diff --git a/ChangeLog.0_9_7-stable_not-in-head b/ChangeLog.0_9_7-stable_not-in-head new file mode 100644 index 000000000..d99460a70 --- /dev/null +++ b/ChangeLog.0_9_7-stable_not-in-head @@ -0,0 +1,2534 @@ +2002-02-13 19:22 bodo + + Changed: + README (1.39.2.1), "Exp", lines: +1 -1 + + it's year 2002 now + +2002-02-14 03:43 levitte + + Changed: + crypto/des/str2key.c (1.12.2.1), "Exp", lines: +12 -0 + + Because making the key strong by xoring the last byte with 0xF0 + generates different keys than previous versions of OpenSSL and + libdes, let's make Assar's change experimental for now. + +2002-02-14 13:28 levitte + + Changed: + CHANGES (1.977.2.1), "Exp", lines: +1 -1 + Configure (1.314.2.1), "Exp", lines: +8 -4 + Makefile.org (1.154.2.1), "Exp", lines: +2 -2 + config (1.95.2.2), "Exp", lines: +4 -4 + + At Corinna Vinschen's request, change CygWin32 to Cygwin + +2002-02-14 14:36 levitte + + Changed: + Configure (1.314.2.2), "Exp", lines: +1 -1 + + The Cygwin shared extension was shifted. + +2002-02-14 14:42 levitte + + Changed: + crypto/err/err.c (1.51.2.1), "Exp", lines: +1 -1 + + For some reason, getting the topmost error was done the same way as + getting the bottommost one. I hope I understood correctly how this + should be done. It seems to work when running evp_test in an + environment where it can't find openssl.cnf. + +2002-02-14 14:51 levitte + + Changed: + crypto/des/read2pwd.c (1.6.2.1), "Exp", lines: +1 -0 + + Make sure memset() is defined by including string.h Notified by + Oscar Jacobsson + +2002-02-14 14:51 bodo + + Changed: + crypto/evp/evp_test.c (1.14.2.1), "Exp", lines: +2 -0 + + don't call OPENSSL_config(), this does not make any sense during + "make test" + +2002-02-14 15:47 bodo + + Changed: + crypto/ec/ectest.c (1.21.2.1), "Exp", lines: +6 -1 + + fix: make it possible to disable memory debugging even if it is + enabled by default + +2002-02-14 17:23 levitte + + Changed: + crypto/ui/ui_openssl.c (1.11.2.1), "Exp", lines: +7 -1 + crypto/rsa/rsa.h (1.36.2.1), "Exp", lines: +6 -6 + crypto/rand/rand_egd.c (1.16.2.1), "Exp", lines: +5 -1 + crypto/des/read_pwd.c (1.26.2.1), "Exp", lines: +7 -1 + crypto/bio/bss_log.c (1.30.2.1), "Exp", lines: +1 -1 + crypto/bio/bss_bio.c (1.31.2.1), "Exp", lines: +5 -0 + crypto/tmdiff.c (1.9.2.1), "Exp", lines: +17 -2 + apps/speed.c (1.83.2.1), "Exp", lines: +20 -4 + apps/ca.c (1.102.2.1), "Exp", lines: +1 -1 + apps/s_time.c (1.23.2.1), "Exp", lines: +20 -2 + Configure (1.314.2.3), "Exp", lines: +3 -0 + e_os.h (1.56.2.1), "Exp", lines: +9 -1 + + Add the configuration target VxWorks. + +2002-02-14 19:46 steve + + Changed: + crypto/engine/hw_sureware.c (1.2.2.1), "Exp", lines: +8 -4 + + Fix warnings: + + #if out some unused function. + + "index" is a global function on some platforms. + +2002-02-14 19:52 steve + + Changed: + crypto/tmdiff.c (1.9.2.2), "Exp", lines: +1 -0 + + typo (?) + +2002-02-15 00:38 steve + + Changed: + CHANGES (1.977.2.2), "Exp", lines: +5 -0 + crypto/conf/conf.h (1.30.2.1), "Exp", lines: +2 -1 + crypto/conf/conf_mall.c (1.6.2.1), "Exp", lines: +6 -7 + crypto/conf/conf_mod.c (1.8.2.1), "Exp", lines: +8 -0 + + Add argument to OPENSSL_config() and add flag to tolerate missing + config file. + +2002-02-15 01:12 steve + + Changed: + NEWS (1.39.2.1), "Exp", lines: +5 -1 + + Update NEWS + +2002-02-15 01:33 steve + + Changed: + crypto/asn1/asn1.h (1.103.2.1), "Exp", lines: +3 -0 + crypto/asn1/asn1_err.c (1.42.2.1), "Exp", lines: +3 -0 + crypto/asn1/asn_moid.c (1.2.2.1), "Exp", lines: +21 -10 + crypto/conf/conf_mod.c (1.8.2.2), "Exp", lines: +2 -6 + + Don't call finish function if it isn't set. + + Fix OID module. + +2002-02-15 01:58 steve + + Changed: + crypto/x509/x509_vfy.c (1.56.2.1), "Exp", lines: +23 -13 + + Allow a NULL store parameter to X509_STORE_CTX_init(). + +2002-02-15 02:01 steve + + Changed: + crypto/evp/evp_enc.c (1.28.2.1), "Exp", lines: +2 -1 + + Only initialize cipher ctx if cipher is not NULL. + +2002-02-15 03:43 steve + + Changed: + crypto/conf/conf_mod.c (1.8.2.3), "Exp", lines: +1 -1 + + Add flag to disable config module DSO loading. + +2002-02-15 11:12 bodo + + Changed: + NEWS (1.39.2.2), "Exp", lines: +1 -0 + + mention EC library + +2002-02-15 11:19 bodo + + Changed: + crypto/conf/conf.h (1.30.2.2), "Exp", lines: +1 -1 + crypto/conf/conf_mall.c (1.6.2.2), "Exp", lines: +1 -1 + + constify + +2002-02-20 00:24 steve + + Changed: + CHANGES (1.977.2.3), "Exp", lines: +4 -0 + apps/apps.c (1.49.2.1), "Exp", lines: +20 -0 + crypto/conf/conf_mall.c (1.6.2.3), "Exp", lines: +2 -14 + crypto/conf/conf_mod.c (1.8.2.4), "Exp", lines: +15 -1 + + Use default openssl.cnf if config filename set to NULL and + openssl_conf if appname NULL. + +2002-02-23 14:43 steve + + Changed: + crypto/asn1/asn_moid.c (1.2.2.2), "Exp", lines: +0 -1 + + Remove old comment + +2002-02-26 22:42 jaenicke + + Changed: + CHANGES (1.977.2.6), "Exp", lines: +4 -0 + ssl/ssl_lib.c (1.110.2.1), "Exp", lines: +6 -8 + + Make sure that bad sessions are removed in SSL_clear() (found by + Yoram Zahavi). Submitted by: Reviewed by: PR: + +2002-03-01 16:39 ben + + Changed: + Configure (1.314.2.6), "Exp", lines: +1 -0 + + OpenBSD variant. + +2002-03-06 17:59 ben + + Changed: + ssl/s3_lib.c (1.57.2.1), "Exp", lines: +1 -1 + + ADH-DES-CBC-SHA should be LOW. + +2002-03-08 20:12 steve + + Changed: + apps/apps.c (1.49.2.4), "Exp", lines: +1 -1 + + typo + +2002-03-22 03:36 levitte + + Changed: + apps/version.c (1.13.2.1), "Exp", lines: +2 -2 + apps/speed.c (1.83.2.6), "Exp", lines: +6 -6 + apps/passwd.c (1.24.2.2), "Exp", lines: +2 -2 + + Use the more modern DES API in the openssl subcommands. + +2002-03-22 11:29 levitte + + Changed: + crypto/des/des_old.h (1.9.2.4), "Exp", lines: +35 -23 + + Key schedules are given as