oweals/openssl.git
21 years agoFIPS depends on object, so crypto must be built before fips.
Ben Laurie [Wed, 8 Oct 2003 10:18:02 +0000 (10:18 +0000)]
FIPS depends on object, so crypto must be built before fips.

21 years agoDon't assume diff is any good.
Ben Laurie [Tue, 7 Oct 2003 10:55:36 +0000 (10:55 +0000)]
Don't assume diff is any good.

21 years agoNo test.
Ben Laurie [Sun, 5 Oct 2003 22:22:15 +0000 (22:22 +0000)]
No test.

21 years agoFingerprinting needs to work even if OpenSSL isn't installed yet.
Ben Laurie [Sat, 4 Oct 2003 14:11:45 +0000 (14:11 +0000)]
Fingerprinting needs to work even if OpenSSL isn't installed yet.

21 years agoRecent changes from 0.9.7-stable
Richard Levitte [Thu, 2 Oct 2003 10:55:25 +0000 (10:55 +0000)]
Recent changes from 0.9.7-stable

21 years agosetkey is already defined on HP/UX.
Ben Laurie [Tue, 30 Sep 2003 16:15:49 +0000 (16:15 +0000)]
setkey is already defined on HP/UX.

21 years agoMake sure we get OPENSSL_FIPS.
Richard Levitte [Mon, 29 Sep 2003 22:29:03 +0000 (22:29 +0000)]
Make sure we get OPENSSL_FIPS.

21 years agoRecent changes from 0.9.7-stable
Richard Levitte [Mon, 29 Sep 2003 19:02:26 +0000 (19:02 +0000)]
Recent changes from 0.9.7-stable

21 years agoDetect correctly that we're in FIPS mode.
Richard Levitte [Mon, 29 Sep 2003 18:46:31 +0000 (18:46 +0000)]
Detect correctly that we're in FIPS mode.
Don't run testfipsssl unless in FIPS mode.

21 years agoRecent changes from 0.9.7-stable
Richard Levitte [Mon, 29 Sep 2003 15:10:24 +0000 (15:10 +0000)]
Recent changes from 0.9.7-stable

21 years agoSynchronise util/libeay.num with the 0.9.7-stable one.
Richard Levitte [Sun, 28 Sep 2003 09:26:37 +0000 (09:26 +0000)]
Synchronise util/libeay.num with the 0.9.7-stable one.
Correct some depend targets in the fips directory tree.
make update

21 years agoRecent changes from 0.9.7-stable
Richard Levitte [Sun, 28 Sep 2003 09:07:11 +0000 (09:07 +0000)]
Recent changes from 0.9.7-stable

21 years agoDSA self-test.
Ben Laurie [Sat, 27 Sep 2003 20:07:17 +0000 (20:07 +0000)]
DSA self-test.

21 years agoSelftest RSA and some fixes.
Ben Laurie [Sat, 27 Sep 2003 15:54:43 +0000 (15:54 +0000)]
Selftest RSA and some fixes.

21 years agoRecent changes from 0.9.7-stable.
Richard Levitte [Sat, 27 Sep 2003 10:13:11 +0000 (10:13 +0000)]
Recent changes from 0.9.7-stable.

21 years agoMake FIPS work again.
Ben Laurie [Thu, 25 Sep 2003 20:04:40 +0000 (20:04 +0000)]
Make FIPS work again.

21 years agoConstification.
Ben Laurie [Thu, 25 Sep 2003 20:01:57 +0000 (20:01 +0000)]
Constification.

21 years agoUse OPENSSL_FIPS instead of FIPS.
Richard Levitte [Thu, 25 Sep 2003 12:24:52 +0000 (12:24 +0000)]
Use OPENSSL_FIPS instead of FIPS.

21 years agoUhmm, o_str.o, not o_str.c...
Richard Levitte [Thu, 25 Sep 2003 12:22:46 +0000 (12:22 +0000)]
Uhmm, o_str.o, not o_str.c...

21 years agoIn order to get the expected self signed error when
Dr. Stephen Henson [Sun, 21 Sep 2003 02:12:36 +0000 (02:12 +0000)]
In order to get the expected self signed error when
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.

21 years agoMissing file.
Ben Laurie [Sun, 14 Sep 2003 13:01:54 +0000 (13:01 +0000)]
Missing file.

21 years agoDon't debug.
Ben Laurie [Sat, 13 Sep 2003 20:41:53 +0000 (20:41 +0000)]
Don't debug.

