Dr. Stephen Henson [Tue, 22 Mar 2005 18:15:56 +0000 (18:15 +0000)]
make update
Dr. Stephen Henson [Tue, 22 Mar 2005 17:57:43 +0000 (17:57 +0000)]
Docs fix.
Dr. Stephen Henson [Tue, 22 Mar 2005 17:54:13 +0000 (17:54 +0000)]
PR: 931
Dr. Stephen Henson [Tue, 22 Mar 2005 17:29:36 +0000 (17:29 +0000)]
Fix memory leak.
Dr. Stephen Henson [Tue, 22 Mar 2005 14:31:58 +0000 (14:31 +0000)]
Oops...
Dr. Stephen Henson [Tue, 22 Mar 2005 14:10:32 +0000 (14:10 +0000)]
Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and
client random values.
Richard Levitte [Mon, 21 Mar 2005 13:49:09 +0000 (13:49 +0000)]
There are cases when there are no files left to verify. Make sure to
handle that properly.
Ulf Möller [Sat, 19 Mar 2005 11:40:41 +0000 (11:40 +0000)]
Cygwin randomness
Andy Polyakov [Tue, 15 Mar 2005 09:46:14 +0000 (09:46 +0000)]
Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this in
crypto/Makefile and make Makefile.org and fips/Makefile more discreet.
Andy Polyakov [Sat, 12 Mar 2005 12:15:20 +0000 (12:15 +0000)]
Fold rules in test/Makefile and provide hooks for updated FIPS build procedures.
Andy Polyakov [Sat, 12 Mar 2005 11:28:22 +0000 (11:28 +0000)]
Cygwin to use DSO_FLFCN and mingw to use DSO_WIN32 (required for FIPS).
Andy Polyakov [Sat, 12 Mar 2005 09:33:14 +0000 (09:33 +0000)]
Add mingw shared support [backport from HEAD].
Andy Polyakov [Sat, 12 Mar 2005 09:28:18 +0000 (09:28 +0000)]
Move copying of .dll to apps/ and test/ to more appropriate place.
Andy Polyakov [Sat, 12 Mar 2005 09:13:15 +0000 (09:13 +0000)]
Avoid re-build avalanches with HP-UX make.
Bodo Möller [Fri, 11 Mar 2005 09:00:59 +0000 (09:00 +0000)]
fix potential memory leak when allocation fails
PR: 801
Submitted by: Nils Larsch
Lutz Jänicke [Sat, 19 Feb 2005 10:25:55 +0000 (10:25 +0000)]
Fix type on blowfish manual page
PR: 1010
Submitted by: Marc Balmer <mbalmer@openbsd.org>
Lutz Jänicke [Sat, 19 Feb 2005 10:17:26 +0000 (10:17 +0000)]
Fix hang in EGD/PRNGD query when communication socket is closed
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
Dr. Stephen Henson [Mon, 14 Feb 2005 21:54:29 +0000 (21:54 +0000)]
Avoid possible memory leak.
Andy Polyakov [Sun, 6 Feb 2005 13:16:42 +0000 (13:16 +0000)]
Make util/shlib_wrap.sh [Open]BSD-friendly. [from HEAD].
Andy Polyakov [Sun, 6 Feb 2005 13:09:51 +0000 (13:09 +0000)]
"Backport" cvs.openssl.org/chngview?cn=12841 from HEAD. For reference.
In HEAD this approach was taken one step further. There is linux-generic32
target which is used as unified Linux target for ARM, PA-RISC, SPARCv7, S390...
Dr. Stephen Henson [Sat, 5 Feb 2005 18:24:50 +0000 (18:24 +0000)]
In FIPS mode use SHA1 as default digest in x509 and req
utilities.
Dr. Stephen Henson [Sat, 5 Feb 2005 17:19:23 +0000 (17:19 +0000)]
In mkdef.pl ignore trailing whitespace in #ifdef lines
Andy Polyakov [Thu, 3 Feb 2005 11:09:20 +0000 (11:09 +0000)]
Final HP-UX specific touches to "cope with run-time linker on multi-ABI
platforms."
Andy Polyakov [Thu, 3 Feb 2005 10:19:36 +0000 (10:19 +0000)]
Shut whiny make's up.
Andy Polyakov [Tue, 1 Feb 2005 23:45:42 +0000 (23:45 +0000)]
Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms
and SafeDllSearchMode in Windows.
