oweals/openssl.git
19 years agoMove fips_test_suite rules from fips/Makefile to test/Makefile. FIPS_TEST_10
Andy Polyakov [Mon, 27 Jun 2005 22:08:58 +0000 (22:08 +0000)]
Move fips_test_suite rules from fips/Makefile to test/Makefile.

19 years agoEliminate dependency on UNICODE macro.
Andy Polyakov [Mon, 27 Jun 2005 21:14:15 +0000 (21:14 +0000)]
Eliminate dependency on UNICODE macro.

19 years agoFix typos in apps/apps.c.
Andy Polyakov [Mon, 27 Jun 2005 16:00:57 +0000 (16:00 +0000)]
Fix typos in apps/apps.c.

19 years agoUpdate fips_test_suite make rule.
Andy Polyakov [Sun, 26 Jun 2005 21:48:19 +0000 (21:48 +0000)]
Update fips_test_suite make rule.

19 years agoRevert RC4 parameters on IA64 from back-ported ones to original to preserve
Andy Polyakov [Sun, 26 Jun 2005 17:24:48 +0000 (17:24 +0000)]
Revert RC4 parameters on IA64 from back-ported ones to original to preserve
binary compatibility.
PR: 1114

19 years agoIA64 RC4 update from HEAD [see commentary in HEAD for details].
Andy Polyakov [Sun, 26 Jun 2005 16:25:25 +0000 (16:25 +0000)]
IA64 RC4 update from HEAD [see commentary in HEAD for details].
PR: 1114

19 years agoAdd Argen root CAs.
Dr. Stephen Henson [Fri, 24 Jun 2005 10:52:18 +0000 (10:52 +0000)]
Add Argen root CAs.

19 years agoSomeone did some cutting and pasting and didn't quite finish the job :-).
Richard Levitte [Fri, 24 Jun 2005 05:13:13 +0000 (05:13 +0000)]
Someone did some cutting and pasting and didn't quite finish the job :-).

Notified by Steffen Pankratz <kratz00@gmx.de>

19 years agoChange dir_ctrl to check for the environment variable before using the default
Richard Levitte [Thu, 23 Jun 2005 21:15:06 +0000 (21:15 +0000)]
Change dir_ctrl to check for the environment variable before using the default
directory instead of the other way around.

PR: 1131

19 years agoOID database had a NULL entry for NID 666. Add a real OID in its place.
Dr. Stephen Henson [Wed, 22 Jun 2005 17:24:32 +0000 (17:24 +0000)]
OID database had a NULL entry for NID 666. Add a real OID in its place.

19 years agoDo no try to pretend we're at the end of anything unless we're at the end
Richard Levitte [Mon, 20 Jun 2005 22:11:21 +0000 (22:11 +0000)]
Do no try to pretend we're at the end of anything unless we're at the end
of a 4-character block.

19 years agoCheck for 'usage' and 'Usage'.
Richard Levitte [Mon, 20 Jun 2005 20:45:44 +0000 (20:45 +0000)]
Check for 'usage' and 'Usage'.
Submitted by Tim Rice <tim@multitalents.net>.  His comment is:

I noticed "make report" didn't show the cc version on most of
my System V platforms. This patch corrects this.

19 years agoAdd crypto/bn/bn_prime.h to the collection of generated files. In the
Richard Levitte [Mon, 20 Jun 2005 04:29:54 +0000 (04:29 +0000)]
Add crypto/bn/bn_prime.h to the collection of generated files.  In the
update target, place the dependency on depend last, so all necessary files
are generated *before* the dependencies are figured out.

PR: 1121

19 years agoWith DJGPP, it seems like the return code from grep, even when in the
Richard Levitte [Sun, 19 Jun 2005 20:31:22 +0000 (20:31 +0000)]
With DJGPP, it seems like the return code from grep, even when in the
middle of a pipe, is noted.  Counter that by forcing a true return code
when the return code has no importance.