21 years agoMake TLSv1 work in FIPS mode.
Ben Laurie [Sat, 13 Sep 2003 17:03:54 +0000 (17:03 +0000)]
Make TLSv1 work in FIPS mode.

21 years agoAdd a debug flag.
Ben Laurie [Sat, 13 Sep 2003 16:57:56 +0000 (16:57 +0000)]
Add a debug flag.

21 years agoTemporarily remove FIPS test that doesn't work.
Ben Laurie [Sat, 13 Sep 2003 13:36:13 +0000 (13:36 +0000)]
Temporarily remove FIPS test that doesn't work.

21 years agoAdd RSA to FIPS.
Ben Laurie [Thu, 11 Sep 2003 21:37:01 +0000 (21:37 +0000)]
Add RSA to FIPS.

21 years agomake update
Richard Levitte [Wed, 10 Sep 2003 09:15:22 +0000 (09:15 +0000)]
make update

21 years agoInclude "e_os.h" instead of "../e_os.h", and trust the building
Richard Levitte [Wed, 10 Sep 2003 09:15:09 +0000 (09:15 +0000)]
Include "e_os.h" instead of "../e_os.h", and trust the building
procedure to give the correct -I options to the compiler.  This is
*especially* true for test programs that appear in two places, with
different paths to e_os.h depending on where they are built.

21 years agoInclude openssl/fips.h outside of the check for FIPS, so make depend
Richard Levitte [Wed, 10 Sep 2003 09:06:01 +0000 (09:06 +0000)]
Include openssl/fips.h outside of the check for FIPS, so make depend
doesn't differ between FIPS and non-FIPS modes.

21 years agoWe currently define FIPS, not OPENSSL_FIPS. The reason for this is
Richard Levitte [Wed, 10 Sep 2003 09:05:06 +0000 (09:05 +0000)]
We currently define FIPS, not OPENSSL_FIPS.  The reason for this is
(probably) that FIPS is an entirely internal macro, and is not
accessible by third-party authors.

21 years agoUse BIO_snprintf() instead of snprintf().
Dr. Stephen Henson [Wed, 10 Sep 2003 00:44:53 +0000 (00:44 +0000)]
Use BIO_snprintf() instead of snprintf().

Update hashes.

21 years agoTypo.
Dr. Stephen Henson [Wed, 10 Sep 2003 00:16:42 +0000 (00:16 +0000)]
Typo.

21 years agoInclude e_os.h in a few cases (to pick up
Dr. Stephen Henson [Wed, 10 Sep 2003 00:10:34 +0000 (00:10 +0000)]
Include e_os.h in a few cases (to pick up
str(n)icmp defs).

Disable a few tests if not FIPS.

21 years agoUpdate hashes. Fix a few typos in o_str.c
Dr. Stephen Henson [Tue, 9 Sep 2003 23:43:29 +0000 (23:43 +0000)]
Update hashes. Fix a few typos in o_str.c

21 years agomake update
Richard Levitte [Tue, 9 Sep 2003 16:39:41 +0000 (16:39 +0000)]
make update

21 years agoMove the FIPS check so make depend doesn't give different results
Richard Levitte [Tue, 9 Sep 2003 16:38:16 +0000 (16:38 +0000)]
Move the FIPS check so make depend doesn't give different results
depending on FIPS mode.

21 years agoGeneralise the definition of strcasecmp() and strncasecmp() for
Richard Levitte [Tue, 9 Sep 2003 14:48:52 +0000 (14:48 +0000)]
Generalise the definition of strcasecmp() and strncasecmp() for
platforms that don't (necessarely) have it.  In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).

21 years agoThis commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
cvs2svn [Tue, 9 Sep 2003 14:48:37 +0000 (14:48 +0000)]
This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
0_9_7-stable'.

21 years agoGeneralise the definition of strcasecmp() and strncasecmp() for
Richard Levitte [Tue, 9 Sep 2003 14:48:36 +0000 (14:48 +0000)]
Generalise the definition of strcasecmp() and strncasecmp() for
platforms that don't (necessarely) have it.  In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).

21 years agoTest data files should not be part of the TEST value, or util/mk1mf.pl
Richard Levitte [Tue, 9 Sep 2003 09:10:45 +0000 (09:10 +0000)]
Test data files should not be part of the TEST value, or util/mk1mf.pl
gets confused...  The separate TESTDATA variable was inspired from
crypto/evp/Makefile.ssl.

21 years agoPut #ifdef FIPS round FIPS DSA_generate_parameters .
Dr. Stephen Henson [Mon, 8 Sep 2003 17:01:48 +0000 (17:01 +0000)]
Put #ifdef FIPS round FIPS DSA_generate_parameters .
#if 0 unimplemented ciphers so mkdef.pl doesn't pick
them up.