Dr. Stephen Henson [Mon, 31 Jan 2005 01:46:02 +0000 (01:46 +0000)]
Use SHA1 for test certificates so FIPS SSL/TLS tests work.
Dr. Stephen Henson [Mon, 31 Jan 2005 01:40:39 +0000 (01:40 +0000)]
Avoid memory leak.
Dr. Stephen Henson [Mon, 31 Jan 2005 01:33:36 +0000 (01:33 +0000)]
Only allow TLS is FIPS mode.
Remove old FIPS_allow_md5() calls.
Dr. Stephen Henson [Mon, 31 Jan 2005 01:28:17 +0000 (01:28 +0000)]
Update year.
Dr. Stephen Henson [Fri, 28 Jan 2005 14:03:54 +0000 (14:03 +0000)]
Further FIPS algorithm blocking.
Fixes to cipher blocking and enabling code.
Add option -non-fips-allow to 'enc' and update testenc.
Richard Levitte [Thu, 27 Jan 2005 11:42:25 +0000 (11:42 +0000)]
The first argument to load_iv should really be a char ** instead of an
unsigned char **, since it points at text.
Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out
the inelegance of our code :-)
Dr. Stephen Henson [Thu, 27 Jan 2005 01:49:42 +0000 (01:49 +0000)]
More FIPS algorithm blocking.
Catch attempted use of non FIPS algorithms with HMAC.
Give an assertion error for applications that ignore FIPS digest errors.
Make -non-fips-allow work with dgst and HMAC.
Richard Levitte [Thu, 27 Jan 2005 01:49:23 +0000 (01:49 +0000)]
Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
cause a segfault... This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
Richard Levitte [Thu, 27 Jan 2005 01:47:27 +0000 (01:47 +0000)]
Get rid if the annoying warning
Dr. Stephen Henson [Wed, 26 Jan 2005 20:05:46 +0000 (20:05 +0000)]
make update
Dr. Stephen Henson [Wed, 26 Jan 2005 20:00:40 +0000 (20:00 +0000)]
FIPS algorithm blocking.
Non FIPS algorithms are not normally allowed in FIPS mode.
Any attempt to use them via high level functions will return an error.
The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.
There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.
For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().
For high level functions an override is performed by setting a flag in
the context.
Andy Polyakov [Wed, 26 Jan 2005 19:58:02 +0000 (19:58 +0000)]
Respect the fact that most interactive shells don't restore stty settings
and make it work in non-interactive mode...
Andy Polyakov [Tue, 18 Jan 2005 00:24:55 +0000 (00:24 +0000)]
Don't zap AES CBC IV, when decrypting truncated content in place.
Dr. Stephen Henson [Fri, 14 Jan 2005 17:53:16 +0000 (17:53 +0000)]
PKCS7_verify() performance optimization. When the content is large and a
memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots
of slow memory copies from the memory BIO by saving the content in a
temporary read only memory BIO.
Andy Polyakov [Fri, 14 Jan 2005 16:24:45 +0000 (16:24 +0000)]
INSTALL.DJGPP update.
PR: 989
Andy Polyakov [Fri, 14 Jan 2005 16:22:02 +0000 (16:22 +0000)]
Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX
environments.
Andy Polyakov [Fri, 14 Jan 2005 16:19:47 +0000 (16:19 +0000)]
O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.
PR: 998
Richard Levitte [Fri, 14 Jan 2005 00:16:31 +0000 (00:16 +0000)]
make update
Richard Levitte [Wed, 12 Jan 2005 09:51:31 +0000 (09:51 +0000)]
Correct a faulty address assignment, and add a length check (not
really needed now, but may be needed in the future, who knows?).
Richard Levitte [Tue, 11 Jan 2005 18:25:28 +0000 (18:25 +0000)]
Use EXIT() instead of exit().
Richard Levitte [Tue, 11 Jan 2005 16:54:35 +0000 (16:54 +0000)]
Clear signed vs. unsigned conflicts.
Change the fingerprint accordingly.
Richard Levitte [Tue, 11 Jan 2005 06:53:30 +0000 (06:53 +0000)]
Remove VMS_strcasecmp() from apps.c, it's not used any more. And
besides, the implementation is bogus.
Andy Polyakov [Sun, 9 Jan 2005 20:43:49 +0000 (20:43 +0000)]
FAQ update to mention no-sha0 as possible workaround for Tru64 compiler bug.
