Richard Levitte [Fri, 25 Mar 2011 09:24:02 +0000 (09:24 +0000)]
* fips/cmac/fips_cmac_selftest.c: Because the examples in SP_800-38B
aren't trustworthy (see examples 13 and 14, they have the same mac,
as do examples 17 and 18), use examples from official test vectors
instead.
Richard Levitte [Fri, 25 Mar 2011 08:48:26 +0000 (08:48 +0000)]
* fips/fipsalgtest.pl: Test the testvectors for all the CMAC ciphers
we support.
Richard Levitte [Fri, 25 Mar 2011 08:44:37 +0000 (08:44 +0000)]
* fips/cmac/fips_cmactest.c: Some say TDEA, others say TDES. Support
both names.
Richard Levitte [Fri, 25 Mar 2011 08:40:33 +0000 (08:40 +0000)]
* fips/cmac/fips_cmactest.c: Changed to accept all the ciphers we
support (Two Key TDEA is not supported), to handle really big
messages (some of the test vectors have messages 65536 bytes long),
and to handle cases where there are several keys (Three Key TDEA)
Richard Levitte [Fri, 25 Mar 2011 07:17:17 +0000 (07:17 +0000)]
* Makefile.fips: Update and add details about cmac.
Richard Levitte [Thu, 24 Mar 2011 22:59:02 +0000 (22:59 +0000)]
make update
Richard Levitte [Thu, 24 Mar 2011 22:57:52 +0000 (22:57 +0000)]
Implement FIPS CMAC.
* fips/fips_test_suite.c, fips/fipsalgtest.pl, test/Makefile: Hook in
test cases and build test program.
Richard Levitte [Thu, 24 Mar 2011 22:55:02 +0000 (22:55 +0000)]
Implement FIPS CMAC.
* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
an example.
* crypto/cmac/cmac.c: Enable the FIPS API. Change to use M_EVP macros
where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.
Richard Levitte [Wed, 23 Mar 2011 00:11:32 +0000 (00:11 +0000)]
make update (1.1.0-dev)
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable. However, since there's
been no release on this branch yet, it should be harmless.
Richard Levitte [Wed, 23 Mar 2011 00:10:16 +0000 (00:10 +0000)]
* crypto/crypto-lib.com: Add a few more missing modules.
Richard Levitte [Tue, 22 Mar 2011 23:54:18 +0000 (23:54 +0000)]
* util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h. Maybe some
more need to be added...
Dr. Stephen Henson [Mon, 21 Mar 2011 17:37:27 +0000 (17:37 +0000)]
Use a signed value to check return value of do_cipher().
Dr. Stephen Henson [Mon, 21 Mar 2011 14:40:57 +0000 (14:40 +0000)]
Free DRBG context in self tests.
Richard Levitte [Sun, 20 Mar 2011 17:34:04 +0000 (17:34 +0000)]
* apps/makeapps.com: Add srp.
Richard Levitte [Sun, 20 Mar 2011 14:02:20 +0000 (14:02 +0000)]
* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV
with turning trapping back on.
* test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV
here.
* test/clean-test.com: A new script for cleaning up.
Richard Levitte [Sun, 20 Mar 2011 13:15:33 +0000 (13:15 +0000)]
* apps/openssl.c: For VMS, take care of copying argv if needed much earlier,
directly in main(). 'if needed' also includes when argv is a 32 bit
pointer in an otherwise 64 bit environment.
* apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional
=ARGV, but only if it's supported. Fortunately, DCL is very helpful
telling us in this case.
Richard Levitte [Sun, 20 Mar 2011 10:23:51 +0000 (10:23 +0000)]
A few more long symbols need shortening.
Richard Levitte [Sun, 20 Mar 2011 10:23:27 +0000 (10:23 +0000)]
Add missing source. Also, have the compile also use [.MODES] as
include directory, as other parts (notably, EVP) seem to need it.
Richard Levitte [Sat, 19 Mar 2011 10:58:14 +0000 (10:58 +0000)]
After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS
submitted by Steven M. Schweda <sms@antinode.info>
Dr. Stephen Henson [Fri, 18 Mar 2011 18:17:55 +0000 (18:17 +0000)]
Typo.
