wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9882 commits 20 branches 302 tags 153 MiB
Commit graph

5219 commits

Author SHA1 Message Date
Dr. Stephen Henson
c2a459315a Use single X931 key generation source file for FIPS and non-FIPS builds. 2011-02-03 12:47:56 +00:00
Bodo Möller
e2b798c8b3 Assorted bugfixes: 
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
 2011-02-03 12:03:51 +00:00
Bodo Möller
9d0397e977 make update 2011-02-03 10:17:53 +00:00
Bodo Möller
2440d8b1db Fix error codes. 2011-02-03 10:03:23 +00:00
Dr. Stephen Henson
7a4ec19a5f Make no-asm work in fips mode. Add android platform. 2011-02-02 15:07:13 +00:00
Dr. Stephen Henson
a5b196a22c Add sign/verify digest API to handle an explicit digest instead of finalising 
a context.
 2011-02-02 14:21:33 +00:00
Dr. Stephen Henson
3c2c4cc5f2 fixes for DSA2 parameter generation 2011-02-01 17:15:19 +00:00
Dr. Stephen Henson
7f64c26588 Since FIPS 186-3 specifies we use the leftmost bits of the digest 
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
 2011-02-01 12:52:01 +00:00
Dr. Stephen Henson
3dd9b31dc4 Provisional, experimental support for DSA2 parameter generation algorithm. 
Not properly integrated or tested yet.
 2011-01-31 19:44:09 +00:00
Dr. Stephen Henson
eb164d0b12 stop warnings about no previous prototype when compiling shared engines 2011-01-30 01:30:48 +00:00
Dr. Stephen Henson
7edfe67456 Move all FIPSAPI renames into fips.h header file, include early in 
crypto.h if needed.

Modify source tree to handle change.
 2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
7cc684f4f7 Redirect FIPS memory allocation to FIPS_malloc() routine, remove 
OpenSSL malloc dependencies.
 2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
aa87945f47 Update source files to handle new FIPS_lock() location. Add FIPS_lock() 
definition. Remove stale function references from fips.h
 2011-01-27 15:57:31 +00:00
Dr. Stephen Henson
7c8ced94c3 Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer 
to EVP any more.

Move locking #define into fips.h.

Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
 2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
ad6019d6c0 Move locking and thread ID functions into new files lock.c and thr_id.c, 
redirect locking to minimal FIPS_lock() function where required.
 2011-01-27 14:27:24 +00:00
Dr. Stephen Henson
a27de7b7fd use FIPSEVP in some bn and rsa files 2011-01-27 14:24:42 +00:00
Dr. Stephen Henson
879bd6e38c Internal version of BN_mod_inverse allowing checking of no-inverse without 
need to inspect error queue.
 2011-01-26 16:59:47 +00:00
Dr. Stephen Henson
6f4b3e7c09 Use ARX in crypto/Makefile 2011-01-26 16:22:03 +00:00
Dr. Stephen Henson
6dff52e858 FIPS HMAC changes: 
Use EVP macros.

Use tiny EVP in FIPS mode.
 2011-01-26 16:15:38 +00:00
Dr. Stephen Henson
df6de39fe7 Change AR to ARX to allow exclusion of fips object modules 2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
5ca9cb7cbd FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR 
library dependencies.
 2011-01-26 15:53:07 +00:00
Dr. Stephen Henson
83c3410b94 FIPS DH changes: selftest checks and key range checks. 2011-01-26 15:47:19 +00:00
Dr. Stephen Henson
20818e00fd FIPS mode DSA changes: 
Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.

Key size restrictions.
 2011-01-26 15:46:26 +00:00
Dr. Stephen Henson
c553721e8b FIPS mode RSA changes: 
Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.
 2011-01-26 15:37:41 +00:00
Dr. Stephen Henson
1588a3cae7 add new RAND errors 2011-01-26 15:33:51 +00:00
Dr. Stephen Henson
7a4bd34a4f FIPS mode EVP changes: 
Set EVP_CIPH_FLAG_FIPS on approved ciphers.

Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.

Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.

Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.
 2011-01-26 15:25:33 +00:00
Dr. Stephen Henson
4ead4e5241 FIPS mode changes to make RNG compile (this will need updating later as we 
need a whole new PRNG for FIPS).

1. avoid use of ERR_peek().

2. If compiling with FIPS use small FIPS EVP and disable ENGINE
 2011-01-26 14:52:04 +00:00
Richard Levitte
373048395e Add rsa_crpt 2011-01-26 06:51:35 +00:00
Dr. Stephen Henson
72a267331a Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate 
crypto and ENGINE dependencies in RSA library.
 2011-01-25 17:35:10 +00:00
Dr. Stephen Henson
13a5519208 Move BN_options function to bn_print.c to remove dependency for BIO printf 
routines from bn_lib.c
 2011-01-25 17:10:30 +00:00
Dr. Stephen Henson
f7a2afa652 Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of 
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().
 2011-01-25 16:55:15 +00:00
Dr. Stephen Henson
245a7eee17 recalculate DSA signature if r or s is zero (FIPS 186-3 requirement) 2011-01-25 16:01:29 +00:00
Dr. Stephen Henson
6e0375d504 revert Makefile change 2011-01-25 12:15:10 +00:00
Dr. Stephen Henson
7d05edd12e PR: 2433 
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve

Constify ASN1_STRING_set_default_mask_asc().
 2011-01-24 16:19:52 +00:00
Dr. Stephen Henson
fef1c40bf1 New function EC_KEY_set_affine_coordinates() this performs all the 
NIST PKV tests.
 2011-01-24 16:07:40 +00:00
Dr. Stephen Henson
a428ac4750 check EC public key isn't point at infinity 2011-01-24 15:04:34 +00:00
Dr. Stephen Henson
0aa1aedbce PR: 1612 
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
 2011-01-24 14:41:34 +00:00
Dr. Stephen Henson
dd616752a1 oops, revert mistakenly committed EC changes 2011-01-19 14:42:42 +00:00
Dr. Stephen Henson
198ce9a611 Add additional parameter to dsa_builtin_paramgen to output the generated 
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
 2011-01-19 14:35:53 +00:00
Dr. Stephen Henson
78c4572296 add va_list version of ERR_add_error_data 2011-01-14 15:13:37 +00:00
Dr. Stephen Henson
d3f17e5ed3 stop warning with no-engine 2011-01-13 15:41:58 +00:00
Richard Levitte
ff66ff0a9b PR: 2425 
Synchronise VMS build with Unixly build.
 2011-01-10 20:55:21 +00:00
Ben Laurie
c13d7c0296 Fix warning. 2011-01-09 17:50:06 +00:00
Dr. Stephen Henson
778b14b72d move some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch). 2011-01-09 13:32:57 +00:00
Dr. Stephen Henson
7b1a04519f add X9.31 prime generation routines from 0.9.8 branch 2011-01-09 13:02:14 +00:00
Dr. Stephen Henson
09d84e03e8 oops missed an assert 2011-01-03 12:54:08 +00:00
Dr. Stephen Henson
85881c1d92 PR: 2411 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Fix corner cases in RFC3779 code.
 2011-01-03 01:40:53 +00:00
Dr. Stephen Henson
968062b7d3 Fix escaping code for string printing. If *any* escaping is enabled we 
must escape the escape character itself (backslash).
 2011-01-03 01:31:24 +00:00
Dr. Stephen Henson
e82f75577b PR: 2410 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Use OPENSSL_assert() instead of assert().
 2011-01-03 01:22:41 +00:00
Dr. Stephen Henson
88ea810e25 PR: 2413 
Submitted by: Michael Bergandi <mbergandi@gmail.com>
Reviewed by: steve

