Commit graph

308 commits

Author SHA1 Message Date
Dr. Stephen Henson
57bc7769b7 Encryption BIOs misbehave when used with non blocking I/O.
Two fixes:

1. If BIO_write() fails inside enc_write() it should return the
   total number of bytes successfully written.

2. If BIO_write() fails during BIO_flush() it should return immediately
   with the error code: previously it would fall through to the final
   encrypt, corrupting the buffer.
2003-02-27 14:08:44 +00:00
Ulf Möller
607ae30be8 replace symlink with copy, as in head 2003-02-22 22:59:01 +00:00
Richard Levitte
bd573ee31a The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That's
bad, so let's not check OPENSSL_NO_ENGINE in those places.  Fortunately, all
the header files where the problem existed include ossl_typ.h, which makes
a 'forward declaration' of the ENGINE type.
2003-01-30 18:52:52 +00:00
Richard Levitte
6d85cd36e2 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:37:49 +00:00
Dr. Stephen Henson
e98823d847 EVP_DecryptInit() should call EVP_CipherInit() not EVP_CipherInit_ex(). 2003-01-17 00:46:08 +00:00
Richard Levitte
0062e618f0 FreeBSD has /dev/crypto as well.
PR: 462
2003-01-16 18:29:34 +00:00
Richard Levitte
bed4559052 Some compilers are quite picky about non-void functions that don't return
anything.
2002-12-06 08:50:25 +00:00
Richard Levitte
d03ad453a5 EXIT() needs to be in a function that returns int. 2002-12-01 01:23:39 +00:00
Richard Levitte
c9ea7400b4 A few more memset()s converted to OPENSSL_cleanse().
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
2002-11-29 11:31:51 +00:00
Richard Levitte
9fa15b6ff8 Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
always give the expected result on some platforms.
2002-11-28 18:57:30 +00:00
Richard Levitte
75e3026a14 Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:09:03 +00:00
Bodo Möller
134fea9d0f avoid uninitialized memory read
Submitted by: Nils Larsch
2002-11-20 14:14:45 +00:00
Ben Laurie
9831d941ca Many security improvements (CHATS) and a warning fix. 2002-11-12 13:23:40 +00:00
Richard Levitte
ff90d659e6 Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:21:33 +00:00
Richard Levitte
fc0ab2eac2 The OpenBSD project has replaced the first implementation of the /dev/crypto
engine with something they claim is better.  I have nothing to compare to,
and I assume they know what they're talking about.  The interesting part with
this one is that it's loaded by default on OpenBSD systems.
This change was originally introduced in OpenBSD's tracking of OpenSSL.
2002-10-02 00:18:59 +00:00
Dr. Stephen Henson
ea050a6eb3 Fix block_size field for CFB and OFB modes: it should be 1. 2002-08-16 01:38:34 +00:00
Lutz Jänicke
3720ea24f0 "make update"
Submitted by:
Reviewed by:
PR:
2002-07-30 07:18:03 +00:00
Lutz Jänicke
7e8852c549 Reorder inclusion of header files:
des_old.h redefines crypt:
#define crypt(b,s)\
	DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
2002-07-10 06:57:54 +00:00
Richard Levitte
ca55c617e5 Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:44:52 +00:00
Richard Levitte
a1fbe27123 A number of includes were removed from evp.h some time ago. The reason
was that they weren't really needed any more for EVP itself.  However,
it seems like soma applications (I know about OpenSSH, but there may
be more) used evp.h as the 'load all' header file, which makes sense
since we try our best to promote the use of EVP instead of the lower
level crypto algorithms.  Therefore, I put the inclusions back so
the application authors don't get too shocked by all the errors they
would otherwise get.