Dr. Stephen Henson [Thu, 17 Mar 2011 18:53:33 +0000 (18:53 +0000)]
Implement continuous RNG test for SP800-90 DRBGs.
Dr. Stephen Henson [Thu, 17 Mar 2011 16:55:24 +0000 (16:55 +0000)]
Implement health checks needed by SP800-90.
Fix warnings.
Instantiate DRBGs at maximum strength.
Dr. Stephen Henson [Thu, 17 Mar 2011 14:43:13 +0000 (14:43 +0000)]
Fix warnings about ignored return values.
Dr. Stephen Henson [Wed, 16 Mar 2011 16:17:46 +0000 (16:17 +0000)]
Fix broken SRP error/function code assignment.
Dr. Stephen Henson [Wed, 16 Mar 2011 15:52:12 +0000 (15:52 +0000)]
Add extensive DRBG selftest data and option to corrupt it in fips_test_suite.
Ben Laurie [Wed, 16 Mar 2011 11:50:33 +0000 (11:50 +0000)]
Missing SRP files.
Ben Laurie [Wed, 16 Mar 2011 11:28:43 +0000 (11:28 +0000)]
Fix Tom Wu's email.
Dr. Stephen Henson [Sun, 13 Mar 2011 18:20:01 +0000 (18:20 +0000)]
PR: 2469
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve
Check mac is present before trying to retrieve mac iteration count.
Dr. Stephen Henson [Sat, 12 Mar 2011 17:27:03 +0000 (17:27 +0000)]
Fix warnings: signed/unisgned comparison, shadowing (in some cases global
functions such as rand() ).
Dr. Stephen Henson [Sat, 12 Mar 2011 17:06:35 +0000 (17:06 +0000)]
Remove redundant check to stop compiler warning.
Ben Laurie [Sat, 12 Mar 2011 17:04:07 +0000 (17:04 +0000)]
Note SRP support.
Ben Laurie [Sat, 12 Mar 2011 17:01:19 +0000 (17:01 +0000)]
Add SRP support.
Ben Laurie [Sat, 12 Mar 2011 13:55:24 +0000 (13:55 +0000)]
Fix warning.
Dr. Stephen Henson [Fri, 11 Mar 2011 17:42:11 +0000 (17:42 +0000)]
Check requested security strength in DRBG. Add function to retrieve the
security strength.
Dr. Stephen Henson [Thu, 10 Mar 2011 18:26:50 +0000 (18:26 +0000)]
make no-dsa work again
Dr. Stephen Henson [Thu, 10 Mar 2011 14:01:34 +0000 (14:01 +0000)]
Update status.
Dr. Stephen Henson [Thu, 10 Mar 2011 01:00:30 +0000 (01:00 +0000)]
Make no-ec2m work again.
Dr. Stephen Henson [Wed, 9 Mar 2011 23:53:41 +0000 (23:53 +0000)]
Add a few more symbol renames.
Dr. Stephen Henson [Wed, 9 Mar 2011 23:44:06 +0000 (23:44 +0000)]
Add ECDH to validated module.
Dr. Stephen Henson [Wed, 9 Mar 2011 14:55:10 +0000 (14:55 +0000)]
Enter FIPS mode in fips_dhvs. Support file I/O in fips_ecdsavs.
Dr. Stephen Henson [Wed, 9 Mar 2011 14:39:54 +0000 (14:39 +0000)]
Update fips_dhvs to handle functional test by generating keys.
Dr. Stephen Henson [Wed, 9 Mar 2011 14:35:31 +0000 (14:35 +0000)]
Update .cvsignore
Dr. Stephen Henson [Tue, 8 Mar 2011 21:29:07 +0000 (21:29 +0000)]
Typo.
Dr. Stephen Henson [Tue, 8 Mar 2011 19:10:17 +0000 (19:10 +0000)]
New initial DH algorithm test driver.
Dr. Stephen Henson [Tue, 8 Mar 2011 19:07:26 +0000 (19:07 +0000)]
New SP 800-56A compliant version of DH_compute_key().
