Commit graph

335 commits

Author SHA1 Message Date
Richard Levitte
bac2e26a9e Reimplement old functions, so older software that link to libcrypto
don't crash and burn.
2004-05-14 17:55:59 +00:00
Ben Laurie
3642f632d3 Pull FIPS back into stable. 2004-05-11 12:46:24 +00:00
Dr. Stephen Henson
31edde3edc Add flag to avoid continuous
memory allocate when calling EVP_MD_CTX_copy_ex().

Without this HMAC is several times slower than
< 0.9.7.
2004-02-01 13:37:56 +00:00
Richard Levitte
5922128732 0.9.7-stable is in freeze. That means we do bug fixes only, not new
functionality.  Therefore, I'm backing out most of the "CFB DES
sync-up with FIPS branch" commit (I'm keeping the corrections of
DES_cfb_encrypt()).
2004-01-28 23:31:20 +00:00
Andy Polyakov
4668056fc9 CFB DES sync-up with FIPS branch. 2004-01-27 21:46:19 +00:00
Richard Levitte
90dd4d34bb Correct documentation typos.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 15:05:26 +00:00
Richard Levitte
cc056d6395 Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 15:00:24 +00:00
Richard Levitte
394178c94c Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:57 +00:00
Richard Levitte
b0ea8b160c It was pointed out to me that if the requested size is 0, we shouldn't
ty to allocate anything at all.  This will allow eNULL to still work.

PR: 751
Notified by: Lutz Jaenicke
2003-12-01 13:25:39 +00:00
Richard Levitte
bb569f97b9 Check that OPENSSL_malloc() really returned some memory.
PR: 751
Notified by: meder@mcs.anl.gov
Reviewed by: Lutz Jaenicke, Richard Levitte
2003-12-01 12:11:57 +00:00
Richard Levitte
05a1f76093 make update 2003-08-11 09:53:24 +00:00
Richard Levitte
4ed9388e5d A new branch for FIPS-related changes has been created with the name
OpenSSL-fips-0_9_7-stable.

Since the 0.9.7-stable branch is supposed to be in freeze and should
only contain bug corrections, this change removes the FIPS changes
from that branch.
2003-08-11 09:37:17 +00:00
Richard Levitte
98c1a4900c Inclusion of openssl/engine.h should always be wrapped with a check that
OPENSSL_NO_ENGINE is not defined.
2003-08-04 10:12:38 +00:00
Dr. Stephen Henson
6b063f32d9 Make the EFB NIDs have empty OIDs aliased to the real EFB OID. 2003-08-01 17:06:48 +00:00
Ben Laurie
afab06d3f5 DES CFB8 test. 2003-08-01 10:31:25 +00:00
Ben Laurie
8fb97c9acd Fix DES CFB-r. 2003-08-01 10:25:58 +00:00
Ben Laurie
c5f070d5d5 Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8. 2003-07-30 18:30:18 +00:00
Ben Laurie
f3b2ea53e2 AES CFB8. 2003-07-29 17:05:16 +00:00
Ben Laurie
c473d53898 The rest of the keysizes for CFB1, working AES AVS test for CFB1. 2003-07-29 13:24:27 +00:00
Ben Laurie
e8f8249319 Working CFB1 and test vectors. 2003-07-29 10:56:56 +00:00
Ben Laurie
e2ced802b4 Add support for partial CFB modes, make tests work, update dependencies. 2003-07-28 15:08:00 +00:00
Ben Laurie
75622f1ece Unfinished FIPS stuff for review/improvement. 2003-07-27 17:00:51 +00:00
Dr. Stephen Henson
16c9148220 Move the base64 BIO fixes to 0.9.7-stable 2003-06-03 00:11:37 +00:00
Richard Levitte
f78ae9c0f2 make update. 2003-04-10 20:10:22 +00:00
Richard Levitte
27310553b1 We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form
of unneeded includes of openssl/engine.h.
2003-04-08 06:00:17 +00:00
Richard Levitte
86ccb91ddb Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined.
PR: 564
2003-04-05 21:21:29 +00:00
Dr. Stephen Henson
b35ca7b257 Fixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE. 2003-03-12 02:31:12 +00:00
Dr. Stephen Henson
57bc7769b7 Encryption BIOs misbehave when used with non blocking I/O.
Two fixes:

