Dr. Stephen Henson
0c7ceb3748
Docs fix.
2005-03-22 17:57:43 +00:00
Dr. Stephen Henson
e54e4bcf1f
PR: 931
2005-03-22 17:54:13 +00:00
Dr. Stephen Henson
fe8b77753c
Fix memory leak.
2005-03-22 17:29:36 +00:00
Dr. Stephen Henson
d5c2bc4bff
Oops...
2005-03-22 14:31:58 +00:00
Dr. Stephen Henson
61823b6a74
Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and
...
client random values.
2005-03-22 14:10:32 +00:00
Richard Levitte
ab0def8152
There are cases when there are no files left to verify. Make sure to
...
handle that properly.
2005-03-21 13:49:09 +00:00
Ulf Möller
6d2a7098d6
Cygwin randomness
2005-03-19 11:40:41 +00:00
Andy Polyakov
b43b9de9e4
Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this in
...
crypto/Makefile and make Makefile.org and fips/Makefile more discreet.
2005-03-15 09:46:14 +00:00
Andy Polyakov
6286bbecef
Fold rules in test/Makefile and provide hooks for updated FIPS build procedures.
2005-03-12 12:15:20 +00:00
Andy Polyakov
9d14506f29
Cygwin to use DSO_FLFCN and mingw to use DSO_WIN32 (required for FIPS).
2005-03-12 11:28:22 +00:00
Andy Polyakov
7ec40a480b
Add mingw shared support [backport from HEAD].
2005-03-12 09:33:14 +00:00
Andy Polyakov
aa0d4ed5fa
Move copying of .dll to apps/ and test/ to more appropriate place.
2005-03-12 09:28:18 +00:00
Andy Polyakov
2cf68c0b1a
Avoid re-build avalanches with HP-UX make.
2005-03-12 09:13:15 +00:00
Bodo Möller
97d49cdd6f
fix potential memory leak when allocation fails
...
PR: 801
Submitted by: Nils Larsch
2005-03-11 09:00:59 +00:00
Lutz Jänicke
126179aad0
Fix type on blowfish manual page
...
PR: 1010
Submitted by: Marc Balmer <mbalmer@openbsd.org>
2005-02-19 10:25:55 +00:00
Lutz Jänicke
e22e6bf0be
Fix hang in EGD/PRNGD query when communication socket is closed
...
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
2005-02-19 10:17:26 +00:00
Dr. Stephen Henson
2ecf923286
Avoid possible memory leak.
2005-02-14 21:54:29 +00:00
Andy Polyakov
b7fd453675
Make util/shlib_wrap.sh [Open]BSD-friendly. [from HEAD].
2005-02-06 13:16:42 +00:00
Andy Polyakov
086dd3032f
"Backport" http://cvs.openssl.org/chngview?cn=12841 from HEAD. For reference.
...
In HEAD this approach was taken one step further. There is linux-generic32
target which is used as unified Linux target for ARM, PA-RISC, SPARCv7, S390...
2005-02-06 13:09:51 +00:00
Dr. Stephen Henson
20e5177105
In FIPS mode use SHA1 as default digest in x509 and req
...
utilities.
2005-02-05 18:24:50 +00:00
Dr. Stephen Henson
bb987c73a9
In mkdef.pl ignore trailing whitespace in #ifdef lines
2005-02-05 17:19:23 +00:00
Andy Polyakov
515ac3debb
Final HP-UX specific touches to "cope with run-time linker on multi-ABI
...
platforms."
2005-02-03 11:09:20 +00:00
Andy Polyakov
43509de33d
Shut whiny make's up.
2005-02-03 10:19:36 +00:00
Andy Polyakov
dbaa6f91aa
Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms
...
and SafeDllSearchMode in Windows.
2005-02-01 23:45:42 +00:00
Dr. Stephen Henson
01b62dca25
Use SHA1 for test certificates so FIPS SSL/TLS tests work.
2005-01-31 01:46:02 +00:00
Dr. Stephen Henson
66d68327cb
Avoid memory leak.