Dr. Stephen Henson [Tue, 8 Mar 2011 14:16:30 +0000 (14:16 +0000)]
Add meaningful error codes to DRBG.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:51:34 +0000 (13:51 +0000)]
Add file I/O to fips_drbgvs program.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:42:21 +0000 (13:42 +0000)]
Support I/O with files in new fips_gcmtest program.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:29:46 +0000 (13:29 +0000)]
Remove redirection from fipsalgtest.pl script.
Dr. Stephen Henson [Tue, 8 Mar 2011 13:27:29 +0000 (13:27 +0000)]
Remove need for redirection on RNG and DSS algorithm test programs: some
platforms don't support it.
Dr. Stephen Henson [Mon, 7 Mar 2011 16:51:17 +0000 (16:51 +0000)]
Uninstantiate and free functions for DRBG.
Dr. Stephen Henson [Sun, 6 Mar 2011 13:10:37 +0000 (13:10 +0000)]
Fix couple of bugs in CTR DRBG implementation.
Dr. Stephen Henson [Sun, 6 Mar 2011 12:35:09 +0000 (12:35 +0000)]
Updates to DRBG: fix bugs in infrastructure. Add initial experimental
algorithm test generator.
Dr. Stephen Henson [Fri, 4 Mar 2011 18:00:21 +0000 (18:00 +0000)]
Initial, provisional, subject to wholesale change, untested, probably
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.
Did I say this was untested?
Andy Polyakov [Fri, 4 Mar 2011 13:27:29 +0000 (13:27 +0000)]
ia64-mont.pl: optimize short-key performance.
Andy Polyakov [Fri, 4 Mar 2011 13:21:41 +0000 (13:21 +0000)]
ghash-x86.pl: optimize for Sandy Bridge.
Andy Polyakov [Fri, 4 Mar 2011 13:17:19 +0000 (13:17 +0000)]
xts128.c: minor optimization.
Andy Polyakov [Fri, 4 Mar 2011 13:09:16 +0000 (13:09 +0000)]
s390x assembler pack: tune-up and support for new z196 hardware.
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:50 +0000 (16:06 +0000)]
Update status information.
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:33 +0000 (16:06 +0000)]
Stop warnings.
Dr. Stephen Henson [Wed, 23 Feb 2011 16:06:07 +0000 (16:06 +0000)]
Use more portable options when making links in Makefile.fips
Dr. Stephen Henson [Wed, 23 Feb 2011 15:16:12 +0000 (15:16 +0000)]
Add DllMain to fips symbols: will need to call this in FIPS capable OpenSSL.
Dr. Stephen Henson [Wed, 23 Feb 2011 15:04:06 +0000 (15:04 +0000)]
Add new symbols to fipssyms.h
Dr. Stephen Henson [Wed, 23 Feb 2011 15:03:43 +0000 (15:03 +0000)]
Make -DOPENSSL_FIPSSYMS work under WIN32: run perl script when
WIN32 assembly language files are created, add norunasm option
to just translate and not run the assembler.
Dr. Stephen Henson [Tue, 22 Feb 2011 17:02:14 +0000 (17:02 +0000)]
Make mkfiles.pl work with fipscanisteronly.
Dr. Stephen Henson [Tue, 22 Feb 2011 16:48:30 +0000 (16:48 +0000)]
Include ms directory for fips distribution.
Dr. Stephen Henson [Tue, 22 Feb 2011 16:36:20 +0000 (16:36 +0000)]
Make fipscanisteronly work with WIN32 build system.
Dr. Stephen Henson [Tue, 22 Feb 2011 14:52:23 +0000 (14:52 +0000)]
Add fips/ecdsa directory to mkfiles.pl
Dr. Stephen Henson [Tue, 22 Feb 2011 14:50:05 +0000 (14:50 +0000)]
Remove duplicate test rule.
Dr. Stephen Henson [Tue, 22 Feb 2011 14:06:54 +0000 (14:06 +0000)]
Add modes_lcl.h to header list.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:46:17 +0000 (12:46 +0000)]
Removing debugging print.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:44:29 +0000 (12:44 +0000)]
Don't try and update c_rehash for fipscanisteronly builds.
