oweals/openssl.git
19 years agomake update
Dr. Stephen Henson [Tue, 22 Mar 2005 18:15:56 +0000 (18:15 +0000)]
make update

19 years agoDocs fix.
Dr. Stephen Henson [Tue, 22 Mar 2005 17:57:43 +0000 (17:57 +0000)]
Docs fix.

19 years agoPR: 931
Dr. Stephen Henson [Tue, 22 Mar 2005 17:54:13 +0000 (17:54 +0000)]
PR: 931

19 years agoFix memory leak.
Dr. Stephen Henson [Tue, 22 Mar 2005 17:29:36 +0000 (17:29 +0000)]
Fix memory leak.

19 years agoOops...
Dr. Stephen Henson [Tue, 22 Mar 2005 14:31:58 +0000 (14:31 +0000)]
Oops...

19 years agoEnsure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and
Dr. Stephen Henson [Tue, 22 Mar 2005 14:10:32 +0000 (14:10 +0000)]
Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and
client random values.

19 years agoThere are cases when there are no files left to verify. Make sure to
Richard Levitte [Mon, 21 Mar 2005 13:49:09 +0000 (13:49 +0000)]
There are cases when there are no files left to verify.  Make sure to
handle that properly.

19 years agoCygwin randomness
Ulf Möller [Sat, 19 Mar 2005 11:40:41 +0000 (11:40 +0000)]
Cygwin randomness

19 years agoReal Bourne shell doesn't accept ! as in "if ! grep ..." Fix this in
Andy Polyakov [Tue, 15 Mar 2005 09:46:14 +0000 (09:46 +0000)]
Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this in
crypto/Makefile and make Makefile.org and fips/Makefile more discreet.

19 years agoFold rules in test/Makefile and provide hooks for updated FIPS build procedures.
Andy Polyakov [Sat, 12 Mar 2005 12:15:20 +0000 (12:15 +0000)]
Fold rules in test/Makefile and provide hooks for updated FIPS build procedures.

19 years agoCygwin to use DSO_FLFCN and mingw to use DSO_WIN32 (required for FIPS).
Andy Polyakov [Sat, 12 Mar 2005 11:28:22 +0000 (11:28 +0000)]
Cygwin to use DSO_FLFCN and mingw to use DSO_WIN32 (required for FIPS).

19 years agoAdd mingw shared support [backport from HEAD].
Andy Polyakov [Sat, 12 Mar 2005 09:33:14 +0000 (09:33 +0000)]
Add mingw shared support [backport from HEAD].

19 years agoMove copying of .dll to apps/ and test/ to more appropriate place.
Andy Polyakov [Sat, 12 Mar 2005 09:28:18 +0000 (09:28 +0000)]
Move copying of .dll to apps/ and test/ to more appropriate place.

19 years agoAvoid re-build avalanches with HP-UX make.
Andy Polyakov [Sat, 12 Mar 2005 09:13:15 +0000 (09:13 +0000)]
Avoid re-build avalanches with HP-UX make.

19 years agofix potential memory leak when allocation fails
Bodo Möller [Fri, 11 Mar 2005 09:00:59 +0000 (09:00 +0000)]
fix potential memory leak when allocation fails

PR: 801
Submitted by: Nils Larsch

19 years agoFix type on blowfish manual page
Lutz Jänicke [Sat, 19 Feb 2005 10:25:55 +0000 (10:25 +0000)]
Fix type on blowfish manual page
PR: 1010
Submitted by: Marc Balmer <mbalmer@openbsd.org>

19 years agoFix hang in EGD/PRNGD query when communication socket is closed
Lutz Jänicke [Sat, 19 Feb 2005 10:17:26 +0000 (10:17 +0000)]
Fix hang in EGD/PRNGD query when communication socket is closed
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>

19 years agoAvoid possible memory leak.
Dr. Stephen Henson [Mon, 14 Feb 2005 21:54:29 +0000 (21:54 +0000)]
Avoid possible memory leak.