PR: 1085

19 years agoUndefine DECRANDOM before redefining it.
Richard Levitte [Sun, 19 Jun 2005 20:20:29 +0000 (20:20 +0000)]
Undefine DECRANDOM before redefining it.

PR: 1110

19 years agoDon't put C++ comments in a C file.
Richard Levitte [Sun, 19 Jun 2005 20:00:47 +0000 (20:00 +0000)]
Don't put C++ comments in a C file.

19 years agoAdd better documentation on how id_function() should be defined and what
Richard Levitte [Sat, 18 Jun 2005 05:52:20 +0000 (05:52 +0000)]
Add better documentation on how id_function() should be defined and what
issues there are.

PR: 1096

19 years agoMove the definition of DEVRANDOM for DJGPP from Configure to e_os.h.
Richard Levitte [Sat, 18 Jun 2005 04:42:29 +0000 (04:42 +0000)]
Move the definition of DEVRANDOM for DJGPP from Configure to e_os.h.
That should solve the issues with propagating it through the Makefiles.

PR: 1110

19 years agoOnly define ZLIB_SHARED if it hasn't already been defined (on the command
Richard Levitte [Sat, 18 Jun 2005 04:32:18 +0000 (04:32 +0000)]
Only define ZLIB_SHARED if it hasn't already been defined (on the command
line, for example).

PR: 1112

19 years agoHave pod2man.pl accept '=for comment ...' before the '=head1 NAME' line.
Richard Levitte [Sat, 18 Jun 2005 04:27:11 +0000 (04:27 +0000)]
Have pod2man.pl accept '=for comment ...' before the '=head1 NAME' line.

PR: 1113

19 years agoclear dso pointer in case of an error
Nils Larsch [Fri, 17 Jun 2005 21:14:35 +0000 (21:14 +0000)]
clear dso pointer in case of an error

PR: 816

19 years agoupdate for the cswift engine:
Nils Larsch [Fri, 17 Jun 2005 20:26:07 +0000 (20:26 +0000)]
update for the cswift engine:
- fix the problem described in bug report 825
- fix a segfault when the engine fails to initialize
- let the engine switch to software when keysize > 2048

PR: 825, 826
Submitted by: Frédéric Giudicelli

19 years agoDo not undefine _XOPEN_SOURCE. This is currently experimental, and
Richard Levitte [Thu, 16 Jun 2005 22:21:39 +0000 (22:21 +0000)]
Do not undefine _XOPEN_SOURCE.  This is currently experimental, and
will be firmed up as soon as it's been verified not to break anything.

19 years agoMake sure detached fingerprints are installed [as well as minor cygwin
Andy Polyakov [Tue, 14 Jun 2005 12:29:34 +0000 (12:29 +0000)]
Make sure detached fingerprints are installed [as well as minor cygwin
and hpux updates].

19 years agoMake human-readable error messages more human-friendly.
Andy Polyakov [Tue, 14 Jun 2005 12:18:47 +0000 (12:18 +0000)]
Make human-readable error messages more human-friendly.

19 years agoupdate FAQ
Nils Larsch [Mon, 13 Jun 2005 08:38:29 +0000 (08:38 +0000)]
update FAQ

19 years agoShow what the offending target was.
Richard Levitte [Mon, 13 Jun 2005 02:38:07 +0000 (02:38 +0000)]
Show what the offending target was.

PR: 1108

19 years agoDefault sensibly when in FIPS mode.
Ben Laurie [Fri, 10 Jun 2005 20:49:10 +0000 (20:49 +0000)]
Default sensibly when in FIPS mode.

19 years ago- let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an
Nils Larsch [Fri, 10 Jun 2005 20:00:39 +0000 (20:00 +0000)]
- let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an
  error if the cipher list is empty
- fix last commit in ssl_create_cipher_list
- clean up ssl_create_cipher_list

19 years agoRemove CRs from files.
Dr. Stephen Henson [Fri, 10 Jun 2005 00:41:25 +0000 (00:41 +0000)]
Remove CRs from files.

