Commit graph

7361 commits

Author SHA1 Message Date
Dr. Stephen Henson
c133cb8974 Add fips/dh directory to mkfiles.pl 2004-10-26 11:47:14 +00:00
Dr. Stephen Henson
2f547d2c1c Change version numbers to 0.9.7f-dev 2004-10-25 11:31:28 +00:00
Dr. Stephen Henson
bfb7bac83b Updates for 0.9.7e release. 2004-10-25 11:24:39 +00:00
Dr. Stephen Henson
ac4fb4a138 Fix race condition. 2004-10-25 11:15:49 +00:00
Dr. Stephen Henson
75f7141ab4 make update 2004-10-25 00:04:22 +00:00
Dr. Stephen Henson
23a6dd83b5 Stop VC++ complaining... 2004-10-20 17:24:06 +00:00
Dr. Stephen Henson
450b38c05b Update NEWS file. 2004-10-20 00:54:27 +00:00
Dr. Stephen Henson
0286cccbc1 Typo. 2004-10-20 00:48:15 +00:00
Richard Levitte
dc26d1193a make update 2004-10-14 05:52:07 +00:00
Richard Levitte
64892df03e We need to check for OPENSSL_FIPS when building shared libraries, so
we get correct transfer vectors for those functions when required.
2004-10-14 05:51:15 +00:00
Richard Levitte
9e57ab615c Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up.  Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.
2004-10-14 05:49:01 +00:00
Ben Laurie
b16fee0aa7 Update fingerprints. 2004-10-08 10:03:57 +00:00
Dr. Stephen Henson
70bfcc895e Oops.. 2004-10-04 17:28:57 +00:00
Dr. Stephen Henson
8de8bcbe2c Fix race condition when CRL checking is enabled. 2004-10-04 16:27:36 +00:00
Dr. Stephen Henson
14e21742d5 Update debug-steve 2004-10-01 11:34:28 +00:00
Andy Polyakov
44963e4af7 Fix Solaris 10_x86 shared build. -Bsymbolic is required to avoid
"remaining relocations" in assembler modules. The latter seems to
be new behaviour, elder as/ld managed to resolve this relocations
as internal. It's possible to address this problem differently,
but I settle for -Bsymbolic...
PR: 946
2004-09-28 20:52:14 +00:00
Richard Levitte
125a86113f usr/doc has recently changed to usr/share/doc on Cygwin.
Notified by Corinna Vinschen <vinschen@redhat.com>
2004-09-28 11:25:11 +00:00
Dr. Stephen Henson
d06db8ad9e Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap(). 2004-09-15 23:38:45 +00:00
Dr. Stephen Henson
ffa8e7b74c Oops, forgot to reorder extension request nids. 2004-09-13 22:39:49 +00:00
Dr. Stephen Henson
85e8decc16 ASN1_STRING_to_UTF8() assumed that the MBSTRING_* flags were of
the form MBSTRING_FLAG|nbyte where "nbyte" is the number of
bytes per character.