Fix typo in crypto/bio/bss_dgram.c
 2011-01-03 01:07:35 +00:00
Dr. Stephen Henson
2b3936e882 avoid verification loops in trusted store when path building 2010-12-25 20:45:59 +00:00
Richard Levitte
b7ef916c38 First attempt at adding the possibility to set the pointer size for the builds on VMS. 
PR: 2393
 2010-12-14 19:19:04 +00:00
Dr. Stephen Henson
d7d5a55d22 Support routines for ASN1 scanning function, doesn't do much yet. 2010-12-13 18:15:28 +00:00
Andy Polyakov
05e4fbf801 bss_file.c: refine UTF8 logic. 
PR: 2382
 2010-12-11 14:53:14 +00:00
Dr. Stephen Henson
73334e8da1 PR: 2386 
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Correct SKM_ASN1_SET_OF_d2i macro.
 2010-12-02 18:02:29 +00:00
Dr. Stephen Henson
09c1dc850c PR: 2385 
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Zero key->pkey.ptr after it is freed so the structure can be reused.
 2010-11-30 19:37:21 +00:00
Andy Polyakov
e822c756b6 s390x assembler pack: adapt for -m31 build, see commentary in Configure 
for more details.
 2010-11-29 20:52:43 +00:00
Dr. Stephen Henson
300b1d76fe apply J-PKAKE fix to HEAD (original by Ben) 2010-11-29 18:32:05 +00:00
Dr. Stephen Henson
ae3fff5034 Some of the MS_STATIC use in crypto/evp is a legacy from the days when 
EVP_MD_CTX was much larger: it isn't needed anymore.
 2010-11-27 17:37:03 +00:00
Dr. Stephen Henson
fa71cc7bce fix typo in HMAC redirection, add HMAC INIT tracing 2010-11-24 19:14:59 +00:00
Dr. Stephen Henson
e77906b9fa VERY EXPERIMENTAL HMAC redirection example in OpenSSL ENGINE. Untested at this 
stage and probably wont work properly.
 2010-11-24 18:32:06 +00:00
Dr. Stephen Henson
f830c68f4d add "missing" functions to copy EVP_PKEY_METHOD and examine info 2010-11-24 16:08:20 +00:00
Dr. Stephen Henson
46fc96d4ba constify EVP_PKEY_new_mac_key() 2010-11-24 13:13:49 +00:00
Richard Levitte
88868c0786 Use the same directory for architecture dependent header files as in 
the branches OpenSSL-1_0_0-stable and OpenSSL-1_0_1-stable.
 2010-11-23 02:43:20 +00:00
Richard Levitte
2631a0210e Give the architecture dependent directory higher priority 2010-11-23 01:05:26 +00:00
Richard Levitte
c8f0610d99 Synchronise with Unix and do all other needed modifications to have it 
build on VMS again.
 2010-11-22 22:04:41 +00:00
Andy Polyakov
dd128715a2 s390x.S: fix typo in bn_mul_words. 
PR: 2380
 2010-11-22 21:55:07 +00:00
Dr. Stephen Henson
6377953816 add pice of PR#2295 not committed to HEAD 2010-11-22 16:14:56 +00:00
Dr. Stephen Henson
e322fa2872 PR: 2376 
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve

Cleanup alloca use, fix Win32 target for OpenWatcom.
 2010-11-19 00:12:01 +00:00
Richard Levitte
40844c9f68 We redid the structure on architecture dependent source files, but 
apparently forgot to adapt the copying to the installation directory.
 2010-11-18 20:03:07 +00:00
Dr. Stephen Henson
833ebea189 compile cts128.c on VMS 2010-11-18 17:04:18 +00:00
Dr. Stephen Henson
70a5f5f9ab PR: 2372 
Submitted by: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Reviewed by: steve

Fix OpenBSD compilation failure.
 2010-11-18 12:30:01 +00:00
Dr. Stephen Henson
ad889de097 If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and 
we should use its method instead of any generic one.
 2010-11-16 12:11:46 +00:00
Dr. Stephen Henson
da7b0b2261 Submitted by: Jonathan Dixon <joth@chromium.org> 
Reviewed by: steve