21 years agoRecent changes from 0.9.7-stable.
Richard Levitte [Mon, 8 Sep 2003 16:49:37 +0000 (16:49 +0000)]
Recent changes from 0.9.7-stable.

21 years agoMake it builadable in non-FIPS mode.
Richard Levitte [Mon, 8 Sep 2003 16:43:55 +0000 (16:43 +0000)]
Make it builadable in non-FIPS mode.

The current solution is very Unix-bound, and there is probably a better way to do this.

21 years agoThese should be write-locks, not read-locks.
Geoff Thorpe [Mon, 8 Sep 2003 15:47:55 +0000 (15:47 +0000)]
These should be write-locks, not read-locks.

21 years agoincluded <string.h> in fips.c to pick up
Dr. Stephen Henson [Mon, 8 Sep 2003 12:49:08 +0000 (12:49 +0000)]
included <string.h> in fips.c to pick up
memcmp definition.

update fips_make_sha1 to use fips_err.h

update hashes.

21 years agoUpdate dependencies.
Dr. Stephen Henson [Mon, 8 Sep 2003 12:39:13 +0000 (12:39 +0000)]
Update dependencies.

21 years agoMore files to ignore.
Richard Levitte [Mon, 8 Sep 2003 11:37:31 +0000 (11:37 +0000)]
More files to ignore.

21 years agoIgnore the directory rsp (introduced when running tests).
Richard Levitte [Mon, 8 Sep 2003 11:36:32 +0000 (11:36 +0000)]
Ignore the directory rsp (introduced when running tests).

21 years agoSome more files to ignore.
Richard Levitte [Mon, 8 Sep 2003 11:35:23 +0000 (11:35 +0000)]
Some more files to ignore.

21 years agoSince fips_err is really just used as a header by fips_err_wrapper.c,
Richard Levitte [Mon, 8 Sep 2003 11:33:07 +0000 (11:33 +0000)]
Since fips_err is really just used as a header by fips_err_wrapper.c,
let's change it's suffix from .c to .h.  This also avoids some
otherwise very mysterious (and probably sensible from a historical
point of view :-)) name changes done by mk1mf.pl.

21 years agoWhen building the FIPS test binaries, also build the corresponding
Richard Levitte [Mon, 8 Sep 2003 10:00:23 +0000 (10:00 +0000)]
When building the FIPS test binaries, also build the corresponding
fingerprints.

21 years agoRemove some unneeded space.
Richard Levitte [Mon, 8 Sep 2003 09:59:43 +0000 (09:59 +0000)]
Remove some unneeded space.

21 years agoUse $(TOP) instead of ../.. as much as possible.
Richard Levitte [Mon, 8 Sep 2003 09:59:11 +0000 (09:59 +0000)]
Use $(TOP) instead of ../.. as much as possible.

21 years agoBecause of changes in Makefile.ssl, the files got reordered.
Richard Levitte [Mon, 8 Sep 2003 09:57:57 +0000 (09:57 +0000)]
Because of changes in Makefile.ssl, the files got reordered.

21 years agoProduce libcrypto.sha1 directly after building the libraries.
Richard Levitte [Mon, 8 Sep 2003 09:57:27 +0000 (09:57 +0000)]
Produce libcrypto.sha1 directly after building the libraries.
Otherwise, the test target will fail because libcrypto.sha1 is missing
or not up to date.

21 years agomake update.
Richard Levitte [Mon, 8 Sep 2003 09:17:36 +0000 (09:17 +0000)]
make update.

21 years agofips_err.c doesn't belong with the headers.
Richard Levitte [Mon, 8 Sep 2003 09:17:13 +0000 (09:17 +0000)]
fips_err.c doesn't belong with the headers.

21 years agoInclude all the fips directories.
Richard Levitte [Mon, 8 Sep 2003 09:16:39 +0000 (09:16 +0000)]
Include all the fips directories.

21 years agoHandle the "fips" option.
Richard Levitte [Mon, 8 Sep 2003 09:16:17 +0000 (09:16 +0000)]
Handle the "fips" option.

21 years agoMissing file.
Ben Laurie [Sun, 7 Sep 2003 11:13:54 +0000 (11:13 +0000)]
Missing file.

21 years agoSamples.
Ben Laurie [Sun, 7 Sep 2003 10:59:34 +0000 (10:59 +0000)]
Samples.

