Commit graph

7765 commits

Author SHA1 Message Date
Dr. Stephen Henson
7cfcca8ba3 Further FIPS algorithm blocking.
Fixes to cipher blocking and enabling code.

Add option -non-fips-allow to 'enc' and update testenc.
2005-01-28 14:03:54 +00:00
Richard Levitte
0cae19f5ef The first argument to load_iv should really be a char ** instead of an
unsigned char **, since it points at text.

Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out
the inelegance of our code :-)
2005-01-27 11:42:25 +00:00
Dr. Stephen Henson
6be00c7e16 More FIPS algorithm blocking.
Catch attempted use of non FIPS algorithms with HMAC.

Give an assertion error for applications that ignore FIPS digest errors.

Make -non-fips-allow work with dgst and HMAC.
2005-01-27 01:49:42 +00:00
Richard Levitte
532d936be8 Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
cause a segfault...  This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
2005-01-27 01:49:23 +00:00
Richard Levitte
d88edf1447 Get rid if the annoying warning 2005-01-27 01:47:27 +00:00
Dr. Stephen Henson
f60fc19a69 make update 2005-01-26 20:05:46 +00:00
Dr. Stephen Henson
d0edffc7da FIPS algorithm blocking.
Non FIPS algorithms are not normally allowed in FIPS mode.

Any attempt to use them via high level functions will return an error.

The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.

There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.

For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().

