oweals/openssl.git
20 years agomake update
Dr. Stephen Henson [Mon, 25 Oct 2004 00:04:22 +0000 (00:04 +0000)]
make update

20 years agoStop VC++ complaining...
Dr. Stephen Henson [Wed, 20 Oct 2004 17:24:06 +0000 (17:24 +0000)]
Stop VC++ complaining...

20 years agoUpdate NEWS file.
Dr. Stephen Henson [Wed, 20 Oct 2004 00:54:27 +0000 (00:54 +0000)]
Update NEWS file.

20 years agoTypo.
Dr. Stephen Henson [Wed, 20 Oct 2004 00:48:15 +0000 (00:48 +0000)]
Typo.

20 years agomake update
Richard Levitte [Thu, 14 Oct 2004 05:52:07 +0000 (05:52 +0000)]
make update

20 years agoWe need to check for OPENSSL_FIPS when building shared libraries, so
Richard Levitte [Thu, 14 Oct 2004 05:51:15 +0000 (05:51 +0000)]
We need to check for OPENSSL_FIPS when building shared libraries, so
we get correct transfer vectors for those functions when required.

20 years agoBecause libraries on Windows lack useful version information, the zlib
Richard Levitte [Thu, 14 Oct 2004 05:49:01 +0000 (05:49 +0000)]
Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up.  Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.

20 years agoUpdate fingerprints.
Ben Laurie [Fri, 8 Oct 2004 10:03:57 +0000 (10:03 +0000)]
Update fingerprints.

20 years agoOops..
Dr. Stephen Henson [Mon, 4 Oct 2004 17:28:57 +0000 (17:28 +0000)]
Oops..

20 years agoFix race condition when CRL checking is enabled.
Dr. Stephen Henson [Mon, 4 Oct 2004 16:27:36 +0000 (16:27 +0000)]
Fix race condition when CRL checking is enabled.

20 years agoUpdate debug-steve
Dr. Stephen Henson [Fri, 1 Oct 2004 11:34:28 +0000 (11:34 +0000)]
Update debug-steve

20 years agoFix Solaris 10_x86 shared build. -Bsymbolic is required to avoid
Andy Polyakov [Tue, 28 Sep 2004 20:52:14 +0000 (20:52 +0000)]
Fix Solaris 10_x86 shared build. -Bsymbolic is required to avoid
"remaining relocations" in assembler modules. The latter seems to
be new behaviour, elder as/ld managed to resolve this relocations
as internal. It's possible to address this problem differently,
but I settle for -Bsymbolic...
PR: 946

20 years agousr/doc has recently changed to usr/share/doc on Cygwin.
Richard Levitte [Tue, 28 Sep 2004 11:25:11 +0000 (11:25 +0000)]
usr/doc has recently changed to usr/share/doc on Cygwin.
Notified by Corinna Vinschen <vinschen@redhat.com>

20 years agoCheck ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap().
Dr. Stephen Henson [Wed, 15 Sep 2004 23:38:45 +0000 (23:38 +0000)]
Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap().

20 years agoOops, forgot to reorder extension request nids.
Dr. Stephen Henson [Mon, 13 Sep 2004 22:39:49 +0000 (22:39 +0000)]
Oops, forgot to reorder extension request nids.

20 years agoASN1_STRING_to_UTF8() assumed that the MBSTRING_* flags were of
Dr. Stephen Henson [Mon, 13 Sep 2004 22:30:31 +0000 (22:30 +0000)]
ASN1_STRING_to_UTF8() assumed that the MBSTRING_* flags were of
the form MBSTRING_FLAG|nbyte where "nbyte" is the number of
bytes per character.

Unfortunately this isn't so and we can't change the #defines because
this would break binary compatibility, so for 0.9.7X only translate
between the two.

20 years agoMakefile.ssl changed name to Makefile...
Richard Levitte [Sat, 11 Sep 2004 09:45:41 +0000 (09:45 +0000)]
Makefile.ssl changed name to Makefile...

20 years agoStop warning.
Dr. Stephen Henson [Fri, 10 Sep 2004 20:27:45 +0000 (20:27 +0000)]
Stop warning.