21 years agoAdd samples.
Ben Laurie [Sun, 7 Sep 2003 10:53:13 +0000 (10:53 +0000)]
Add samples.

21 years agoFix signed/unsigned warning.
Dr. Stephen Henson [Sat, 6 Sep 2003 16:57:16 +0000 (16:57 +0000)]
Fix signed/unsigned warning.

21 years agoAdd fingerprint chain and checking.
Ben Laurie [Sat, 6 Sep 2003 13:31:40 +0000 (13:31 +0000)]
Add fingerprint chain and checking.

21 years agoMake the problem clearer.
Ben Laurie [Sat, 6 Sep 2003 10:41:27 +0000 (10:41 +0000)]
Make the problem clearer.

21 years agoInclude e_os.h to get the proper definition of OPENSSL_UNISTD, and use
Richard Levitte [Fri, 5 Sep 2003 14:09:40 +0000 (14:09 +0000)]
Include e_os.h to get the proper definition of OPENSSL_UNISTD, and use
that macro.

It's possible that OPENSSL_UNISTD_IO should be used instead of
OPENSSL_UNISTD, for the MSDOS case...

21 years agomake update
Richard Levitte [Fri, 5 Sep 2003 13:41:04 +0000 (13:41 +0000)]
make update

21 years agoALWAYS check the standalone source.
Richard Levitte [Fri, 5 Sep 2003 13:37:28 +0000 (13:37 +0000)]
ALWAYS check the standalone source.
make update.

21 years agoMake sure the compilation of the FIPS stuff goes through even in
Richard Levitte [Fri, 5 Sep 2003 13:26:52 +0000 (13:26 +0000)]
Make sure the compilation of the FIPS stuff goes through even in
non-FIPS mode.

Update the appropriate fingerprints accordingly.
(something is weird, someone else was working on the same stuff, and
removed fips_sha1_selftest.c from fips/sha1/standalone.sha1...)

21 years agoFix signed/unsigned warnings and C++ comments. Update hashes
Dr. Stephen Henson [Fri, 5 Sep 2003 13:00:34 +0000 (13:00 +0000)]
Fix signed/unsigned warnings and C++ comments. Update hashes

21 years agoInclude string.h and stdlib.h where needed, to avoid warnings about
Richard Levitte [Fri, 5 Sep 2003 12:22:21 +0000 (12:22 +0000)]
Include string.h and stdlib.h where needed, to avoid warnings about
strlen(), memcmp(), exit() and others to be used without a proper
declaration.

Update the appropriate fingerprints accordingly.

21 years agoMissing files.
Ben Laurie [Thu, 4 Sep 2003 16:46:42 +0000 (16:46 +0000)]
Missing files.

21 years agocertain changes have to be listed twice in this file because OpenSSL
Bodo Möller [Thu, 4 Sep 2003 12:52:56 +0000 (12:52 +0000)]
certain changes have to be listed twice in this file because OpenSSL
0.9.6h forked into 0.9.6i and 0.9.7 ...

21 years agoAutomagically seed FIPS PRNG. Add OPENSSL_FIPS flag.
Ben Laurie [Thu, 4 Sep 2003 10:22:13 +0000 (10:22 +0000)]
Automagically seed FIPS PRNG. Add OPENSSL_FIPS flag.

21 years ago-DFIPS may be the last thing on the line.
Ben Laurie [Thu, 4 Sep 2003 09:04:24 +0000 (09:04 +0000)]
-DFIPS may be the last thing on the line.

21 years agoSelftests.
Ben Laurie [Thu, 4 Sep 2003 07:17:43 +0000 (07:17 +0000)]
Selftests.

21 years agoNew -ignore_err option in ocsp application to stop the server
Dr. Stephen Henson [Wed, 3 Sep 2003 23:56:01 +0000 (23:56 +0000)]
New -ignore_err option in ocsp application to stop the server
exiting on the first error in a request.

21 years agoOnly accept a client certificate if the server requests
Dr. Stephen Henson [Wed, 3 Sep 2003 23:47:34 +0000 (23:47 +0000)]
Only accept a client certificate if the server requests
one, as required by SSL/TLS specs.

21 years agoDSA stuff and tests.
Ben Laurie [Wed, 3 Sep 2003 14:11:33 +0000 (14:11 +0000)]
DSA stuff and tests.

21 years agoMore test vectors.
Ben Laurie [Sun, 31 Aug 2003 09:50:11 +0000 (09:50 +0000)]
More test vectors.

21 years agoAdd test.
Ben Laurie [Sun, 31 Aug 2003 08:52:39 +0000 (08:52 +0000)]
Add test.

