Dr. Stephen Henson [Wed, 20 Oct 2004 00:54:27 +0000 (00:54 +0000)]
Update NEWS file.
Dr. Stephen Henson [Wed, 20 Oct 2004 00:48:15 +0000 (00:48 +0000)]
Typo.
Richard Levitte [Thu, 14 Oct 2004 05:52:07 +0000 (05:52 +0000)]
make update
Richard Levitte [Thu, 14 Oct 2004 05:51:15 +0000 (05:51 +0000)]
We need to check for OPENSSL_FIPS when building shared libraries, so
we get correct transfer vectors for those functions when required.
Richard Levitte [Thu, 14 Oct 2004 05:49:01 +0000 (05:49 +0000)]
Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up. Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.
Ben Laurie [Fri, 8 Oct 2004 10:03:57 +0000 (10:03 +0000)]
Update fingerprints.
Dr. Stephen Henson [Mon, 4 Oct 2004 17:28:57 +0000 (17:28 +0000)]
Oops..
Dr. Stephen Henson [Mon, 4 Oct 2004 16:27:36 +0000 (16:27 +0000)]
Fix race condition when CRL checking is enabled.
Dr. Stephen Henson [Fri, 1 Oct 2004 11:34:28 +0000 (11:34 +0000)]
Update debug-steve
Andy Polyakov [Tue, 28 Sep 2004 20:52:14 +0000 (20:52 +0000)]
Fix Solaris 10_x86 shared build. -Bsymbolic is required to avoid
"remaining relocations" in assembler modules. The latter seems to
be new behaviour, elder as/ld managed to resolve this relocations
as internal. It's possible to address this problem differently,
but I settle for -Bsymbolic...
PR: 946
Richard Levitte [Tue, 28 Sep 2004 11:25:11 +0000 (11:25 +0000)]
usr/doc has recently changed to usr/share/doc on Cygwin.
Notified by Corinna Vinschen <vinschen@redhat.com>
Dr. Stephen Henson [Wed, 15 Sep 2004 23:38:45 +0000 (23:38 +0000)]
Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap().
Dr. Stephen Henson [Mon, 13 Sep 2004 22:39:49 +0000 (22:39 +0000)]
Oops, forgot to reorder extension request nids.
Dr. Stephen Henson [Mon, 13 Sep 2004 22:30:31 +0000 (22:30 +0000)]
ASN1_STRING_to_UTF8() assumed that the MBSTRING_* flags were of
the form MBSTRING_FLAG|nbyte where "nbyte" is the number of
bytes per character.
Unfortunately this isn't so and we can't change the #defines because
this would break binary compatibility, so for 0.9.7X only translate
between the two.
Richard Levitte [Sat, 11 Sep 2004 09:45:41 +0000 (09:45 +0000)]
Makefile.ssl changed name to Makefile...
Dr. Stephen Henson [Fri, 10 Sep 2004 20:27:45 +0000 (20:27 +0000)]
Stop warning.
Dr. Stephen Henson [Fri, 10 Sep 2004 20:26:30 +0000 (20:26 +0000)]
When looking for request extensions in a certificate look first
for the PKCS#9 OID then the non standard MS OID.
Richard Levitte [Mon, 6 Sep 2004 14:21:14 +0000 (14:21 +0000)]
num is an unsigned long, but since it was transfered from
crypto/sha/sha_locl.h, where it is in fact an int, we need to check
for less-than-zero as if it was an int...
Richard Levitte [Mon, 6 Sep 2004 14:19:59 +0000 (14:19 +0000)]
Replace the bogus checks of n with proper uses of feof(), ferror() and
clearerr().
Andy Polyakov [Mon, 23 Aug 2004 22:28:27 +0000 (22:28 +0000)]
Sync aes_ctr.c with HEAD.
Richard Levitte [Wed, 18 Aug 2004 15:48:22 +0000 (15:48 +0000)]
'compatibility', not 'computability' :-)...
Richard Levitte [Wed, 11 Aug 2004 20:34:12 +0000 (20:34 +0000)]
Another missing module in the VMS build files. I believe this is the
last, though...
Richard Levitte [Wed, 11 Aug 2004 17:41:17 +0000 (17:41 +0000)]
Stupid casts...
Dr. Stephen Henson [Wed, 11 Aug 2004 17:24:42 +0000 (17:24 +0000)]
Update FAQ.
Dr. Stephen Henson [Tue, 10 Aug 2004 17:40:31 +0000 (17:40 +0000)]
Make ASN1_INTEGER_cmp() work as expected with negative integers.
Richard Levitte [Tue, 10 Aug 2004 10:04:13 +0000 (10:04 +0000)]
With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED to
get struct timeval and gettimeofday().
