 2011 15:16:12 +0000 (15:16 +0000)]
Add DllMain to fips symbols: will need to call this in FIPS capable OpenSSL.

13 years agoAdd new symbols to fipssyms.h
Dr. Stephen Henson [Wed, 23 Feb 2011 15:04:06 +0000 (15:04 +0000)]
Add new symbols to fipssyms.h

13 years agoMake -DOPENSSL_FIPSSYMS work under WIN32: run perl script when
Dr. Stephen Henson [Wed, 23 Feb 2011 15:03:43 +0000 (15:03 +0000)]
Make -DOPENSSL_FIPSSYMS work under WIN32: run perl script when
WIN32 assembly language files are created, add norunasm option
to just translate and not run the assembler.

13 years agoMake mkfiles.pl work with fipscanisteronly.
Dr. Stephen Henson [Tue, 22 Feb 2011 17:02:14 +0000 (17:02 +0000)]
Make mkfiles.pl work with fipscanisteronly.

13 years agoInclude ms directory for fips distribution.
Dr. Stephen Henson [Tue, 22 Feb 2011 16:48:30 +0000 (16:48 +0000)]
Include ms directory for fips distribution.

13 years agoMake fipscanisteronly work with WIN32 build system.
Dr. Stephen Henson [Tue, 22 Feb 2011 16:36:20 +0000 (16:36 +0000)]
Make fipscanisteronly work with WIN32 build system.

13 years agoAdd fips/ecdsa directory to mkfiles.pl
Dr. Stephen Henson [Tue, 22 Feb 2011 14:52:23 +0000 (14:52 +0000)]
Add fips/ecdsa directory to mkfiles.pl

13 years agoRemove duplicate test rule.
Dr. Stephen Henson [Tue, 22 Feb 2011 14:50:05 +0000 (14:50 +0000)]
Remove duplicate test rule.

13 years agoAdd modes_lcl.h to header list.
Dr. Stephen Henson [Tue, 22 Feb 2011 14:06:54 +0000 (14:06 +0000)]
Add modes_lcl.h to header list.

13 years agoRemoving debugging print.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:46:17 +0000 (12:46 +0000)]
Removing debugging print.

13 years agoDon't try and update c_rehash for fipscanisteronly builds.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:44:29 +0000 (12:44 +0000)]
Don't try and update c_rehash for fipscanisteronly builds.

13 years agoMake "make links" work in fipscanisteronly builds.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:34:46 +0000 (12:34 +0000)]
Make "make links" work in fipscanisteronly builds.

13 years agotypo
Dr. Stephen Henson [Mon, 21 Feb 2011 19:58:54 +0000 (19:58 +0000)]
typo

13 years agoInitial perl script to filter out unneeded files for a fips tarball.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:36:55 +0000 (19:36 +0000)]
Initial perl script to filter out unneeded files for a fips tarball.

13 years agoCall Makefile.fips when making a fips tarball.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:30:13 +0000 (19:30 +0000)]
Call Makefile.fips when making a fips tarball.

13 years agoRemove debugging option.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:29:48 +0000 (19:29 +0000)]
Remove debugging option.

13 years ago*** empty log message ***
Dr. Stephen Henson [Mon, 21 Feb 2011 18:14:59 +0000 (18:14 +0000)]
*** empty log message ***

13 years agoRemove unnecessary link directories.
Dr. Stephen Henson [Mon, 21 Feb 2011 18:07:28 +0000 (18:07 +0000)]
Remove unnecessary link directories.

13 years agoUpdate dependencies.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:51:59 +0000 (17:51 +0000)]
Update dependencies.

13 years agoCreate fips links even if not compiling in fips mode.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:45:45 +0000 (17:45 +0000)]
Create fips links even if not compiling in fips mode.

13 years agoRemove unnecessary dependencies.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:35:53 +0000 (17:35 +0000)]
Remove unnecessary dependencies.

