oweals/openssl.git
21 years agoDetect correctly that we're in FIPS mode.
Richard Levitte [Mon, 29 Sep 2003 18:46:31 +0000 (18:46 +0000)]
Detect correctly that we're in FIPS mode.
Don't run testfipsssl unless in FIPS mode.

21 years agoRecent changes from 0.9.7-stable
Richard Levitte [Mon, 29 Sep 2003 15:10:24 +0000 (15:10 +0000)]
Recent changes from 0.9.7-stable

21 years agoSynchronise util/libeay.num with the 0.9.7-stable one.
Richard Levitte [Sun, 28 Sep 2003 09:26:37 +0000 (09:26 +0000)]
Synchronise util/libeay.num with the 0.9.7-stable one.
Correct some depend targets in the fips directory tree.
make update

21 years agoRecent changes from 0.9.7-stable
Richard Levitte [Sun, 28 Sep 2003 09:07:11 +0000 (09:07 +0000)]
Recent changes from 0.9.7-stable

21 years agoDSA self-test.
Ben Laurie [Sat, 27 Sep 2003 20:07:17 +0000 (20:07 +0000)]
DSA self-test.

21 years agoSelftest RSA and some fixes.
Ben Laurie [Sat, 27 Sep 2003 15:54:43 +0000 (15:54 +0000)]
Selftest RSA and some fixes.

21 years agoRecent changes from 0.9.7-stable.
Richard Levitte [Sat, 27 Sep 2003 10:13:11 +0000 (10:13 +0000)]
Recent changes from 0.9.7-stable.

21 years agoMake FIPS work again.
Ben Laurie [Thu, 25 Sep 2003 20:04:40 +0000 (20:04 +0000)]
Make FIPS work again.

21 years agoConstification.
Ben Laurie [Thu, 25 Sep 2003 20:01:57 +0000 (20:01 +0000)]
Constification.

21 years agoUse OPENSSL_FIPS instead of FIPS.
Richard Levitte [Thu, 25 Sep 2003 12:24:52 +0000 (12:24 +0000)]
Use OPENSSL_FIPS instead of FIPS.

21 years agoUhmm, o_str.o, not o_str.c...
Richard Levitte [Thu, 25 Sep 2003 12:22:46 +0000 (12:22 +0000)]
Uhmm, o_str.o, not o_str.c...

21 years agoIn order to get the expected self signed error when
Dr. Stephen Henson [Sun, 21 Sep 2003 02:12:36 +0000 (02:12 +0000)]
In order to get the expected self signed error when
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.

21 years agoMissing file.
Ben Laurie [Sun, 14 Sep 2003 13:01:54 +0000 (13:01 +0000)]
Missing file.

21 years agoDon't debug.
Ben Laurie [Sat, 13 Sep 2003 20:41:53 +0000 (20:41 +0000)]
Don't debug.

21 years agoMake TLSv1 work in FIPS mode.
Ben Laurie [Sat, 13 Sep 2003 17:03:54 +0000 (17:03 +0000)]
Make TLSv1 work in FIPS mode.

21 years agoAdd a debug flag.
Ben Laurie [Sat, 13 Sep 2003 16:57:56 +0000 (16:57 +0000)]
Add a debug flag.

21 years agoTemporarily remove FIPS test that doesn't work.
Ben Laurie [Sat, 13 Sep 2003 13:36:13 +0000 (13:36 +0000)]
Temporarily remove FIPS test that doesn't work.

21 years agoAdd RSA to FIPS.
Ben Laurie [Thu, 11 Sep 2003 21:37:01 +0000 (21:37 +0000)]
Add RSA to FIPS.

21 years agomake update
Richard Levitte [Wed, 10 Sep 2003 09:15:22 +0000 (09:15 +0000)]
make update

21 years agoInclude "e_os.h" instead of "../e_os.h", and trust the building
Richard Levitte [Wed, 10 Sep 2003 09:15:09 +0000 (09:15 +0000)]
Include "e_os.h" instead of "../e_os.h", and trust the building
procedure to give the correct -I options to the compiler.  This is
*especially* true for test programs that appear in two places, with
different paths to e_os.h depending on where they are built.

21 years agoInclude openssl/fips.h outside of the check for FIPS, so make depend
Richard Levitte [Wed, 10 Sep 2003 09:06:01 +0000 (09:06 +0000)]
Include openssl/fips.h outside of the check for FIPS, so make depend
doesn't differ between FIPS and non-FIPS modes.