20 years agoWhen looking for request extensions in a certificate look first
Dr. Stephen Henson [Fri, 10 Sep 2004 20:26:30 +0000 (20:26 +0000)]
When looking for request extensions in a certificate look first
for the PKCS#9 OID then the non standard MS OID.

20 years agonum is an unsigned long, but since it was transfered from
Richard Levitte [Mon, 6 Sep 2004 14:21:14 +0000 (14:21 +0000)]
num is an unsigned long, but since it was transfered from
crypto/sha/sha_locl.h, where it is in fact an int, we need to check
for less-than-zero as if it was an int...

20 years agoReplace the bogus checks of n with proper uses of feof(), ferror() and
Richard Levitte [Mon, 6 Sep 2004 14:19:59 +0000 (14:19 +0000)]
Replace the bogus checks of n with proper uses of feof(), ferror() and
clearerr().

20 years agoSync aes_ctr.c with HEAD.
Andy Polyakov [Mon, 23 Aug 2004 22:28:27 +0000 (22:28 +0000)]
Sync aes_ctr.c with HEAD.

20 years ago'compatibility', not 'computability' :-)...
Richard Levitte [Wed, 18 Aug 2004 15:48:22 +0000 (15:48 +0000)]
'compatibility', not 'computability' :-)...

20 years agoAnother missing module in the VMS build files. I believe this is the
Richard Levitte [Wed, 11 Aug 2004 20:34:12 +0000 (20:34 +0000)]
Another missing module in the VMS build files.  I believe this is the
last, though...

20 years agoStupid casts...
Richard Levitte [Wed, 11 Aug 2004 17:41:17 +0000 (17:41 +0000)]
Stupid casts...

20 years agoUpdate FAQ.
Dr. Stephen Henson [Wed, 11 Aug 2004 17:24:42 +0000 (17:24 +0000)]
Update FAQ.

20 years agoMake ASN1_INTEGER_cmp() work as expected with negative integers.
Dr. Stephen Henson [Tue, 10 Aug 2004 17:40:31 +0000 (17:40 +0000)]
Make ASN1_INTEGER_cmp() work as expected with negative integers.

20 years agoWith DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED to
Richard Levitte [Tue, 10 Aug 2004 10:04:13 +0000 (10:04 +0000)]
With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED to
get struct timeval and gettimeofday().

20 years agoUpdate the VMS fips library builder with the DH library.
Richard Levitte [Tue, 10 Aug 2004 09:11:07 +0000 (09:11 +0000)]
Update the VMS fips library builder with the DH library.

20 years agomake update
Richard Levitte [Tue, 10 Aug 2004 09:09:08 +0000 (09:09 +0000)]
make update

20 years agoCorrect typos and include directory specifications.
Richard Levitte [Mon, 9 Aug 2004 12:14:08 +0000 (12:14 +0000)]
Correct typos and include directory specifications.

20 years agoIn the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM...
Richard Levitte [Mon, 9 Aug 2004 12:13:36 +0000 (12:13 +0000)]
In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM...

20 years agoIn ca.c setup engine after autoconfig so any dynamic engines are visible.
Dr. Stephen Henson [Fri, 6 Aug 2004 12:43:54 +0000 (12:43 +0000)]
In ca.c setup engine after autoconfig so any dynamic engines are visible.

20 years agoStop compiler giving bogus shadow warning.
Dr. Stephen Henson [Thu, 5 Aug 2004 18:11:43 +0000 (18:11 +0000)]
Stop compiler giving bogus shadow warning.

20 years agoDon't ignore return values of EVP_DigestInit_ex() in md BIOs and dgst.
Dr. Stephen Henson [Thu, 5 Aug 2004 18:10:46 +0000 (18:10 +0000)]
Don't ignore return values of EVP_DigestInit_ex() in md BIOs and dgst.

20 years agoLet's lock a write lock when changing values, shall we?
Richard Levitte [Mon, 2 Aug 2004 14:15:07 +0000 (14:15 +0000)]
Let's lock a write lock when changing values, shall we?

Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk> for making
me aware of this error.

