[openssl-commits] [openssl] master update
The branch master has been updated via 0db957dbbcf6a432086ab913378c23636d8c374c (commit) from f9a22815f386dbe7a13822f0ac3629ae8521cd76 (commit) - Log - commit 0db957dbbcf6a432086ab913378c23636d8c374c Author: Pauli Date: Tue Sep 18 11:44:43 2018 +1000 Add a GMAC demonstration program. Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/7249) --- Summary of changes: demos/evp/Makefile | 8 +++-- demos/evp/gmac.c | 103 + 2 files changed, 108 insertions(+), 3 deletions(-) create mode 100644 demos/evp/gmac.c diff --git a/demos/evp/Makefile b/demos/evp/Makefile index c2e10a1..1fb0f39 100644 --- a/demos/evp/Makefile +++ b/demos/evp/Makefile @@ -7,17 +7,19 @@ # #LD_LIBRARY_PATH=../.. ./aesccm #LD_LIBRARY_PATH=../.. ./aesgcm +#LD_LIBRARY_PATH=../.. ./gmac CFLAGS = $(OPENSSL_INCS_LOCATION) LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto -all: aesccm aesgcm +all: aesccm aesgcm gmac aesccm: aesccm.o aesgcm: aesgcm.o +gmac: gmac.o -aesccm aesgcm: +aesccm aesgcm gmac: $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) clean: - $(RM) aesccm aesgcm *.o + $(RM) aesccm aesgcm gmac *.o diff --git a/demos/evp/gmac.c b/demos/evp/gmac.c new file mode 100644 index 000..0b2231b --- /dev/null +++ b/demos/evp/gmac.c @@ -0,0 +1,103 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Simple AES GMAC test program, uses the same NIST data used for the FIPS + * self test but uses the application level EVP APIs. + */ +#include +#include +#include +#include +#include + +/* AES-GMAC test data from NIST public test vectors */ + +static const unsigned char gmac_key[] = { 0x77, 0xbe, 0x63, 0x70, 0x89, 0x71, 0xc4, 0xe2, + 0x40, 0xd1, 0xcb, 0x79, 0xe8, 0xd7, 0x7f, 0xeb }; +static const unsigned char gmac_iv[] = { 0xe0, 0xe0, 0x0f, 0x19, 0xfe, 0xd7, 0xba, 0x01, + 0x36, 0xa7, 0x97, 0xf3 }; +static const unsigned char gmac_aad[] = { 0x7a, 0x43, 0xec, 0x1d, 0x9c, 0x0a, 0x5a, 0x78, + 0xa0, 0xb1, 0x65, 0x33, 0xa6, 0x21, 0x3c, 0xab }; + +static const unsigned char gmac_tag[] = { 0x20, 0x9f, 0xcc, 0x8d, 0x36, 0x75, 0xed, 0x93, + 0x8e, 0x9c, 0x71, 0x66, 0x70, 0x9d, 0xd9, 0x46 }; + +static int aes_gmac(void) +{ +EVP_CIPHER_CTX *ctx; +int outlen, tmplen; +unsigned char outbuf[1024]; +int ret = 0; + +printf("AES GMAC:\n"); +printf("Authenticated Data:\n"); +BIO_dump_fp(stdout, gmac_aad, sizeof(gmac_aad)); + +if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { +printf("EVP_CIPHER_CTX_new: failed\n"); +goto err; +} + +/* Set cipher type and mode */ +if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL)) { +printf("EVP_EncryptInit_ex: failed\n"); +goto err; +} + +/* Set IV length if default 96 bits is not appropriate */ +if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gmac_iv), + NULL)) { +printf("EVP_CIPHER_CTX_ctrl: set IV length failed\n"); +goto err; +} + +/* Initialise key and IV */ +if (!EVP_EncryptInit_ex(ctx, NULL, NULL, gmac_key, gmac_iv)) { +printf("EVP_EncryptInit_ex: set key and IV failed\n"); +goto err; +} + +/* Zero or more calls to specify any AAD */ +if (!EVP_EncryptUpdate(ctx, NULL, , gmac_aad, sizeof(gmac_aad))) { +printf("EVP_EncryptUpdate: setting AAD failed\n"); +goto err; +} + +/* Finalise: note get no output for GMAC */ +if (!EVP_EncryptFinal_ex(ctx, outbuf, )) { +printf("EVP_EncryptFinal_ex: failed\n"); +goto err; +} + +/* Get tag */ +if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf)) { +printf("EVP_CIPHER_CTX_ctrl: failed\n"); +goto err; +} + +/* Output tag */ +printf("Tag:\n"); +BIO_dump_fp(stdout, outbuf, 16); + +/* Is the tag correct? */ +if (memcmp(outbuf, gmac_tag, sizeof(gmac_tag)) != 0) { +printf("Expected:\n"); +BIO_dump_fp(stdout, gmac_tag, sizeof(gmac_tag)); +} else +ret = 1; +err: +EVP_CIPHER_CTX_free(ctx); +return ret; +} + +int main(int argc, char **argv) +{ +return aes_gmac() ? EXIT_SUCCESS : EXIT_FAILURE; +} _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 8a1b9339b244cf9bf76bb1bed0eb6e6cd45b3871 (commit) from 53cc720aa09a60463d62d184ab6e23baccef5e71 (commit) - Log - commit 8a1b9339b244cf9bf76bb1bed0eb6e6cd45b3871 Author: Richard Levitte Date: Wed Sep 19 02:25:26 2018 +0200 Add a openssl.com specific .htaccess This allows us to redirect whatever openssl.com URLs we want freely. The setup in the openssl.com site configuration will include this line: AccessFileName .htaccess.openssl.com .htaccess Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/80) --- Summary of changes: .htaccess.openssl.com | 4 1 file changed, 4 insertions(+) create mode 100644 .htaccess.openssl.com diff --git a/.htaccess.openssl.com b/.htaccess.openssl.com new file mode 100644 index 000..90b3e57 --- /dev/null +++ b/.htaccess.openssl.com @@ -0,0 +1,4 @@ +# -*- Apache -*- +Redirect permanent / https://www.openssl.org/community/contacts.html +Redirect permanent /verifycd.html https://www.openssl.org/docs/fips/verifycd.html +RedirectMatch permanent "^(.*)$" "https://www.openssl.org$1; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 53cc720aa09a60463d62d184ab6e23baccef5e71 (commit) via 7c369dac41a2f5a25d3533932686c860958b2643 (commit) via fb942af17ae8fff1e18939d57676678931e9b7e4 (commit) via a1a3195d8d9abdbc5238618b23f73cb774262d09 (commit) via 91ca9441703a779d4c065dc181653410914ee6f2 (commit) from 50ac168c298eedf5aced96da0b6eff5aee57b9fd (commit) - Log - commit 53cc720aa09a60463d62d184ab6e23baccef5e71 Merge: 50ac168 7c369da Author: Mark J. Cox Date: Tue Sep 18 14:07:12 2018 +0100 Merge pull request #77 from iamamoose/oss Merge information from openssl.com and about OSS into main site commit 7c369dac41a2f5a25d3533932686c860958b2643 Author: Mark J. Cox Date: Tue Sep 18 13:09:05 2018 +0100 Update to the latest OSS bylaws commit fb942af17ae8fff1e18939d57676678931e9b7e4 Author: Mark J. Cox Date: Tue Sep 18 11:04:31 2018 +0100 Add verify CD image commit a1a3195d8d9abdbc5238618b23f73cb774262d09 Author: Mark J. Cox Date: Tue Sep 18 11:03:45 2018 +0100 Add the page from http://openssl.com/verifycd.html but update to show we do not accept US cheques/checks at this time. commit 91ca9441703a779d4c065dc181653410914ee6f2 Author: Mark J. Cox Date: Tue Sep 18 10:49:41 2018 +0100 Add OSS bylaws and details of OSS to the contact page rather than using openssl.com which we should deprecate. Bring wording for FIPS in line with what we used on openssl.com --- Summary of changes: community/contacts.html | 19 docs/fips/verifycd.html | 81 docs/fips/verifycd.jpg | Bin 0 -> 20887 bytes policies/oss-bylaws.pdf | Bin 0 -> 38884 bytes 4 files changed, 94 insertions(+), 6 deletions(-) create mode 100644 docs/fips/verifycd.html create mode 100644 docs/fips/verifycd.jpg create mode 100644 policies/oss-bylaws.pdf diff --git a/community/contacts.html b/community/contacts.html index 5c6f6a6..8c0820e 100644 --- a/community/contacts.html +++ b/community/contacts.html @@ -17,10 +17,21 @@ (US) non-profit corporation with its own bylaws. + OpenSSL Software Services + (OSS) also represents the OpenSSL project, for +Support Contracts, and +as the + Vendor of Record for NIST Cryptographic Module +https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747;>#1747 +(This is an open-source validation of FIPS-140 based on OpenSSL). +It is a Delaware (US) corporation with its own bylaws. + - The best way to contact OSF is by sending an email to + The best way to contact OSF or OSS is by sending an email to mailto:osf-cont...@openssl.org;>osf-cont...