Thanks to Theo de Raadt for making us aware of this.
2002-06-27 05:03:12 +00:00
Lutz Jänicke
9a82ef5255 OpenSSL_add_all_algorithms has been replaced by configuration dependent
functions and is redirected by macros. Switch it off now, possible removal
later.
Submitted by:
Reviewed by:
PR:
2002-06-16 10:16:42 +00:00
Lutz Jänicke
4673461789 Some more prototype fixes.
Use DECLARE macros in asn1* instead of direct declaration.
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by:
PR: 89
2002-06-14 18:59:53 +00:00
Richard Levitte
3c204aaf50 use sstrsep() to get the proper type to aoti().
Remove unneeded cast in ustrsep().
PR: 69
2002-06-03 15:27:52 +00:00
Ben Laurie
3e975124f3 Fix a warning. 2002-05-31 14:34:15 +00:00
Richard Levitte
b3e2acac4e Add the AES test vectors from NIST document SP800-38A. 2002-05-31 13:13:51 +00:00
Richard Levitte
403fa0dc53 Make it possible to give vectors only for decryption or encryption. 2002-05-31 13:12:54 +00:00
Richard Levitte
f918c330a9 For CFB and OFB modes, always create the encryption key. 2002-05-31 13:11:48 +00:00
Richard Levitte
7f52f77efe Declare the CFB and OFB modes for AES, and prepare for a declaration
of CTR mode.
2002-05-31 13:10:24 +00:00
Richard Levitte
c4ac954c59 Check the return values where memory allocation failures may happen.
PR: 49
2002-05-30 16:50:38 +00:00
Bodo Möller
855f0b4f2f fix EVP_dsa_sha macro
Submitted by: Nils Larsch
2002-05-16 12:53:34 +00:00
Dr. Stephen Henson
bb3a69f801 Zero cipher_data in EVP_CIPHER_CTX_cleanup
Add cleanup calls to evp_test.c
2002-05-15 17:52:19 +00:00
Dr. Stephen Henson
d0e3726ca4 EVP_SealFinal should return a value. 2002-05-11 17:33:01 +00:00
Lutz Jänicke
a7be294ed7 Fix CRLF problem in BASE64 decode.
Submitted by:
Reviewed by:
PR:
2002-04-15 09:53:47 +00:00
Dr. Stephen Henson
59a941e4a4 Ensure EVP_CipherInit() uses the correct encode/decode parameter if
enc == -1

[Reported by Markus Friedl <markus@openbsd.org>]

Fix typo in dh_lib.c (use of DSAerr instead of DHerr).
2002-03-16 23:19:25 +00:00
Dr. Stephen Henson
b74dfe6e8e Initialize cipher context in KRB5
("D. Russell" <russelld@aol.net>)

Allow HMAC functions to use an alternative ENGINE.
2002-03-14 18:16:49 +00:00
Bodo Möller
d80f6e0f8c Fixes for 'no-hw' combined with 'no-SOME_CIPHER'.
Fix dsaparam usage output.

Submitted by: Nils Larsch (for 0.9.8-dev; backported to 0.9.7-dev)
2002-03-14 09:53:30 +00:00
Dr. Stephen Henson
c77bd28775 Make ciphers and digests obtain an ENGINE functional reference
if impl is explicitly supplied.
2002-03-09 18:56:38 +00:00
Richard Levitte
1ec1d17e16 VMS addaptation, including a few more long names that needed hacking. 2002-02-28 13:18:47 +00:00
Richard Levitte
421d474332 Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:44:05 +00:00
Richard Levitte
3d59821134 make update 2002-02-26 14:37:25 +00:00
Dr. Stephen Henson
344b3b5ce1 OPENSSL_LOAD_CONF define as in main trunk 2002-02-23 02:09:29 +00:00
cvs2svn
63dc69fef6 This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2002-02-23 01:00:45 +00:00
Dr. Stephen Henson
e84be9b495 New OPENSSL_LOAD_CONF define to load openssl.cnf
when OpenSSL_add_all_algorithms() is called.
2002-02-23 01:00:44 +00:00
Richard Levitte
b0701709c1 Add comfy aliases for AES in CBC mode. 2002-02-20 18:00:23 +00:00
Richard Levitte
5b7848a345 Add comfy aliases for AES in CBC mode. 2002-02-20 17:59:49 +00:00
Richard Levitte
a76a29f233 Merge in recent changes from the main trunk. 2002-02-20 17:53:17 +00:00
Richard Levitte
236be53269 gcc figures that the format specifier %2x means unsigned int, so let's
make n unsigned.
2002-02-20 13:50:36 +00:00
Richard Levitte
3d7ba69a05 The AES modes OFB and CFB are defined with 128 feedback bits. This
deviates from the "standard" 64 bits of feedback that all other
algorithms are using.  Therefore, let's redo certain EVP macros to
accept different amounts of feedback bits for these modes.

Also, change e_aes.c to provide all usually available modes for AES.
CTR isn't included yet.
2002-02-16 12:39:58 +00:00
Richard Levitte
a6cd870784 The AES modes OFB and CFB are defined with 128 feedback bits. This
deviates from the "standard" 64 bits of feedback that all other
algorithms are using.  Therefore, let's redo certain EVP macros to
accept different amounts of feedback bits for these modes.

Also, change e_aes.c to provide all usually available modes for AES.
CTR isn't included yet.
2002-02-16 12:39:07 +00:00
Dr. Stephen Henson
19cc0f0ab4 Only initialize cipher ctx if cipher is not NULL. 2002-02-15 01:01:36 +00:00