20 years agoTo protect FIPS-related global variables, add locking mechanisms
Richard Levitte [Fri, 30 Jul 2004 14:38:02 +0000 (14:38 +0000)]
To protect FIPS-related global variables, add locking mechanisms
around them.

NOTE: because two new locks are added, this adds potential binary
incompatibility with earlier versions in the 0.9.7 series.  However,
those locks will only ever be touched when FIPS_mode_set() is called
and after, thanks to a variable that's only changed from 0 to 1 once
(when FIPS_mode_set() is called).  So basically, as long as FIPS mode
hasn't been engaged explicitely by the calling application, the new
locks are treated as if they didn't exist at all, thus not becoming a
problem.  Applications that are built or rebuilt to use FIPS
functionality will need to be recompiled in any case, thus not being a
problem either.

20 years agoWe're building crypto stuff, not ssl stuff. Additionally, we're in
Richard Levitte [Thu, 29 Jul 2004 22:26:57 +0000 (22:26 +0000)]
We're building crypto stuff, not ssl stuff.  Additionally, we're in
the fips subdirectory, not the crypto one...

20 years agoWe build the crypto stuff, not the ssl stuff, in this command procedure...
Richard Levitte [Thu, 29 Jul 2004 22:26:03 +0000 (22:26 +0000)]
We build the crypto stuff, not the ssl stuff, in this command procedure...

20 years agoDefine OPENSSL_FIPS in opensslconf.h if a logical name with the same
Richard Levitte [Wed, 28 Jul 2004 13:47:58 +0000 (13:47 +0000)]
Define OPENSSL_FIPS in opensslconf.h if a logical name with the same
name is defined.

Go up one directory level before dealing with FIPS stuff.

20 years agoFrom the FIPS directory, darnit!
Richard Levitte [Wed, 28 Jul 2004 02:24:48 +0000 (02:24 +0000)]
From the FIPS directory, darnit!

20 years agoNew cipher "strength" FIPS which specifies that a
Dr. Stephen Henson [Tue, 27 Jul 2004 18:28:49 +0000 (18:28 +0000)]
New cipher "strength" FIPS which specifies that a
cipher suite is FIPS compatible.

New cipherstring "FIPS" is all FIPS compatible ciphersuites except eNULL.

Only allow FIPS ciphersuites in FIPS mode.

20 years agoTypo
Richard Levitte [Tue, 27 Jul 2004 14:09:13 +0000 (14:09 +0000)]
Typo

20 years agoThe compiler may complain about what looks like a double definition of a
Richard Levitte [Tue, 27 Jul 2004 13:58:25 +0000 (13:58 +0000)]
The compiler may complain about what looks like a double definition of a
static variable

20 years agoRename libcrypto.sha1 to libcrypto.a.sha1
Dr. Stephen Henson [Tue, 27 Jul 2004 12:22:08 +0000 (12:22 +0000)]
Rename libcrypto.sha1 to libcrypto.a.sha1

20 years agoAdd FIPS name to error library.
Dr. Stephen Henson [Tue, 27 Jul 2004 00:20:41 +0000 (00:20 +0000)]
Add FIPS name to error library.

20 years agoStop compiler warnings.
Dr. Stephen Henson [Tue, 27 Jul 2004 00:17:46 +0000 (00:17 +0000)]
Stop compiler warnings.

20 years agoAdd casts where casts due. It's "safe" to cast, because "wrong" casts
Andy Polyakov [Sat, 24 Jul 2004 13:40:47 +0000 (13:40 +0000)]
Add casts where casts due. It's "safe" to cast, because "wrong" casts
will either be optimized away or never performed. The trouble is that
compiler first parses code, then optimizes, not both at once...

20 years agoConvert to X9.31.
Ben Laurie [Fri, 23 Jul 2004 13:20:32 +0000 (13:20 +0000)]
Convert to X9.31.

20 years agoProper WinCE support for listing files. "Backported" from HEAD.
Andy Polyakov [Thu, 22 Jul 2004 16:39:48 +0000 (16:39 +0000)]
Proper WinCE support for listing files. "Backported" from HEAD.