arguments a bit differently in 0.9.6 and + earlier. Also, a few 0.9.6 functions were missing their mappings. + +2002-03-22 11:46 levitte + + Changed: + crypto/des/destest.c (1.30.2.2), "Exp", lines: +37 -35 + + Key schedules are given as arguments a bit differently in 0.9.6 and + earlier. Also, it was an error to define crypt() at all times. + +2002-03-26 15:25 levitte + + Changed: + CHANGES (1.977.2.15), "Exp", lines: +19 -8 + crypto/des/des.h (1.40.2.2), "Exp", lines: +6 -0 + + Add the possibility to enable olde des support, not just disable + it, for future support. Redocument + +2002-04-10 21:50 jaenicke + + Changed: + CHANGES (1.977.2.19), "Exp", lines: +723 -669 + + In preparation of 0.9.7: re-order changelog, so that the changes + are listed as of ... -> 0.9.6c -> 0.9.6d -> 0.9.7 Submitted by: + Reviewed by: PR: + +2002-04-11 20:43 jaenicke + + Changed: + NEWS (1.39.2.3), "Exp", lines: +27 -0 + + Compile NEWS from CHANGES. Submitted by: Reviewed by: PR: + +2002-04-15 15:28 jaenicke + + Changed: + crypto/objects/obj_dat.h (1.49.2.5), "Exp", lines: +4 -4 + crypto/objects/obj_mac.h (1.19.2.5), "Exp", lines: +1 -1 + crypto/objects/objects.txt (1.20.2.5), "Exp", lines: +7 -2 + + Use the "mail" short name according to RFC2798 (Michael Bell + ). Submitted by: Reviewed by: PR: + +2002-04-15 16:17 jaenicke + + Changed: + CHANGES (1.977.2.25), "Exp", lines: +4 -2 + + Document OID changes. Submitted by: Reviewed by: PR: + +2002-04-20 12:25 levitte + + Changed: + util/mk1mf.pl (1.41.2.1), "Exp", lines: +4 -1 + + Make sure ec is properly handled in Windows. + +2002-05-08 17:13 ben + + Changed: + crypto/conf/conf_mod.c (1.8.2.6), "Exp", lines: +1 -1 + + Fix warning. + +2002-05-11 14:42 steve + + Changed: + ssl/ssl_cert.c (1.48.2.3), "Exp", lines: +0 -1 + + + closedir is not used on Win32. + +2002-05-22 09:53 levitte + + Changed: + apps/speed.c (1.83.2.7), "Exp", lines: +4 -1 + + Remove warnings about unused symbols when configured with no-rsa. + +2002-05-22 09:55 levitte + + Changed: + crypto/asn1/x_pubkey.c (1.21.2.1), "Exp", lines: +1 -1 + + Remove warnings about uninitialised variables. This has already + been applied in the main branch. + +2002-05-22 09:56 levitte + + Changed: + crypto/engine/hw_4758_cca.c (1.1.2.4), "Exp", lines: +14 -14 + + Use 0 instead of NULL when casting to function pointers, to avoid + warnings from compilers when NULL is defined as '((void *)0)'. + This has already been applied in the main branch. + +2002-05-22 09:58 levitte + + Changed: + util/mkerr.pl (1.18.2.1), "Exp", lines: +2 -2 + + Update copyright years. This has already been applied in the main + branch. + +2002-05-23 17:25 levitte + + Changed: + VMS/tcpip_shr_decc.opt (1.1.4.1), "Exp", lines: +1 -0 + + Forgot this file. + +2002-05-31 16:34 ben + + Changed: + crypto/evp/evp_test.c (1.14.2.5), "Exp", lines: +1 -1 + + Fix a warning. + +2002-06-05 08:45 