19 years agoMake util/shlib_wrap.sh [Open]BSD-friendly. [from HEAD].
Andy Polyakov [Sun, 6 Feb 2005 13:16:42 +0000 (13:16 +0000)]
Make util/shlib_wrap.sh [Open]BSD-friendly. [from HEAD].

19 years ago"Backport" http://cvs.openssl.org/chngview?cn=12841 from HEAD. For reference.
Andy Polyakov [Sun, 6 Feb 2005 13:09:51 +0000 (13:09 +0000)]
"Backport" cvs.openssl.org/chngview?cn=12841 from HEAD. For reference.
In HEAD this approach was taken one step further. There is linux-generic32
target which is used as unified Linux target for ARM, PA-RISC, SPARCv7, S390...

19 years agoIn FIPS mode use SHA1 as default digest in x509 and req
Dr. Stephen Henson [Sat, 5 Feb 2005 18:24:50 +0000 (18:24 +0000)]
In FIPS mode use SHA1 as default digest in x509 and req
utilities.

19 years agoIn mkdef.pl ignore trailing whitespace in #ifdef lines
Dr. Stephen Henson [Sat, 5 Feb 2005 17:19:23 +0000 (17:19 +0000)]
In mkdef.pl ignore trailing whitespace in #ifdef lines

19 years agoFinal HP-UX specific touches to "cope with run-time linker on multi-ABI
Andy Polyakov [Thu, 3 Feb 2005 11:09:20 +0000 (11:09 +0000)]
Final HP-UX specific touches to "cope with run-time linker on multi-ABI
platforms."

19 years agoShut whiny make's up.
Andy Polyakov [Thu, 3 Feb 2005 10:19:36 +0000 (10:19 +0000)]
Shut whiny make's up.

19 years agoAddress run-time linker problems: LD_PRELOAD issue on multi-ABI platforms
Andy Polyakov [Tue, 1 Feb 2005 23:45:42 +0000 (23:45 +0000)]
Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms
and SafeDllSearchMode in Windows.

19 years agoUse SHA1 for test certificates so FIPS SSL/TLS tests work.
Dr. Stephen Henson [Mon, 31 Jan 2005 01:46:02 +0000 (01:46 +0000)]
Use SHA1 for test certificates so FIPS SSL/TLS tests work.

19 years agoAvoid memory leak.
Dr. Stephen Henson [Mon, 31 Jan 2005 01:40:39 +0000 (01:40 +0000)]
Avoid memory leak.

19 years agoOnly allow TLS is FIPS mode.
Dr. Stephen Henson [Mon, 31 Jan 2005 01:33:36 +0000 (01:33 +0000)]
Only allow TLS is FIPS mode.

Remove old FIPS_allow_md5() calls.

19 years agoUpdate year.
Dr. Stephen Henson [Mon, 31 Jan 2005 01:28:17 +0000 (01:28 +0000)]
Update year.

19 years agoFurther FIPS algorithm blocking.
Dr. Stephen Henson [Fri, 28 Jan 2005 14:03:54 +0000 (14:03 +0000)]
Further FIPS algorithm blocking.

Fixes to cipher blocking and enabling code.

Add option -non-fips-allow to 'enc' and update testenc.

19 years agoThe first argument to load_iv should really be a char ** instead of an
Richard Levitte [Thu, 27 Jan 2005 11:42:25 +0000 (11:42 +0000)]
The first argument to load_iv should really be a char ** instead of an
unsigned char **, since it points at text.

Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out
the inelegance of our code :-)

19 years agoMore FIPS algorithm blocking.
Dr. Stephen Henson [Thu, 27 Jan 2005 01:49:42 +0000 (01:49 +0000)]
More FIPS algorithm blocking.

Catch attempted use of non FIPS algorithms with HMAC.

Give an assertion error for applications that ignore FIPS digest errors.

Make -non-fips-allow work with dgst and HMAC.

19 years agoCheck for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
Richard Levitte [Thu, 27 Jan 2005 01:49:23 +0000 (01:49 +0000)]
Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
cause a segfault...  This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...

19 years agoGet rid if the annoying warning
Richard Levitte [Thu, 27 Jan 2005 01:47:27 +0000 (01:47 +0000)]
Get rid if the annoying warning

19 years agomake update
Dr. Stephen Henson [Wed, 26 Jan 2005 20:05:46 +0000 (20:05 +0000)]
make update

19 years agoFIPS algorithm blocking.
Dr. Stephen Henson [Wed, 26 Jan 2005 20:00:40 +0000 (20:00 +0000)]
FIPS algorithm blocking.

Non FIPS algorithms are not normally allowed in FIPS mode.

Any attempt to use them via high level functions will return an error.

The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.

There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.

For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().

For high level functions an override is performed by setting a flag in
the context.

19 years agoRespect the fact that most interactive shells don't restore stty settings
Andy Polyakov [Wed, 26 Jan 2005 19:58:02 +0000 (19:58 +0000)]
Respect the fact that most interactive shells don't restore stty settings
and make it work in non-interactive mode...

19 years agoDon't zap AES CBC IV, when decrypting truncated content in place.
Andy Polyakov [Tue, 18 Jan 2005 00:24:55 +0000 (00:24 +0000)]
Don't zap AES CBC IV, when decrypting truncated content in place.

19 years agoPKCS7_verify() performance optimization. When the content is large and a
Dr. Stephen Henson [Fri, 14 Jan 2005 17:53:16 +0000 (17:53 +0000)]
PKCS7_verify() performance optimization. When the content is large and a
memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots
of slow memory copies from the memory BIO by saving the content in a
temporary read only memory BIO.

19 years agoINSTALL.DJGPP update.
Andy Polyakov [Fri, 14 Jan 2005 16:24:45 +0000 (16:24 +0000)]
INSTALL.DJGPP update.
PR: 989

19 years agoRely on e_os.h to appropriately define str[n]casecmp in non-POSIX
Andy Polyakov [Fri, 14 Jan 2005 16:22:02 +0000 (16:22 +0000)]
Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX
environments.

19 years agoO_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.
Andy Polyakov [Fri, 14 Jan 2005 16:19:47 +0000 (16:19 +0000)]
O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.
PR: 998

19 years agomake update
Richard Levitte [Fri, 14 Jan 2005 00:16:31 +0000 (00:16 +0000)]
make update

19 years agoCorrect a faulty address assignment, and add a length check (not
Richard Levitte [Wed, 12 Jan 2005 09:51:31 +0000 (09:51 +0000)]
Correct a faulty address assignment, and add a length check (not
really needed now, but may be needed in the future, who knows?).

19 years agoUse EXIT() instead of exit().
Richard Levitte [Tue, 11 Jan 2005 18:25:28 +0000 (18:25 +0000)]
Use EXIT() instead of exit().

19 years agoClear signed vs. unsigned conflicts.
Richard Levitte [Tue, 11 Jan 2005 16:54:35 +0000 (16:54 +0000)]
Clear signed vs. unsigned conflicts.
Change the fingerprint accordingly.

19 years agoRemove VMS_strcasecmp() from apps.c, it's not used any more. And
Richard Levitte [Tue, 11 Jan 2005 06:53:30 +0000 (06:53 +0000)]
Remove VMS_strcasecmp() from apps.c, it's not used any more.  And
besides, the implementation is bogus.

19 years agoFAQ update to mention no-sha0 as possible workaround for Tru64 compiler bug.
Andy Polyakov [Sun, 9 Jan 2005 20:43:49 +0000 (20:43 +0000)]
FAQ update to mention no-sha0 as possible workaround for Tru64 compiler bug.

