Dr. Stephen Henson
d4e81773cc
Check pbe2->keyfunc->parameter is not NULL before dereferencing.
...
PR: 1316
2006-04-15 17:42:46 +00:00
Dr. Stephen Henson
e8518f847e
Check EVP_DigestInit return value in EVP_BytesToKey() and use supported
...
algorithm in PKCS12_create in FIPS mode.
2006-03-01 21:15:24 +00:00
Dr. Stephen Henson
3c1ee6c147
Fix from HEAD.
2006-02-04 01:50:41 +00:00
Andy Polyakov
c12ba74f1d
Fix typo in evp.h.
2005-10-12 20:39:22 +00:00
Andy Polyakov
c892524146
Retain binary compatibility between 0.9.7h and 0.9.7g.
2005-10-11 19:12:24 +00:00
Dr. Stephen Henson
a0434788ce
Enable dss1 for FIPS mode.
2005-07-06 18:29:00 +00:00
Richard Levitte
0116eae43e
Do no try to pretend we're at the end of anything unless we're at the end
...
of a 4-character block.
2005-06-20 22:11:21 +00:00
Dr. Stephen Henson
8baaeba881
Place #ifdef OPENSSL_FIPS round the SHA-XXX functions in evp.h so mkdef.pl
...
knows about it.
2005-05-17 19:48:42 +00:00
Dr. Stephen Henson
9fc1d3f4c4
Allow AES CFB1 ciphers in FIPS mode.
2005-05-11 16:28:33 +00:00
Andy Polyakov
4b27a9feb3
Backport SHA-[224|256|384|512] from HEAD to FIPS.
2005-05-07 17:21:34 +00:00
Dr. Stephen Henson
81170986ed
Fix from HEAD.
2005-04-28 00:22:00 +00:00
Dr. Stephen Henson
342b7e0458
Rebuild error codes.
2005-04-12 13:47:58 +00:00
Richard Levitte
9addd9b6fb
Add emacs cache files to .cvsignore.
2005-04-11 14:18:14 +00:00
Dr. Stephen Henson
8c04994bfe
Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS mode.
2005-03-27 03:36:14 +00:00
Dr. Stephen Henson
f42a82777d
make update
2005-03-22 18:15:56 +00:00
Dr. Stephen Henson
7cfcca8ba3
Further FIPS algorithm blocking.
...
Fixes to cipher blocking and enabling code.
Add option -non-fips-allow to 'enc' and update testenc.
2005-01-28 14:03:54 +00:00
Dr. Stephen Henson
6be00c7e16
More FIPS algorithm blocking.
...
Catch attempted use of non FIPS algorithms with HMAC.
Give an assertion error for applications that ignore FIPS digest errors.
Make -non-fips-allow work with dgst and HMAC.
2005-01-27 01:49:42 +00:00
Dr. Stephen Henson
f60fc19a69
make update
2005-01-26 20:05:46 +00:00
Dr. Stephen Henson
d0edffc7da
FIPS algorithm blocking.
...
Non FIPS algorithms are not normally allowed in FIPS mode.
Any attempt to use them via high level functions will return an error.
The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.
There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.
For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().
For high level functions an override is performed by setting a flag in
the context.
2005-01-26 20:00:40 +00:00
Andy Polyakov
5cdf5e3308
Allow for ./config no-sha0.
...
PR: 993
2005-01-09 17:58:18 +00:00
Dr. Stephen Henson
da8534693c
Add lots of checks for memory allocation failure, error codes to indicate
...
failure and freeing up memory if a failure occurs.
PR:620
2004-12-05 01:04:44 +00:00
Dr. Stephen Henson
ced27cc681
PR: 959
...
Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
2004-11-13 13:52:34 +00:00
Richard Levitte
a2617f727d
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:53:31 +00:00
Richard Levitte
1033449613
make update
2004-08-10 09:09:08 +00:00
Dr. Stephen Henson
bb82123707
Don't ignore return values of EVP_DigestInit_ex() in md BIOs and dgst.
2004-08-05 18:10:46 +00:00
Richard Levitte
901959c945
I think it could be a good thing to know what went wrong with the tests...
