Bodo Möller
ae53b299fa
make update
2011-09-05 09:46:15 +00:00
Dr. Stephen Henson
ff053fc847
Don't set FIPS rand method at same time as RAND method as this can cause the
...
FIPS library to fail. Applications that want to set the FIPS rand method can do
so explicitly and presumably they know what they are doing...
2011-06-21 17:10:21 +00:00
Dr. Stephen Henson
383bc117bb
Oops, work out expanded buffer length before allocating it...
2011-04-23 20:24:55 +00:00
Dr. Stephen Henson
e0d1a2f80a
Always return multiple of block length bytes from default DRBG seed
...
callback.
Handle case where no multiple of the block size is in the interval
[min_len, max_len].
2011-04-23 20:05:19 +00:00
Dr. Stephen Henson
b8b6a13a56
Add continuous RNG test to entropy source. Entropy callbacks now need
...
to specify a "block length".
2011-04-21 14:17:15 +00:00
Dr. Stephen Henson
6653c6f2e8
Update OpenSSL DRBG support code. Use date time vector as additional data.
...
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
2011-04-06 23:40:22 +00:00
Dr. Stephen Henson
05e24c87dd
Extensive reorganisation of PRNG handling in FIPS module: all calls
...
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Richard Levitte
c6dbe90895
make update
2011-03-24 22:59:02 +00:00
Richard Levitte
537c982306
After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS
...
submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 10:58:14 +00:00
Ben Laurie
edc032b5e3
Add SRP support.
2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
b7056b6414
Update dependencies.
2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
a3654f0586
Include openssl/crypto.h first in several other files so FIPS renaming
...
is picked up.
2011-02-16 17:25:01 +00:00
Dr. Stephen Henson
d749e1080a
Experimental symbol renaming to avoid clashes with regular OpenSSL.
...
Make sure crypto.h is included first in any affected files.
2011-02-16 14:40:06 +00:00
Dr. Stephen Henson
06b433acad
Add FIPS support to the WIN32 build system.
2011-02-03 23:12:04 +00:00
Dr. Stephen Henson
aa87945f47
Update source files to handle new FIPS_lock() location. Add FIPS_lock()
...
definition. Remove stale function references from fips.h
2011-01-27 15:57:31 +00:00
Dr. Stephen Henson
7c8ced94c3
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
...
to EVP any more.
Move locking #define into fips.h.
Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
1588a3cae7
add new RAND errors
2011-01-26 15:33:51 +00:00
Dr. Stephen Henson
4ead4e5241
FIPS mode changes to make RNG compile (this will need updating later as we
...
need a whole new PRNG for FIPS).
1. avoid use of ERR_peek().
2. If compiling with FIPS use small FIPS EVP and disable ENGINE
2011-01-26 14:52:04 +00:00
Dr. Stephen Henson
70a5f5f9ab
PR: 2372
...
Submitted by: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Reviewed by: steve
Fix OpenBSD compilation failure.
2010-11-18 12:30:01 +00:00
Andy Polyakov
f04f3873f8
rand_nw.c: compensate for gcc bug (using %edx instead of %eax at -O3).
...
PR: 2296
2010-07-08 09:14:00 +00:00
Dr. Stephen Henson
a7c64928c8
clarify comment
2010-06-16 13:15:31 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Andy Polyakov
26c00de46d
rand_win.c: fix logical bug in readscreen.
2010-03-22 22:44:22 +00:00
Dr. Stephen Henson
47e0a1c335
PR: 2100
...
Submitted by: James Baker <jbaker@tableausoftware.com> et al.
Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:41 +00:00
Dr. Stephen Henson
1bfdbd8e75
PR: 2138
...
Submitted by: Kevin Regan <k.regan@f5.com>
Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
2010-01-26 18:07:26 +00:00
Andy Polyakov
b3020393f2
rand_win.c: fix time limit logic.
2010-01-19 20:35:22 +00:00
Andy Polyakov
7a6e0901ff
rand_win.c: handle GetTickCount wrap-around.
2010-01-19 13:48:18 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
44c8b81eea
Don't use __try+__except unless on VC++
2009-09-20 12:39:32 +00:00
Dr. Stephen Henson
75a86fa024
Update from 0.9.8-stable.
2009-07-24 13:48:07 +00:00
Dr. Stephen Henson
21b25ed4b8
PR: 1952
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve@openssl.org
ECDH negotiation bug.
2009-06-13 20:46:30 +00:00
Dr. Stephen Henson
ef236ec3b2
Merge from 1.0.0-stable branch.
2009-04-23 16:32:42 +00:00
Dr. Stephen Henson
cc7399e79c
Changes from 1.0.0-stable.
2009-04-07 16:33:26 +00:00
Ben Laurie
b3f3407850
Use new common flags and fix resulting warnings.
2009-02-15 14:08:51 +00:00
Richard Levitte
792bbc2374
VMS stuff I forgot...
2009-01-03 09:25:32 +00:00
Andy Polyakov
e527201f6b
This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another
...
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
2008-12-22 13:54:12 +00:00
Andy Polyakov
2fbc8a2aad
Revert commit #17603 , it should have been part of #17617 .
2008-11-12 07:27:36 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
0afc9f5bc0
PR: 1777
...
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>
Approved by: steve@openssl.org
Fix some size_t issues.
2008-11-05 23:14:32 +00:00
Ben Laurie
d40a1b865f
Only one of these needs to be signed.
2008-11-04 15:16:23 +00:00
Dr. Stephen Henson
f2c0230518
Not sure about this one... seems to be needed to make 64 bit release
...
builds work properly...
2008-11-02 18:29:27 +00:00
Ben Laurie
5e4430e70d
More size_tification.
2008-11-01 16:40:37 +00:00
Andy Polyakov
e6b4578540
randfile.c: .rnd can become orphaned on VMS.
...
Submitted by: David North
2008-10-28 16:25:47 +00:00
Geoff Thorpe
4c3296960d
Remove the dual-callback scheme for numeric and pointer thread IDs,
...
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Geoff Thorpe
5f834ab123
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
...
version some time soon.
2008-07-03 19:59:25 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Lutz Jänicke
3de5a7745f
Correctly adjust location of comment
...
Submitted by: Ben Laurie <ben@links.org>
2008-05-20 08:10:48 +00:00
Lutz Jänicke
8b99c79fae
Another occurance of possible valgrind/purify "uninitialized memory"
...
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.
Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)
2008-05-16 07:14:26 +00:00
Geoff Thorpe
f7ccba3edf
There was a need to support thread ID types that couldn't be reliably cast
...
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00