Commit graph

49 commits

Author SHA1 Message Date
Dr. Stephen Henson
7cfcca8ba3 Further FIPS algorithm blocking.
Fixes to cipher blocking and enabling code.

Add option -non-fips-allow to 'enc' and update testenc.
2005-01-28 14:03:54 +00:00
Richard Levitte
07bf82a71d Typo corretced. 2004-05-17 04:47:26 +00:00
Richard Levitte
43d6233a22 Rewrite the usage to avoid confusion. 2004-05-17 04:40:49 +00:00
Richard Levitte
736ce650c6 Make it possible for the user to choose the digest used to create the
key.
2004-05-17 04:39:00 +00:00
Richard Levitte
a8bb3d0e15 When in FIPS mode, use SHA1 to digest the key, rather than MD5, as MD5
isn't a FIPS-approved algorithm.

Note: this means the user needs to keep track of this, and we need to
add support for that...
2004-05-17 04:31:14 +00:00
Richard Levitte
394178c94c Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:57 +00:00
Richard Levitte
6d85cd36e2 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:37:49 +00:00
Richard Levitte
27498a3330 EXIT() may mean return(). That's confusing, so let's have it really mean
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
2002-12-03 16:34:28 +00:00
Richard Levitte
75e3026a14 Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:09:03 +00:00
Ben Laurie
9831d941ca Many security improvements (CHATS) and a warning fix. 2002-11-12 13:23:40 +00:00
Lutz Jänicke
7d210e5194 Add missing prototypes.
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by:
PR: 89
2002-06-13 17:38:58 +00:00
Richard Levitte
cc3586028e Allow longer program names (VMS allows up to 39 characters).
Submitted by Compaq.
2002-04-06 18:59:57 +00:00
Dr. Stephen Henson
0cd8572b2d Config code updates.
CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 13:58:15 +00:00
Geoff Thorpe
1372965e2e Reduce the header dependencies on engine.h in apps/. 2001-09-12 02:39:06 +00:00
Lutz Jänicke
43f9391bcc When only the key is given to "enc", the IV is undefined
(found by Andy Brown <logic@warthog.com>).
2001-07-03 10:31:11 +00:00
Richard Levitte
c04f8cf44a Use apps_shutdown() in all applications, in case someone decides not
to go the monolith way (does anyone do that these days?).

NOTE: a few applications are missing in this commit.  I've a few more
changes in them that I haven't tested yet.
2001-06-23 16:37:32 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Richard Levitte
531d630b5c Provide an application-common setup function for engines and use it
everywhere.
2001-06-18 06:22:33 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
f2e5ca84d4 Option to disable standard block padding with EVP API.
Add -nopad option to enc command.

Update docs.
2001-02-14 02:11:52 +00:00
Ben Laurie
259810e05b Rijdael CBC mode and partial undebugged SSL support. 2001-02-06 14:09:13 +00:00
Bodo Möller
a87e50a945 'char' argument to islower must be converted to 'unsigned char' 2001-01-10 14:58:22 +00:00
Ben Laurie
646d56956b Better handling of EVP names, add EVP to speed. 2000-11-20 04:14:19 +00:00
Ben Laurie
757e392d4e Make Rijndael work! Those long flights have some good points. 2000-11-12 02:13:38 +00:00
Richard Levitte
5270e7025e Merge the engine branch into the main trunk. All conflicts resolved.
At the same time, add VMS support for Rijndael.
2000-10-26 21:07:28 +00:00
Richard Levitte
3ab5651112 The experimental Rijndael code moved to the main trunk.
make update done.
2000-10-14 20:09:54 +00:00
Richard Levitte
645749ef98 On VMS, stdout may very well lead to a file that is written to in a
record-oriented fashion.  That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it.  This can be very confusing.

The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record.  Voila, BIO_f_linebuffer() is born.

Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this.  After
the release, this BIO method will be enabled on all other platforms as
well.
2000-09-20 13:55:50 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Dr. Stephen Henson
cd3c54e50f Add -pass argument to 'enc'.
Fix to make Win32 compile work again.
2000-02-17 00:41:43 +00:00
Ralf S. Engelschall
667ac4ec6a Make gcc 2.95.2 happy again, even under ``-Wall -Wshadow -Wpointer-arith -Wcast-align
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.
2000-02-11 09:47:18 +00:00
Ulf Möller
657e60fa00 ispell (and minor modifications) 2000-02-03 23:23:24 +00:00
Bodo Möller
05ccd698b9 RAND_load_file(..., -1) now means "read the complete file";
this is what we now use to read $RANDFILE / $HOME/.rnd.
(Previously, after 'cat'ting lots of stuff into .rnd
only the first MB would be looked at.)

Bugfix for apps/enc.c: Continue if RAND_pseudo_bytes returns 0
(only -1 is an error).
2000-01-24 10:03:24 +00:00
Bodo Möller
f13b93d3b4 RAND_pseudo_bytes is good enough for encryption IVs,
we should not need RAND_bytes (and we cannot use the latter
unless we load a seed file)
2000-01-24 09:32:20 +00:00
Bodo Möller
033db22d57 add ERR_print_errors after "end" label. 2000-01-21 11:30:52 +00:00
Ulf Möller
e7f97e2d22 Check RAND_bytes() return value or use RAND_pseudo_bytes(). 2000-01-21 01:15:56 +00:00
Ben Laurie
fea9afbfc7 Make salting the default. Fail gracefully if the input is not salted. 1999-11-30 20:15:19 +00:00
Ben Laurie
5ef738240a Fix warning. 1999-11-18 14:10:53 +00:00
Dr. Stephen Henson
fd699ac55f Add a salt to the key derivation using the 'enc' program. 1999-11-16 02:49:25 +00:00
Bodo Möller
b1c4fe3625 Don't mix real tabs with tabs expanded as 8 spaces -- that's
a pain to read when using 4-space tabs.
1999-06-07 20:26:51 +00:00
Ulf Möller
09feda5cec Cut&paste error. 1999-05-13 17:25:05 +00:00
Ulf Möller
b5929507e3 Update NO_* macros. 1999-04-27 11:56:15 +00:00
Ulf Möller
f5d7a031a3 New Configure option no-<cipher> (rsa, idea, rc5, ...). 1999-04-27 01:14:46 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Bodo Möller
ec577822f9 Change #include filenames from <foo.h> to <openssl.h>.
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Ben Laurie
e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Ralf S. Engelschall
58964a4922 Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00