2004-07-12 12:25:56 +00:00
Dr. Stephen Henson
fee38dcb9a
Return an error if an attempt is made to encode or decode
...
cipher ASN1 parameters and the cipher doesn't support it.
2004-06-24 12:31:48 +00:00
Richard Levitte
bac2e26a9e
Reimplement old functions, so older software that link to libcrypto
...
don't crash and burn.
2004-05-14 17:55:59 +00:00
Ben Laurie
3642f632d3
Pull FIPS back into stable.
2004-05-11 12:46:24 +00:00
Dr. Stephen Henson
31edde3edc
Add flag to avoid continuous
...
memory allocate when calling EVP_MD_CTX_copy_ex().
Without this HMAC is several times slower than
< 0.9.7.
2004-02-01 13:37:56 +00:00
Richard Levitte
5922128732
0.9.7-stable is in freeze. That means we do bug fixes only, not new
...
functionality. Therefore, I'm backing out most of the "CFB DES
sync-up with FIPS branch" commit (I'm keeping the corrections of
DES_cfb_encrypt()).
2004-01-28 23:31:20 +00:00
Andy Polyakov
4668056fc9
CFB DES sync-up with FIPS branch.
2004-01-27 21:46:19 +00:00
Richard Levitte
90dd4d34bb
Correct documentation typos.
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 15:05:26 +00:00
Richard Levitte
cc056d6395
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 15:00:24 +00:00
Richard Levitte
394178c94c
Use BUF_strlcpy() instead of strcpy().
...
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:57 +00:00
Richard Levitte
b0ea8b160c
It was pointed out to me that if the requested size is 0, we shouldn't
...
ty to allocate anything at all. This will allow eNULL to still work.
PR: 751
Notified by: Lutz Jaenicke
2003-12-01 13:25:39 +00:00
Richard Levitte
bb569f97b9
Check that OPENSSL_malloc() really returned some memory.
...
PR: 751
Notified by: meder@mcs.anl.gov
Reviewed by: Lutz Jaenicke, Richard Levitte
2003-12-01 12:11:57 +00:00
Richard Levitte
05a1f76093
make update
2003-08-11 09:53:24 +00:00
Richard Levitte
4ed9388e5d
A new branch for FIPS-related changes has been created with the name
...
OpenSSL-fips-0_9_7-stable.
Since the 0.9.7-stable branch is supposed to be in freeze and should
only contain bug corrections, this change removes the FIPS changes
from that branch.
2003-08-11 09:37:17 +00:00
Richard Levitte
98c1a4900c
Inclusion of openssl/engine.h should always be wrapped with a check that
...
OPENSSL_NO_ENGINE is not defined.
2003-08-04 10:12:38 +00:00
Dr. Stephen Henson
6b063f32d9
Make the EFB NIDs have empty OIDs aliased to the real EFB OID.
2003-08-01 17:06:48 +00:00
Ben Laurie
afab06d3f5
DES CFB8 test.
2003-08-01 10:31:25 +00:00
Ben Laurie
8fb97c9acd
Fix DES CFB-r.
2003-08-01 10:25:58 +00:00
Ben Laurie
c5f070d5d5
Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.
2003-07-30 18:30:18 +00:00
Ben Laurie
f3b2ea53e2
AES CFB8.
2003-07-29 17:05:16 +00:00
Ben Laurie
c473d53898
The rest of the keysizes for CFB1, working AES AVS test for CFB1.
2003-07-29 13:24:27 +00:00
Ben Laurie
e8f8249319
Working CFB1 and test vectors.
2003-07-29 10:56:56 +00:00
Ben Laurie
e2ced802b4
Add support for partial CFB modes, make tests work, update dependencies.
2003-07-28 15:08:00 +00:00
Ben Laurie
75622f1ece
Unfinished FIPS stuff for review/improvement.
2003-07-27 17:00:51 +00:00
Dr. Stephen Henson
16c9148220
Move the base64 BIO fixes to 0.9.7-stable
2003-06-03 00:11:37 +00:00