Age | Commit message (Collapse) | Author |
|
- make scripts executable;
- "parameterize" platform selection in c6x/do_fips;
- add c6x/fips_algvs.mak;
- add c6x/run6x.js launcher for more recent CCS versions;
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4265)
|
|
AES, SHA256 and SHA512 modules can actually replace corresponding
C64x+ modules. This is because C64x+ instructions don't actually
provide "killer-argument" advantage in these modules. As for SHA1,
even though its performance exactly same, C64x+ module is more
responsive to interrupts, i.e. doesn't inhibit them for as long
periods as C64x module.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4265)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4208)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3300)
|
|
Backport CVE-2014-3570 bug and postability fixes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
While ARMv7 in general is capable of unaligned access, not all instructions
actually are. And trouble is that compiler doesn't seem to differentiate
those capable and incapable of unaligned access. Side effect is that kernel
goes into endless loop retrying same instruction triggering unaligned trap.
Problem was observed in xts128.c and ccm128.c modules. It's possible to
resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT
be feels more appropriate.
(cherry picked from commit 3bdd80521a81d50ade4214053cd9b293f920a77b)
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
As for complementary fips.c modification. Goal is to ensure that
FIPS_signature does not end up in .bss segment, one guaranteed to
be zeroed upon program start-up. One would expect explicitly
initialized values to end up in .data segment, but it turned out
that values explicitly initialized with zeros can end up in .bss.
The modification does not affect program flow, because first byte
was the only one of significance [to FINGERPRINT_premain].
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 34f39b062c76fbd3082521b26edee7f53afc061d)
|
|
Special note about additional -pie flag in android-armv7. The initial
reason for adding it is that Android 5 refuses to execute non-PIE
binaries. But what about older systems and previously validated
platforms? It should be noted that flag is not used when compiling
object code, fipscanister.o in this context, only when linking
applications, *supplementary* fips_algvs used during validation
procedure.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 6db8e3bdc9ef83d83b83f3eec9722c96daa91f82)
Resolved conflicts:
test/fips_algvs.c
|
|
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 50e2a0ea4615124aa159e8f43317dedcf0cfcaa2)
|
|
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 97fbb0c88c2f601f98e25e57b9f6f9679d14f3a8)
Resolved conflicts:
Configure
config
|
|
Normally it would be generated from a perlasm module, but doing so
would affect existing armv4cpuid.S, which in turn would formally void
previously validated platforms. Hense separate module is generated.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 5837e90f08ffcf5ad84933793bc285630018ce26)
|
|
This is achieved by filtering perlasm output through arm-xlate.pl. But note
that it's done only if "flavour" argument is not 'void'. As 'void' is
default value for other ARM targets, permasm output is not actually
filtered on previously validated platforms.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 874faf2ffb22187ad5483d9691a3a2eb7112f161)
|
|
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit c6d109051d1c2b9a453427a2a53ad3d40acc9276)
Resolved Conflicts:
Configure
|
|
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 083ed53defb42ab4d3488bc7f80d9170d22293e7)
|
|
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b84813ec017cb03b8dd0b85bce2bb3e021c45685)
|
|
Reviewed-by: Steve Marquess <marquess@openssl.org>
(cherry picked from commit b06f7d9ac0752083e7443dddc9e5ac3e198063d4)
|
|
Reviewed-by: Steve Marquess <marquess@openssl.org>
|
|
In the current code, the check isn't redundant.
And in fact the REAL check was missing.
This avoids a NULL-deref crash.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
Combination of 2 commits:
370bf1d708e6d7af42e1752fb078d0822c9bc73d
c2fd5d79ffc4fc9d120a0faad579ce96473e6a2f
|
|
PR#2339
|
|
PR#3418.
(cherry picked from commit d4909f9a8dbbda9c5d140476b34a8f80b02b51f3)
|
|
|
|
all operations.
Add ecdsa test.
Test crypto operations are inhibited on test failures.
Test on demand POST.
|
|
|
|
|
|
failure.
Make fips_test_suite induced failure work on every possible subtest instead
of just categories of subtest.
|
|
Submitted by: Pierre Delaage
|
|
|
|
|
|
(backport from HEAD)
|
|
|
|
PR: 2874
Submitted by: Tomas Mraz
(backport from HEAD)
|
|
|
|
(backport from HEAD)
|
|
PR: 2859
Submitted by: John Foley
(backport from HEAD)
|
|
|
|
|
|
|
|
|
|
14:27:39 +0000
|
|
2012-10-04 14:27:38 +0000
|
|
|
|
14:27:33 +0000
|
|
14:27:33 +0000
|
|
14:27:33 +0000
|
|
2012-10-04 14:27:33 +0000
|
|
|
|
+0000
|
|
|