Richard Levitte [Tue, 10 Aug 2004 09:11:07 +0000 (09:11 +0000)]
Update the VMS fips library builder with the DH library.
Richard Levitte [Tue, 10 Aug 2004 09:09:08 +0000 (09:09 +0000)]
make update
Richard Levitte [Mon, 9 Aug 2004 12:14:08 +0000 (12:14 +0000)]
Correct typos and include directory specifications.
Richard Levitte [Mon, 9 Aug 2004 12:13:36 +0000 (12:13 +0000)]
In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM...
Dr. Stephen Henson [Fri, 6 Aug 2004 12:43:54 +0000 (12:43 +0000)]
In ca.c setup engine after autoconfig so any dynamic engines are visible.
Dr. Stephen Henson [Thu, 5 Aug 2004 18:11:43 +0000 (18:11 +0000)]
Stop compiler giving bogus shadow warning.
Dr. Stephen Henson [Thu, 5 Aug 2004 18:10:46 +0000 (18:10 +0000)]
Don't ignore return values of EVP_DigestInit_ex() in md BIOs and dgst.
Richard Levitte [Mon, 2 Aug 2004 14:15:07 +0000 (14:15 +0000)]
Let's lock a write lock when changing values, shall we?
Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk> for making
me aware of this error.
Richard Levitte [Fri, 30 Jul 2004 14:38:02 +0000 (14:38 +0000)]
To protect FIPS-related global variables, add locking mechanisms
around them.
NOTE: because two new locks are added, this adds potential binary
incompatibility with earlier versions in the 0.9.7 series. However,
those locks will only ever be touched when FIPS_mode_set() is called
and after, thanks to a variable that's only changed from 0 to 1 once
(when FIPS_mode_set() is called). So basically, as long as FIPS mode
hasn't been engaged explicitely by the calling application, the new
locks are treated as if they didn't exist at all, thus not becoming a
problem. Applications that are built or rebuilt to use FIPS
functionality will need to be recompiled in any case, thus not being a
problem either.
Richard Levitte [Thu, 29 Jul 2004 22:26:57 +0000 (22:26 +0000)]
We're building crypto stuff, not ssl stuff. Additionally, we're in
the fips subdirectory, not the crypto one...
Richard Levitte [Thu, 29 Jul 2004 22:26:03 +0000 (22:26 +0000)]
We build the crypto stuff, not the ssl stuff, in this command procedure...
Richard Levitte [Wed, 28 Jul 2004 13:47:58 +0000 (13:47 +0000)]
Define OPENSSL_FIPS in opensslconf.h if a logical name with the same
name is defined.
Go up one directory level before dealing with FIPS stuff.
Richard Levitte [Wed, 28 Jul 2004 02:24:48 +0000 (02:24 +0000)]
From the FIPS directory, darnit!
Dr. Stephen Henson [Tue, 27 Jul 2004 18:28:49 +0000 (18:28 +0000)]
New cipher "strength" FIPS which specifies that a
cipher suite is FIPS compatible.
New cipherstring "FIPS" is all FIPS compatible ciphersuites except eNULL.
Only allow FIPS ciphersuites in FIPS mode.
Richard Levitte [Tue, 27 Jul 2004 14:09:13 +0000 (14:09 +0000)]
Typo
Richard Levitte [Tue, 27 Jul 2004 13:58:25 +0000 (13:58 +0000)]
The compiler may complain about what looks like a double definition of a
static variable
Dr. Stephen Henson [Tue, 27 Jul 2004 12:22:08 +0000 (12:22 +0000)]
Rename libcrypto.sha1 to libcrypto.a.sha1
Dr. Stephen Henson [Tue, 27 Jul 2004 00:20:41 +0000 (00:20 +0000)]
Add FIPS name to error library.
Dr. Stephen Henson [Tue, 27 Jul 2004 00:17:46 +0000 (00:17 +0000)]
Stop compiler warnings.
Andy Polyakov [Sat, 24 Jul 2004 13:40:47 +0000 (13:40 +0000)]
Add casts where casts due. It's "safe" to cast, because "wrong" casts
will either be optimized away or never performed. The trouble is that
compiler first parses code, then optimizes, not both at once...
Ben Laurie [Fri, 23 Jul 2004 13:20:32 +0000 (13:20 +0000)]
Convert to X9.31.
Andy Polyakov [Thu, 22 Jul 2004 16:39:48 +0000 (16:39 +0000)]
Proper WinCE support for listing files. "Backported" from HEAD.
Dr. Stephen Henson [Wed, 21 Jul 2004 17:41:26 +0000 (17:41 +0000)]
When in FIPS mode write private keys in PKCS#8 and PBES2 format to
avoid use of prohibited MD5 algorithm.
