Dr. Stephen Henson [Wed, 24 Nov 2004 01:21:57 +0000 (01:21 +0000)]
Check return code of EVP_CipherInit() in PKCS#12 code.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:40:32 +0000 (21:40 +0000)]
Typo.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:22:54 +0000 (21:22 +0000)]
Fix memory leak.
Dr. Stephen Henson [Wed, 17 Nov 2004 18:36:43 +0000 (18:36 +0000)]
In "req" exit immediately if configuration file is needed and it can't
be loaded instead of giving the misleading:
"unable to find 'distinguised_name' in config"
error message.
Dr. Stephen Henson [Sun, 14 Nov 2004 15:40:25 +0000 (15:40 +0000)]
PR: 940
Typo: use prompt_info, not cb_data->prompt_info.
Dr. Stephen Henson [Sun, 14 Nov 2004 15:11:16 +0000 (15:11 +0000)]
PR: 923
Typo.
Dr. Stephen Henson [Sun, 14 Nov 2004 13:55:48 +0000 (13:55 +0000)]
PR: 938
Typo.
Dr. Stephen Henson [Sat, 13 Nov 2004 23:56:15 +0000 (23:56 +0000)]
Zap obsolete der_chop script.
Dr. Stephen Henson [Sat, 13 Nov 2004 13:52:34 +0000 (13:52 +0000)]
PR: 959
Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
Dr. Stephen Henson [Sat, 13 Nov 2004 13:38:58 +0000 (13:38 +0000)]
PR: 969
Submitted by: David Holmes <davidh@3blackdogs.com>
Dr. Stephen Henson [Sat, 13 Nov 2004 13:26:24 +0000 (13:26 +0000)]
Fix x509.c so it creates serial number file again if no
serial number is supplied on command line.
Richard Levitte [Thu, 11 Nov 2004 19:36:25 +0000 (19:36 +0000)]
Cut'n'paste mistake. All tested OK now...
Richard Levitte [Thu, 11 Nov 2004 18:57:30 +0000 (18:57 +0000)]
Whoops, syntactic mistake...
Richard Levitte [Thu, 11 Nov 2004 18:18:10 +0000 (18:18 +0000)]
Some find it confusing that environment variables are set when shared
libraries aren't built or used. I can see the point, so I'm
reorganising a little for clarity.
Dr. Stephen Henson [Thu, 11 Nov 2004 13:46:44 +0000 (13:46 +0000)]
Use the default_md config file value when signing CRLs.
PR:662
Dr. Stephen Henson [Thu, 11 Nov 2004 02:12:48 +0000 (02:12 +0000)]
Don't return an error with crl -noout.
PR:917
Sumbmitted by: Michael Konietzka <konietzka@schlund.de>
Dr. Stephen Henson [Thu, 11 Nov 2004 01:18:57 +0000 (01:18 +0000)]
The use of "exp" as a variable name in a prototype causes a conflict with FC2
headers.
Richard Levitte [Fri, 5 Nov 2004 09:12:18 +0000 (09:12 +0000)]
Make sure LD_PRELOAD is only set when we build shared libraries (and
therefore link with them). Add LD_PRELOAD setting code where it was
still missing.
PR: 966
Richard Levitte [Tue, 2 Nov 2004 23:53:31 +0000 (23:53 +0000)]
Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
Richard Levitte [Tue, 2 Nov 2004 01:13:02 +0000 (01:13 +0000)]
Because -rpath/-R may have been used, our settings of LD_LIBRARY_PATH
and friends may be entirely useless. In such a case, LD_PRELOAD is
the answer, at least on platforms using LD_LIBRARY_PATH. There might
be other variables to set on other platforms, please fill us in...
For now, we only do this with the tests, so they won't fail for silly
reasons like getting dynamically linked to older installed libraries
rather than the newly built ones...
PR: 960
Richard Levitte [Mon, 1 Nov 2004 08:20:28 +0000 (08:20 +0000)]
Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if not
already defined.
Richard Levitte [Mon, 1 Nov 2004 07:58:43 +0000 (07:58 +0000)]
Make sure memmove() is defined, even on SunOS 4.1.4.
PR: 963
Dr. Stephen Henson [Tue, 26 Oct 2004 13:01:37 +0000 (13:01 +0000)]
Only add fips/dh once...
Richard Levitte [Tue, 26 Oct 2004 12:17:25 +0000 (12:17 +0000)]
fips/dh was missing in mkfiles.pl.
make update
Dr. Stephen Henson [Tue, 26 Oct 2004 11:47:14 +0000 (11:47 +0000)]
Add fips/dh directory to mkfiles.pl
Dr. Stephen Henson [Mon, 25 Oct 2004 11:31:28 +0000 (11:31 +0000)]
Change version numbers to 0.9.7f-dev
Dr. Stephen Henson [Mon, 25 Oct 2004 11:24:39 +0000 (11:24 +0000)]
Updates for 0.9.7e release.