levitte + + Changed: + ssl/ssl-lib.com (1.11.2.3), "Exp", lines: +1 -1 + test/maketests.com (1.13.2.2), "Exp", lines: +29 -1 + + Correct syntax in ssl-lib.com maketests.com was missing the TCP/IP + options TCPIP and NONE + +2002-07-30 13:30 jaenicke + + Changed: + NEWS (1.39.2.11), "Exp", lines: +1 -1 + + Typo. Submitted by: Reviewed by: PR: + +2002-08-13 14:19 levitte + + Changed: + demos/engines/rsaref/Makefile (1.3.2.1), "Exp", lines: +1 -1 + + Export text symbols as well (AIX experts might need to correct me + here). + +2002-08-13 14:26 levitte + + Changed: + demos/engines/cluster_labs/Makefile (1.1.2.1), "Exp", lines: +114 -0 + demos/engines/cluster_labs/cluster_labs.h (1.1.2.1), "Exp", lines: +35 -0 + demos/engines/cluster_labs/hw_cluster_labs.c (1.1.2.1), "Exp", lines: +718 -0 + demos/engines/cluster_labs/hw_cluster_labs.ec (1.1.2.1), "Exp", lines: +8 -0 + demos/engines/cluster_labs/hw_cluster_labs_err.c (1.1.2.1), "Exp", lines: +151 -0 + demos/engines/cluster_labs/hw_cluster_labs_err.h (1.1.2.1), "Exp", lines: +95 -0 + demos/engines/ibmca/Makefile (1.1.2.1), "Exp", lines: +114 -0 + demos/engines/ibmca/hw_ibmca.c (1.1.2.1), "Exp", lines: +917 -0 + demos/engines/ibmca/hw_ibmca.ec (1.1.2.1), "Exp", lines: +8 -0 + demos/engines/ibmca/hw_ibmca_err.c (1.1.2.1), "Exp", lines: +154 -0 + demos/engines/ibmca/hw_ibmca_err.h (1.1.2.1), "Exp", lines: +98 -0 + demos/engines/ibmca/ica_openssl_api.h (1.1.2.1), "Exp", lines: +189 -0 + demos/engines/zencod/Makefile (1.1.2.1), "Exp", lines: +114 -0 + demos/engines/zencod/hw_zencod.c (1.1.2.1), "Exp", lines: +1736 -0 + demos/engines/zencod/hw_zencod.ec (1.1.2.1), "Exp", lines: +8 -0 + demos/engines/zencod/hw_zencod.h (1.1.2.1), "Exp", lines: +160 -0 + demos/engines/zencod/hw_zencod_err.c (1.1.2.1), "Exp", lines: +151 -0 + demos/engines/zencod/hw_zencod_err.h (1.1.2.1), "Exp", lines: +95 -0 + + OK, I've amused myself with making sure the engines that have been + contributed TO WORK WITH 0.9.7 can be built as dynamically loadable + libraries. + + For now, they're not included in crypto/engine/ since 0.9.7 + is in feature freeze. Further discussion might change that, but + don't hold your breath. + +2002-08-15 13:48 levitte + + Changed: + crypto/crypto-lib.com (1.53.2.8), "Exp", lines: +1 -1 + + I think that's the last forgotten compilation module. + +2002-08-16 18:44 jaenicke + + Changed: + README (1.39.2.9), "Exp", lines: +1 -1 + + Fix wrong URI. Submitted by: Mike Castle + Reviewed by: PR: 200 + +2002-10-05 13:59 steve + + Changed: + crypto/engine/hw_cswift.c (1.17.2.4), "Exp", lines: +1 -1 + + Win32 fix (signed/unsigned compare error). + +2002-10-09 14:19 levitte + + Changed: + crypto/engine/hw_cswift.c (1.17.2.5), "Exp", lines: +1 -0 + + The dissapearing destroy callback reappears + +2002-10-24 00:09 levitte + + Changed: + crypto/crypto-lib.com (1.53.2.9), "Exp", lines: +1 -1 + + An