21 years agoWe currently define FIPS, not OPENSSL_FIPS. The reason for this is
Richard Levitte [Wed, 10 Sep 2003 09:05:06 +0000 (09:05 +0000)]
We currently define FIPS, not OPENSSL_FIPS.  The reason for this is
(probably) that FIPS is an entirely internal macro, and is not
accessible by third-party authors.

21 years agoUse BIO_snprintf() instead of snprintf().
Dr. Stephen Henson [Wed, 10 Sep 2003 00:44:53 +0000 (00:44 +0000)]
Use BIO_snprintf() instead of snprintf().

Update hashes.

21 years agoTypo.
Dr. Stephen Henson [Wed, 10 Sep 2003 00:16:42 +0000 (00:16 +0000)]
Typo.

21 years agoInclude e_os.h in a few cases (to pick up
Dr. Stephen Henson [Wed, 10 Sep 2003 00:10:34 +0000 (00:10 +0000)]
Include e_os.h in a few cases (to pick up
str(n)icmp defs).

Disable a few tests if not FIPS.

21 years agoUpdate hashes. Fix a few typos in o_str.c
Dr. Stephen Henson [Tue, 9 Sep 2003 23:43:29 +0000 (23:43 +0000)]
Update hashes. Fix a few typos in o_str.c

21 years agomake update
Richard Levitte [Tue, 9 Sep 2003 16:39:41 +0000 (16:39 +0000)]
make update

21 years agoMove the FIPS check so make depend doesn't give different results
Richard Levitte [Tue, 9 Sep 2003 16:38:16 +0000 (16:38 +0000)]
Move the FIPS check so make depend doesn't give different results
depending on FIPS mode.

21 years agoGeneralise the definition of strcasecmp() and strncasecmp() for
Richard Levitte [Tue, 9 Sep 2003 14:48:52 +0000 (14:48 +0000)]
Generalise the definition of strcasecmp() and strncasecmp() for
platforms that don't (necessarely) have it.  In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).

21 years agoThis commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
cvs2svn [Tue, 9 Sep 2003 14:48:37 +0000 (14:48 +0000)]
This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
0_9_7-stable'.

21 years agoGeneralise the definition of strcasecmp() and strncasecmp() for
Richard Levitte [Tue, 9 Sep 2003 14:48:36 +0000 (14:48 +0000)]
Generalise the definition of strcasecmp() and strncasecmp() for
platforms that don't (necessarely) have it.  In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).

21 years agoTest data files should not be part of the TEST value, or util/mk1mf.pl
Richard Levitte [Tue, 9 Sep 2003 09:10:45 +0000 (09:10 +0000)]
Test data files should not be part of the TEST value, or util/mk1mf.pl
gets confused...  The separate TESTDATA variable was inspired from
crypto/evp/Makefile.ssl.

21 years agoPut #ifdef FIPS round FIPS DSA_generate_parameters .
Dr. Stephen Henson [Mon, 8 Sep 2003 17:01:48 +0000 (17:01 +0000)]
Put #ifdef FIPS round FIPS DSA_generate_parameters .
#if 0 unimplemented ciphers so mkdef.pl doesn't pick
them up.

21 years agoRecent changes from 0.9.7-stable.
Richard Levitte [Mon, 8 Sep 2003 16:49:37 +0000 (16:49 +0000)]
Recent changes from 0.9.7-stable.

21 years agoMake it builadable in non-FIPS mode.
Richard Levitte [Mon, 8 Sep 2003 16:43:55 +0000 (16:43 +0000)]
Make it builadable in non-FIPS mode.

The current solution is very Unix-bound, and there is probably a better way to do this.

21 years agoThese should be write-locks, not read-locks.
Geoff Thorpe [Mon, 8 Sep 2003 15:47:55 +0000 (15:47 +0000)]
These should be write-locks, not read-locks.

21 years agoincluded <string.h> in fips.c to pick up
Dr. Stephen Henson [Mon, 8 Sep 2003 12:49:08 +0000 (12:49 +0000)]
included <string.h> in fips.c to pick up
memcmp definition.

update fips_make_sha1 to use fips_err.h

update hashes.

21 years agoUpdate dependencies.
Dr. Stephen Henson [Mon, 8 Sep 2003 12:39:13 +0000 (12:39 +0000)]
Update dependencies.

21 years agoMore files to ignore.
Richard Levitte [Mon, 8 Sep 2003 11:37:31 +0000 (11:37 +0000)]
More files to ignore.

21 years agoIgnore the directory rsp (introduced when running tests).
Richard Levitte [Mon, 8 Sep 2003 11:36:32 +0000 (11:36 +0000)]
Ignore the directory rsp (introduced when running tests).