Dr. Stephen Henson [Mon, 25 Oct 2004 11:15:49 +0000 (11:15 +0000)]
Fix race condition.
Dr. Stephen Henson [Mon, 25 Oct 2004 00:04:22 +0000 (00:04 +0000)]
make update
Dr. Stephen Henson [Wed, 20 Oct 2004 17:24:06 +0000 (17:24 +0000)]
Stop VC++ complaining...
Dr. Stephen Henson [Wed, 20 Oct 2004 00:54:27 +0000 (00:54 +0000)]
Update NEWS file.
Dr. Stephen Henson [Wed, 20 Oct 2004 00:48:15 +0000 (00:48 +0000)]
Typo.
Richard Levitte [Thu, 14 Oct 2004 05:52:07 +0000 (05:52 +0000)]
make update
Richard Levitte [Thu, 14 Oct 2004 05:51:15 +0000 (05:51 +0000)]
We need to check for OPENSSL_FIPS when building shared libraries, so
we get correct transfer vectors for those functions when required.
Richard Levitte [Thu, 14 Oct 2004 05:49:01 +0000 (05:49 +0000)]
Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up. Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.
Ben Laurie [Fri, 8 Oct 2004 10:03:57 +0000 (10:03 +0000)]
Update fingerprints.
Dr. Stephen Henson [Mon, 4 Oct 2004 17:28:57 +0000 (17:28 +0000)]
Oops..
Dr. Stephen Henson [Mon, 4 Oct 2004 16:27:36 +0000 (16:27 +0000)]
Fix race condition when CRL checking is enabled.
Dr. Stephen Henson [Fri, 1 Oct 2004 11:34:28 +0000 (11:34 +0000)]
Update debug-steve
Andy Polyakov [Tue, 28 Sep 2004 20:52:14 +0000 (20:52 +0000)]
Fix Solaris 10_x86 shared build. -Bsymbolic is required to avoid
"remaining relocations" in assembler modules. The latter seems to
be new behaviour, elder as/ld managed to resolve this relocations
as internal. It's possible to address this problem differently,
but I settle for -Bsymbolic...
PR: 946
Richard Levitte [Tue, 28 Sep 2004 11:25:11 +0000 (11:25 +0000)]
usr/doc has recently changed to usr/share/doc on Cygwin.
Notified by Corinna Vinschen <vinschen@redhat.com>
Dr. Stephen Henson [Wed, 15 Sep 2004 23:38:45 +0000 (23:38 +0000)]
Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap().
Dr. Stephen Henson [Mon, 13 Sep 2004 22:39:49 +0000 (22:39 +0000)]
Oops, forgot to reorder extension request nids.
Dr. Stephen Henson [Mon, 13 Sep 2004 22:30:31 +0000 (22:30 +0000)]
ASN1_STRING_to_UTF8() assumed that the MBSTRING_* flags were of
the form MBSTRING_FLAG|nbyte where "nbyte" is the number of
bytes per character.
Unfortunately this isn't so and we can't change the #defines because
this would break binary compatibility, so for 0.9.7X only translate
between the two.
Richard Levitte [Sat, 11 Sep 2004 09:45:41 +0000 (09:45 +0000)]
Makefile.ssl changed name to Makefile...
Dr. Stephen Henson [Fri, 10 Sep 2004 20:27:45 +0000 (20:27 +0000)]
Stop warning.
Dr. Stephen Henson [Fri, 10 Sep 2004 20:26:30 +0000 (20:26 +0000)]
When looking for request extensions in a certificate look first
for the PKCS#9 OID then the non standard MS OID.
Richard Levitte [Mon, 6 Sep 2004 14:21:14 +0000 (14:21 +0000)]
num is an unsigned long, but since it was transfered from
crypto/sha/sha_locl.h, where it is in fact an int, we need to check
for less-than-zero as if it was an int...
Richard Levitte [Mon, 6 Sep 2004 14:19:59 +0000 (14:19 +0000)]
Replace the bogus checks of n with proper uses of feof(), ferror() and
clearerr().
Andy Polyakov [Mon, 23 Aug 2004 22:28:27 +0000 (22:28 +0000)]
Sync aes_ctr.c with HEAD.
Richard Levitte [Wed, 18 Aug 2004 15:48:22 +0000 (15:48 +0000)]
'compatibility', not 'computability' :-)...
Richard Levitte [Wed, 11 Aug 2004 20:34:12 +0000 (20:34 +0000)]
Another missing module in the VMS build files. I believe this is the
last, though...