@openssl.org. - For postal or telephone contact, use the following: + For postal contact, use the following: 40 E Main St, Suite 744 @@ -29,10 +40,6 @@ - https://www.openssl.com;>OpenSSL Software Services - (OSS) also represents the OpenSSL project, most notably as the - Vendor of Record for the FIPS validation. - You are here: Home diff --git a/docs/fips/verifycd.html b/docs/fips/verifycd.html new file mode 100644 index 000..a30a9c1 --- /dev/null +++ b/docs/fips/verifycd.html @@ -0,0 +1,81 @@ + + + + + + + + + + FIPS 140-2 verification of the OpenSSL FIPS Object Module source distribution file + + + + +The latest of the OpenSSL FIPS Object Module ("FIPS module") +FIPS 140-2 validations saw the introduction of a new requirement +by the CMVP: + + The distribution tar file, shall be verified using an +independently acquired FIPS 140-2 validated cryptographic +module... + +Some prospective users of the OpenSSL FIPS Object Module 2.0 already +have ready access to an existing securely-installed software product +using FIPS 140-2 validated cryptography that is capable of calculating +the HMAC-SHA-1 digest of a file on disk, in which case satisfying this +requirement is easy (simply calculate the HMAC-SHA-1 digest of the +source distribution file using the key "etaonrishdlcupfm" +and confirm it is that same as documented in the http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm;>Security Policy +document (e.g., "2cdd29913c6523df8ad38da11c342b80ed3f1dae" for +openssl-fips-2.0.tar.gz). + + +For most prospective users the identification, acquisition, +installation, and configuration of a suitable product may be a challenge. +(See Section 6.6 of our FIPS +User + Guide) +The requirement for this verification with an
[openssl-commits] [web] master update
The branch master has been updated via 50ac168c298eedf5aced96da0b6eff5aee57b9fd (commit) via 6bde6d627da78566f2b1b1f1b4dfdd3781fa91ee (commit) from a9e5da9e4698a64397f1f564337f13207518f3ee (commit) - Log - commit 50ac168c298eedf5aced96da0b6eff5aee57b9fd Merge: a9e5da9 6bde6d6 Author: Mark J. Cox Date: Tue Sep 18 13:24:11 2018 +0100 Merge pull request #78 from iamamoose/osf Update to latest OSF bylaws commit 6bde6d627da78566f2b1b1f1b4dfdd3781fa91ee Author: Mark J. Cox Date: Tue Sep 18 13:11:56 2018 +0100 Update to latest OSF bylaws --- Summary of changes: policies/osf-bylaws.pdf | Bin 44509 -> 45594 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/policies/osf-bylaws.pdf b/policies/osf-bylaws.pdf index ed4810c..b0a3994 100644 Binary files a/policies/osf-bylaws.pdf and b/policies/osf-bylaws.pdf differ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via f560ff623b900b2460aa043441b527e304735eb1 (commit) from cfacc73a055620d9d151fd083d7a23999b0dcbdb (commit) - Log - commit f560ff623b900b2460aa043441b527e304735eb1 Author: Dr. Matthias St. Pierre Date: Tue Sep 18 07:56:27 2018 +0200 ssl/ssl_ciph.c: make set_ciphersuites static Fixes #7252 Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7253) (cherry picked from commit f9a22815f386dbe7a13822f0ac3629ae8521cd76) --- Summary of changes: ssl/ssl_ciph.c | 2 +- ssl/ssl_locl.h | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index b60cc79..14066d0 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1301,7 +1301,7 @@ static int ciphersuite_cb(const char *elem, int len, void *arg) return 1; } -int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str) +static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str) { STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null(); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index e8819e7..8afb117 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2251,7 +2251,6 @@ __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp); -__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str); __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) **cipher_list, _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via f9a22815f386dbe7a13822f0ac3629ae8521cd76 (commit) from 523fcfb4c081ec346f117fd493103ddcd521e431 (commit) - Log - commit