19 years agoDJGPP documentation note update.
Andy Polyakov [Sun, 9 Jan 2005 20:13:11 +0000 (20:13 +0000)]
DJGPP documentation note update.

19 years agoAllow for ./config no-sha0.
Andy Polyakov [Sun, 9 Jan 2005 17:58:18 +0000 (17:58 +0000)]
Allow for ./config no-sha0.
PR: 993

19 years agoDJGPP update.
Andy Polyakov [Tue, 4 Jan 2005 10:21:55 +0000 (10:21 +0000)]
DJGPP update.
PR: 989
Submitted by: Doug Kaufman

19 years agoRSA KAT.
Dr. Stephen Henson [Mon, 3 Jan 2005 17:46:45 +0000 (17:46 +0000)]
RSA KAT.

19 years agoBorrow #include <string[s].h> from e_os.h.
Andy Polyakov [Fri, 31 Dec 2004 00:01:23 +0000 (00:01 +0000)]
Borrow #include <string[s].h> from e_os.h.

19 years agoMake whiny compilers stop complaining about missing prototype.
Andy Polyakov [Thu, 30 Dec 2004 23:39:06 +0000 (23:39 +0000)]
Make whiny compilers stop complaining about missing prototype.

19 years agoAES CBC and CFB performance tune-up from HEAD.
Andy Polyakov [Thu, 30 Dec 2004 22:57:19 +0000 (22:57 +0000)]
AES CBC and CFB performance tune-up from HEAD.

19 years agoFix Win32 test-suit.
Andy Polyakov [Thu, 30 Dec 2004 22:53:57 +0000 (22:53 +0000)]
Fix Win32 test-suit.

19 years agoRemove naming conflict between variable and label.
Andy Polyakov [Thu, 30 Dec 2004 11:08:27 +0000 (11:08 +0000)]
Remove naming conflict between variable and label.

19 years agoPrompt for passphrases with PKCS12 input format.
Dr. Stephen Henson [Wed, 29 Dec 2004 01:05:35 +0000 (01:05 +0000)]
Prompt for passphrases with PKCS12 input format.

19 years agoCosmetic mingw update.
Andy Polyakov [Mon, 27 Dec 2004 23:48:33 +0000 (23:48 +0000)]
Cosmetic mingw update.
PR: 924

19 years agoMinor cygwin update.
Andy Polyakov [Mon, 27 Dec 2004 21:26:10 +0000 (21:26 +0000)]
Minor cygwin update.
PR: 949

19 years agoRemove CPU detect for IRIX targets. Performance gain is less than 1%, it
Andy Polyakov [Mon, 27 Dec 2004 14:55:19 +0000 (14:55 +0000)]
Remove CPU detect for IRIX targets. Performance gain is less than 1%, it
doesn't pay off...

19 years agoAs new major IRIX release is highly unlikely to appear [and break following],
Andy Polyakov [Mon, 27 Dec 2004 14:51:20 +0000 (14:51 +0000)]
As new major IRIX release is highly unlikely to appear [and break following],
I change from -notall to -none synonym in do_irix-shared to improve backward
compatibility with IRIX 5.x.
PR: 987

19 years agoSummarize recent backports in CHANGES. BEN_FIPS_TEST_7
Andy Polyakov [Mon, 20 Dec 2004 13:21:25 +0000 (13:21 +0000)]
Summarize recent backports in CHANGES.

19 years agoImproved PowerPC platform support.
Andy Polyakov [Mon, 20 Dec 2004 13:20:22 +0000 (13:20 +0000)]
Improved PowerPC platform support.

19 years agoWhen re-linking files, really relink them. In other words, emulate ln -f.
Andy Polyakov [Mon, 20 Dec 2004 13:18:56 +0000 (13:18 +0000)]
When re-linking files, really relink them. In other words, emulate ln -f.

19 years agoBackport of PPC BN module from HEAD.
Andy Polyakov [Mon, 20 Dec 2004 13:15:51 +0000 (13:15 +0000)]
Backport of PPC BN module from HEAD.