20 years agoWhen in FIPS mode write private keys in PKCS#8 and PBES2 format to
Dr. Stephen Henson [Wed, 21 Jul 2004 17:41:26 +0000 (17:41 +0000)]
When in FIPS mode write private keys in PKCS#8 and PBES2 format to
avoid use of prohibited MD5 algorithm.

20 years agoAvoid compiler warnings.
Dr. Stephen Henson [Wed, 21 Jul 2004 17:35:49 +0000 (17:35 +0000)]
Avoid compiler warnings.

20 years agoMake rand_win.c UNICODE savvy. "Backport" from HEAD.
Andy Polyakov [Wed, 21 Jul 2004 17:18:53 +0000 (17:18 +0000)]
Make rand_win.c UNICODE savvy. "Backport" from HEAD.

20 years agoSince version 7.0, The C RTL in VMS handles time in terms of UTC
Richard Levitte [Mon, 19 Jul 2004 07:49:47 +0000 (07:49 +0000)]
Since version 7.0, The C RTL in VMS handles time in terms of UTC
instead of local time.

20 years agoSync with HEAD. Up to >20% overall performance improvement.
Andy Polyakov [Sat, 17 Jul 2004 13:27:38 +0000 (13:27 +0000)]
Sync with HEAD. Up to >20% overall performance improvement.

20 years agoIA-64 is intolerant to misaligned access. It was a problem on Win64 as
Andy Polyakov [Sat, 17 Jul 2004 12:54:54 +0000 (12:54 +0000)]
IA-64 is intolerant to misaligned access. It was a problem on Win64 as
we were mislead by _MSC_VER macro, which is defined by *all* Windows
Microsoft compilers.

20 years agoEliminate enforced -g from CFLAGS. It switches off optimization with some
Andy Polyakov [Sat, 17 Jul 2004 12:48:35 +0000 (12:48 +0000)]
Eliminate enforced -g from CFLAGS. It switches off optimization with some
compilers, e.g. DEC C.

20 years agoCorrected test program.
Ben Laurie [Mon, 12 Jul 2004 17:59:50 +0000 (17:59 +0000)]
Corrected test program.

20 years agoI think it could be a good thing to know what went wrong with the tests...
Richard Levitte [Mon, 12 Jul 2004 12:25:56 +0000 (12:25 +0000)]
I think it could be a good thing to know what went wrong with the tests...

20 years agoimprove wording
Bodo Möller [Mon, 12 Jul 2004 06:24:21 +0000 (06:24 +0000)]
improve wording

20 years agoBIS correction/addition
Bodo Möller [Sun, 11 Jul 2004 09:29:41 +0000 (09:29 +0000)]
BIS correction/addition

20 years agoo_str.c: Windows doesn't have <strings.h>, and since we use _strnicmp() and
Richard Levitte [Thu, 8 Jul 2004 08:32:51 +0000 (08:32 +0000)]
o_str.c: Windows doesn't have <strings.h>, and since we use _strnicmp() and
_stricmp() on that platform, use the appropriate header file for it,
<string.h>.
o_str.h: we only want to get size_t, which is defined in <stddef.h>.

Philippe Bougeret <philippe.bougeret@freesbee.fr> notified us about Windows
not having a <strings.h>

20 years agoDelta CRL support in extension code.
Dr. Stephen Henson [Tue, 6 Jul 2004 17:26:33 +0000 (17:26 +0000)]
Delta CRL support in extension code.

20 years agoOoops, missed part of PKCS#8 patch.
Dr. Stephen Henson [Tue, 6 Jul 2004 17:25:11 +0000 (17:25 +0000)]
Ooops, missed part of PKCS#8 patch.

20 years agoFix memory leak.
Dr. Stephen Henson [Sun, 4 Jul 2004 16:36:58 +0000 (16:36 +0000)]
Fix memory leak.

20 years agoDon't try to parse none string types.
Dr. Stephen Henson [Thu, 1 Jul 2004 18:50:12 +0000 (18:50 +0000)]
Don't try to parse none string types.