19 years agoEliminate gcc -pedantic warnings.
Andy Polyakov [Thu, 9 Jun 2005 21:37:30 +0000 (21:37 +0000)]
Eliminate gcc -pedantic warnings.

19 years agoAllow for dso load by explicit path on HP-UX.
Andy Polyakov [Thu, 9 Jun 2005 20:47:41 +0000 (20:47 +0000)]
Allow for dso load by explicit path on HP-UX.

19 years agouse "=" instead of "|=", fix typo
Nils Larsch [Wed, 8 Jun 2005 22:24:27 +0000 (22:24 +0000)]
use "=" instead of "|=", fix typo

19 years agoAvoid endless loops. Really, we were using the same variable for two
Richard Levitte [Wed, 8 Jun 2005 21:59:51 +0000 (21:59 +0000)]
Avoid endless loops.  Really, we were using the same variable for two
different conditions...

19 years agoFix couple gcc 4 warnings, reformat comment.
Andy Polyakov [Wed, 8 Jun 2005 21:27:34 +0000 (21:27 +0000)]
Fix couple gcc 4 warnings, reformat comment.

19 years agossl_create_cipher_list should return an error if no cipher could be
Nils Larsch [Wed, 8 Jun 2005 21:16:32 +0000 (21:16 +0000)]
ssl_create_cipher_list should return an error if no cipher could be
collected (see SSL_CTX_set_cipher_list manpage). Fix handling of
"cipher1+cipher2" expressions in ssl_cipher_process_rulestr.

PR: 836 + 1005

19 years agoMask new fips_*vs test programs in non-fips builds.
Andy Polyakov [Tue, 7 Jun 2005 19:56:52 +0000 (19:56 +0000)]
Mask new fips_*vs test programs in non-fips builds.

19 years agoSimplify ssltest compile rule.
Andy Polyakov [Tue, 7 Jun 2005 16:36:52 +0000 (16:36 +0000)]
Simplify ssltest compile rule.

19 years agoSimplified shortcut from FIPS_mode_set.
Andy Polyakov [Tue, 7 Jun 2005 16:36:21 +0000 (16:36 +0000)]
Simplified shortcut from FIPS_mode_set.

19 years agoFix typos and add missing lines in Makefile. FIPS_TEST_9
Andy Polyakov [Tue, 7 Jun 2005 14:08:54 +0000 (14:08 +0000)]
Fix typos and add missing lines in Makefile.

19 years agoInitial support for DSO FIPS fingerprinting.
Andy Polyakov [Tue, 7 Jun 2005 12:39:27 +0000 (12:39 +0000)]
Initial support for DSO FIPS fingerprinting.

19 years agoAd-hoc DSO_pathbyaddr for selected platforms from HEAD in FIPS context.
Andy Polyakov [Tue, 7 Jun 2005 10:49:35 +0000 (10:49 +0000)]
Ad-hoc DSO_pathbyaddr for selected platforms from HEAD in FIPS context.

19 years agoSet OPENSSL_PIC flags for shared builds [from HEAD].
Andy Polyakov [Tue, 7 Jun 2005 10:48:24 +0000 (10:48 +0000)]
Set OPENSSL_PIC flags for shared builds [from HEAD].

19 years agoUpdate from head.
Dr. Stephen Henson [Mon, 6 Jun 2005 22:42:35 +0000 (22:42 +0000)]
Update from head.

19 years agoDelete test error print.
Dr. Stephen Henson [Mon, 6 Jun 2005 18:05:00 +0000 (18:05 +0000)]
Delete test error print.

19 years agoSkipping all tests just because one algorithm is disabled seems a bit harsch.
Richard Levitte [Mon, 6 Jun 2005 08:38:13 +0000 (08:38 +0000)]
Skipping all tests just because one algorithm is disabled seems a bit harsch.

