Dr. Stephen Henson
7919c07947
Typo.
2011-05-10 10:57:03 +00:00
Andy Polyakov
ab67c517ae
fips_canister.c: fix typo.
2011-05-10 10:03:23 +00:00
Andy Polyakov
31b46ebb62
fips_canister.c: initial support for cross-compiling. "Initial" refers
...
to the two-entry list of verified platforms in #ifndef
FIPS_REF_POINT_IS_SAFE_TO_CROSS_COMPILE pre-processor section.
2011-05-10 09:53:59 +00:00
Dr. Stephen Henson
dc7995eeb8
Initialise rc.
2011-05-09 21:21:29 +00:00
Dr. Stephen Henson
a2f9200fba
Initial TLS v1.2 client support. Include a default supported signature
...
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.
Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
2011-05-09 15:44:01 +00:00
Dr. Stephen Henson
0b59755f43
Call fipsas.pl directly for pa-risc targets.
2011-05-09 15:23:00 +00:00
Andy Polyakov
1fb97e1313
Optimized bn_nist.c. Performance improvement varies from one benchmark
...
and platform to another. It was measured to deliver 20-30% better
performance on x86 platforms and 30-40% on x86_64, on nistp384 benchmark.
2011-05-09 10:16:32 +00:00
Dr. Stephen Henson
fc683d7213
allow SHA384, SHA512 wit DSA
2011-05-08 12:38:35 +00:00
Dr. Stephen Henson
03bc500a9f
Remove gf2m modules from bn_asm if no-ec2m set.
2011-05-07 22:56:56 +00:00
Dr. Stephen Henson
bfe1d2f895
Remove FIXME comments.
2011-05-07 22:37:58 +00:00
Dr. Stephen Henson
ed1afd327d
Omit GF2m properly this time ;-)
2011-05-07 22:36:03 +00:00
Dr. Stephen Henson
dacdd5203d
Don't include GF2m source files is NOEC2M set.
2011-05-07 22:22:37 +00:00
Andy Polyakov
56c5f703c1
IA-64 assembler pack: fix typos and make it work on HP-UX.
2011-05-07 20:36:05 +00:00
Andy Polyakov
58cc21fdea
x86 assembler pack: add bn_GF2m_mul_2x2 implementations (see x86-gf2m.pl for
...
details and performance data).
2011-05-07 10:31:06 +00:00
Dr. Stephen Henson
4fa3c4c3e9
Fixes for WIN64 FIPS build.
2011-05-06 23:47:23 +00:00
Dr. Stephen Henson
524289baa5
Get OPENSSL_FIPSSYMS from environment in fipsas.pl, include ppccap.c and .S
...
files in fipsdist.
2011-05-06 21:42:34 +00:00
Dr. Stephen Henson
2677d85631
Don't fail WIN32 builds on warnings.
2011-05-06 17:55:59 +00:00
Dr. Stephen Henson
ad4784953d
Return error codes for selftest failure instead of hard assertion errors.
2011-05-06 17:38:39 +00:00
Dr. Stephen Henson
6b7be581e5
Continuing TLS v1.2 support: add support for server parsing of
...
signature algorithms extension and correct signature format for
server key exchange.
All ciphersuites should now work on the server but no client support and
no client certificate support yet.
2011-05-06 13:00:07 +00:00
Dr. Stephen Henson
c184711124
Hide more symbols.
2011-05-05 23:10:32 +00:00
Andy Polyakov
925596f85b
ARM assembler pack: engage newly introduced armv4-gf2m module.
2011-05-05 21:57:11 +00:00
Dr. Stephen Henson
8d3cdd5b58
Fix warning of signed/unsigned comparison.
2011-05-05 14:47:38 +00:00
Andy Polyakov
75359644d0
ARM assembler pack. Add bn_GF2m_mul_2x2 implementation (see source code
...
for details and performance data).
2011-05-05 07:21:17 +00:00
Dr. Stephen Henson
6313d628da
Remove superfluous PRNG self tests.
...
Print timer resolution.