If store is NULL set flags correctly.
 2010-11-02 15:58:58 +00:00
Andy Polyakov
c242dda4a4 sha512-mips.pl: add missing 64-bit byte swap. 2010-10-22 20:16:22 +00:00
Andy Polyakov
bb55003882 Add aes-mips.pl assembler module. 2010-10-21 15:56:55 +00:00
Andy Polyakov
ca32ceb773 sha512-mips.pl: fix "little-endian" typos. 2010-10-21 15:56:24 +00:00
Dr. Stephen Henson
776654adff PR: 2295 
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
 2010-10-11 23:49:22 +00:00
Andy Polyakov
d6522548dd x86_64-xlate.pl: fix LNK4078 and LNK4210 link warnings. 
PR 2356
 2010-10-10 21:07:55 +00:00
Dr. Stephen Henson
983768997e We can't always read 6 bytes in an OCSP response: fix so error statuses 
are read correctly for non-blocking I/O.
 2010-10-06 18:00:59 +00:00
Dr. Stephen Henson
8ec3fa0597 fix signature printing routines 2010-10-04 13:58:41 +00:00
Dr. Stephen Henson
0c7246ed4b fix warnings 2010-10-04 13:45:15 +00:00
Dr. Stephen Henson
39239280f3 Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), 
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
 2010-10-03 18:58:09 +00:00
Andy Polyakov
5ad83922ca sha512-mips.pl: add missing byte swap for little-endians. 2010-10-02 12:43:04 +00:00
Andy Polyakov
d466588788 MIPS assembler pack: enable it in Configure, add SHA2 module, fix make rules, 
update commentary...
 2010-10-02 11:47:17 +00:00
Andy Polyakov
da4d239dad Add unified mips.pl, which will replace mips3.s. 2010-09-27 21:19:43 +00:00
Andy Polyakov
0985473636 sha1-mips.pl, mips-mont.pl: unify MIPS assembler modules in respect to 
ABI and binutils.
 2010-09-22 08:43:09 +00:00
Andy Polyakov
8986e37249 ghash-s390x.pl: reschedule instructions for better performance. 2010-09-21 11:37:00 +00:00
Andy Polyakov
90ba3a28f8 s390x assembler pack: extend OPENSSL_s390xcap_P to 128 bits. 2010-09-18 08:46:53 +00:00
Andy Polyakov
f8927c89d0 Alpha assembler pack: adapt for Linux. 
PR: 2335
 2010-09-13 13:28:52 +00:00
Andy Polyakov
3739a772e9 sha1-armv4-large.pl: more readable input pickup. 2010-09-10 15:41:08 +00:00
Andy Polyakov
6415dd7b2f crypto/ppc[cpuid|cap]: call CPU detection once and detect AltiVec. 2010-09-10 15:00:51 +00:00
Andy Polyakov
dd4a0af370 crypto/bn/asm/s390x.S: drop redundant instructions. 2010-09-10 14:53:36 +00:00
Andy Polyakov
7d1f55e9d9 Add ghash-s390x.pl. 2010-09-10 14:50:17 +00:00
Andy Polyakov
d52d5ad147 modes/asm/ghash-*.pl: switch to [more reproducible] performance results 
collected with 'apps/openssl speed ghash'.
 2010-09-05 19:52:14 +00:00
Andy Polyakov
a3b0c44b1b ghash-ia64.pl: 50% performance improvement of gcm_ghash_4bit. 2010-09-05 19:49:54 +00:00
Andy Polyakov
4b2603e46c sparcv9cap.c: disengange Solaris-specific CPU detection routine in favour 
of unified procedure relying on SIGILL.
PR: 2321
 2010-09-05 19:41:41 +00:00
Ben Laurie
5df2a2497a Fix warnings. 2010-09-05 16:34:49 +00:00
Dr. Stephen Henson
2ec4ccee1f fix bug in AES_unwrap() 2010-08-30 23:59:14 +00:00
Bodo Möller
396cb5657b More C language police work. 2010-08-27 13:17:59 +00:00