PR: 1089

19 years agoDon't mention Makefile.ssl and don't mention Solaris x86 ld bug, as it's
Andy Polyakov [Mon, 6 Jun 2005 08:38:03 +0000 (08:38 +0000)]
Don't mention Makefile.ssl and don't mention Solaris x86 ld bug, as it's
not relevant in 0.9.7 context.

19 years agoDocument the change.
Richard Levitte [Sun, 5 Jun 2005 23:17:53 +0000 (23:17 +0000)]
Document the change.

19 years agoRemove the incorrect installation of '%{openssldir}/lib'.
Richard Levitte [Sun, 5 Jun 2005 23:15:18 +0000 (23:15 +0000)]
Remove the incorrect installation of '%{openssldir}/lib'.

PR: 1074

19 years agoOld typo...
Richard Levitte [Sun, 5 Jun 2005 21:54:59 +0000 (21:54 +0000)]
Old typo...

PR: 1097

19 years ago./PROBLEMS update from HEAD.
Andy Polyakov [Sun, 5 Jun 2005 18:09:24 +0000 (18:09 +0000)]
./PROBLEMS update from HEAD.

19 years agoThe macro THREADS was changed to OPENSSL_THREADS a long time ago.
Richard Levitte [Sat, 4 Jun 2005 08:44:05 +0000 (08:44 +0000)]
The macro THREADS was changed to OPENSSL_THREADS a long time ago.

PR: 1096

19 years agoUse correct config file environment variable.
Dr. Stephen Henson [Thu, 2 Jun 2005 23:16:33 +0000 (23:16 +0000)]
Use correct config file environment variable.

19 years agoTypo.
Dr. Stephen Henson [Thu, 2 Jun 2005 20:30:03 +0000 (20:30 +0000)]
Typo.

19 years agoAdd CHANGES entry for PSS and X9.31 padding.
Dr. Stephen Henson [Thu, 2 Jun 2005 20:08:30 +0000 (20:08 +0000)]
Add CHANGES entry for PSS and X9.31 padding.

19 years agofips/*/Makefile updates to accomodate new VSes.
Andy Polyakov [Thu, 2 Jun 2005 19:15:15 +0000 (19:15 +0000)]
fips/*/Makefile updates to accomodate new VSes.

19 years agoSynchronise some more with the Unix build.
Richard Levitte [Thu, 2 Jun 2005 19:08:41 +0000 (19:08 +0000)]
Synchronise some more with the Unix build.

19 years agoMake PSS more flexible, most notably assign special meaning to negative
Andy Polyakov [Thu, 2 Jun 2005 18:07:16 +0000 (18:07 +0000)]
Make PSS more flexible, most notably assign special meaning to negative
sLen values: -1 -> sLen = hLen, -2 -> sLen autochosen/autorecovered.

19 years agoComply with .sam[ple].
Andy Polyakov [Thu, 2 Jun 2005 18:01:09 +0000 (18:01 +0000)]
Comply with .sam[ple].

19 years agoRemove redundant reference, which produces a warning (??) in gcc 3.4.2.
Dr. Stephen Henson [Thu, 2 Jun 2005 01:18:25 +0000 (01:18 +0000)]
Remove redundant reference, which produces a warning (??) in gcc 3.4.2.

19 years agoUpdate symbols. Add #ifdef OPENSSL_FIPS in various places.
Dr. Stephen Henson [Thu, 2 Jun 2005 00:09:25 +0000 (00:09 +0000)]
Update symbols. Add #ifdef OPENSSL_FIPS in various places.

19 years agoFixes for unusual key lengths an PSS.
Dr. Stephen Henson [Wed, 1 Jun 2005 22:06:46 +0000 (22:06 +0000)]
Fixes for unusual key lengths an PSS.

19 years agoclear error queue on success and return NULL if cert could be read
Nils Larsch [Wed, 1 Jun 2005 08:36:38 +0000 (08:36 +0000)]
clear error queue on success and return NULL if cert could be read

PR: 1088

19 years agofix assertion
Nils Larsch [Tue, 31 May 2005 20:39:54 +0000 (20:39 +0000)]
fix assertion

19 years agoSynchronise with the Unix build...
Richard Levitte [Tue, 31 May 2005 20:29:23 +0000 (20:29 +0000)]
Synchronise with the Unix build...