Unfortunately this isn't so and we can't change the #defines because
this would break binary compatibility, so for 0.9.7X only translate
between the two.
2004-09-13 22:30:31 +00:00
Richard Levitte
3216de1ee5 Makefile.ssl changed name to Makefile... 2004-09-11 09:45:41 +00:00
Dr. Stephen Henson
8f349c58f7 Stop warning. 2004-09-10 20:27:45 +00:00
Dr. Stephen Henson
cfafb6a73d When looking for request extensions in a certificate look first
for the PKCS#9 OID then the non standard MS OID.
2004-09-10 20:26:30 +00:00
Richard Levitte
818c0b2e42 num is an unsigned long, but since it was transfered from
crypto/sha/sha_locl.h, where it is in fact an int, we need to check
for less-than-zero as if it was an int...
2004-09-06 14:21:14 +00:00
Richard Levitte
aef8807e76 Replace the bogus checks of n with proper uses of feof(), ferror() and
clearerr().
2004-09-06 14:19:59 +00:00
Andy Polyakov
4157fae6fe Sync aes_ctr.c with HEAD. 2004-08-23 22:28:27 +00:00
Richard Levitte
15902f8341 'compatibility', not 'computability' :-)... 2004-08-18 15:48:22 +00:00
Richard Levitte
8bcd746e84 Another missing module in the VMS build files. I believe this is the
last, though...
2004-08-11 20:34:12 +00:00
Richard Levitte
56fe40191d Stupid casts... 2004-08-11 17:41:17 +00:00
Dr. Stephen Henson
97c802588c Update FAQ. 2004-08-11 17:24:42 +00:00
Dr. Stephen Henson
8c172bce1c Make ASN1_INTEGER_cmp() work as expected with negative integers. 2004-08-10 17:40:31 +00:00
Richard Levitte
4fa9664f5e With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED to
get struct timeval and gettimeofday().
2004-08-10 10:04:13 +00:00
Richard Levitte
483b312391 Update the VMS fips library builder with the DH library. 2004-08-10 09:11:07 +00:00
Richard Levitte
1033449613 make update 2004-08-10 09:09:08 +00:00
Richard Levitte
f992081682 Correct typos and include directory specifications. 2004-08-09 12:14:08 +00:00
Richard Levitte
5ad93a12b2 In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM... 2004-08-09 12:13:36 +00:00
Dr. Stephen Henson
efeb352163 In ca.c setup engine after autoconfig so any dynamic engines are visible. 2004-08-06 12:43:54 +00:00
Dr. Stephen Henson
44dd6865b9 Stop compiler giving bogus shadow warning. 2004-08-05 18:11:43 +00:00
Dr. Stephen Henson
bb82123707 Don't ignore return values of EVP_DigestInit_ex() in md BIOs and dgst. 2004-08-05 18:10:46 +00:00
Richard Levitte
eb7bb58471 Let's lock a write lock when changing values, shall we?
Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk> for making
me aware of this error.
2004-08-02 14:15:07 +00:00
Richard Levitte
7f9c37457a To protect FIPS-related global variables, add locking mechanisms
around them.

NOTE: because two new locks are added, this adds potential binary
incompatibility with earlier versions in the 0.9.7 series.  However,
those locks will only ever be touched when FIPS_mode_set() is called
and after, thanks to a variable that's only changed from 0 to 1 once
(when FIPS_mode_set() is called).  So basically, as long as FIPS mode
hasn't been engaged explicitely by the calling application, the new
locks are treated as if they didn't exist at all, thus not becoming a
problem.  Applications that are built or rebuilt to use FIPS
functionality will need to be recompiled in any case, thus not being a
problem either.
2004-07-30 14:38:02 +00:00
Richard Levitte
86022a79a5 We're building crypto stuff, not ssl stuff. Additionally, we're in
the fips subdirectory, not the crypto one...
2004-07-29 22:26:57 +00:00
Richard Levitte
88a8ae6aee We build the crypto stuff, not the ssl stuff, in this command procedure... 2004-07-29 22:26:03 +00:00
Richard Levitte
b58e24ac57 Define OPENSSL_FIPS in opensslconf.h if a logical name with the same
name is defined.

Go up one directory level before dealing with FIPS stuff.
2004-07-28 13:47:58 +00:00
Richard Levitte
496c4e1033 From the FIPS directory, darnit! 2004-07-28 02:24:48 +00:00
Dr. Stephen Henson
0b948f3677 New cipher "strength" FIPS which specifies that a
cipher suite is FIPS compatible.

New cipherstring "FIPS" is all FIPS compatible ciphersuites except eNULL.

Only allow FIPS ciphersuites in FIPS mode.
2004-07-27 18:28:49 +00:00
Richard Levitte
7f911c668d Typo 2004-07-27 14:09:13 +00:00
Richard Levitte
e81ef01a0a The compiler may complain about what looks like a double definition of a
static variable
2004-07-27 13:58:25 +00:00
Dr. Stephen Henson
d2033156c5 Rename libcrypto.sha1 to libcrypto.a.sha1 2004-07-27 12:22:08 +00:00
Dr. Stephen Henson
e4c1c03c5b Add FIPS name to error library. 2004-07-27 00:20:41 +00:00