Dr. Stephen Henson [Sun, 8 May 2011 12:38:35 +0000 (12:38 +0000)]
allow SHA384, SHA512 wit DSA
Dr. Stephen Henson [Sat, 7 May 2011 22:56:56 +0000 (22:56 +0000)]
Remove gf2m modules from bn_asm if no-ec2m set.
Dr. Stephen Henson [Sat, 7 May 2011 22:37:58 +0000 (22:37 +0000)]
Remove FIXME comments.
Dr. Stephen Henson [Sat, 7 May 2011 22:36:03 +0000 (22:36 +0000)]
Omit GF2m properly this time ;-)
Dr. Stephen Henson [Sat, 7 May 2011 22:22:37 +0000 (22:22 +0000)]
Don't include GF2m source files is NOEC2M set.
Andy Polyakov [Sat, 7 May 2011 20:36:05 +0000 (20:36 +0000)]
IA-64 assembler pack: fix typos and make it work on HP-UX.
Andy Polyakov [Sat, 7 May 2011 10:31:06 +0000 (10:31 +0000)]
x86 assembler pack: add bn_GF2m_mul_2x2 implementations (see x86-gf2m.pl for
details and performance data).
Dr. Stephen Henson [Fri, 6 May 2011 23:47:23 +0000 (23:47 +0000)]
Fixes for WIN64 FIPS build.
Dr. Stephen Henson [Fri, 6 May 2011 21:42:34 +0000 (21:42 +0000)]
Get OPENSSL_FIPSSYMS from environment in fipsas.pl, include ppccap.c and .S
files in fipsdist.
Dr. Stephen Henson [Fri, 6 May 2011 17:55:59 +0000 (17:55 +0000)]
Don't fail WIN32 builds on warnings.
Dr. Stephen Henson [Fri, 6 May 2011 17:38:39 +0000 (17:38 +0000)]
Return error codes for selftest failure instead of hard assertion errors.
Dr. Stephen Henson [Fri, 6 May 2011 13:00:07 +0000 (13:00 +0000)]
Continuing TLS v1.2 support: add support for server parsing of
signature algorithms extension and correct signature format for
server key exchange.
All ciphersuites should now work on the server but no client support and
no client certificate support yet.
Dr. Stephen Henson [Thu, 5 May 2011 23:10:32 +0000 (23:10 +0000)]
Hide more symbols.
Andy Polyakov [Thu, 5 May 2011 21:57:11 +0000 (21:57 +0000)]
ARM assembler pack: engage newly introduced armv4-gf2m module.
Dr. Stephen Henson [Thu, 5 May 2011 14:47:38 +0000 (14:47 +0000)]
Fix warning of signed/unsigned comparison.
Andy Polyakov [Thu, 5 May 2011 07:21:17 +0000 (07:21 +0000)]
ARM assembler pack. Add bn_GF2m_mul_2x2 implementation (see source code
for details and performance data).
Dr. Stephen Henson [Wed, 4 May 2011 23:17:29 +0000 (23:17 +0000)]
Remove superfluous PRNG self tests.
Print timer resolution.
Andy Polyakov [Wed, 4 May 2011 20:57:43 +0000 (20:57 +0000)]
xts128.c: minor optimizaton.
Dr. Stephen Henson [Wed, 4 May 2011 18:43:32 +0000 (18:43 +0000)]
Update status.
Dr. Stephen Henson [Wed, 4 May 2011 18:33:42 +0000 (18:33 +0000)]
Remove debugging print.
Explicitly use LINKDIRS for fipsdist links.
Andy Polyakov [Wed, 4 May 2011 15:22:53 +0000 (15:22 +0000)]
bn_gf2m.c: optimized BN_GF2m_mod_inv delivers sometimes 2x of ECDSA sign.
Exact improvement coefficients vary from one benchmark and platform to
another, e.g. it performs 70%-33% better on ARM, hereafter less for
longer keys, and 100%-90% better on x86_64.
Dr. Stephen Henson [Wed, 4 May 2011 14:34:36 +0000 (14:34 +0000)]
Fix warning.
Dr. Stephen Henson [Wed, 4 May 2011 14:16:03 +0000 (14:16 +0000)]
Include fipssyms.h for ARM builds to translate symbols.
Translate arm symbol to fips_*.
Dr. Stephen Henson [Wed, 4 May 2011 01:09:52 +0000 (01:09 +0000)]
Remove useless setting.
Dr. Stephen Henson [Mon, 2 May 2011 23:29:57 +0000 (23:29 +0000)]
PR: 2499
Submitted by: "James 'J.C.' Jones" <james.jc.jones@gmail.com>
Typos.
Dr. Stephen Henson [Mon, 2 May 2011 17:11:54 +0000 (17:11 +0000)]
Fix do_fips script.
Dr. Stephen Henson [Mon, 2 May 2011 12:13:04 +0000 (12:13 +0000)]
Use faster curves for ECDSA self test.
Dr. Stephen Henson [Mon, 2 May 2011 11:09:38 +0000 (11:09 +0000)]
Use more portable clock_gettime() for fips_test_suite timing.
Output times of each subtest.
Dr. Stephen Henson [Sun, 1 May 2011 20:55:05 +0000 (20:55 +0000)]
Stop warning in VxWorks.
Dr. Stephen Henson [Sun, 1 May 2011 20:54:42 +0000 (20:54 +0000)]
Quick hack to time POST.
Dr. Stephen Henson [Sun, 1 May 2011 19:07:16 +0000 (19:07 +0000)]
Two more symbol renames.
Dr. Stephen Henson [Sun, 1 May 2011 19:06:39 +0000 (19:06 +0000)]
Handle multiple CPUID_OBJ correctly.
Dr. Stephen Henson [Sun, 1 May 2011 17:51:40 +0000 (17:51 +0000)]
Rename some more symbols.
Dr. Stephen Henson [Sun, 1 May 2011 16:54:24 +0000 (16:54 +0000)]
Include crypto.h in ppccap.c
Dr. Stephen Henson [Sun, 1 May 2011 16:46:28 +0000 (16:46 +0000)]
Add ppc_cap.c to restricted tarball.
Dr. Stephen Henson [Sun, 1 May 2011 16:18:52 +0000 (16:18 +0000)]
For FIPS algorithm test utilities use our own version of strcasecmp and
strncasecmp to cover cases where platforms don't support them.
Dr. Stephen Henson [Sun, 1 May 2011 15:36:54 +0000 (15:36 +0000)]
Some changes to support VxWorks in the validted module.
Dr. Stephen Henson [Sun, 1 May 2011 15:36:16 +0000 (15:36 +0000)]
Disable SHA256 if not supported.
Dr. Stephen Henson [Sun, 1 May 2011 14:33:59 +0000 (14:33 +0000)]
Update symbol translation table.
Dr. Stephen Henson [Sat, 30 Apr 2011 23:37:42 +0000 (23:37 +0000)]
no need to include memory.h
Dr. Stephen Henson [Fri, 29 Apr 2011 22:56:51 +0000 (22:56 +0000)]
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
checking added, SHA256 PRF support added.
At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
Dr. Stephen Henson [Fri, 29 Apr 2011 22:37:12 +0000 (22:37 +0000)]
Initial "opaque SSL" framework. If an application defines
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.
The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
Dr. Stephen Henson [Thu, 28 Apr 2011 20:52:21 +0000 (20:52 +0000)]
Don't assume version of rm supports -rf: use RM instead.
Dr. Stephen Henson [Thu, 28 Apr 2011 12:20:12 +0000 (12:20 +0000)]
Stop warnings about undefined _exit on Android.
Additional script output options to fipsalgtest.pl
Dr. Stephen Henson [Sun, 24 Apr 2011 12:40:26 +0000 (12:40 +0000)]
Fix warning.
Dr. Stephen Henson [Sun, 24 Apr 2011 12:13:32 +0000 (12:13 +0000)]
Recognise invalid enable/disable options.
Option to shut up bogus warnings.
Dr. Stephen Henson [Sun, 24 Apr 2011 11:38:22 +0000 (11:38 +0000)]
Clarification.
Andy Polyakov [Sun, 24 Apr 2011 11:10:54 +0000 (11:10 +0000)]
gcm128.c: minor optimization.
Andy Polyakov [Sun, 24 Apr 2011 11:10:14 +0000 (11:10 +0000)]
ccm128.c: add CRYPTO_ccm128_[en|de]crypt_ccm64 and minor optimization.
Richard Levitte [Sun, 24 Apr 2011 10:07:17 +0000 (10:07 +0000)]
fips_check_dsa_prng() should only be built when OPENSSL_FIPS is defined.
Richard Levitte [Sun, 24 Apr 2011 08:59:15 +0000 (08:59 +0000)]
Error discrepancy corrected.
Dr. Stephen Henson [Sat, 23 Apr 2011 21:59:12 +0000 (21:59 +0000)]
More fixes for DSA FIPS overrides.
Dr. Stephen Henson [Sat, 23 Apr 2011 21:15:05 +0000 (21:15 +0000)]
Make sure overrides work for RSA/DSA.
Dr. Stephen Henson [Sat, 23 Apr 2011 20:24:55 +0000 (20:24 +0000)]
Oops, work out expanded buffer length before allocating it...
Dr. Stephen Henson [Sat, 23 Apr 2011 20:05:19 +0000 (20:05 +0000)]
Always return multiple of block length bytes from default DRBG seed
callback.
Handle case where no multiple of the block size is in the interval
[min_len, max_len].
Dr. Stephen Henson [Sat, 23 Apr 2011 19:55:55 +0000 (19:55 +0000)]
Add PRNG security strength checking.
Andy Polyakov [Sat, 23 Apr 2011 09:15:03 +0000 (09:15 +0000)]
xts128.c: fix bug introduced in commit#20704. Bug affected encryption of
vectors whose lenght was not multiples of 16 bytes.
Dr. Stephen Henson [Fri, 22 Apr 2011 11:12:56 +0000 (11:12 +0000)]
Return errors instead of aborting when selftest fails.
Dr. Stephen Henson [Fri, 22 Apr 2011 01:05:53 +0000 (01:05 +0000)]
Add XTS test vector support to fipsalgtest.pl
Dr. Stephen Henson [Fri, 22 Apr 2011 00:41:35 +0000 (00:41 +0000)]
Rewrite OutputValue to avoid use of buffer when printing out hex values.
Delete unused functions from fips_utl.h.
Increase xts line buffer.
Dr. Stephen Henson [Thu, 21 Apr 2011 21:06:12 +0000 (21:06 +0000)]
Initial do_fips.bat build script for WIN32 fipscanister.
Dr. Stephen Henson [Thu, 21 Apr 2011 20:55:35 +0000 (20:55 +0000)]
Reconise no-ec-nistp224-64-gcc-128 option.
Dr. Stephen Henson [Thu, 21 Apr 2011 16:58:51 +0000 (16:58 +0000)]
Make fipscanisteronly auto detect work on WIN32.
Dr. Stephen Henson [Thu, 21 Apr 2011 14:54:33 +0000 (14:54 +0000)]
Fix WIN32 warning.
Dr. Stephen Henson [Thu, 21 Apr 2011 14:54:13 +0000 (14:54 +0000)]
Update ordinals.
Dr. Stephen Henson [Thu, 21 Apr 2011 14:17:15 +0000 (14:17 +0000)]
Add continuous RNG test to entropy source. Entropy callbacks now need
to specify a "block length".
Dr. Stephen Henson [Wed, 20 Apr 2011 18:05:05 +0000 (18:05 +0000)]
Update DRBG to use new POST scheme.
Dr. Stephen Henson [Wed, 20 Apr 2011 17:06:38 +0000 (17:06 +0000)]
Add periodic DRBG health checks as required by SP800-90.
Dr. Stephen Henson [Wed, 20 Apr 2011 15:06:44 +0000 (15:06 +0000)]
Add partial GCM tests to fipsalgtest.pl
Dr. Stephen Henson [Wed, 20 Apr 2011 14:33:39 +0000 (14:33 +0000)]
Add partial DH and ECDH primitives only testing to fipsalgtest.pl
Dr. Stephen Henson [Wed, 20 Apr 2011 13:20:31 +0000 (13:20 +0000)]
Warn if lines are truncated in algorithm test utilities.
Support for new test files: DRBG and CCM.
Andy Polyakov [Wed, 20 Apr 2011 08:13:58 +0000 (08:13 +0000)]
xts128.c: minor optimization and clarified prototype.
Andy Polyakov [Tue, 19 Apr 2011 19:09:18 +0000 (19:09 +0000)]
perlasm/x86gas.pl: make OPENSSL_instrument_bus[2] compile.
Dr. Stephen Henson [Tue, 19 Apr 2011 18:57:58 +0000 (18:57 +0000)]
Add AES CCM selftest.
Dr. Stephen Henson [Tue, 19 Apr 2011 11:10:54 +0000 (11:10 +0000)]
Use 0 for tbslen to perform strlen.
Dr. Stephen Henson [Mon, 18 Apr 2011 23:30:59 +0000 (23:30 +0000)]
Add fips/cmac directory to WIN32 build.
Dr. Stephen Henson [Mon, 18 Apr 2011 22:48:40 +0000 (22:48 +0000)]
Fix EVP CCM decrypt. Add decrypt support to algorithm test program.
Dr. Stephen Henson [Mon, 18 Apr 2011 21:01:24 +0000 (21:01 +0000)]
Typo.
Andy Polyakov [Mon, 18 Apr 2011 20:19:23 +0000 (20:19 +0000)]
ccm128.c: fix Win32 compiler warning.
Andy Polyakov [Mon, 18 Apr 2011 20:18:03 +0000 (20:18 +0000)]
perlasm/x86[nm]asm.pl: make OPENSSL_instrument_bus[2] compile.
Andy Polyakov [Mon, 18 Apr 2011 19:17:28 +0000 (19:17 +0000)]
ccm128.c: fix STRICT_ALIGNMENT another bug in CRYPTO_ccm128_decrypt.
Dr. Stephen Henson [Mon, 18 Apr 2011 17:31:28 +0000 (17:31 +0000)]
Override flag for XTS length limit.
Dr. Stephen Henson [Mon, 18 Apr 2011 16:31:11 +0000 (16:31 +0000)]
CCM encrypt algorithm test support.
Dr. Stephen Henson [Mon, 18 Apr 2011 14:25:11 +0000 (14:25 +0000)]
Initial untested CCM support via EVP.
Dr. Stephen Henson [Mon, 18 Apr 2011 13:15:37 +0000 (13:15 +0000)]
Compile ccm128.c, move some structures to modes_lcl.h add prototypes.
Dr. Stephen Henson [Mon, 18 Apr 2011 11:28:41 +0000 (11:28 +0000)]
Don't need separate tag buffer for GCM mode: use EVP_CIPHER_CTX buf
field which is not unused for custom ciphers.
Dr. Stephen Henson [Sun, 17 Apr 2011 15:39:47 +0000 (15:39 +0000)]
Remove shlib_wrap.sh as it is not needed (all algorithm tests are
staticly linked to fipscanister.o). Add option to generate a shell
script to run all tests: this is useful for platforms that don't have
perl.
Andy Polyakov [Sun, 17 Apr 2011 12:46:00 +0000 (12:46 +0000)]
Multiple assembler packs: add experimental memory bus instrumentation.
Dr. Stephen Henson [Sat, 16 Apr 2011 23:54:19 +0000 (23:54 +0000)]
Remove PSS salt length detection hack from fipslagtest.pl by allowing a regexp
search of the file to determine its type. This will be needed for other tests
later...
Andy Polyakov [Sat, 16 Apr 2011 22:57:58 +0000 (22:57 +0000)]
ccm128.c: minor optimization and bugfix in CRYPTO_ccm128_[en|de]crypt.
Dr. Stephen Henson [Fri, 15 Apr 2011 20:09:34 +0000 (20:09 +0000)]
Add "post" option to fips_test_suite to run the POST only and exit.
Dr. Stephen Henson [Fri, 15 Apr 2011 12:01:53 +0000 (12:01 +0000)]
Add length limitation from SP800-38E.
Dr. Stephen Henson [Fri, 15 Apr 2011 11:30:19 +0000 (11:30 +0000)]
Add XTS selftest, include in fips_test_suite.
Dr. Stephen Henson [Fri, 15 Apr 2011 02:49:30 +0000 (02:49 +0000)]
Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation.
Dr. Stephen Henson [Thu, 14 Apr 2011 18:29:49 +0000 (18:29 +0000)]
Add new POST support to X9.31 PRNG.
Dr. Stephen Henson [Thu, 14 Apr 2011 16:38:20 +0000 (16:38 +0000)]
Report each cipher used with CMAC tests.
Only add one error to error queue if a specific test type fails.
Dr. Stephen Henson [Thu, 14 Apr 2011 16:14:41 +0000 (16:14 +0000)]
Revise fips_test_suite to use table of IDs for human readable strings.
Modify HMAC selftest callbacks to notify each digest type used.
Dr. Stephen Henson [Thu, 14 Apr 2011 13:10:00 +0000 (13:10 +0000)]
Update CMAC, HMAC, GCM to use new POST system.
Fix crash if callback not set.
Dr. Stephen Henson [Thu, 14 Apr 2011 11:30:51 +0000 (11:30 +0000)]
Remove several of the old obsolete FIPS_corrupt_*() functions.
Dr. Stephen Henson [Thu, 14 Apr 2011 11:15:10 +0000 (11:15 +0000)]
Initial incomplete POST overhaul: add support for POST callback to
allow status of POST to be monitored and/or failures induced.