19 years agoPreliminary support for X9.31 RSA key generation for FIPS.
Dr. Stephen Henson [Tue, 31 May 2005 12:38:03 +0000 (12:38 +0000)]
Preliminary support for X9.31 RSA key generation for FIPS.

Included prime derivation, random prime generation, test program and
new option to genrsa.

19 years agoSynchronise with Unixly build
Richard Levitte [Mon, 30 May 2005 22:26:22 +0000 (22:26 +0000)]
Synchronise with Unixly build

19 years agomake update
Dr. Stephen Henson [Sun, 29 May 2005 12:30:21 +0000 (12:30 +0000)]
make update

19 years agoStop warnings.
Dr. Stephen Henson [Sun, 29 May 2005 12:22:05 +0000 (12:22 +0000)]
Stop warnings.

19 years agoWe have some source with \r\n as line ends. DEC C informs about that,
Richard Levitte [Sun, 29 May 2005 12:13:05 +0000 (12:13 +0000)]
We have some source with \r\n as line ends.  DEC C informs about that,
and I really can't be bothered...

19 years agoAdd X9.31 signature support, mainly for FIPS140. Add new option to rsautl and
Dr. Stephen Henson [Sat, 28 May 2005 20:15:48 +0000 (20:15 +0000)]
Add X9.31 signature support, mainly for FIPS140. Add new option to rsautl and
include options to use X9.31 in tests.

19 years agoAdd PSS support to tests.
Dr. Stephen Henson [Sat, 28 May 2005 11:18:44 +0000 (11:18 +0000)]
Add PSS support to tests.

19 years agoAdd PSS support. Minimal at this stage for FIPS140.
Dr. Stephen Henson [Fri, 27 May 2005 21:59:52 +0000 (21:59 +0000)]
Add PSS support. Minimal at this stage for FIPS140.

19 years agoError checking.
Dr. Stephen Henson [Fri, 27 May 2005 21:22:48 +0000 (21:22 +0000)]
Error checking.

19 years agoUse BN_with_flags() in a cleaner way.
Bodo Möller [Fri, 27 May 2005 15:39:15 +0000 (15:39 +0000)]
Use BN_with_flags() in a cleaner way.

Complete previous change:
Constant time DSA [sync with mainstream].

19 years agoConstant-time RSA [sync with mainstream].
Andy Polyakov [Fri, 27 May 2005 08:12:44 +0000 (08:12 +0000)]
Constant-time RSA [sync with mainstream].

Submitted by: bodo

19 years agoConstant time DH [sync with mainstream].
Andy Polyakov [Fri, 27 May 2005 08:11:16 +0000 (08:11 +0000)]
Constant time DH [sync with mainstream].

Submitted by: bodo

19 years agoConstant-time DSA signing [sync with mainstream].
Andy Polyakov [Fri, 27 May 2005 06:42:11 +0000 (06:42 +0000)]
Constant-time DSA signing [sync with mainstream].

Submitted by: bodo

19 years agofips/sha1 -> fips/sha remains.
Andy Polyakov [Thu, 26 May 2005 23:09:02 +0000 (23:09 +0000)]
fips/sha1 -> fips/sha remains.

19 years agoRemove fips/sha1/*.
Andy Polyakov [Thu, 26 May 2005 23:01:20 +0000 (23:01 +0000)]
Remove fips/sha1/*.

19 years agoThrow in SHAmix test vectors.
Andy Polyakov [Thu, 26 May 2005 22:17:55 +0000 (22:17 +0000)]
Throw in SHAmix test vectors.

19 years agoRename fips/sha1 to fips/sha.
Andy Polyakov [Thu, 26 May 2005 21:29:10 +0000 (21:29 +0000)]
Rename fips/sha1 to fips/sha.