1. If BIO_write() fails inside enc_write() it should return the
   total number of bytes successfully written.

2. If BIO_write() fails during BIO_flush() it should return immediately
   with the error code: previously it would fall through to the final
   encrypt, corrupting the buffer.
2003-02-27 14:08:44 +00:00
Ulf Möller
607ae30be8 replace symlink with copy, as in head 2003-02-22 22:59:01 +00:00
Richard Levitte
bd573ee31a The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That's
bad, so let's not check OPENSSL_NO_ENGINE in those places.  Fortunately, all
the header files where the problem existed include ossl_typ.h, which makes
a 'forward declaration' of the ENGINE type.
2003-01-30 18:52:52 +00:00
Richard Levitte
6d85cd36e2 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:37:49 +00:00
Dr. Stephen Henson
e98823d847 EVP_DecryptInit() should call EVP_CipherInit() not EVP_CipherInit_ex(). 2003-01-17 00:46:08 +00:00
Richard Levitte
0062e618f0 FreeBSD has /dev/crypto as well.
PR: 462
2003-01-16 18:29:34 +00:00
Richard Levitte
bed4559052 Some compilers are quite picky about non-void functions that don't return
anything.
2002-12-06 08:50:25 +00:00
Richard Levitte
d03ad453a5 EXIT() needs to be in a function that returns int. 2002-12-01 01:23:39 +00:00
Richard Levitte
c9ea7400b4 A few more memset()s converted to OPENSSL_cleanse().
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
2002-11-29 11:31:51 +00:00
Richard Levitte
9fa15b6ff8 Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
always give the expected result on some platforms.
2002-11-28 18:57:30 +00:00
Richard Levitte
75e3026a14 Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:09:03 +00:00
Bodo Möller
134fea9d0f avoid uninitialized memory read
Submitted by: Nils Larsch
2002-11-20 14:14:45 +00:00
Ben Laurie
9831d941ca Many security improvements (CHATS) and a warning fix. 2002-11-12 13:23:40 +00:00
Richard Levitte
ff90d659e6 Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:21:33 +00:00
Richard Levitte
fc0ab2eac2 The OpenBSD project has replaced the first implementation of the /dev/crypto
engine with something they claim is better.  I have nothing to compare to,
and I assume they know what they're talking about.  The interesting part with
this one is that it's loaded by default on OpenBSD systems.
This change was originally introduced in OpenBSD's tracking of OpenSSL.
2002-10-02 00:18:59 +00:00
Dr. Stephen Henson
ea050a6eb3 Fix block_size field for CFB and OFB modes: it should be 1. 2002-08-16 01:38:34 +00:00
Lutz Jänicke
3720ea24f0 "make update"
Submitted by:
Reviewed by:
PR:
2002-07-30 07:18:03 +00:00
Lutz Jänicke
7e8852c549 Reorder inclusion of header files:
des_old.h redefines crypt:
#define crypt(b,s)\
	DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
2002-07-10 06:57:54 +00:00
Richard Levitte
ca55c617e5 Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:44:52 +00:00
Richard Levitte
a1fbe27123 A number of includes were removed from evp.h some time ago. The reason
was that they weren't really needed any more for EVP itself.  However,
it seems like soma applications (I know about OpenSSH, but there may
be more) used evp.h as the 'load all' header file, which makes sense
since we try our best to promote the use of EVP instead of the lower
level crypto algorithms.  Therefore, I put the inclusions back so
the application authors don't get too shocked by all the errors they
would otherwise get.

Thanks to Theo de Raadt for making us aware of this.
2002-06-27 05:03:12 +00:00
Lutz Jänicke
9a82ef5255 OpenSSL_add_all_algorithms has been replaced by configuration dependent
functions and is redirected by macros. Switch it off now, possible removal
later.
Submitted by:
Reviewed by:
PR:
2002-06-16 10:16:42 +00:00
Lutz Jänicke
4673461789 Some more prototype fixes.
Use DECLARE macros in asn1* instead of direct declaration.
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by:
PR: 89
2002-06-14 18:59:53 +00:00
Richard Levitte
3c204aaf50 use sstrsep() to get the proper type to aoti().
Remove unneeded cast in ustrsep().
PR: 69
2002-06-03 15:27:52 +00:00