2005-01-31 01:40:39 +00:00
Dr. Stephen Henson
ecc3d2734d
Only allow TLS is FIPS mode.
...
Remove old FIPS_allow_md5() calls.
2005-01-31 01:33:36 +00:00
Dr. Stephen Henson
11536fbac8
Update year.
2005-01-31 01:28:17 +00:00
Dr. Stephen Henson
7cfcca8ba3
Further FIPS algorithm blocking.
...
Fixes to cipher blocking and enabling code.
Add option -non-fips-allow to 'enc' and update testenc.
2005-01-28 14:03:54 +00:00
Richard Levitte
0cae19f5ef
The first argument to load_iv should really be a char ** instead of an
...
unsigned char **, since it points at text.
Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out
the inelegance of our code :-)
2005-01-27 11:42:25 +00:00
Dr. Stephen Henson
6be00c7e16
More FIPS algorithm blocking.
...
Catch attempted use of non FIPS algorithms with HMAC.
Give an assertion error for applications that ignore FIPS digest errors.
Make -non-fips-allow work with dgst and HMAC.
2005-01-27 01:49:42 +00:00
Richard Levitte
532d936be8
Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
...
cause a segfault... This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
2005-01-27 01:49:23 +00:00
Richard Levitte
d88edf1447
Get rid if the annoying warning
2005-01-27 01:47:27 +00:00
Dr. Stephen Henson
f60fc19a69
make update
2005-01-26 20:05:46 +00:00
Dr. Stephen Henson
d0edffc7da
FIPS algorithm blocking.
...
Non FIPS algorithms are not normally allowed in FIPS mode.
Any attempt to use them via high level functions will return an error.
The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.
There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.
For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().
For high level functions an override is performed by setting a flag in
the context.
2005-01-26 20:00:40 +00:00
Andy Polyakov
12dfa84310
Respect the fact that most interactive shells don't restore stty settings
...
and make it work in non-interactive mode...
2005-01-26 19:58:02 +00:00
Andy Polyakov
134d6a44ec
Don't zap AES CBC IV, when decrypting truncated content in place.
2005-01-18 00:24:55 +00:00
Dr. Stephen Henson
420eb6a306
PKCS7_verify() performance optimization. When the content is large and a
...
memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots
of slow memory copies from the memory BIO by saving the content in a
temporary read only memory BIO.
2005-01-14 17:53:16 +00:00
Andy Polyakov
e9ddd85965
INSTALL.DJGPP update.
...
PR: 989
2005-01-14 16:24:45 +00:00
Andy Polyakov
ea28f93c2d
Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX
...
environments.
2005-01-14 16:22:02 +00:00
Andy Polyakov
adeb20b6b7
O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.
...
PR: 998
2005-01-14 16:19:47 +00:00
Richard Levitte
086b64d0d3
make update
2005-01-14 00:16:31 +00:00
Richard Levitte
47c88d7413
Correct a faulty address assignment, and add a length check (not
...
really needed now, but may be needed in the future, who knows?).
2005-01-12 09:51:31 +00:00
Richard Levitte
630b9d70fb
Use EXIT() instead of exit().
2005-01-11 18:25:28 +00:00
Richard Levitte
c4929fb841
Clear signed vs. unsigned conflicts.
...
Change the fingerprint accordingly.
2005-01-11 16:54:35 +00:00
Richard Levitte
97c2c819b3
Remove VMS_strcasecmp() from apps.c, it's not used any more. And
...
besides, the implementation is bogus.
2005-01-11 06:53:30 +00:00
Andy Polyakov
954f3c3126
FAQ update to mention no-sha0 as possible workaround for Tru64 compiler bug.
2005-01-09 20:43:49 +00:00
Andy Polyakov
528584c595
DJGPP documentation note update.
2005-01-09 20:13:11 +00:00
Andy Polyakov
5cdf5e3308
Allow for ./config no-sha0.
...
PR: 993
2005-01-09 17:58:18 +00:00
Andy Polyakov
b58560b915
DJGPP update.
...
PR: 989
Submitted by: Doug Kaufman
2005-01-04 10:21:55 +00:00