Richard Levitte [Wed, 11 Aug 2004 17:41:17 +0000 (17:41 +0000)]
Stupid casts...
Dr. Stephen Henson [Wed, 11 Aug 2004 17:24:42 +0000 (17:24 +0000)]
Update FAQ.
Dr. Stephen Henson [Tue, 10 Aug 2004 17:40:31 +0000 (17:40 +0000)]
Make ASN1_INTEGER_cmp() work as expected with negative integers.
Richard Levitte [Tue, 10 Aug 2004 10:04:13 +0000 (10:04 +0000)]
With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED to
get struct timeval and gettimeofday().
Richard Levitte [Tue, 10 Aug 2004 09:11:07 +0000 (09:11 +0000)]
Update the VMS fips library builder with the DH library.
Richard Levitte [Tue, 10 Aug 2004 09:09:08 +0000 (09:09 +0000)]
make update
Richard Levitte [Mon, 9 Aug 2004 12:14:08 +0000 (12:14 +0000)]
Correct typos and include directory specifications.
Richard Levitte [Mon, 9 Aug 2004 12:13:36 +0000 (12:13 +0000)]
In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM...
Dr. Stephen Henson [Fri, 6 Aug 2004 12:43:54 +0000 (12:43 +0000)]
In ca.c setup engine after autoconfig so any dynamic engines are visible.
Dr. Stephen Henson [Thu, 5 Aug 2004 18:11:43 +0000 (18:11 +0000)]
Stop compiler giving bogus shadow warning.
Dr. Stephen Henson [Thu, 5 Aug 2004 18:10:46 +0000 (18:10 +0000)]
Don't ignore return values of EVP_DigestInit_ex() in md BIOs and dgst.
Richard Levitte [Mon, 2 Aug 2004 14:15:07 +0000 (14:15 +0000)]
Let's lock a write lock when changing values, shall we?
Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk> for making
me aware of this error.
Richard Levitte [Fri, 30 Jul 2004 14:38:02 +0000 (14:38 +0000)]
To protect FIPS-related global variables, add locking mechanisms
around them.
NOTE: because two new locks are added, this adds potential binary
incompatibility with earlier versions in the 0.9.7 series. However,
those locks will only ever be touched when FIPS_mode_set() is called
and after, thanks to a variable that's only changed from 0 to 1 once
(when FIPS_mode_set() is called). So basically, as long as FIPS mode
hasn't been engaged explicitely by the calling application, the new
locks are treated as if they didn't exist at all, thus not becoming a
problem. Applications that are built or rebuilt to use FIPS
functionality will need to be recompiled in any case, thus not being a
problem either.
Richard Levitte [Thu, 29 Jul 2004 22:26:57 +0000 (22:26 +0000)]
We're building crypto stuff, not ssl stuff. Additionally, we're in
the fips subdirectory, not the crypto one...
Richard Levitte [Thu, 29 Jul 2004 22:26:03 +0000 (22:26 +0000)]
We build the crypto stuff, not the ssl stuff, in this command procedure...
Richard Levitte [Wed, 28 Jul 2004 13:47:58 +0000 (13:47 +0000)]
Define OPENSSL_FIPS in opensslconf.h if a logical name with the same
name is defined.
Go up one directory level before dealing with FIPS stuff.
Richard Levitte [Wed, 28 Jul 2004 02:24:48 +0000 (02:24 +0000)]
From the FIPS directory, darnit!
Dr. Stephen Henson [Tue, 27 Jul 2004 18:28:49 +0000 (18:28 +0000)]
New cipher "strength" FIPS which specifies that a
cipher suite is FIPS compatible.
New cipherstring "FIPS" is all FIPS compatible ciphersuites except eNULL.
Only allow FIPS ciphersuites in FIPS mode.
Richard Levitte [Tue, 27 Jul 2004 14:09:13 +0000 (14:09 +0000)]
Typo
Richard Levitte [Tue, 27 Jul 2004 13:58:25 +0000 (13:58 +0000)]
The compiler may complain about what looks like a double definition of a
static variable
Dr. Stephen Henson [Tue, 27 Jul 2004 12:22:08 +0000 (12:22 +0000)]
Rename libcrypto.sha1 to libcrypto.a.sha1
Dr. Stephen Henson [Tue, 27 Jul 2004 00:20:41 +0000 (00:20 +0000)]
Add FIPS name to error library.
Dr. Stephen Henson [Tue, 27 Jul 2004 00:17:46 +0000 (00:17 +0000)]
Stop compiler warnings.