21 years agoSome more files to ignore.
Richard Levitte [Mon, 8 Sep 2003 11:35:23 +0000 (11:35 +0000)]
Some more files to ignore.

21 years agoSince fips_err is really just used as a header by fips_err_wrapper.c,
Richard Levitte [Mon, 8 Sep 2003 11:33:07 +0000 (11:33 +0000)]
Since fips_err is really just used as a header by fips_err_wrapper.c,
let's change it's suffix from .c to .h.  This also avoids some
otherwise very mysterious (and probably sensible from a historical
point of view :-)) name changes done by mk1mf.pl.

21 years agoWhen building the FIPS test binaries, also build the corresponding
Richard Levitte [Mon, 8 Sep 2003 10:00:23 +0000 (10:00 +0000)]
When building the FIPS test binaries, also build the corresponding
fingerprints.

21 years agoRemove some unneeded space.
Richard Levitte [Mon, 8 Sep 2003 09:59:43 +0000 (09:59 +0000)]
Remove some unneeded space.

21 years agoUse $(TOP) instead of ../.. as much as possible.
Richard Levitte [Mon, 8 Sep 2003 09:59:11 +0000 (09:59 +0000)]
Use $(TOP) instead of ../.. as much as possible.

21 years agoBecause of changes in Makefile.ssl, the files got reordered.
Richard Levitte [Mon, 8 Sep 2003 09:57:57 +0000 (09:57 +0000)]
Because of changes in Makefile.ssl, the files got reordered.

21 years agoProduce libcrypto.sha1 directly after building the libraries.
Richard Levitte [Mon, 8 Sep 2003 09:57:27 +0000 (09:57 +0000)]
Produce libcrypto.sha1 directly after building the libraries.
Otherwise, the test target will fail because libcrypto.sha1 is missing
or not up to date.

21 years agomake update.
Richard Levitte [Mon, 8 Sep 2003 09:17:36 +0000 (09:17 +0000)]
make update.

21 years agofips_err.c doesn't belong with the headers.
Richard Levitte [Mon, 8 Sep 2003 09:17:13 +0000 (09:17 +0000)]
fips_err.c doesn't belong with the headers.

21 years agoInclude all the fips directories.
Richard Levitte [Mon, 8 Sep 2003 09:16:39 +0000 (09:16 +0000)]
Include all the fips directories.

21 years agoHandle the "fips" option.
Richard Levitte [Mon, 8 Sep 2003 09:16:17 +0000 (09:16 +0000)]
Handle the "fips" option.

21 years agoMissing file.
Ben Laurie [Sun, 7 Sep 2003 11:13:54 +0000 (11:13 +0000)]
Missing file.

21 years agoSamples.
Ben Laurie [Sun, 7 Sep 2003 10:59:34 +0000 (10:59 +0000)]
Samples.

21 years agoAdd samples.
Ben Laurie [Sun, 7 Sep 2003 10:53:13 +0000 (10:53 +0000)]
Add samples.

21 years agoFix signed/unsigned warning.
Dr. Stephen Henson [Sat, 6 Sep 2003 16:57:16 +0000 (16:57 +0000)]
Fix signed/unsigned warning.

21 years agoAdd fingerprint chain and checking.
Ben Laurie [Sat, 6 Sep 2003 13:31:40 +0000 (13:31 +0000)]
Add fingerprint chain and checking.

21 years agoMake the problem clearer.
Ben Laurie [Sat, 6 Sep 2003 10:41:27 +0000 (10:41 +0000)]
Make the problem clearer.

21 years agoInclude e_os.h to get the proper definition of OPENSSL_UNISTD, and use
Richard Levitte [Fri, 5 Sep 2003 14:09:40 +0000 (14:09 +0000)]
Include e_os.h to get the proper definition of OPENSSL_UNISTD, and use
that macro.

It's possible that OPENSSL_UNISTD_IO should be used instead of
OPENSSL_UNISTD, for the MSDOS case...

21 years agomake update
Richard Levitte [Fri, 5 Sep 2003 13:41:04 +0000 (13:41 +0000)]
make update

21 years agoALWAYS check the standalone source.
Richard Levitte [Fri, 5 Sep 2003 13:37:28 +0000 (13:37 +0000)]
ALWAYS check the standalone source.
make update.

21 years agoMake sure the compilation of the FIPS stuff goes through even in
Richard Levitte [Fri, 5 Sep 2003 13:26:52 +0000 (13:26 +0000)]
Make sure the compilation of the FIPS stuff goes through even in
non-FIPS mode.

Update the appropriate fingerprints accordingly.
(something is weird, someone else was working on the same stuff, and
removed fips_sha1_selftest.c from fips/sha1/standalone.sha1...)