f9a22815f386dbe7a13822f0ac3629ae8521cd76 Author: Dr. Matthias St. Pierre Date: Tue Sep 18 07:56:27 2018 +0200 ssl/ssl_ciph.c: make set_ciphersuites static Fixes #7252 Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7253) --- Summary of changes: ssl/ssl_ciph.c | 2 +- ssl/ssl_locl.h | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index b60cc79..14066d0 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1301,7 +1301,7 @@ static int ciphersuite_cb(const char *elem, int len, void *arg) return 1; } -int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str) +static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str) { STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null(); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index e8819e7..8afb117 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2251,7 +2251,6 @@ __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp); -__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str); __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) **cipher_list, _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via cfacc73a055620d9d151fd083d7a23999b0dcbdb (commit) from 66228d53c91440e3b5e8bc96ebdf272d48ce34c8 (commit) - Log - commit cfacc73a055620d9d151fd083d7a23999b0dcbdb Author: Tobias Nießen Date: Fri Sep 14 21:43:12 2018 +0200 Trivial test improvements This commit reuses a variable instead of reevaluating the expression and updates an outdated comment in the EVP test. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7242) (cherry picked from commit 523fcfb4c081ec346f117fd493103ddcd521e431) --- Summary of changes: test/evp_test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/evp_test.c b/test/evp_test.c index 98301e6..2ac69e1 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -459,7 +459,7 @@ typedef struct cipher_data_st { size_t plaintext_len; unsigned char *ciphertext; size_t ciphertext_len; -/* GCM, CCM only */ +/* GCM, CCM and OCB only */ unsigned char *aad; size_t aad_len; unsigned char *tag; @@ -487,7 +487,7 @@ static int cipher_test_init(EVP_TEST *t, const char *alg) if (m == EVP_CIPH_GCM_MODE || m == EVP_CIPH_OCB_MODE || m == EVP_CIPH_CCM_MODE) -cdat->aead = EVP_CIPHER_mode(cipher); +cdat->aead = m; else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) cdat->aead = -1; else _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 523fcfb4c081ec346f117fd493103ddcd521e431 (commit) from d474100af0827d9ba87f3bb25a34867244552df5 (commit) - Log - commit 523fcfb4c081ec346f117fd493103ddcd521e431 Author: Tobias Nießen Date: Fri Sep 14 21:43:12 2018 +0200 Trivial test improvements This commit reuses a variable instead of reevaluating the expression and updates an outdated comment in the EVP test. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7242) --- Summary of changes: test/evp_test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/evp_test.c b/test/evp_test.c index 98301e6..2ac69e1 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -459,7 +459,7 @@ typedef struct cipher_data_st { size_t plaintext_len; unsigned char *ciphertext; size_t ciphertext_len; -/* GCM, CCM only */ +/* GCM, CCM and OCB only */ unsigned char *aad; size_t aad_len; unsigned char *tag; @@ -487,7 +487,7 @@ static int cipher_test_init(EVP_TEST *t, const char *alg) if (m == EVP_CIPH_GCM_MODE || m == EVP_CIPH_OCB_MODE || m == EVP_CIPH_CCM_MODE) -cdat->aead = EVP_CIPHER_mode(cipher); +cdat->aead = m; else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) cdat->aead = -1; else _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.19960
Build openssl OpenSSL_1_0_2-stable.19960 completed Commit 440cb2cfdb by Dr. Matthias St. Pierre on 9/18/2018 5:34 AM: fixup! drbg_get_entropy: force a reseed before calling ssleay_rand_bytes() Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits