Ben Laurie [Thu, 25 Sep 2003 20:04:40 +0000 (20:04 +0000)]
Make FIPS work again.
Ben Laurie [Thu, 25 Sep 2003 20:01:57 +0000 (20:01 +0000)]
Constification.
Richard Levitte [Thu, 25 Sep 2003 12:24:52 +0000 (12:24 +0000)]
Use OPENSSL_FIPS instead of FIPS.
Richard Levitte [Thu, 25 Sep 2003 12:22:46 +0000 (12:22 +0000)]
Uhmm, o_str.o, not o_str.c...
Dr. Stephen Henson [Sun, 21 Sep 2003 02:12:36 +0000 (02:12 +0000)]
In order to get the expected self signed error when
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
Ben Laurie [Sun, 14 Sep 2003 13:01:54 +0000 (13:01 +0000)]
Missing file.
Ben Laurie [Sat, 13 Sep 2003 20:41:53 +0000 (20:41 +0000)]
Don't debug.
Ben Laurie [Sat, 13 Sep 2003 17:03:54 +0000 (17:03 +0000)]
Make TLSv1 work in FIPS mode.
Ben Laurie [Sat, 13 Sep 2003 16:57:56 +0000 (16:57 +0000)]
Add a debug flag.
Ben Laurie [Sat, 13 Sep 2003 13:36:13 +0000 (13:36 +0000)]
Temporarily remove FIPS test that doesn't work.
Ben Laurie [Thu, 11 Sep 2003 21:37:01 +0000 (21:37 +0000)]
Add RSA to FIPS.
Richard Levitte [Wed, 10 Sep 2003 09:15:22 +0000 (09:15 +0000)]
make update
Richard Levitte [Wed, 10 Sep 2003 09:15:09 +0000 (09:15 +0000)]
Include "e_os.h" instead of "../e_os.h", and trust the building
procedure to give the correct -I options to the compiler. This is
*especially* true for test programs that appear in two places, with
different paths to e_os.h depending on where they are built.
Richard Levitte [Wed, 10 Sep 2003 09:06:01 +0000 (09:06 +0000)]
Include openssl/fips.h outside of the check for FIPS, so make depend
doesn't differ between FIPS and non-FIPS modes.
Richard Levitte [Wed, 10 Sep 2003 09:05:06 +0000 (09:05 +0000)]
We currently define FIPS, not OPENSSL_FIPS. The reason for this is
(probably) that FIPS is an entirely internal macro, and is not
accessible by third-party authors.
Dr. Stephen Henson [Wed, 10 Sep 2003 00:44:53 +0000 (00:44 +0000)]
Use BIO_snprintf() instead of snprintf().
Update hashes.
Dr. Stephen Henson [Wed, 10 Sep 2003 00:16:42 +0000 (00:16 +0000)]
Typo.
Dr. Stephen Henson [Wed, 10 Sep 2003 00:10:34 +0000 (00:10 +0000)]
Include e_os.h in a few cases (to pick up
str(n)icmp defs).
Disable a few tests if not FIPS.
Dr. Stephen Henson [Tue, 9 Sep 2003 23:43:29 +0000 (23:43 +0000)]
Update hashes. Fix a few typos in o_str.c
Richard Levitte [Tue, 9 Sep 2003 16:39:41 +0000 (16:39 +0000)]
make update
Richard Levitte [Tue, 9 Sep 2003 16:38:16 +0000 (16:38 +0000)]
Move the FIPS check so make depend doesn't give different results
depending on FIPS mode.
Richard Levitte [Tue, 9 Sep 2003 14:48:52 +0000 (14:48 +0000)]
Generalise the definition of strcasecmp() and strncasecmp() for
platforms that don't (necessarely) have it. In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).
cvs2svn [Tue, 9 Sep 2003 14:48:37 +0000 (14:48 +0000)]
This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
0_9_7-stable'.
Richard Levitte [Tue, 9 Sep 2003 14:48:36 +0000 (14:48 +0000)]
Generalise the definition of strcasecmp() and strncasecmp() for
platforms that don't (necessarely) have it. In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).
Richard Levitte [Tue, 9 Sep 2003 09:10:45 +0000 (09:10 +0000)]
Test data files should not be part of the TEST value, or util/mk1mf.pl
gets confused... The separate TESTDATA variable was inspired from
crypto/evp/Makefile.ssl.
Dr. Stephen Henson [Mon, 8 Sep 2003 17:01:48 +0000 (17:01 +0000)]
Put #ifdef FIPS round FIPS DSA_generate_parameters .
#if 0 unimplemented ciphers so mkdef.pl doesn't pick
them up.
Richard Levitte [Mon, 8 Sep 2003 16:49:37 +0000 (16:49 +0000)]
Recent changes from 0.9.7-stable.
Richard Levitte [Mon, 8 Sep 2003 16:43:55 +0000 (16:43 +0000)]
Make it builadable in non-FIPS mode.
The current solution is very Unix-bound, and there is probably a better way to do this.
Geoff Thorpe [Mon, 8 Sep 2003 15:47:55 +0000 (15:47 +0000)]
These should be write-locks, not read-locks.
Dr. Stephen Henson [Mon, 8 Sep 2003 12:49:08 +0000 (12:49 +0000)]
included <string.h> in fips.c to pick up
memcmp definition.
update fips_make_sha1 to use fips_err.h
update hashes.
Dr. Stephen Henson [Mon, 8 Sep 2003 12:39:13 +0000 (12:39 +0000)]
Update dependencies.
Richard Levitte [Mon, 8 Sep 2003 11:37:31 +0000 (11:37 +0000)]
More files to ignore.
Richard Levitte [Mon, 8 Sep 2003 11:36:32 +0000 (11:36 +0000)]
Ignore the directory rsp (introduced when running tests).
Richard Levitte [Mon, 8 Sep 2003 11:35:23 +0000 (11:35 +0000)]
Some more files to ignore.
Richard Levitte [Mon, 8 Sep 2003 11:33:07 +0000 (11:33 +0000)]
Since fips_err is really just used as a header by fips_err_wrapper.c,
let's change it's suffix from .c to .h. This also avoids some
otherwise very mysterious (and probably sensible from a historical
point of view :-)) name changes done by mk1mf.pl.
Richard Levitte [Mon, 8 Sep 2003 10:00:23 +0000 (10:00 +0000)]
When building the FIPS test binaries, also build the corresponding
fingerprints.
Richard Levitte [Mon, 8 Sep 2003 09:59:43 +0000 (09:59 +0000)]
Remove some unneeded space.
Richard Levitte [Mon, 8 Sep 2003 09:59:11 +0000 (09:59 +0000)]
Use $(TOP) instead of ../.. as much as possible.
Richard Levitte [Mon, 8 Sep 2003 09:57:57 +0000 (09:57 +0000)]
Because of changes in Makefile.ssl, the files got reordered.
Richard Levitte [Mon, 8 Sep 2003 09:57:27 +0000 (09:57 +0000)]
Produce libcrypto.sha1 directly after building the libraries.
Otherwise, the test target will fail because libcrypto.sha1 is missing
or not up to date.
Richard Levitte [Mon, 8 Sep 2003 09:17:36 +0000 (09:17 +0000)]
make update.
Richard Levitte [Mon, 8 Sep 2003 09:17:13 +0000 (09:17 +0000)]
fips_err.c doesn't belong with the headers.
Richard Levitte [Mon, 8 Sep 2003 09:16:39 +0000 (09:16 +0000)]
Include all the fips directories.
Richard Levitte [Mon, 8 Sep 2003 09:16:17 +0000 (09:16 +0000)]
Handle the "fips" option.
Ben Laurie [Sun, 7 Sep 2003 11:13:54 +0000 (11:13 +0000)]
Missing file.
Ben Laurie [Sun, 7 Sep 2003 10:59:34 +0000 (10:59 +0000)]
Samples.
Ben Laurie [Sun, 7 Sep 2003 10:53:13 +0000 (10:53 +0000)]
Add samples.
Dr. Stephen Henson [Sat, 6 Sep 2003 16:57:16 +0000 (16:57 +0000)]
Fix signed/unsigned warning.
Ben Laurie [Sat, 6 Sep 2003 13:31:40 +0000 (13:31 +0000)]
Add fingerprint chain and checking.
Ben Laurie [Sat, 6 Sep 2003 10:41:27 +0000 (10:41 +0000)]
Make the problem clearer.
Richard Levitte [Fri, 5 Sep 2003 14:09:40 +0000 (14:09 +0000)]
Include e_os.h to get the proper definition of OPENSSL_UNISTD, and use
that macro.
It's possible that OPENSSL_UNISTD_IO should be used instead of
OPENSSL_UNISTD, for the MSDOS case...
Richard Levitte [Fri, 5 Sep 2003 13:41:04 +0000 (13:41 +0000)]
make update
Richard Levitte [Fri, 5 Sep 2003 13:37:28 +0000 (13:37 +0000)]
ALWAYS check the standalone source.
make update.
Richard Levitte [Fri, 5 Sep 2003 13:26:52 +0000 (13:26 +0000)]
Make sure the compilation of the FIPS stuff goes through even in
non-FIPS mode.
Update the appropriate fingerprints accordingly.
(something is weird, someone else was working on the same stuff, and
removed fips_sha1_selftest.c from fips/sha1/standalone.sha1...)
Dr. Stephen Henson [Fri, 5 Sep 2003 13:00:34 +0000 (13:00 +0000)]
Fix signed/unsigned warnings and C++ comments. Update hashes
Richard Levitte [Fri, 5 Sep 2003 12:22:21 +0000 (12:22 +0000)]
Include string.h and stdlib.h where needed, to avoid warnings about
strlen(), memcmp(), exit() and others to be used without a proper
declaration.
Update the appropriate fingerprints accordingly.
Ben Laurie [Thu, 4 Sep 2003 16:46:42 +0000 (16:46 +0000)]
Missing files.
Bodo Möller [Thu, 4 Sep 2003 12:52:56 +0000 (12:52 +0000)]
certain changes have to be listed twice in this file because OpenSSL
0.9.6h forked into 0.9.6i and 0.9.7 ...
Ben Laurie [Thu, 4 Sep 2003 10:22:13 +0000 (10:22 +0000)]
Automagically seed FIPS PRNG. Add OPENSSL_FIPS flag.
Ben Laurie [Thu, 4 Sep 2003 09:04:24 +0000 (09:04 +0000)]
-DFIPS may be the last thing on the line.
Ben Laurie [Thu, 4 Sep 2003 07:17:43 +0000 (07:17 +0000)]
Selftests.
Dr. Stephen Henson [Wed, 3 Sep 2003 23:56:01 +0000 (23:56 +0000)]
New -ignore_err option in ocsp application to stop the server
exiting on the first error in a request.
Dr. Stephen Henson [Wed, 3 Sep 2003 23:47:34 +0000 (23:47 +0000)]
Only accept a client certificate if the server requests
one, as required by SSL/TLS specs.
Ben Laurie [Wed, 3 Sep 2003 14:11:33 +0000 (14:11 +0000)]
DSA stuff and tests.
Ben Laurie [Sun, 31 Aug 2003 09:50:11 +0000 (09:50 +0000)]
More test vectors.
Ben Laurie [Sun, 31 Aug 2003 08:52:39 +0000 (08:52 +0000)]
Add test.
Ben Laurie [Sat, 30 Aug 2003 17:28:08 +0000 (17:28 +0000)]
Handle 3DES tests.
Ben Laurie [Sat, 30 Aug 2003 15:50:26 +0000 (15:50 +0000)]
Add 3-DES CFB-r mode (no test vectors yet).
Ben Laurie [Sat, 30 Aug 2003 15:35:37 +0000 (15:35 +0000)]
Updated test vectors (probably incorrect, but who am I to question?).
Ben Laurie [Sat, 30 Aug 2003 14:49:08 +0000 (14:49 +0000)]
Oops. Need to allocate extra buffer.
Ben Laurie [Sat, 30 Aug 2003 13:19:03 +0000 (13:19 +0000)]
Build the test program when needed.
Ben Laurie [Fri, 29 Aug 2003 18:58:03 +0000 (18:58 +0000)]
Remove unused functions/data.
Dr. Stephen Henson [Thu, 21 Aug 2003 12:32:12 +0000 (12:32 +0000)]
outlen should be int * in out_utf8.
Bodo Möller [Thu, 14 Aug 2003 10:33:56 +0000 (10:33 +0000)]
fix out-of-bounds check in lock_dbg_cb (was too lose to detect all
invalid cases)
PR: 674
Richard Levitte [Thu, 14 Aug 2003 07:02:27 +0000 (07:02 +0000)]
Undo the change that left LD_LIBRARY_PATH unchanged. The errors I saw
weren't due to that, but to a change on the SCO machines I used for
testing, where my $PATH was suddenly incorrect.