21 years agoFix signed/unsigned warnings and C++ comments. Update hashes
Dr. Stephen Henson [Fri, 5 Sep 2003 13:00:34 +0000 (13:00 +0000)]
Fix signed/unsigned warnings and C++ comments. Update hashes

21 years agoInclude string.h and stdlib.h where needed, to avoid warnings about
Richard Levitte [Fri, 5 Sep 2003 12:22:21 +0000 (12:22 +0000)]
Include string.h and stdlib.h where needed, to avoid warnings about
strlen(), memcmp(), exit() and others to be used without a proper
declaration.

Update the appropriate fingerprints accordingly.

21 years agoMissing files.
Ben Laurie [Thu, 4 Sep 2003 16:46:42 +0000 (16:46 +0000)]
Missing files.

21 years agocertain changes have to be listed twice in this file because OpenSSL
Bodo Möller [Thu, 4 Sep 2003 12:52:56 +0000 (12:52 +0000)]
certain changes have to be listed twice in this file because OpenSSL
0.9.6h forked into 0.9.6i and 0.9.7 ...

21 years agoAutomagically seed FIPS PRNG. Add OPENSSL_FIPS flag.
Ben Laurie [Thu, 4 Sep 2003 10:22:13 +0000 (10:22 +0000)]
Automagically seed FIPS PRNG. Add OPENSSL_FIPS flag.

21 years ago-DFIPS may be the last thing on the line.
Ben Laurie [Thu, 4 Sep 2003 09:04:24 +0000 (09:04 +0000)]
-DFIPS may be the last thing on the line.

21 years agoSelftests.
Ben Laurie [Thu, 4 Sep 2003 07:17:43 +0000 (07:17 +0000)]
Selftests.

21 years agoNew -ignore_err option in ocsp application to stop the server
Dr. Stephen Henson [Wed, 3 Sep 2003 23:56:01 +0000 (23:56 +0000)]
New -ignore_err option in ocsp application to stop the server
exiting on the first error in a request.

21 years agoOnly accept a client certificate if the server requests
Dr. Stephen Henson [Wed, 3 Sep 2003 23:47:34 +0000 (23:47 +0000)]
Only accept a client certificate if the server requests
one, as required by SSL/TLS specs.

21 years agoDSA stuff and tests.
Ben Laurie [Wed, 3 Sep 2003 14:11:33 +0000 (14:11 +0000)]
DSA stuff and tests.

21 years agoMore test vectors.
Ben Laurie [Sun, 31 Aug 2003 09:50:11 +0000 (09:50 +0000)]
More test vectors.

21 years agoAdd test.
Ben Laurie [Sun, 31 Aug 2003 08:52:39 +0000 (08:52 +0000)]
Add test.

21 years agoHandle 3DES tests.
Ben Laurie [Sat, 30 Aug 2003 17:28:08 +0000 (17:28 +0000)]
Handle 3DES tests.

21 years agoAdd 3-DES CFB-r mode (no test vectors yet).
Ben Laurie [Sat, 30 Aug 2003 15:50:26 +0000 (15:50 +0000)]
Add 3-DES CFB-r mode (no test vectors yet).

21 years agoUpdated test vectors (probably incorrect, but who am I to question?).
Ben Laurie [Sat, 30 Aug 2003 15:35:37 +0000 (15:35 +0000)]
Updated test vectors (probably incorrect, but who am I to question?).

21 years agoOops. Need to allocate extra buffer.
Ben Laurie [Sat, 30 Aug 2003 14:49:08 +0000 (14:49 +0000)]
Oops. Need to allocate extra buffer.

21 years agoBuild the test program when needed.
Ben Laurie [Sat, 30 Aug 2003 13:19:03 +0000 (13:19 +0000)]
Build the test program when needed.

21 years agoRemove unused functions/data.
Ben Laurie [Fri, 29 Aug 2003 18:58:03 +0000 (18:58 +0000)]
Remove unused functions/data.

21 years agooutlen should be int * in out_utf8.
Dr. Stephen Henson [Thu, 21 Aug 2003 12:32:12 +0000 (12:32 +0000)]
outlen should be int * in out_utf8.

21 years agofix out-of-bounds check in lock_dbg_cb (was too lose to detect all
Bodo Möller [Thu, 14 Aug 2003 10:33:56 +0000 (10:33 +0000)]
fix out-of-bounds check in lock_dbg_cb (was too lose to detect all
invalid cases)

PR: 674

21 years agoUndo the change that left LD_LIBRARY_PATH unchanged. The errors I saw
Richard Levitte [Thu, 14 Aug 2003 07:02:27 +0000 (07:02 +0000)]
Undo the change that left LD_LIBRARY_PATH unchanged.  The errors I saw
weren't due to that, but to a change on the SCO machines I used for
testing, where my $PATH was suddenly incorrect.