13 years agoNeed to link additional directories for fipscanisteronly build.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:37:42 +0000 (16:37 +0000)]
Need to link additional directories for fipscanisteronly build.

13 years agox509v3.h header file not needed in fips algorithm test utilities.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:36:47 +0000 (16:36 +0000)]
x509v3.h header file not needed in fips algorithm test utilities.

13 years agotools and rehash not needed for fips build.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:00:21 +0000 (16:00 +0000)]
tools and rehash not needed for fips build.

13 years ago*** empty log message ***
Dr. Stephen Henson [Mon, 21 Feb 2011 15:15:58 +0000 (15:15 +0000)]
*** empty log message ***

13 years agoMake fipscanisteronly build only required files.
Dr. Stephen Henson [Mon, 21 Feb 2011 14:07:15 +0000 (14:07 +0000)]
Make fipscanisteronly build only required files.

13 years agoMove gcm128_context definition to modes_lcl.h (along with some related
Dr. Stephen Henson [Sat, 19 Feb 2011 22:16:52 +0000 (22:16 +0000)]
Move gcm128_context definition to modes_lcl.h (along with some related
definitions) so we can use it in EVP GCM code avoiding need to allocate
it.

13 years agoadd ECDSA POST
Dr. Stephen Henson [Fri, 18 Feb 2011 17:25:00 +0000 (17:25 +0000)]
add ECDSA POST

13 years agoAES GCM selftests.
Dr. Stephen Henson [Fri, 18 Feb 2011 17:09:33 +0000 (17:09 +0000)]
AES GCM selftests.

13 years agoMake -DOPENSSL_FIPSSYMS work for assembly language builds.
Dr. Stephen Henson [Thu, 17 Feb 2011 19:03:52 +0000 (19:03 +0000)]
Make -DOPENSSL_FIPSSYMS work for assembly language builds.

13 years agoExperimental perl script to edit assembly language source files,
Dr. Stephen Henson [Thu, 17 Feb 2011 18:08:59 +0000 (18:08 +0000)]
Experimental perl script to edit assembly language source files,
call the assembler, then restore original file.

This makes OPENSSL_FIPSSYMS work for assembly language builds.

13 years agoCorrect fipssyms.h for more assembly language symbols.
Dr. Stephen Henson [Thu, 17 Feb 2011 17:45:09 +0000 (17:45 +0000)]
Correct fipssyms.h for more assembly language symbols.

13 years agoUpdate auto generated comment.
Dr. Stephen Henson [Thu, 17 Feb 2011 15:35:43 +0000 (15:35 +0000)]
Update auto generated comment.

13 years agoRemove debugging command.
Dr. Stephen Henson [Thu, 17 Feb 2011 15:33:32 +0000 (15:33 +0000)]
Remove debugging command.

Reorder fipssyms.h to include assembly language symbols at the end.

13 years agoDon't need err library for Makefile.fips
Dr. Stephen Henson [Wed, 16 Feb 2011 18:07:57 +0000 (18:07 +0000)]
Don't need err library for Makefile.fips

13 years agoInclude openssl/crypto.h first in several other files so FIPS renaming
Dr. Stephen Henson [Wed, 16 Feb 2011 17:25:01 +0000 (17:25 +0000)]
Include openssl/crypto.h first in several other files so FIPS renaming
is picked up.

13 years agoExperimental FIPS symbol renaming.
Dr. Stephen Henson [Wed, 16 Feb 2011 14:49:50 +0000 (14:49 +0000)]
Experimental FIPS symbol renaming.

Fixups under fips/ to make symbol renaming work.

13 years agoExperimental symbol renaming to avoid clashes with regular OpenSSL.
Dr. Stephen Henson [Wed, 16 Feb 2011 14:40:06 +0000 (14:40 +0000)]
Experimental symbol renaming to avoid clashes with regular OpenSSL.

Make sure crypto.h is included first in any affected files.

13 years agoAdd pairwise consistency test to EC.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:58:28 +0000 (16:58 +0000)]
Add pairwise consistency test to EC.