aboutsummaryrefslogtreecommitdiff
path: root/crypto/fipsmodule/bcm.c
AgeCommit message (Collapse)AuthorFilesLines
2017-08-18Run the comment converter on libcrypto.David Benjamin1-23/+23
crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL style. Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c Reviewed-on: https://boringssl-review.googlesource.com/19504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-13Don't draw entropy during FIPS power-on tests.Adam Langley1-10/+41
Change-Id: I8512c6bfb62f1a83afc8f763d681bf5db3b4ceae Reviewed-on: https://boringssl-review.googlesource.com/17144 Commit-Queue: Adam Langley <alangley@gmail.com> Reviewed-by: David Benjamin <davidben@google.com>
2017-06-08Tag the power-on tests as a constructor function directly.Adam Langley1-3/+2
This matches the example code in IG 9.10. Change-Id: Ie010d135d6c30acb9248b689302b0a27d65bc4f7 Reviewed-on: https://boringssl-review.googlesource.com/17006 Commit-Queue: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com>
2017-06-01Clarify the error message for an ECDSA power-on test failure.Adam Langley1-1/+1
We want to clarify that this isn't the PWCT that FIPS generally means, but rather the power-on self-test. Since ECDSA is non-deterministic, we have to implement that power-on self-test as a PWCT, but we have a different flag to break that actual PWCT. Change-Id: I3e27c6a6b0483a6c04e764d6af8a4a863e0b8b77 Reviewed-on: https://boringssl-review.googlesource.com/16765 Reviewed-by: Adam Langley <agl@google.com>
2017-05-18Have a single function for FIPS test failures.Adam Langley1-1/+5
Change-Id: Iab7a738a8981de7c56d1585050e78699cb876dab Reviewed-on: https://boringssl-review.googlesource.com/16467 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-18fipstools: Add a sample binary that exercises methods from the FIPS module.Martin Kreichgauer1-0/+6
Also allow breaking ECDSA/RSA pair-wise consistency tests and ECDSA self-test. Change-Id: I1c7723f6082568ebf93158cfaa184cbdeb7480a0 Reviewed-on: https://boringssl-review.googlesource.com/16305 Reviewed-by: Adam Langley <agl@google.com>
2017-05-16Move OPENSSL_ASAN to base.h.Adam Langley1-10/+4
Saves having it in several places. Change-Id: I329e1bf4dd4a7f51396e36e2604280fcca32b58c Reviewed-on: https://boringssl-review.googlesource.com/16026 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-10crypto/fipsmodule: Make more Known Answer Tests breakable.Martin Kreichgauer1-9/+44
This allows breaking Known Answer Tests for AES-GCM, DES, SHA-1, SHA-256, SHA-512, RSA signing and DRBG as required by FIPS. Change-Id: I8e59698a5048656021f296195229a09ca5cd767c Reviewed-on: https://boringssl-review.googlesource.com/16088 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-09Add a way to break one of the KAT tests.Adam Langley1-1/+6
This is required by FIPS testing. Change-Id: Ia399a0bf3d03182499c0565278a3713cebe771e3 Reviewed-on: https://boringssl-review.googlesource.com/16044 Commit-Queue: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-08Switch integrity hash to SHA-512.Adam Langley1-3/+3
SHA-512 is faster to calculate on 64-bit systems and we're only targetting 64-bit systems with FIPS. Change-Id: I5e9b8419ad4ddc72ec682c4193ffb17975d228e5 Reviewed-on: https://boringssl-review.googlesource.com/16025 Commit-Queue: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-05Tidy up FIPS module dependencies.David Benjamin1-1/+0
This avoids depending the FIPS module on crypto/bytestring and moves ECDSA_SIG_{new,free} into the module. Change-Id: I7b45ef07f1140873a0da300501141b6ae272a5d9 Reviewed-on: https://boringssl-review.googlesource.com/15984 Reviewed-by: Adam Langley <agl@google.com>
2017-05-05Move cipher/ into crypto/fipsmodule/Adam Langley1-0/+4