21 years agoHandle 3DES tests.
Ben Laurie [Sat, 30 Aug 2003 17:28:08 +0000 (17:28 +0000)]
Handle 3DES tests.

21 years agoAdd 3-DES CFB-r mode (no test vectors yet).
Ben Laurie [Sat, 30 Aug 2003 15:50:26 +0000 (15:50 +0000)]
Add 3-DES CFB-r mode (no test vectors yet).

21 years agoUpdated test vectors (probably incorrect, but who am I to question?).
Ben Laurie [Sat, 30 Aug 2003 15:35:37 +0000 (15:35 +0000)]
Updated test vectors (probably incorrect, but who am I to question?).

21 years agoOops. Need to allocate extra buffer.
Ben Laurie [Sat, 30 Aug 2003 14:49:08 +0000 (14:49 +0000)]
Oops. Need to allocate extra buffer.

21 years agoBuild the test program when needed.
Ben Laurie [Sat, 30 Aug 2003 13:19:03 +0000 (13:19 +0000)]
Build the test program when needed.

21 years agoRemove unused functions/data.
Ben Laurie [Fri, 29 Aug 2003 18:58:03 +0000 (18:58 +0000)]
Remove unused functions/data.

21 years agooutlen should be int * in out_utf8.
Dr. Stephen Henson [Thu, 21 Aug 2003 12:32:12 +0000 (12:32 +0000)]
outlen should be int * in out_utf8.

21 years agofix out-of-bounds check in lock_dbg_cb (was too lose to detect all
Bodo Möller [Thu, 14 Aug 2003 10:33:56 +0000 (10:33 +0000)]
fix out-of-bounds check in lock_dbg_cb (was too lose to detect all
invalid cases)

PR: 674

21 years agoUndo the change that left LD_LIBRARY_PATH unchanged. The errors I saw
Richard Levitte [Thu, 14 Aug 2003 07:02:27 +0000 (07:02 +0000)]
Undo the change that left LD_LIBRARY_PATH unchanged.  The errors I saw
weren't due to that, but to a change on the SCO machines I used for
testing, where my $PATH was suddenly incorrect.

21 years agomake sure no error is left in the queue that is intentionally ignored
Bodo Möller [Mon, 11 Aug 2003 18:56:22 +0000 (18:56 +0000)]
make sure no error is left in the queue that is intentionally ignored

21 years agoMake sure the order matches the command line in Makefile.ssl.
Richard Levitte [Mon, 11 Aug 2003 10:31:21 +0000 (10:31 +0000)]
Make sure the order matches the command line in Makefile.ssl.

21 years ago- Add a configuration keyword "fips" to compile with FIPS
Richard Levitte [Mon, 11 Aug 2003 10:24:52 +0000 (10:24 +0000)]
- Add a configuration keyword "fips" to compile with FIPS
  implementations.
- Reorder the build so the standalone FIPS SHA1 checker is built
  first.
- Add necessary defines to avoid symbol clashes between FIPS and
  non-FIPS implementations.
- Change necessary signatures.
- Correct bugs in FIPS build Makefiles.
- make update

21 years agoThis commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
cvs2svn [Fri, 8 Aug 2003 10:08:15 +0000 (10:08 +0000)]
This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
0_9_7-stable'.

21 years agoAvoid clashing with the regular DES functions when not compiling with
Richard Levitte [Fri, 8 Aug 2003 10:08:14 +0000 (10:08 +0000)]
Avoid clashing with the regular DES functions when not compiling with
-DFIPS.  This is basically only visible when building with shared
library supoort...

21 years agoCorrect two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:
Richard Levitte [Thu, 7 Aug 2003 11:57:42 +0000 (11:57 +0000)]
Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:

1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
   not CloseHandle.

21 years agoCorrect two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:
Richard Levitte [Thu, 7 Aug 2003 11:57:21 +0000 (11:57 +0000)]
Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:

1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
   not CloseHandle.

21 years agoadd OpenSSL license
Bodo Möller [Wed, 6 Aug 2003 10:38:37 +0000 (10:38 +0000)]
add OpenSSL license

fix typo

21 years agoadd OpenSSL license
Bodo Möller [Wed, 6 Aug 2003 10:36:25 +0000 (10:36 +0000)]
add OpenSSL license

fix typo

21 years agomake update
Richard Levitte [Mon, 4 Aug 2003 13:26:14 +0000 (13:26 +0000)]
make update

(I'm quite worried about what this will do to compatibility with
earlier 0.9.7 versions)