wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7806 commits 20 branches 302 tags 153 MiB
Commit graph

7806 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nils Larsch
c3e28480d7 update docs (recent constification) 2005-03-30 09:47:12 +00:00
Nils Larsch
e72b9658f8 the second argument of EVP_SealInit is const 2005-03-29 17:48:34 +00:00
Dr. Stephen Henson
8c04994bfe Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS mode. 2005-03-27 03:36:14 +00:00
Andy Polyakov
989c0f8215 Resolve "operation size not specified" in NASM modules. 2005-03-26 19:32:31 +00:00
Ulf Möller
4cf8f9369c undo Cygwin change 2005-03-23 22:01:57 +00:00
Richard Levitte
2950db5995 Change the memory leak FAQ entry to describe the levels of thread safety in each function 2005-03-23 21:13:35 +00:00
Ben Laurie
801fea5f11 Constification. 2005-03-23 08:21:30 +00:00
Dr. Stephen Henson
da26bcb5de Update CHANGES, opensslv.h 2005-03-22 21:27:36 +00:00
Dr. Stephen Henson
d99382039c Use right date in FAQ too :-) 2005-03-22 19:15:55 +00:00
Dr. Stephen Henson
9c29e781a8 Oops, use right date! 2005-03-22 19:14:42 +00:00
Dr. Stephen Henson
93acf33440 Update README 2005-03-22 18:43:41 +00:00
Dr. Stephen Henson
5c1fd5e316 Update files ready for release. 2005-03-22 18:17:23 +00:00
Dr. Stephen Henson
f42a82777d make update 2005-03-22 18:15:56 +00:00
Dr. Stephen Henson
0c7ceb3748 Docs fix. 2005-03-22 17:57:43 +00:00
Dr. Stephen Henson
e54e4bcf1f PR: 931 2005-03-22 17:54:13 +00:00
Dr. Stephen Henson
fe8b77753c Fix memory leak. 2005-03-22 17:29:36 +00:00
Dr. Stephen Henson
d5c2bc4bff Oops... 2005-03-22 14:31:58 +00:00
Dr. Stephen Henson
61823b6a74 Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and 
client random values.
 2005-03-22 14:10:32 +00:00
Richard Levitte
ab0def8152 There are cases when there are no files left to verify. Make sure to 
handle that properly.
 2005-03-21 13:49:09 +00:00
Ulf Möller
6d2a7098d6 Cygwin randomness 2005-03-19 11:40:41 +00:00
Andy Polyakov
b43b9de9e4 Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this in 
crypto/Makefile and make Makefile.org and fips/Makefile more discreet.
 2005-03-15 09:46:14 +00:00
Andy Polyakov
6286bbecef Fold rules in test/Makefile and provide hooks for updated FIPS build procedures. 2005-03-12 12:15:20 +00:00
Andy Polyakov
9d14506f29 Cygwin to use DSO_FLFCN and mingw to use DSO_WIN32 (required for FIPS). 2005-03-12 11:28:22 +00:00
Andy Polyakov
7ec40a480b Add mingw shared support [backport from HEAD]. 2005-03-12 09:33:14 +00:00
Andy Polyakov
aa0d4ed5fa Move copying of .dll to apps/ and test/ to more appropriate place. 2005-03-12 09:28:18 +00:00
Andy Polyakov
2cf68c0b1a Avoid re-build avalanches with HP-UX make. 2005-03-12 09:13:15 +00:00
Bodo Möller
97d49cdd6f fix potential memory leak when allocation fails 
PR: 801
Submitted by: Nils Larsch
 2005-03-11 09:00:59 +00:00
Lutz Jänicke
126179aad0 Fix type on blowfish manual page 
PR: 1010
Submitted by: Marc Balmer <mbalmer@openbsd.org>
 2005-02-19 10:25:55 +00:00
Lutz Jänicke
e22e6bf0be Fix hang in EGD/PRNGD query when communication socket is closed 
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
 2005-02-19 10:17:26 +00:00
Dr. Stephen Henson
2ecf923286 Avoid possible memory leak. 2005-02-14 21:54:29 +00:00
Andy Polyakov
b7fd453675 Make util/shlib_wrap.sh [Open]BSD-friendly. [from HEAD]. 2005-02-06 13:16:42 +00:00
Andy Polyakov
086dd3032f "Backport" http://cvs.openssl.org/chngview?cn=12841 from HEAD. For reference. 
In HEAD this approach was taken one step further. There is linux-generic32
target which is used as unified Linux target for ARM, PA-RISC, SPARCv7, S390...
 2005-02-06 13:09:51 +00:00
Dr. Stephen Henson
20e5177105 In FIPS mode use SHA1 as default digest in x509 and req 
utilities.
 2005-02-05 18:24:50 +00:00
Dr. Stephen Henson
bb987c73a9 In mkdef.pl ignore trailing whitespace in #ifdef lines 2005-02-05 17:19:23 +00:00
Andy Polyakov
515ac3debb Final HP-UX specific touches to "cope with run-time linker on multi-ABI 
platforms."
 2005-02-03 11:09:20 +00:00
Andy Polyakov
43509de33d Shut whiny make's up. 2005-02-03 10:19:36 +00:00
Andy Polyakov
dbaa6f91aa Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms 
and SafeDllSearchMode in Windows.
 2005-02-01 23:45:42 +00:00
Dr. Stephen Henson
01b62dca25 Use SHA1 for test certificates so FIPS SSL/TLS tests work. 2005-01-31 01:46:02 +00:00
Dr. Stephen Henson
66d68327cb Avoid memory leak. 2005-01-31 01:40:39 +00:00
Dr. Stephen Henson
ecc3d2734d Only allow TLS is FIPS mode. 
Remove old FIPS_allow_md5() calls.
 2005-01-31 01:33:36 +00:00
Dr. Stephen Henson
11536fbac8 Update year. 2005-01-31 01:28:17 +00:00
Dr. Stephen Henson
7cfcca8ba3 Further FIPS algorithm blocking. 
Fixes to cipher blocking and enabling code.

Add option -non-fips-allow to 'enc' and update testenc.
 2005-01-28 14:03:54 +00:00
Richard Levitte
0cae19f5ef The first argument to load_iv should really be a char ** instead of an 
unsigned char **, since it points at text.

Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out
the inelegance of our code :-)
 2005-01-27 11:42:25 +00:00
Dr. Stephen Henson
6be00c7e16 More FIPS algorithm blocking. 
Catch attempted use of non FIPS algorithms with HMAC.

Give an assertion error for applications that ignore FIPS digest errors.

Make -non-fips-allow work with dgst and HMAC.
 2005-01-27 01:49:42 +00:00
Richard Levitte
532d936be8 Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might 
cause a segfault...  This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
 2005-01-27 01:49:23 +00:00
Richard Levitte
d88edf1447 Get rid if the annoying warning 2005-01-27 01:47:27 +00:00
Dr. Stephen Henson
f60fc19a69 make update 2005-01-26 20:05:46 +00:00
Dr. Stephen Henson
d0edffc7da FIPS algorithm blocking. 
Non FIPS algorithms are not normally allowed in FIPS mode.

Any attempt to use them via high level functions will return an error.

The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.

There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.

For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().

For high level functions an override is performed by setting a flag in
the context.
 2005-01-26 20:00:40 +00:00
Andy Polyakov
12dfa84310 Respect the fact that most interactive shells don't restore stty settings 
and make it work in non-interactive mode...
 2005-01-26 19:58:02 +00:00
Andy Polyakov
134d6a44ec Don't zap AES CBC IV, when decrypting truncated content in place. 2005-01-18 00:24:55 +00:00