19 years agoBackport of http://cvs.openssl.org/chngview?cn=12323, as well as eliminate
Andy Polyakov [Mon, 20 Dec 2004 13:13:14 +0000 (13:13 +0000)]
Backport of cvs.openssl.org/chngview?cn=12323, as well as eliminate
message size limitations on 64-bit platforms.

19 years agoBackport of http://cvs.openssl.org/chngview?cn=12449, essentially
Andy Polyakov [Mon, 20 Dec 2004 13:10:27 +0000 (13:10 +0000)]
Backport of cvs.openssl.org/chngview?cn=12449, essentially
a bug-fix for Win64/ia64.

19 years agomake update
Richard Levitte [Mon, 13 Dec 2004 22:48:01 +0000 (22:48 +0000)]
make update

19 years agoRemove duplicate lines.
Dr. Stephen Henson [Sun, 12 Dec 2004 13:18:23 +0000 (13:18 +0000)]
Remove duplicate lines.

19 years agoAdapt FIPS sub-tree for mingw.
Andy Polyakov [Fri, 10 Dec 2004 16:30:34 +0000 (16:30 +0000)]
Adapt FIPS sub-tree for mingw.

19 years agoSolaris x86 assembler update.
Andy Polyakov [Fri, 10 Dec 2004 13:15:55 +0000 (13:15 +0000)]
Solaris x86 assembler update.

19 years agoRespect no-asm with fips option and disable FIPS DES assembler in
Andy Polyakov [Fri, 10 Dec 2004 11:37:25 +0000 (11:37 +0000)]
Respect no-asm with fips option and disable FIPS DES assembler in
shared context [because it's not PIC].

19 years agoolaris x86 perlasm update [from HEAD].
Andy Polyakov [Fri, 10 Dec 2004 11:27:09 +0000 (11:27 +0000)]
olaris x86 perlasm update [from HEAD].

19 years agoEliminate false dependency on 386 config option is FIPS context.
Andy Polyakov [Thu, 9 Dec 2004 22:43:29 +0000 (22:43 +0000)]
Eliminate false dependency on 386 config option is FIPS context.
At the same time limit assembler support to ELF platforms [that's
what is there, ELF modules].

19 years agoEngage SHA1 IA64 assembler on IA64 platforms [from HEAD].
Andy Polyakov [Thu, 9 Dec 2004 21:05:14 +0000 (21:05 +0000)]
Engage SHA1 IA64 assembler on IA64 platforms [from HEAD].

19 years agoSHA1 assember for IA64 [from HEAD].
Andy Polyakov [Thu, 9 Dec 2004 20:55:52 +0000 (20:55 +0000)]
SHA1 assember for IA64 [from HEAD].

19 years agoCygwin specific FIPS fix-ups.
Andy Polyakov [Thu, 9 Dec 2004 18:13:46 +0000 (18:13 +0000)]
Cygwin specific FIPS fix-ups.

19 years agoPostpone linking of shared libcrypto in FIPS build.
Andy Polyakov [Thu, 9 Dec 2004 18:03:23 +0000 (18:03 +0000)]
Postpone linking of shared libcrypto in FIPS build.

19 years agoEliminate dependency on UNICODE macro.
Andy Polyakov [Thu, 9 Dec 2004 18:00:26 +0000 (18:00 +0000)]
Eliminate dependency on UNICODE macro.

19 years agoAutomatically mark the CRL cached encoding as invalid when some operations
Dr. Stephen Henson [Thu, 9 Dec 2004 13:34:41 +0000 (13:34 +0000)]
Automatically mark the CRL cached encoding as invalid when some operations
are performed.

19 years agoThis commit was manufactured by cvs2svn to create branch
cvs2svn [Thu, 9 Dec 2004 11:57:39 +0000 (11:57 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.