Dr. Stephen Henson [Wed, 21 Jul 2004 17:35:49 +0000 (17:35 +0000)]
Avoid compiler warnings.
Andy Polyakov [Wed, 21 Jul 2004 17:18:53 +0000 (17:18 +0000)]
Make rand_win.c UNICODE savvy. "Backport" from HEAD.
Richard Levitte [Mon, 19 Jul 2004 07:49:47 +0000 (07:49 +0000)]
Since version 7.0, The C RTL in VMS handles time in terms of UTC
instead of local time.
Andy Polyakov [Sat, 17 Jul 2004 13:27:38 +0000 (13:27 +0000)]
Sync with HEAD. Up to >20% overall performance improvement.
Andy Polyakov [Sat, 17 Jul 2004 12:54:54 +0000 (12:54 +0000)]
IA-64 is intolerant to misaligned access. It was a problem on Win64 as
we were mislead by _MSC_VER macro, which is defined by *all* Windows
Microsoft compilers.
Andy Polyakov [Sat, 17 Jul 2004 12:48:35 +0000 (12:48 +0000)]
Eliminate enforced -g from CFLAGS. It switches off optimization with some
compilers, e.g. DEC C.
Ben Laurie [Mon, 12 Jul 2004 17:59:50 +0000 (17:59 +0000)]
Corrected test program.
Richard Levitte [Mon, 12 Jul 2004 12:25:56 +0000 (12:25 +0000)]
I think it could be a good thing to know what went wrong with the tests...
Bodo Möller [Mon, 12 Jul 2004 06:24:21 +0000 (06:24 +0000)]
improve wording
Bodo Möller [Sun, 11 Jul 2004 09:29:41 +0000 (09:29 +0000)]
BIS correction/addition
Richard Levitte [Thu, 8 Jul 2004 08:32:51 +0000 (08:32 +0000)]
o_str.c: Windows doesn't have <strings.h>, and since we use _strnicmp() and
_stricmp() on that platform, use the appropriate header file for it,
<string.h>.
o_str.h: we only want to get size_t, which is defined in <stddef.h>.
Philippe Bougeret <philippe.bougeret@freesbee.fr> notified us about Windows
not having a <strings.h>
Dr. Stephen Henson [Tue, 6 Jul 2004 17:26:33 +0000 (17:26 +0000)]
Delta CRL support in extension code.
Dr. Stephen Henson [Tue, 6 Jul 2004 17:25:11 +0000 (17:25 +0000)]
Ooops, missed part of PKCS#8 patch.
Dr. Stephen Henson [Sun, 4 Jul 2004 16:36:58 +0000 (16:36 +0000)]
Fix memory leak.
Dr. Stephen Henson [Thu, 1 Jul 2004 18:50:12 +0000 (18:50 +0000)]
Don't try to parse none string types.
Richard Levitte [Thu, 1 Jul 2004 12:33:44 +0000 (12:33 +0000)]
Explain a little better what BN_num_bits() and BN_num_bits_word() do.
Add a note as to how these functions do not always return the key size, and
how one can deal with that.
PR: 907
Richard Levitte [Mon, 28 Jun 2004 22:01:07 +0000 (22:01 +0000)]
Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>.
PR: 499
Richard Levitte [Mon, 28 Jun 2004 20:33:35 +0000 (20:33 +0000)]
Make sure the FIPS stuff is only really compiled when in FIPS mode.
Richard Levitte [Mon, 28 Jun 2004 16:32:14 +0000 (16:32 +0000)]
Make the tests of EVP operations without padding. As a consequence,
there's no need for a larger BUFSIZE any more...
PR: 904
Richard Levitte [Mon, 28 Jun 2004 12:23:40 +0000 (12:23 +0000)]
Make sure that the buffers are large enough to contain padding.
PR: 904
Richard Levitte [Mon, 28 Jun 2004 10:31:09 +0000 (10:31 +0000)]
Linux on ARM needs -ldl
PR: 905
Dr. Stephen Henson [Thu, 24 Jun 2004 13:05:50 +0000 (13:05 +0000)]
Memory leak fixes from main branch.
Dr. Stephen Henson [Thu, 24 Jun 2004 12:54:38 +0000 (12:54 +0000)]
Reformat source for pkcs8.c
Dr. Stephen Henson [Thu, 24 Jun 2004 12:31:48 +0000 (12:31 +0000)]
Return an error if an attempt is made to encode or decode
cipher ASN1 parameters and the cipher doesn't support it.
Dr. Stephen Henson [Thu, 24 Jun 2004 12:12:43 +0000 (12:12 +0000)]
Include <string.h> to get definition of strcmp.