Dr. Stephen Henson [Tue, 22 Feb 2011 12:34:46 +0000 (12:34 +0000)]
Make "make links" work in fipscanisteronly builds.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:58:54 +0000 (19:58 +0000)]
typo
Dr. Stephen Henson [Mon, 21 Feb 2011 19:36:55 +0000 (19:36 +0000)]
Initial perl script to filter out unneeded files for a fips tarball.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:30:13 +0000 (19:30 +0000)]
Call Makefile.fips when making a fips tarball.
Dr. Stephen Henson [Mon, 21 Feb 2011 19:29:48 +0000 (19:29 +0000)]
Remove debugging option.
Dr. Stephen Henson [Mon, 21 Feb 2011 18:14:59 +0000 (18:14 +0000)]
*** empty log message ***
Dr. Stephen Henson [Mon, 21 Feb 2011 18:07:28 +0000 (18:07 +0000)]
Remove unnecessary link directories.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:51:59 +0000 (17:51 +0000)]
Update dependencies.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:45:45 +0000 (17:45 +0000)]
Create fips links even if not compiling in fips mode.
Dr. Stephen Henson [Mon, 21 Feb 2011 17:35:53 +0000 (17:35 +0000)]
Remove unnecessary dependencies.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:37:42 +0000 (16:37 +0000)]
Need to link additional directories for fipscanisteronly build.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:36:47 +0000 (16:36 +0000)]
x509v3.h header file not needed in fips algorithm test utilities.
Dr. Stephen Henson [Mon, 21 Feb 2011 16:00:21 +0000 (16:00 +0000)]
tools and rehash not needed for fips build.
Dr. Stephen Henson [Mon, 21 Feb 2011 15:15:58 +0000 (15:15 +0000)]
*** empty log message ***
Dr. Stephen Henson [Mon, 21 Feb 2011 14:07:15 +0000 (14:07 +0000)]
Make fipscanisteronly build only required files.
Dr. Stephen Henson [Sat, 19 Feb 2011 22:16:52 +0000 (22:16 +0000)]
Move gcm128_context definition to modes_lcl.h (along with some related
definitions) so we can use it in EVP GCM code avoiding need to allocate
it.
Dr. Stephen Henson [Fri, 18 Feb 2011 17:25:00 +0000 (17:25 +0000)]
add ECDSA POST
Dr. Stephen Henson [Fri, 18 Feb 2011 17:09:33 +0000 (17:09 +0000)]
AES GCM selftests.
Dr. Stephen Henson [Thu, 17 Feb 2011 19:03:52 +0000 (19:03 +0000)]
Make -DOPENSSL_FIPSSYMS work for assembly language builds.
Dr. Stephen Henson [Thu, 17 Feb 2011 18:08:59 +0000 (18:08 +0000)]
Experimental perl script to edit assembly language source files,
call the assembler, then restore original file.
This makes OPENSSL_FIPSSYMS work for assembly language builds.
Dr. Stephen Henson [Thu, 17 Feb 2011 17:45:09 +0000 (17:45 +0000)]
Correct fipssyms.h for more assembly language symbols.
Dr. Stephen Henson [Thu, 17 Feb 2011 15:35:43 +0000 (15:35 +0000)]
Update auto generated comment.
Dr. Stephen Henson [Thu, 17 Feb 2011 15:33:32 +0000 (15:33 +0000)]
Remove debugging command.
Reorder fipssyms.h to include assembly language symbols at the end.
Dr. Stephen Henson [Wed, 16 Feb 2011 18:07:57 +0000 (18:07 +0000)]
Don't need err library for Makefile.fips
Dr. Stephen Henson [Wed, 16 Feb 2011 17:25:01 +0000 (17:25 +0000)]
Include openssl/crypto.h first in several other files so FIPS renaming
is picked up.
Dr. Stephen Henson [Wed, 16 Feb 2011 14:49:50 +0000 (14:49 +0000)]
Experimental FIPS symbol renaming.
Fixups under fips/ to make symbol renaming work.
Dr. Stephen Henson [Wed, 16 Feb 2011 14:40:06 +0000 (14:40 +0000)]
Experimental symbol renaming to avoid clashes with regular OpenSSL.
Make sure crypto.h is included first in any affected files.
Dr. Stephen Henson [Tue, 15 Feb 2011 16:58:28 +0000 (16:58 +0000)]
Add pairwise consistency test to EC.