Andy Polyakov [Sun, 9 Jan 2005 20:13:11 +0000 (20:13 +0000)]
DJGPP documentation note update.
Andy Polyakov [Sun, 9 Jan 2005 17:58:18 +0000 (17:58 +0000)]
Allow for ./config no-sha0.
PR: 993
Andy Polyakov [Tue, 4 Jan 2005 10:21:55 +0000 (10:21 +0000)]
DJGPP update.
PR: 989
Submitted by: Doug Kaufman
Dr. Stephen Henson [Mon, 3 Jan 2005 17:46:45 +0000 (17:46 +0000)]
RSA KAT.
Andy Polyakov [Fri, 31 Dec 2004 00:01:23 +0000 (00:01 +0000)]
Borrow #include <string[s].h> from e_os.h.
Andy Polyakov [Thu, 30 Dec 2004 23:39:06 +0000 (23:39 +0000)]
Make whiny compilers stop complaining about missing prototype.
Andy Polyakov [Thu, 30 Dec 2004 22:57:19 +0000 (22:57 +0000)]
AES CBC and CFB performance tune-up from HEAD.
Andy Polyakov [Thu, 30 Dec 2004 22:53:57 +0000 (22:53 +0000)]
Fix Win32 test-suit.
Andy Polyakov [Thu, 30 Dec 2004 11:08:27 +0000 (11:08 +0000)]
Remove naming conflict between variable and label.
Dr. Stephen Henson [Wed, 29 Dec 2004 01:05:35 +0000 (01:05 +0000)]
Prompt for passphrases with PKCS12 input format.
Andy Polyakov [Mon, 27 Dec 2004 23:48:33 +0000 (23:48 +0000)]
Cosmetic mingw update.
PR: 924
Andy Polyakov [Mon, 27 Dec 2004 21:26:10 +0000 (21:26 +0000)]
Minor cygwin update.
PR: 949
Andy Polyakov [Mon, 27 Dec 2004 14:55:19 +0000 (14:55 +0000)]
Remove CPU detect for IRIX targets. Performance gain is less than 1%, it
doesn't pay off...
Andy Polyakov [Mon, 27 Dec 2004 14:51:20 +0000 (14:51 +0000)]
As new major IRIX release is highly unlikely to appear [and break following],
I change from -notall to -none synonym in do_irix-shared to improve backward
compatibility with IRIX 5.x.
PR: 987
Andy Polyakov [Mon, 20 Dec 2004 13:21:25 +0000 (13:21 +0000)]
Summarize recent backports in CHANGES.
Andy Polyakov [Mon, 20 Dec 2004 13:20:22 +0000 (13:20 +0000)]
Improved PowerPC platform support.
Andy Polyakov [Mon, 20 Dec 2004 13:18:56 +0000 (13:18 +0000)]
When re-linking files, really relink them. In other words, emulate ln -f.
Andy Polyakov [Mon, 20 Dec 2004 13:15:51 +0000 (13:15 +0000)]
Backport of PPC BN module from HEAD.
Andy Polyakov [Mon, 20 Dec 2004 13:13:14 +0000 (13:13 +0000)]
Backport of cvs.openssl.org/chngview?cn=12323, as well as eliminate
message size limitations on 64-bit platforms.
Andy Polyakov [Mon, 20 Dec 2004 13:10:27 +0000 (13:10 +0000)]
Backport of cvs.openssl.org/chngview?cn=12449, essentially
a bug-fix for Win64/ia64.
Richard Levitte [Mon, 13 Dec 2004 22:48:01 +0000 (22:48 +0000)]
make update
Dr. Stephen Henson [Sun, 12 Dec 2004 13:18:23 +0000 (13:18 +0000)]
Remove duplicate lines.
Andy Polyakov [Fri, 10 Dec 2004 16:30:34 +0000 (16:30 +0000)]
Adapt FIPS sub-tree for mingw.
Andy Polyakov [Fri, 10 Dec 2004 13:15:55 +0000 (13:15 +0000)]
Solaris x86 assembler update.
Andy Polyakov [Fri, 10 Dec 2004 11:37:25 +0000 (11:37 +0000)]
Respect no-asm with fips option and disable FIPS DES assembler in
shared context [because it's not PIC].