19 years agoAllow zero length messages and make format look more like samples.
Dr. Stephen Henson [Thu, 26 May 2005 18:48:24 +0000 (18:48 +0000)]
Allow zero length messages and make format look more like samples.

19 years agoFIPS SHA* test for new format.
Dr. Stephen Henson [Thu, 26 May 2005 18:31:53 +0000 (18:31 +0000)]
FIPS SHA* test for new format.

19 years agomake sure DSA signing exponentiations really are constant-time
Bodo Möller [Thu, 26 May 2005 04:40:42 +0000 (04:40 +0000)]
make sure DSA signing exponentiations really are constant-time

19 years agoSynchronise with Unix build. BEN_FIPS_TEST_8
Richard Levitte [Tue, 24 May 2005 03:50:47 +0000 (03:50 +0000)]
Synchronise with Unix build.

19 years agoTypo correction
Richard Levitte [Tue, 24 May 2005 03:27:18 +0000 (03:27 +0000)]
Typo correction

19 years agoWhen _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in
Richard Levitte [Sat, 21 May 2005 17:39:48 +0000 (17:39 +0000)]
When _XOPEN_SOURCE is defined, make sure it's defined to 500.  Required in
http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html.

Notified by David Wolfe <dwolfe5272@yahoo.com>

19 years agofips_check_rsa update.
Andy Polyakov [Thu, 19 May 2005 22:29:55 +0000 (22:29 +0000)]
fips_check_rsa update.

19 years agoPlace #ifdef OPENSSL_FIPS round the SHA-XXX functions in evp.h so mkdef.pl
Dr. Stephen Henson [Tue, 17 May 2005 19:48:42 +0000 (19:48 +0000)]
Place #ifdef OPENSSL_FIPS round the SHA-XXX functions in evp.h so mkdef.pl
knows about it.

19 years agoSHA-XXX are available in FIPS context only in 0.9.7.
Andy Polyakov [Tue, 17 May 2005 06:57:14 +0000 (06:57 +0000)]
SHA-XXX are available in FIPS context only in 0.9.7.

19 years agofix memory leak (BIO_free_all needs pointer to first BIO)
Bodo Möller [Tue, 17 May 2005 05:52:18 +0000 (05:52 +0000)]
fix memory leak (BIO_free_all needs pointer to first BIO)

PR: 1070

19 years agoChange wording for BN_mod_exp_mont_consttime() entry
Bodo Möller [Mon, 16 May 2005 19:14:38 +0000 (19:14 +0000)]
Change wording for BN_mod_exp_mont_consttime() entry

19 years agoRemove redundant test. Add new SHAXXX algorithms to mkdef.pl, update
Dr. Stephen Henson [Mon, 16 May 2005 17:52:32 +0000 (17:52 +0000)]
Remove redundant test. Add new SHAXXX algorithms to mkdef.pl, update
symbol info.

19 years agoImplement fixed-window exponentiation to mitigate hyper-threading
Bodo Möller [Mon, 16 May 2005 01:26:08 +0000 (01:26 +0000)]
Implement fixed-window exponentiation to mitigate hyper-threading
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller

19 years agoSynchronise with the Unixly build.
Richard Levitte [Sun, 15 May 2005 09:20:15 +0000 (09:20 +0000)]
Synchronise with the Unixly build.

19 years agoFix from HEAD.
Dr. Stephen Henson [Sat, 14 May 2005 12:59:05 +0000 (12:59 +0000)]
Fix from HEAD.

19 years agoFixes from HEAD.
Dr. Stephen Henson [Fri, 13 May 2005 00:23:02 +0000 (00:23 +0000)]
Fixes from HEAD.

19 years agoFix from HEAD.
Dr. Stephen Henson [Thu, 12 May 2005 23:13:40 +0000 (23:13 +0000)]
Fix from HEAD.

19 years agoTypo.
Dr. Stephen Henson [Thu, 12 May 2005 17:27:48 +0000 (17:27 +0000)]
Typo.