20 years agoExplain a little better what BN_num_bits() and BN_num_bits_word() do.
Richard Levitte [Thu, 1 Jul 2004 12:33:44 +0000 (12:33 +0000)]
Explain a little better what BN_num_bits() and BN_num_bits_word() do.
Add a note as to how these functions do not always return the key size, and
how one can deal with that.

PR: 907

20 years agoChanges for VOS, submitted by Paul Green <Paul.Green@stratus.com>.
Richard Levitte [Mon, 28 Jun 2004 22:01:07 +0000 (22:01 +0000)]
Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>.

PR: 499

20 years agoMake sure the FIPS stuff is only really compiled when in FIPS mode.
Richard Levitte [Mon, 28 Jun 2004 20:33:35 +0000 (20:33 +0000)]
Make sure the FIPS stuff is only really compiled when in FIPS mode.

20 years agoMake the tests of EVP operations without padding. As a consequence,
Richard Levitte [Mon, 28 Jun 2004 16:32:14 +0000 (16:32 +0000)]
Make the tests of EVP operations without padding.  As a consequence,
there's no need for a larger BUFSIZE any more...

PR: 904

20 years agoMake sure that the buffers are large enough to contain padding.
Richard Levitte [Mon, 28 Jun 2004 12:23:40 +0000 (12:23 +0000)]
Make sure that the buffers are large enough to contain padding.
PR: 904

20 years agoLinux on ARM needs -ldl
Richard Levitte [Mon, 28 Jun 2004 10:31:09 +0000 (10:31 +0000)]
Linux on ARM needs -ldl
PR: 905

20 years agoMemory leak fixes from main branch.
Dr. Stephen Henson [Thu, 24 Jun 2004 13:05:50 +0000 (13:05 +0000)]
Memory leak fixes from main branch.

20 years agoReformat source for pkcs8.c
Dr. Stephen Henson [Thu, 24 Jun 2004 12:54:38 +0000 (12:54 +0000)]
Reformat source for pkcs8.c

20 years agoReturn an error if an attempt is made to encode or decode
Dr. Stephen Henson [Thu, 24 Jun 2004 12:31:48 +0000 (12:31 +0000)]
Return an error if an attempt is made to encode or decode
cipher ASN1 parameters and the cipher doesn't support it.

20 years agoInclude <string.h> to get definition of strcmp.
Dr. Stephen Henson [Thu, 24 Jun 2004 12:12:43 +0000 (12:12 +0000)]
Include <string.h> to get definition of strcmp.

20 years agoStandard sh doesn't tolerate ! as part of the conditional command.
Richard Levitte [Mon, 21 Jun 2004 18:05:53 +0000 (18:05 +0000)]
Standard sh doesn't tolerate ! as part of the conditional command.

PR: 900

20 years agoMake sure we don't try to loop over an empty EXHEADER. In the
Richard Levitte [Mon, 21 Jun 2004 09:07:41 +0000 (09:07 +0000)]
Make sure we don't try to loop over an empty EXHEADER.  In the
Makefiles where this was fixed by commenting away code, change it to
check for an empty EXHEADER instead, so we have less hassle in a
future where EXHEADER changes.

PR: 900

20 years agoAdd primality tester.
Ben Laurie [Sat, 19 Jun 2004 13:54:59 +0000 (13:54 +0000)]
Add primality tester.

20 years agoMake make tags make tags.
Ben Laurie [Sat, 19 Jun 2004 13:32:28 +0000 (13:32 +0000)]
Make make tags make tags.

20 years agoUpdate ignores.
Ben Laurie [Sat, 19 Jun 2004 13:18:01 +0000 (13:18 +0000)]
Update ignores.

20 years agoAdd Diffie-Hellman to FIPS.
Ben Laurie [Sat, 19 Jun 2004 13:16:51 +0000 (13:16 +0000)]
Add Diffie-Hellman to FIPS.

20 years agoThe version that was actually submitted for FIPS testing.
Ben Laurie [Sat, 19 Jun 2004 13:15:35 +0000 (13:15 +0000)]
The version that was actually submitted for FIPS testing.

20 years agoTypo, setting the first element of nids[] to NULL instead of setting
Richard Levitte [Tue, 15 Jun 2004 11:46:06 +0000 (11:46 +0000)]
Typo, setting the first element of nids[] to NULL instead of setting
*cnids.