Richard Levitte [Mon, 21 Jun 2004 18:05:53 +0000 (18:05 +0000)]
Standard sh doesn't tolerate ! as part of the conditional command.
PR: 900
Richard Levitte [Mon, 21 Jun 2004 09:07:41 +0000 (09:07 +0000)]
Make sure we don't try to loop over an empty EXHEADER. In the
Makefiles where this was fixed by commenting away code, change it to
check for an empty EXHEADER instead, so we have less hassle in a
future where EXHEADER changes.
PR: 900
Ben Laurie [Sat, 19 Jun 2004 13:54:59 +0000 (13:54 +0000)]
Add primality tester.
Ben Laurie [Sat, 19 Jun 2004 13:32:28 +0000 (13:32 +0000)]
Make make tags make tags.
Ben Laurie [Sat, 19 Jun 2004 13:18:01 +0000 (13:18 +0000)]
Update ignores.
Ben Laurie [Sat, 19 Jun 2004 13:16:51 +0000 (13:16 +0000)]
Add Diffie-Hellman to FIPS.
Ben Laurie [Sat, 19 Jun 2004 13:15:35 +0000 (13:15 +0000)]
The version that was actually submitted for FIPS testing.
Richard Levitte [Tue, 15 Jun 2004 11:46:06 +0000 (11:46 +0000)]
Typo, setting the first element of nids[] to NULL instead of setting
*cnids.
Lutz Jänicke [Mon, 14 Jun 2004 13:26:47 +0000 (13:26 +0000)]
More precise explanation of session id context requirements.
Richard Levitte [Thu, 27 May 2004 10:19:04 +0000 (10:19 +0000)]
Make sure o_str.h is reachable.
Richard Levitte [Thu, 27 May 2004 10:07:04 +0000 (10:07 +0000)]
Run an installation of FIPS stuff as well.
Richard Levitte [Thu, 27 May 2004 10:04:40 +0000 (10:04 +0000)]
Compile the FIPS directory on VMS as well. fips-lib.com is
essentially a copy of crypto-lib.com, with just a few edits.
Richard Levitte [Thu, 27 May 2004 09:33:10 +0000 (09:33 +0000)]
Copy the FIPS files to the temporary openssl include directory.
Richard Levitte [Wed, 19 May 2004 14:16:33 +0000 (14:16 +0000)]
Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation for
size_t-ification of those algorithms in future version of OpenSSL...
Andy Polyakov [Mon, 17 May 2004 15:37:26 +0000 (15:37 +0000)]
Make reservations in FIPS code for upcoming size_t-fication of OpenSSL API.
And couple of bug-fixes in fips/rand code [return without lock release and
incorrect return value in fips_rand_bytes].
Richard Levitte [Mon, 17 May 2004 04:47:26 +0000 (04:47 +0000)]
Typo corretced.
Richard Levitte [Mon, 17 May 2004 04:40:49 +0000 (04:40 +0000)]
Rewrite the usage to avoid confusion.
Richard Levitte [Mon, 17 May 2004 04:39:00 +0000 (04:39 +0000)]
Make it possible for the user to choose the digest used to create the
key.
Richard Levitte [Mon, 17 May 2004 04:31:14 +0000 (04:31 +0000)]
When in FIPS mode, use SHA1 to digest the key, rather than MD5, as MD5
isn't a FIPS-approved algorithm.
Note: this means the user needs to keep track of this, and we need to
add support for that...
Richard Levitte [Mon, 17 May 2004 04:30:06 +0000 (04:30 +0000)]
Make sure the applications know when we are running in FIPS mode. We
can't use the variable in libcrypto, since it's supposedly unknown.
Note: currently only supported in MONOLITH mode.
Richard Levitte [Mon, 17 May 2004 04:28:31 +0000 (04:28 +0000)]
Generate SHA1 files on Windows and other platforms supported by
mk1mf.pl, when building in FIPS mode.
Note: UNTESTED!
Ben Laurie [Sat, 15 May 2004 17:51:26 +0000 (17:51 +0000)]
Fix self-tests, ban some things in FIPS mode, fix copyrights.
Dr. Stephen Henson [Sat, 15 May 2004 17:46:50 +0000 (17:46 +0000)]
Fixes so alerts are sent properly in s3_pkt.c
PR: 851
Ben Laurie [Sat, 15 May 2004 16:39:23 +0000 (16:39 +0000)]
Check error returns.
Richard Levitte [Fri, 14 May 2004 17:55:59 +0000 (17:55 +0000)]
Reimplement old functions, so older software that link to libcrypto
don't crash and burn.
Richard Levitte [Fri, 14 May 2004 17:54:18 +0000 (17:54 +0000)]
All EVP_*_cfb functions have changed names to EVP_*_cfb64 or
EVP_*_cfb128.