2011-05-04 23:17:29 +00:00
Andy Polyakov
c7d0d0ae09
xts128.c: minor optimizaton.
2011-05-04 20:57:43 +00:00
Dr. Stephen Henson
c9adde0699
Update status.
2011-05-04 18:43:32 +00:00
Dr. Stephen Henson
614dd926cb
Remove debugging print.
...
Explicitly use LINKDIRS for fipsdist links.
2011-05-04 18:33:42 +00:00
Andy Polyakov
034688ec4d
bn_gf2m.c: optimized BN_GF2m_mod_inv delivers sometimes 2x of ECDSA sign.
...
Exact improvement coefficients vary from one benchmark and platform to
another, e.g. it performs 70%-33% better on ARM, hereafter less for
longer keys, and 100%-90% better on x86_64.
2011-05-04 15:22:53 +00:00
Dr. Stephen Henson
d16765919d
Fix warning.
2011-05-04 14:34:36 +00:00
Dr. Stephen Henson
a95bbadb57
Include fipssyms.h for ARM builds to translate symbols.
...
Translate arm symbol to fips_*.
2011-05-04 14:16:03 +00:00
Dr. Stephen Henson
e350458a63
Remove useless setting.
2011-05-04 01:09:52 +00:00
Dr. Stephen Henson
e9093c9832
PR: 2499
...
Submitted by: "James 'J.C.' Jones" <james.jc.jones@gmail.com>
Typos.
2011-05-02 23:29:57 +00:00
Dr. Stephen Henson
2e2a962aad
Fix do_fips script.
2011-05-02 17:11:54 +00:00
Dr. Stephen Henson
9243a86d75
Use faster curves for ECDSA self test.
2011-05-02 12:13:04 +00:00
Dr. Stephen Henson
fc98a4377d
Use more portable clock_gettime() for fips_test_suite timing.
...
Output times of each subtest.
2011-05-02 11:09:38 +00:00
Dr. Stephen Henson
fd600c0037
Stop warning in VxWorks.
2011-05-01 20:55:05 +00:00
Dr. Stephen Henson
a32ad6891b
Quick hack to time POST.
2011-05-01 20:54:42 +00:00
Dr. Stephen Henson
2325315ba3
Two more symbol renames.
2011-05-01 19:07:16 +00:00
Dr. Stephen Henson
8a2024ea59
Handle multiple CPUID_OBJ correctly.
2011-05-01 19:06:39 +00:00
Dr. Stephen Henson
42c7c6764e
Rename some more symbols.
2011-05-01 17:51:40 +00:00
Dr. Stephen Henson
9f7b2c76b1
Include crypto.h in ppccap.c
2011-05-01 16:54:24 +00:00
Dr. Stephen Henson
1c6807c9d6
Add ppc_cap.c to restricted tarball.
2011-05-01 16:46:28 +00:00
Dr. Stephen Henson
bd4b0137fc
For FIPS algorithm test utilities use our own version of strcasecmp and
...
strncasecmp to cover cases where platforms don't support them.
2011-05-01 16:18:52 +00:00
Dr. Stephen Henson
2f6efd6acb
Some changes to support VxWorks in the validted module.
2011-05-01 15:36:54 +00:00
Dr. Stephen Henson
823df31be7
Disable SHA256 if not supported.
2011-05-01 15:36:16 +00:00
Dr. Stephen Henson
ee872e99f7
Update symbol translation table.
2011-05-01 14:33:59 +00:00
Dr. Stephen Henson
9a85e53813
no need to include memory.h
2011-04-30 23:37:42 +00:00
Dr. Stephen Henson
7409d7ad51
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
...
checking added, SHA256 PRF support added.
At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
2011-04-29 22:56:51 +00:00
Dr. Stephen Henson
08557cf22c
Initial "opaque SSL" framework. If an application defines
...
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.
The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
2011-04-29 22:37:12 +00:00
Dr. Stephen Henson
c4d162873f
Don't assume version of rm supports -rf: use RM instead.
2011-04-28 20:52:21 +00:00