20 years agoMore precise explanation of session id context requirements.
Lutz Jänicke [Mon, 14 Jun 2004 13:26:47 +0000 (13:26 +0000)]
More precise explanation of session id context requirements.

20 years agoMake sure o_str.h is reachable.
Richard Levitte [Thu, 27 May 2004 10:19:04 +0000 (10:19 +0000)]
Make sure o_str.h is reachable.

20 years agoRun an installation of FIPS stuff as well.
Richard Levitte [Thu, 27 May 2004 10:07:04 +0000 (10:07 +0000)]
Run an installation of FIPS stuff as well.

20 years agoCompile the FIPS directory on VMS as well. fips-lib.com is
Richard Levitte [Thu, 27 May 2004 10:04:40 +0000 (10:04 +0000)]
Compile the FIPS directory on VMS as well.  fips-lib.com is
essentially a copy of crypto-lib.com, with just a few edits.

20 years agoCopy the FIPS files to the temporary openssl include directory.
Richard Levitte [Thu, 27 May 2004 09:33:10 +0000 (09:33 +0000)]
Copy the FIPS files to the temporary openssl include directory.

20 years agoDefine FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation for
Richard Levitte [Wed, 19 May 2004 14:16:33 +0000 (14:16 +0000)]
Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation for
size_t-ification of those algorithms in future version of OpenSSL...

20 years agoMake reservations in FIPS code for upcoming size_t-fication of OpenSSL API.
Andy Polyakov [Mon, 17 May 2004 15:37:26 +0000 (15:37 +0000)]
Make reservations in FIPS code for upcoming size_t-fication of OpenSSL API.
And couple of bug-fixes in fips/rand code [return without lock release and
incorrect return value in fips_rand_bytes].

20 years agoTypo corretced.
Richard Levitte [Mon, 17 May 2004 04:47:26 +0000 (04:47 +0000)]
Typo corretced.

20 years agoRewrite the usage to avoid confusion.
Richard Levitte [Mon, 17 May 2004 04:40:49 +0000 (04:40 +0000)]
Rewrite the usage to avoid confusion.

20 years agoMake it possible for the user to choose the digest used to create the
Richard Levitte [Mon, 17 May 2004 04:39:00 +0000 (04:39 +0000)]
Make it possible for the user to choose the digest used to create the
key.

20 years agoWhen in FIPS mode, use SHA1 to digest the key, rather than MD5, as MD5
Richard Levitte [Mon, 17 May 2004 04:31:14 +0000 (04:31 +0000)]
When in FIPS mode, use SHA1 to digest the key, rather than MD5, as MD5
isn't a FIPS-approved algorithm.

Note: this means the user needs to keep track of this, and we need to
add support for that...

20 years agoMake sure the applications know when we are running in FIPS mode. We
Richard Levitte [Mon, 17 May 2004 04:30:06 +0000 (04:30 +0000)]
Make sure the applications know when we are running in FIPS mode.  We
can't use the variable in libcrypto, since it's supposedly unknown.

Note: currently only supported in MONOLITH mode.

20 years agoGenerate SHA1 files on Windows and other platforms supported by
Richard Levitte [Mon, 17 May 2004 04:28:31 +0000 (04:28 +0000)]
Generate SHA1 files on Windows and other platforms supported by
mk1mf.pl, when building in FIPS mode.

Note: UNTESTED!

20 years agoFix self-tests, ban some things in FIPS mode, fix copyrights.
Ben Laurie [Sat, 15 May 2004 17:51:26 +0000 (17:51 +0000)]
Fix self-tests, ban some things in FIPS mode, fix copyrights.

20 years agoFixes so alerts are sent properly in s3_pkt.c
Dr. Stephen Henson [Sat, 15 May 2004 17:46:50 +0000 (17:46 +0000)]
Fixes so alerts are sent properly in s3_pkt.c

PR: 851

20 years agoCheck error returns.
Ben Laurie [Sat, 15 May 2004 16:39:23 +0000 (16:39 +0000)]
Check error returns.