For high level functions an override is performed by setting a flag in
the context.
2005-01-26 20:00:40 +00:00
Andy Polyakov
12dfa84310 Respect the fact that most interactive shells don't restore stty settings
and make it work in non-interactive mode...
2005-01-26 19:58:02 +00:00
Andy Polyakov
134d6a44ec Don't zap AES CBC IV, when decrypting truncated content in place. 2005-01-18 00:24:55 +00:00
Dr. Stephen Henson
420eb6a306 PKCS7_verify() performance optimization. When the content is large and a
memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots
of slow memory copies from the memory BIO by saving the content in a
temporary read only memory BIO.
2005-01-14 17:53:16 +00:00
Andy Polyakov
e9ddd85965 INSTALL.DJGPP update.
PR: 989
2005-01-14 16:24:45 +00:00
Andy Polyakov
ea28f93c2d Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX
environments.
2005-01-14 16:22:02 +00:00
Andy Polyakov
adeb20b6b7 O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.
PR: 998
2005-01-14 16:19:47 +00:00
Richard Levitte
086b64d0d3 make update 2005-01-14 00:16:31 +00:00
Richard Levitte
47c88d7413 Correct a faulty address assignment, and add a length check (not
really needed now, but may be needed in the future, who knows?).
2005-01-12 09:51:31 +00:00
Richard Levitte
630b9d70fb Use EXIT() instead of exit(). 2005-01-11 18:25:28 +00:00
Richard Levitte
c4929fb841 Clear signed vs. unsigned conflicts.
Change the fingerprint accordingly.
2005-01-11 16:54:35 +00:00
Richard Levitte
97c2c819b3 Remove VMS_strcasecmp() from apps.c, it's not used any more. And
besides, the implementation is bogus.
2005-01-11 06:53:30 +00:00
Andy Polyakov
954f3c3126 FAQ update to mention no-sha0 as possible workaround for Tru64 compiler bug. 2005-01-09 20:43:49 +00:00
Andy Polyakov
528584c595 DJGPP documentation note update. 2005-01-09 20:13:11 +00:00
Andy Polyakov
5cdf5e3308 Allow for ./config no-sha0.
PR: 993
2005-01-09 17:58:18 +00:00
Andy Polyakov
b58560b915 DJGPP update.
PR: 989
Submitted by: Doug Kaufman
2005-01-04 10:21:55 +00:00
Dr. Stephen Henson
76d088046c RSA KAT. 2005-01-03 17:46:45 +00:00
Andy Polyakov
83f69163fd Borrow #include <string[s].h> from e_os.h. 2004-12-31 00:01:23 +00:00
Andy Polyakov
5ca3a0aa86 Make whiny compilers stop complaining about missing prototype. 2004-12-30 23:39:06 +00:00
Andy Polyakov
702be727c0 AES CBC and CFB performance tune-up from HEAD. 2004-12-30 22:57:19 +00:00
Andy Polyakov
8336cec34d Fix Win32 test-suit. 2004-12-30 22:53:57 +00:00
Andy Polyakov
1c8415fdf3 Remove naming conflict between variable and label. 2004-12-30 11:08:27 +00:00
Dr. Stephen Henson
370d418a7b Prompt for passphrases with PKCS12 input format. 2004-12-29 01:05:35 +00:00
Andy Polyakov
4aaa4f267d Cosmetic mingw update.
PR: 924
2004-12-27 23:48:33 +00:00
Andy Polyakov
f709ffe832 Minor cygwin update.
PR: 949
2004-12-27 21:26:10 +00:00
Andy Polyakov
9e34e806a2 Remove CPU detect for IRIX targets. Performance gain is less than 1%, it
doesn't pay off...
2004-12-27 14:55:19 +00:00
Andy Polyakov
2d16a957e0 As new major IRIX release is highly unlikely to appear [and break following],
I change from -notall to -none synonym in do_irix-shared to improve backward
compatibility with IRIX 5.x.
PR: 987
2004-12-27 14:51:20 +00:00
Andy Polyakov
fe707c3260 Summarize recent backports in CHANGES. 2004-12-20 13:21:25 +00:00
Andy Polyakov
fb39cd850c Improved PowerPC platform support. 2004-12-20 13:20:22 +00:00
Andy Polyakov
560f01fff9 When re-linking files, really relink them. In other words, emulate ln -f. 2004-12-20 13:18:56 +00:00
Andy Polyakov
15bbc1574f Backport of PPC BN module from HEAD. 2004-12-20 13:15:51 +00:00
Andy Polyakov
1acf071cd0 Backport of http://cvs.openssl.org/chngview?cn=12323, as well as eliminate
message size limitations on 64-bit platforms.
2004-12-20 13:13:14 +00:00
Andy Polyakov
3ae613e34f Backport of http://cvs.openssl.org/chngview?cn=12449, essentially
a bug-fix for Win64/ia64.
2004-12-20 13:10:27 +00:00
Richard Levitte
37ece6156a make update 2004-12-13 22:48:01 +00:00
Dr. Stephen Henson
965574039b Remove duplicate lines. 2004-12-12 13:18:23 +00:00
Andy Polyakov
535178f415 Adapt FIPS sub-tree for mingw. 2004-12-10 16:30:34 +00:00
Andy Polyakov
a4a88eea03 Solaris x86 assembler update. 2004-12-10 13:15:55 +00:00
Andy Polyakov
a661c1728f Respect no-asm with fips option and disable FIPS DES assembler in
shared context [because it's not PIC].
2004-12-10 11:37:25 +00:00
Andy Polyakov
13e387c3fe olaris x86 perlasm update [from HEAD]. 2004-12-10 11:27:09 +00:00
Andy Polyakov
3dd16fb7fd Eliminate false dependency on 386 config option is FIPS context.
At the same time limit assembler support to ELF platforms [that's
what is there, ELF modules].
2004-12-09 22:43:29 +00:00
Andy Polyakov
ab09133881 Engage SHA1 IA64 assembler on IA64 platforms [from HEAD]. 2004-12-09 21:05:14 +00:00
Andy Polyakov
90ec459be0 SHA1 assember for IA64 [from HEAD]. 2004-12-09 20:55:52 +00:00
Andy Polyakov
3d5d6f9658 Cygwin specific FIPS fix-ups. 2004-12-09 18:13:46 +00:00
Andy Polyakov
bd5a2195de Postpone linking of shared libcrypto in FIPS build. 2004-12-09 18:03:23 +00:00