21 years agomake sure no error is left in the queue that is intentionally ignored
Bodo Möller [Mon, 11 Aug 2003 18:56:22 +0000 (18:56 +0000)]
make sure no error is left in the queue that is intentionally ignored

21 years agoMake sure the order matches the command line in Makefile.ssl.
Richard Levitte [Mon, 11 Aug 2003 10:31:21 +0000 (10:31 +0000)]
Make sure the order matches the command line in Makefile.ssl.

21 years ago- Add a configuration keyword "fips" to compile with FIPS
Richard Levitte [Mon, 11 Aug 2003 10:24:52 +0000 (10:24 +0000)]
- Add a configuration keyword "fips" to compile with FIPS
  implementations.
- Reorder the build so the standalone FIPS SHA1 checker is built
  first.
- Add necessary defines to avoid symbol clashes between FIPS and
  non-FIPS implementations.
- Change necessary signatures.
- Correct bugs in FIPS build Makefiles.
- make update

21 years agoThis commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
cvs2svn [Fri, 8 Aug 2003 10:08:15 +0000 (10:08 +0000)]
This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
0_9_7-stable'.

21 years agoAvoid clashing with the regular DES functions when not compiling with
Richard Levitte [Fri, 8 Aug 2003 10:08:14 +0000 (10:08 +0000)]
Avoid clashing with the regular DES functions when not compiling with
-DFIPS.  This is basically only visible when building with shared
library supoort...

21 years agoCorrect two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:
Richard Levitte [Thu, 7 Aug 2003 11:57:42 +0000 (11:57 +0000)]
Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:

1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
   not CloseHandle.

21 years agoCorrect two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:
Richard Levitte [Thu, 7 Aug 2003 11:57:21 +0000 (11:57 +0000)]
Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:

1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
   not CloseHandle.

21 years agoadd OpenSSL license
Bodo Möller [Wed, 6 Aug 2003 10:38:37 +0000 (10:38 +0000)]
add OpenSSL license

fix typo

21 years agoadd OpenSSL license
Bodo Möller [Wed, 6 Aug 2003 10:36:25 +0000 (10:36 +0000)]
add OpenSSL license

fix typo

21 years agomake update
Richard Levitte [Mon, 4 Aug 2003 13:26:14 +0000 (13:26 +0000)]
make update

(I'm quite worried about what this will do to compatibility with
earlier 0.9.7 versions)

21 years agoAdd an empty list of AES tests. At least, the test suite will pass,
Richard Levitte [Mon, 4 Aug 2003 12:03:56 +0000 (12:03 +0000)]
Add an empty list of AES tests.  At least, the test suite will pass,
and perhaps the conflict this generates on the person that hasn't yet
committed the real file will prompt him to do so :-).

21 years agoInclusion of openssl/engine.h should always be wrapped with a check that
Richard Levitte [Mon, 4 Aug 2003 10:12:38 +0000 (10:12 +0000)]
Inclusion of openssl/engine.h should always be wrapped with a check that
OPENSSL_NO_ENGINE is not defined.

21 years agoInclusion of openssl/engine.h should always be wrapped with a check that
Richard Levitte [Mon, 4 Aug 2003 10:12:36 +0000 (10:12 +0000)]
Inclusion of openssl/engine.h should always be wrapped with a check that
OPENSSL_NO_ENGINE is not defined.

21 years agoMake tests work (CFB1 still doesn't produce the right answers, strangely).
Ben Laurie [Sun, 3 Aug 2003 12:22:35 +0000 (12:22 +0000)]
Make tests work (CFB1 still doesn't produce the right answers, strangely).

21 years agoMake the EFB NIDs have empty OIDs aliased to the real EFB OID.
Dr. Stephen Henson [Fri, 1 Aug 2003 17:06:48 +0000 (17:06 +0000)]
Make the EFB NIDs have empty OIDs aliased to the real EFB OID.

21 years agoReplace C++ style comments.
Dr. Stephen Henson [Fri, 1 Aug 2003 13:07:29 +0000 (13:07 +0000)]
Replace C++ style comments.

21 years agoDES CFB8 test.
Ben Laurie [Fri, 1 Aug 2003 10:31:25 +0000 (10:31 +0000)]
DES CFB8 test.

21 years agoFix DES CFB-r.
Ben Laurie [Fri, 1 Aug 2003 10:25:58 +0000 (10:25 +0000)]
Fix DES CFB-r.