Bodo Möller [Mon, 11 Aug 2003 18:56:22 +0000 (18:56 +0000)]
make sure no error is left in the queue that is intentionally ignored
Richard Levitte [Mon, 11 Aug 2003 10:31:21 +0000 (10:31 +0000)]
Make sure the order matches the command line in Makefile.ssl.
Richard Levitte [Mon, 11 Aug 2003 10:24:52 +0000 (10:24 +0000)]
- Add a configuration keyword "fips" to compile with FIPS
implementations.
- Reorder the build so the standalone FIPS SHA1 checker is built
first.
- Add necessary defines to avoid symbol clashes between FIPS and
non-FIPS implementations.
- Change necessary signatures.
- Correct bugs in FIPS build Makefiles.
- make update
cvs2svn [Fri, 8 Aug 2003 10:08:15 +0000 (10:08 +0000)]
This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
0_9_7-stable'.
Richard Levitte [Fri, 8 Aug 2003 10:08:14 +0000 (10:08 +0000)]
Avoid clashing with the regular DES functions when not compiling with
-DFIPS. This is basically only visible when building with shared
library supoort...
Richard Levitte [Thu, 7 Aug 2003 11:57:42 +0000 (11:57 +0000)]
Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:
1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
not CloseHandle.
Richard Levitte [Thu, 7 Aug 2003 11:57:21 +0000 (11:57 +0000)]
Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:
1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
not CloseHandle.
Bodo Möller [Wed, 6 Aug 2003 10:38:37 +0000 (10:38 +0000)]
add OpenSSL license
fix typo
Bodo Möller [Wed, 6 Aug 2003 10:36:25 +0000 (10:36 +0000)]
add OpenSSL license
fix typo
Richard Levitte [Mon, 4 Aug 2003 13:26:14 +0000 (13:26 +0000)]
make update
(I'm quite worried about what this will do to compatibility with
earlier 0.9.7 versions)
Richard Levitte [Mon, 4 Aug 2003 12:03:56 +0000 (12:03 +0000)]
Add an empty list of AES tests. At least, the test suite will pass,
and perhaps the conflict this generates on the person that hasn't yet
committed the real file will prompt him to do so :-).
Richard Levitte [Mon, 4 Aug 2003 10:12:38 +0000 (10:12 +0000)]
Inclusion of openssl/engine.h should always be wrapped with a check that
OPENSSL_NO_ENGINE is not defined.
Richard Levitte [Mon, 4 Aug 2003 10:12:36 +0000 (10:12 +0000)]
Inclusion of openssl/engine.h should always be wrapped with a check that
OPENSSL_NO_ENGINE is not defined.
Ben Laurie [Sun, 3 Aug 2003 12:22:35 +0000 (12:22 +0000)]
Make tests work (CFB1 still doesn't produce the right answers, strangely).
Dr. Stephen Henson [Fri, 1 Aug 2003 17:06:48 +0000 (17:06 +0000)]
Make the EFB NIDs have empty OIDs aliased to the real EFB OID.
Dr. Stephen Henson [Fri, 1 Aug 2003 13:07:29 +0000 (13:07 +0000)]
Replace C++ style comments.
Ben Laurie [Fri, 1 Aug 2003 10:31:25 +0000 (10:31 +0000)]
DES CFB8 test.
Ben Laurie [Fri, 1 Aug 2003 10:25:58 +0000 (10:25 +0000)]
Fix DES CFB-r.
Richard Levitte [Thu, 31 Jul 2003 21:41:51 +0000 (21:41 +0000)]
No C++ comments in C programs!
Richard Levitte [Thu, 31 Jul 2003 21:30:07 +0000 (21:30 +0000)]
If FDIRS is to be treated like SDIRS, let's not forget to initialize
it in Makefile.org.
Ben Laurie [Wed, 30 Jul 2003 18:30:18 +0000 (18:30 +0000)]
Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.
Ben Laurie [Tue, 29 Jul 2003 17:53:41 +0000 (17:53 +0000)]
Test vectors and useless samples.
Ben Laurie [Tue, 29 Jul 2003 17:05:16 +0000 (17:05 +0000)]
AES CFB8.
Ben Laurie [Tue, 29 Jul 2003 15:17:22 +0000 (15:17 +0000)]
Missing files.
Ben Laurie [Tue, 29 Jul 2003 14:34:48 +0000 (14:34 +0000)]
MMT for CFB1