19 years agoSHA1 assembler for IA-64.
Andy Polyakov [Thu, 9 Dec 2004 11:57:38 +0000 (11:57 +0000)]
SHA1 assembler for IA-64.

19 years agoExtend RC4 test.
Andy Polyakov [Tue, 7 Dec 2004 11:55:56 +0000 (11:55 +0000)]
Extend RC4 test.

19 years agoMore CA updates.
Dr. Stephen Henson [Sun, 5 Dec 2004 19:53:40 +0000 (19:53 +0000)]
More CA updates.

19 years agoUpdate 'certs' directory. Move expired certificates to expired directory
Dr. Stephen Henson [Sun, 5 Dec 2004 19:51:56 +0000 (19:51 +0000)]
Update 'certs' directory. Move expired certificates to expired directory
and zero assurance demontrations CAs to 'demo'.

19 years agoThis commit was manufactured by cvs2svn to create branch
cvs2svn [Sun, 5 Dec 2004 19:48:03 +0000 (19:48 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.

19 years agoUpdate 'certs' directory. Move expired certificates to expired directory
Dr. Stephen Henson [Sun, 5 Dec 2004 19:48:02 +0000 (19:48 +0000)]
Update 'certs' directory. Move expired certificates to expired directory
and zero assurance demontrations CAs to 'demo'.

19 years agoUse X509_cmp_time() in -checkend option, to support GeneralizedTime.
Dr. Stephen Henson [Sun, 5 Dec 2004 18:26:48 +0000 (18:26 +0000)]
Use X509_cmp_time() in -checkend option, to support GeneralizedTime.

19 years agoUse X509_cmp_time() in -checkend option, to support GeneralizedTime.
Dr. Stephen Henson [Sun, 5 Dec 2004 18:26:19 +0000 (18:26 +0000)]
Use X509_cmp_time() in -checkend option, to support GeneralizedTime.

19 years agoRemaing bits of PR:620 relevant to 0.9.8.
Dr. Stephen Henson [Sun, 5 Dec 2004 01:50:56 +0000 (01:50 +0000)]
Remaing bits of PR:620 relevant to 0.9.8.

19 years agoRemaining parts of PR:620
Dr. Stephen Henson [Sun, 5 Dec 2004 01:46:03 +0000 (01:46 +0000)]
Remaining parts of PR:620

19 years agoAdd lots of checks for memory allocation failure, error codes to indicate
Dr. Stephen Henson [Sun, 5 Dec 2004 01:04:44 +0000 (01:04 +0000)]
Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620

19 years agoAdd lots of checks for memory allocation failure, error codes to indicate
Dr. Stephen Henson [Sun, 5 Dec 2004 01:03:15 +0000 (01:03 +0000)]
Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620

19 years agoUpdate year.
Dr. Stephen Henson [Sun, 5 Dec 2004 00:52:18 +0000 (00:52 +0000)]
Update year.

19 years agoUpdate year.
Dr. Stephen Henson [Sun, 5 Dec 2004 00:51:41 +0000 (00:51 +0000)]
Update year.

19 years agoIn by_file.c check last error for no start line, not first error.
Dr. Stephen Henson [Sat, 4 Dec 2004 21:26:11 +0000 (21:26 +0000)]
In by_file.c check last error for no start line, not first error.

19 years agoIn by_file.c check last error for no start line, not first error.
Dr. Stephen Henson [Sat, 4 Dec 2004 21:25:51 +0000 (21:25 +0000)]
In by_file.c check last error for no start line, not first error.

19 years agoAdd -passin argument to dgst command.
Dr. Stephen Henson [Fri, 3 Dec 2004 12:29:17 +0000 (12:29 +0000)]
Add -passin argument to dgst command.

19 years agoAdd -passin argument to dgst command.
Dr. Stephen Henson [Fri, 3 Dec 2004 12:26:56 +0000 (12:26 +0000)]
Add -passin argument to dgst command.