Change-Id: Id65e0988534056a72d9b40cc9ba5194e2d9b8a7c Reviewed-on: https://boringssl-review.googlesource.com/15904 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-04Move rsa/ to fipsmodule/rsa/Adam Langley1-0/+4
Change-Id: Id20d371ae7a88a91aaba7a9e23574eccb9caeb3c Reviewed-on: https://boringssl-review.googlesource.com/15849 Reviewed-by: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-04Move ec/ and ecdsa/ into fipsmodule/Adam Langley1-0/+11
The names in the P-224 code collided with the P-256 code and thus many of the functions and constants in the P-224 code have been prefixed. Change-Id: I6bcd304640c539d0483d129d5eaf1702894929a8 Reviewed-on: https://boringssl-review.googlesource.com/15847 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-02Don't depend on crypto/bytestring for ECDSA self-tests.David Benjamin1-13/+44
This will let us keep CBS/CBB out of the module. It also makes the PWCT actually use a hard-coded public key since kEC was using the private-key-only serialization. Change-Id: I3769fa26fc789c4797a56534df73f810cf5441c4 Reviewed-on: https://boringssl-review.googlesource.com/15830 Reviewed-by: Adam Langley <agl@google.com>
2017-05-02Don't depend on crypto/bytestring for RSA self-tests.David Benjamin1-110/+147
This will let us keep CBS/CBB out of the module. Change-Id: I780de0fa2c102cf27eee2cc242ee23740fbc16ce Reviewed-on: https://boringssl-review.googlesource.com/15829 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-02Consistently check length in RSA_add_pkcs1_prefix.David Benjamin1-25/+25
We check the length for MD5+SHA1 but not the normal cases. Instead, EVP_PKEY_sign externally checks the length (largely because the silly RSA-PSS padding function forces it). We especially should be checking the length for these because otherwise the prefix built into the ASN.1 prefix is wrong. The primary motivation is to avoid putting EVP_PKEY inside the FIPS module. This means all logic for supported algorithms should live in crypto/rsa. This requires fixing up the verify_recover logic and some tests, including bcm.c's KAT bits. (evp_tests.txt is now this odd mixture of EVP-level and RSA-level error codes. A follow-up change will add new APIs for RSA-PSS which will allow p_rsa.c to be trimmed down and make things consistent.) Change-Id: I29158e9695b28e8632b06b449234a5dded35c3e7 Reviewed-on: https://boringssl-review.googlesource.com/15824 Reviewed-by: Adam Langley <agl@google.com>
2017-05-02Move des/ to crypto/fipsmodule/Adam Langley1-0/+1
Change-Id: I167b7045c537d95294d387936f3d7bad530e1c6f Reviewed-on: https://boringssl-review.googlesource.com/15844 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-01Move bn/ into crypto/fipsmodule/Adam Langley1-0/+19
Change-Id: I68aa4a740ee1c7f2a308a6536f408929f15b694c Reviewed-on: https://boringssl-review.googlesource.com/15647 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-04-21Move much of rand/ into the FIPS module.Adam Langley1-2/+9
Support for platforms that we don't support FIPS on doesn't need to be in the module. Also, functions for dealing with whether fork-unsafe buffering is enabled are left out because they aren't implementing any cryptography and they use global r/w state, making their inclusion painful. Change-Id: I71a0123db6f5449e9dfc7ec7dea0944428e661aa Reviewed-on: https://boringssl-review.googlesource.com/15084 Reviewed-by: Adam Langley <agl@google.com>
2017-04-21Avoid messing with dummy functions in delocate.go.David Benjamin1-10/+8
With some optimisation settings, Clang was loading BORINGSSL_bcm_text_hash with AVX2 instructions, which weren't getting translated correctly. This seems to work and is less fragile. The compiler just emits an leaq here. This is because it knows the symbol is hidden (in the shared library sense), so it needn't go through GOTPCREL. The assembler would have added a relocation, were the symbol left undefined, but since we define the symbol later on, it all works out without a relocation. Were the symbol not hidden, the compiler would have emitted a movq by way of GOTPCREL, but we can now translate those away anyway. Change-Id: I442a22f4f8afaadaacbab7044f946a963ebfc46c Reviewed-on: https://boringssl-review.googlesource.com/15384 Reviewed-by: Adam Langley <agl@google.com>