Andy Polyakov [Fri, 10 Dec 2004 11:27:09 +0000 (11:27 +0000)]
olaris x86 perlasm update [from HEAD].
Andy Polyakov [Thu, 9 Dec 2004 22:43:29 +0000 (22:43 +0000)]
Eliminate false dependency on 386 config option is FIPS context.
At the same time limit assembler support to ELF platforms [that's
what is there, ELF modules].
Andy Polyakov [Thu, 9 Dec 2004 21:05:14 +0000 (21:05 +0000)]
Engage SHA1 IA64 assembler on IA64 platforms [from HEAD].
Andy Polyakov [Thu, 9 Dec 2004 20:55:52 +0000 (20:55 +0000)]
SHA1 assember for IA64 [from HEAD].
Andy Polyakov [Thu, 9 Dec 2004 18:13:46 +0000 (18:13 +0000)]
Cygwin specific FIPS fix-ups.
Andy Polyakov [Thu, 9 Dec 2004 18:03:23 +0000 (18:03 +0000)]
Postpone linking of shared libcrypto in FIPS build.
Andy Polyakov [Thu, 9 Dec 2004 18:00:26 +0000 (18:00 +0000)]
Eliminate dependency on UNICODE macro.
Dr. Stephen Henson [Thu, 9 Dec 2004 13:34:41 +0000 (13:34 +0000)]
Automatically mark the CRL cached encoding as invalid when some operations
are performed.
cvs2svn [Thu, 9 Dec 2004 11:57:39 +0000 (11:57 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
Andy Polyakov [Thu, 9 Dec 2004 11:57:38 +0000 (11:57 +0000)]
SHA1 assembler for IA-64.
Andy Polyakov [Tue, 7 Dec 2004 11:55:56 +0000 (11:55 +0000)]
Extend RC4 test.
Dr. Stephen Henson [Sun, 5 Dec 2004 19:53:40 +0000 (19:53 +0000)]
More CA updates.
Dr. Stephen Henson [Sun, 5 Dec 2004 19:51:56 +0000 (19:51 +0000)]
Update 'certs' directory. Move expired certificates to expired directory
and zero assurance demontrations CAs to 'demo'.
cvs2svn [Sun, 5 Dec 2004 19:48:03 +0000 (19:48 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
Dr. Stephen Henson [Sun, 5 Dec 2004 19:48:02 +0000 (19:48 +0000)]
Update 'certs' directory. Move expired certificates to expired directory
and zero assurance demontrations CAs to 'demo'.
Dr. Stephen Henson [Sun, 5 Dec 2004 18:26:48 +0000 (18:26 +0000)]
Use X509_cmp_time() in -checkend option, to support GeneralizedTime.
Dr. Stephen Henson [Sun, 5 Dec 2004 18:26:19 +0000 (18:26 +0000)]
Use X509_cmp_time() in -checkend option, to support GeneralizedTime.
Dr. Stephen Henson [Sun, 5 Dec 2004 01:50:56 +0000 (01:50 +0000)]
Remaing bits of PR:620 relevant to 0.9.8.
Dr. Stephen Henson [Sun, 5 Dec 2004 01:46:03 +0000 (01:46 +0000)]
Remaining parts of PR:620
Dr. Stephen Henson [Sun, 5 Dec 2004 01:04:44 +0000 (01:04 +0000)]
Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.
PR:620
Dr. Stephen Henson [Sun, 5 Dec 2004 01:03:15 +0000 (01:03 +0000)]
Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.
PR:620
Dr. Stephen Henson [Sun, 5 Dec 2004 00:52:18 +0000 (00:52 +0000)]
Update year.
Dr. Stephen Henson [Sun, 5 Dec 2004 00:51:41 +0000 (00:51 +0000)]
Update year.
Dr. Stephen Henson [Sat, 4 Dec 2004 21:26:11 +0000 (21:26 +0000)]
In by_file.c check last error for no start line, not first error.
Dr. Stephen Henson [Sat, 4 Dec 2004 21:25:51 +0000 (21:25 +0000)]
In by_file.c check last error for no start line, not first error.
Dr. Stephen Henson [Fri, 3 Dec 2004 12:29:17 +0000 (12:29 +0000)]
Add -passin argument to dgst command.
Dr. Stephen Henson [Fri, 3 Dec 2004 12:26:56 +0000 (12:26 +0000)]
Add -passin argument to dgst command.