Andy Polyakov [Sat, 24 Jul 2004 13:40:47 +0000 (13:40 +0000)]
Add casts where casts due. It's "safe" to cast, because "wrong" casts
will either be optimized away or never performed. The trouble is that
compiler first parses code, then optimizes, not both at once...
Ben Laurie [Fri, 23 Jul 2004 13:20:32 +0000 (13:20 +0000)]
Convert to X9.31.
Andy Polyakov [Thu, 22 Jul 2004 16:39:48 +0000 (16:39 +0000)]
Proper WinCE support for listing files. "Backported" from HEAD.
Dr. Stephen Henson [Wed, 21 Jul 2004 17:41:26 +0000 (17:41 +0000)]
When in FIPS mode write private keys in PKCS#8 and PBES2 format to
avoid use of prohibited MD5 algorithm.
Dr. Stephen Henson [Wed, 21 Jul 2004 17:35:49 +0000 (17:35 +0000)]
Avoid compiler warnings.
Andy Polyakov [Wed, 21 Jul 2004 17:18:53 +0000 (17:18 +0000)]
Make rand_win.c UNICODE savvy. "Backport" from HEAD.
Richard Levitte [Mon, 19 Jul 2004 07:49:47 +0000 (07:49 +0000)]
Since version 7.0, The C RTL in VMS handles time in terms of UTC
instead of local time.
Andy Polyakov [Sat, 17 Jul 2004 13:27:38 +0000 (13:27 +0000)]
Sync with HEAD. Up to >20% overall performance improvement.
Andy Polyakov [Sat, 17 Jul 2004 12:54:54 +0000 (12:54 +0000)]
IA-64 is intolerant to misaligned access. It was a problem on Win64 as
we were mislead by _MSC_VER macro, which is defined by *all* Windows
Microsoft compilers.
Andy Polyakov [Sat, 17 Jul 2004 12:48:35 +0000 (12:48 +0000)]
Eliminate enforced -g from CFLAGS. It switches off optimization with some
compilers, e.g. DEC C.
Ben Laurie [Mon, 12 Jul 2004 17:59:50 +0000 (17:59 +0000)]
Corrected test program.
Richard Levitte [Mon, 12 Jul 2004 12:25:56 +0000 (12:25 +0000)]
I think it could be a good thing to know what went wrong with the tests...
Bodo Möller [Mon, 12 Jul 2004 06:24:21 +0000 (06:24 +0000)]
improve wording
Bodo Möller [Sun, 11 Jul 2004 09:29:41 +0000 (09:29 +0000)]
BIS correction/addition
Richard Levitte [Thu, 8 Jul 2004 08:32:51 +0000 (08:32 +0000)]
o_str.c: Windows doesn't have <strings.h>, and since we use _strnicmp() and
_stricmp() on that platform, use the appropriate header file for it,
<string.h>.
o_str.h: we only want to get size_t, which is defined in <stddef.h>.
Philippe Bougeret <philippe.bougeret@freesbee.fr> notified us about Windows
not having a <strings.h>
Dr. Stephen Henson [Tue, 6 Jul 2004 17:26:33 +0000 (17:26 +0000)]
Delta CRL support in extension code.
Dr. Stephen Henson [Tue, 6 Jul 2004 17:25:11 +0000 (17:25 +0000)]
Ooops, missed part of PKCS#8 patch.
Dr. Stephen Henson [Sun, 4 Jul 2004 16:36:58 +0000 (16:36 +0000)]
Fix memory leak.
Dr. Stephen Henson [Thu, 1 Jul 2004 18:50:12 +0000 (18:50 +0000)]
Don't try to parse none string types.
Richard Levitte [Thu, 1 Jul 2004 12:33:44 +0000 (12:33 +0000)]
Explain a little better what BN_num_bits() and BN_num_bits_word() do.
Add a note as to how these functions do not always return the key size, and
how one can deal with that.
PR: 907
Richard Levitte [Mon, 28 Jun 2004 22:01:07 +0000 (22:01 +0000)]
Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>.
PR: 499
Richard Levitte [Mon, 28 Jun 2004 20:33:35 +0000 (20:33 +0000)]
Make sure the FIPS stuff is only really compiled when in FIPS mode.
Richard Levitte [Mon, 28 Jun 2004 16:32:14 +0000 (16:32 +0000)]
Make the tests of EVP operations without padding. As a consequence,
there's no need for a larger BUFSIZE any more...
PR: 904
Richard Levitte [Mon, 28 Jun 2004 12:23:40 +0000 (12:23 +0000)]
Make sure that the buffers are large enough to contain padding.
PR: 904
Richard Levitte [Mon, 28 Jun 2004 10:31:09 +0000 (10:31 +0000)]
Linux on ARM needs -ldl
PR: 905