2017-04-21Make the arguments to FIPS check_test consistent.Adam Langley1-4/+4
Change-Id: Ibd6b9b12b3b622f67f69da5c2add8b1b040882f1 Reviewed-on: https://boringssl-review.googlesource.com/15344 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-04-21Move modes/ into the FIPS moduleAdam Langley1-0/+6
The changes to delocate.go are needed because modes/ does things like return the address of a module function. Both of these need to be changed from referencing the GOT to using local symbols. Rather than testing whether |ghash| is |gcm_ghash_avx|, we can just keep that information in a flag. The test for |aesni_ctr32_encrypt_blocks| is more problematic, but I believe that it's superfluous and can be dropped: if you passed in a stream function that was semantically different from |aesni_ctr32_encrypt_blocks| you would already have a bug because |CRYPTO_gcm128_[en|de]crypt_ctr32| will handle a block at the end themselves, and assume a big-endian, 32-bit counter anyway. Change-Id: I68a84ebdab6c6006e11e9467e3362d7585461385 Reviewed-on: https://boringssl-review.googlesource.com/15064 Reviewed-by: Adam Langley <agl@google.com>
2017-04-19Add DRBG KAT for FIPS.Steven Valdez1-2/+46
Change-Id: I7d54f2e01dac0d9baa5cf557efbc945955f357e7 Reviewed-on: https://boringssl-review.googlesource.com/15189 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-04-19Add 3DES KAT for FIPS.Steven Valdez1-2/+36
Change-Id: Ic4ce05d1c797b8dbe3569bddd829d7c587295762 Reviewed-on: https://boringssl-review.googlesource.com/15188 Reviewed-by: Adam Langley <agl@google.com>
2017-04-19Add RSA/ECDSA KAT for FIPS.Steven Valdez1-3/+177
Change-Id: Ic11598d8d9f525f7859944441610f22ef1ba1e16 Reviewed-on: https://boringssl-review.googlesource.com/15187 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-04-18Add AES and SHA KAT for FIPS.Steven Valdez1-15/+154
Change-Id: I381ea09705a8302078c40e5afcce5ebffcbe0a32 Reviewed-on: https://boringssl-review.googlesource.com/15184 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-04-14Move AES code into the FIPS module.Adam Langley1-0/+3
Change-Id: Id94e71bce4dca25e77f52f38c07e0489ca072d2d Reviewed-on: https://boringssl-review.googlesource.com/15027 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-04-13“Fix” FIPS build under ASAN.Adam Langley1-0/+8
It's not obvious how to make ASAN happy with the integrity test but this will let us test FIPS-only code with ASAN at least. Change-Id: Iac983787e04cb86a158e4416c410d9b2d1e5e03f Reviewed-on: https://boringssl-review.googlesource.com/14965 Reviewed-by: Adam Langley <agl@google.com>
2017-04-07Be less clever about .rel.ro avoidance.David Benjamin1-18/+4
This restores the original version of delocate.go, with the subsequent bugfixes patched in. With this, the FIPS module builds with GCC and Clang, with and without optimizations. I did patch over a variant of the macro though, since it was otherwise really wordy. Playing games with sections was a little overly clever and relied on the compiler not performing a number of optimizations. Clang blew threw all of those assumptions. Change-Id: Ib4da468a5925998457994f9e392cf0c04573fe91 Reviewed-on: https://boringssl-review.googlesource.com/14805 Reviewed-by: Adam Langley <agl@google.com>
2017-04-07First part of the FIPS module.Adam Langley1-0/+100
Change-Id: Ic3a91ccd2c8cdc364740f256fdb8a7ff66177947 Reviewed-on: https://boringssl-review.googlesource.com/14506 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com>
generated by cgit v1.1 at 2024-07-10 09:36:15 +0000