summaryrefslogtreecommitdiff
path: root/providers/fips-sources.checksums
Commit message (Collapse)AuthorAgeFilesLines
* Rationalize FIPS sourcesTomas Mraz2023-02-081-284/+318
| | | | | | | | | Avoid including QUIC related stuff in the FIPS sources. Also avoid including libssl headers in ssl3_cbc.c. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19658)
* make updateMatt Caswell2021-07-291-38/+39
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* update fips checksumsTomas Mraz2021-07-061-55/+33
| | | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15974)
* Update fips sources and checksumsTomas Mraz2021-06-261-26/+25
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15903)
* make updateMatt Caswell2021-06-171-52/+52
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* make update-fips-checksumsRichard Levitte2021-06-051-5/+3
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15615)
* Update fips checksums to drop the ssl headersTomas Mraz2021-06-041-24/+11
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15609)
* update checksumsPauli2021-06-031-207/+208
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15574)
* make update-fips-checksumsRichard Levitte2021-05-291-26/+241
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15514)
* ec: Add PPC64 vector assembly version of p521 field operationsAmitay Isaacs2021-05-291-261/+45
| | | | | | | | | | | | | | | | | | | Only field multiplication and squaring (but not reduction) show a significant improvement. This is enabled on Power ISA >= 3.0. On a Power 9 CPU an average 10% performance improvement is seen (ECHDE: 14%, ECDSA sign: 6%, ECDSA verify 10%), compared to existing code. On an upcoming Power 10 CPU we see an average performance improvement of 26% (ECHDE: 38%, ECDSA sign: 16%, ECDSA verify 25%), compared to existing code. Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15401)
* regenerate FIPS checksumsPauli2021-05-251-2/+226
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15365)
* make updateMatt Caswell2021-05-201-14/+14
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Implement pem_read_key directly through OSSL_DECODERTomas Mraz2021-05-131-3/+3
| | | | | | | | | | | | Using OSSL_STORE is too heavy and breaks things. There were also needed various fixes mainly for missing proper handling of the SM2 keys in the OSSL_DECODER. Fixes #14788 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15045)
* Export/import flags for FFC params changed to seperate fields.Shane Lontis2021-05-131-3/+3
| | | | | | | | | | | An extra field got added to the ffc flags related to FIPS-186-2 key validation, but this field was not handled by the export/import since the flags were done as string combinations. To keep this consistent with other object flags they are now passed as seperate OSSL_PARAM fields. Fixes 'no-cached-fetch' build which uses export/import. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15210)
* A few cleanups of the provider build.infosTomas Mraz2021-05-121-2/+0
| | | | | | | | | Remove a TODO that is no longer relevant and drop some more non-fips sources from the fips checksums. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15191)
* Allow arbitrary digests with ECDSA and DSATomas Mraz2021-05-121-4/+4
| | | | | | | | | | Unless the FIPS security check is enabled we allow arbitrary digests with ECDSA and DSA. Fixes #14696 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15220)
* Checksum updatePauli2021-05-121-1/+1
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
* Checksum updatePauli2021-05-121-2/+2
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu>
* Update FIPS checksumsMatt Caswell2021-05-111-13/+13
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14991)
* Constify EVP_PKEY_CTX_set_params(), EVP_PKEY_CTX_{set,get}table_params(), etc.Dr. David von Oheimb2021-05-111-2/+2
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14695)
* Add convenience functions and macros for asymmetric key generationDr. David von Oheimb2021-05-111-4/+4
| | | | | | | | | Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen(). Also export auxiliary function OSSL_EC_curve_nid2name() and improve deprecation info on RSA and EC key generation/management functions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14695)
* checksum fixPauli2021-05-101-1/+1
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15209)
* FIPS checksums updateNicola Tuveri2021-05-091-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15108)
* Crypto: Add deprecation compatibility declarations for SHA* message digest ↵Dr. David von Oheimb2021-05-081-3/+3
| | | | | | | | | functions Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14741)
* Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC ↵Dr. David von Oheimb2021-05-081-3/+3
| | | | | | | | | | | | | | functions This helps compensating for deprecated functions such as HMAC() and reduces clutter in the crypto lib, apps, and tests. Also fixes memory leaks in generate_cookie_callback() of apps/lib/s_cb.c. and replaces 'B<...>' by 'I<...>' where appropriate in HMAC.pod Partially fixes #14628. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14664)
* Remove unused code from the fips moduleShane Lontis2021-05-081-10/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15167)
* bn: Add fixed length (n=6), unrolled PPC Montgomery MultiplicationMartin Schwenke2021-05-081-0/+1
| | | | | | | | | | | | | | | | | | | | Overall improvement for p384 of ~18% on Power 9, compared to existing Power assembling code. See comment in code for more details. Multiple unrolled versions could be generated for values other than 6. However, for TLS 1.3 the only other ECC algorithms that might use Montgomery Multiplication are p256 and p521, but these have custom algorithms that don't use Montgomery Multiplication. Non-ECC algorithms are likely to use larger key lengths that won't fit into the n <= 10 length limitation of this code. Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Signed-off-by: Alastair D'Silva <alastair@d-silva.org> Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15175)
* FIPS checksum updatePauli2021-05-071-2/+2
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15042)
* Fixes #14662. Return all EC parameters even for named curvesJon Spillett2021-05-071-1/+1
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15060)
* Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphersJon Spillett2021-05-071-1/+1
| | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15130)
* make updateRichard Levitte2021-05-071-59/+5
| | | | | | | The impact on the FIPS checksum files is pretty significant Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15171)
* Update the FIPS checksumsMatt Caswell2021-05-061-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15177)
* Make the -inform option to be respected if possibleTomas Mraz2021-05-061-1/+1
| | | | | | | | | | | | | | | | Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. The input type format is enforced only in case the file type file store is used. By default we use FORMAT_UNDEF meaning the input type is not enforced. Fixes #14569 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
* Fix KMAC bounds checks.Shane Lontis2021-05-051-2/+2
| | | | | | | | | | | | | | | | | Setting an output length higher than 8191 was causing a buffer overflow. This was reported by Acumen (FIPS lab). The max output size has increased to ~2M and it now checks this during set_parameters. The encoder related functions now pass in the maximum size of the output buffer so they can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in order to calculate and check the length before encoding. Note that right_encode() is currently only used in one place but this may change if other algorithms are supported (such as TupleHash). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15106)
* fips-checksums: The define for fips module is FIPS_MODULETomas Mraz2021-05-041-80/+80
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15132)
* FIPS module checksums: add scripts and Makefile ruleRichard Levitte2021-05-041-0/+459
This adds the following scripts: util/lang-compress.pl: Compress source code, which language is determined by the first argument. For the moment, we know 'perl' (perlasm source code), 'C' (C source code) and 'S' (Assembler with C preprocessor directives). This removes comments and empty lines, and compresses series of horizontal spaces to one single space in the languages where that's appropriate. util/fips-checksums.sh: Takes source file names as arguments, pushes them through util/lang-compress.pl and unifdef with FIPS_MODE defined, and calculates the checksum on the result. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8871)
View Lorry Controller Status