engine changed name. + +2002-10-29 18:00 geoff + + Changed: + ssl/ssl.h (1.126.2.15), "Exp", lines: +1 -1 + + Bodo spotted this keyslip in my patch to 0.9.7-stable. + +2002-10-29 18:46 geoff + + Changed: + doc/ssl/SSL_CTX_set_session_cache_mode.pod (1.5.2.2), "Exp", lines: +1 -0 + + Correct another inconsistency in my recent commits. + +2002-11-04 17:33 levitte + + Changed: + Configure (1.314.2.38), "Exp", lines: +4 -2 + + Return my normal debug targets to something not so extreme, and + make the extreme ones special (or 'extreme', if you will :-)). + +2002-11-12 14:35 bodo + + Changed: + CHANGES (1.977.2.65), "Exp", lines: +4 -4 + + fix order of changes -- if B depends on A, A should be listed after + B (reversed 'chronological' order) + +2002-11-13 12:35 levitte + + Changed: + crypto/cryptlib.h (1.10.2.4), "Exp", lines: +0 -4 + crypto/crypto.h (1.62.2.3), "Exp", lines: +4 -0 + + Make OpenSSLdie() visible (it's a must to get a proper reference in + libeay.num). + +2002-11-13 14:36 levitte + + Changed: + crypto/pem/pem_lib.c (1.36.2.5), "Exp", lines: +1 -1 + + C++ comments in C code, 'nuff said... + +2002-11-13 15:30 levitte + + Changed: + demos/engines/ibmca/hw_ibmca.c (1.1.2.2), "Exp", lines: +3 -0 + demos/engines/zencod/hw_zencod.c (1.1.2.2), "Exp", lines: +4 -1 + demos/engines/cluster_labs/hw_cluster_labs.c (1.1.2.2), "Exp", lines: +5 -2 + + The loading functions should be static if we build a dynamic + engine. + +2002-12-12 18:41 levitte + + Changed: + crypto/engine/hw_ncipher.c (1.26.2.7), "Exp", lines: +38 -2 + crypto/engine/hw_ncipher_err.c (1.1.2.2), "Exp", lines: +1 -1 + crypto/engine/hw_ncipher_err.h (1.1.2.2), "Exp", lines: +1 -1 + crypto/cryptlib.c (1.32.2.8), "Exp", lines: +2 -1 + crypto/crypto.h (1.62.2.7), "Exp", lines: +2 -1 + CHANGES (1.977.2.78), "Exp", lines: +14 -0 + + Add a static lock called HWCRHK, for the case of having an + application that wants to use the hw_ncipher engine without having + given any callbacks for the dynamic type of locks. + +2002-12-15 16:27 appro + + Changed: + Makefile.org (1.154.2.41), "Exp", lines: +2 -1 + + Another Solaris shared build clean-up. This is not actually needed + if one uses WorkShop C. It's gcc driver that brings copy of + libgcc.a into .so otherwise. In case you wonder what it's -Wl,-z... + and not just -z. Problem is that gcc driver apparently omits all -z + options but -z text. Don't ask me why. I'm not committing + corresponding workaround into the HEAD as Makefile.shared + reportedly needs even more work... + +2002-12-16 19:17 appro + + Changed: + crypto/bn/bn_lcl.h (1.23.2.3), "Exp", lines: +3 -0 + crypto/bn/bn_mul.c (1.28.2.4), "Exp", lines: +84 -445 + + This is rollback to 0.9.6h bn_mul.c to address problem reported in + RT#272. + +2002-12-16 19:59 appro + + Changed: + Makefile.org (1.154.2.42), "Exp", lines: +3 -1 + + Some of Sun compiler drivers (well, one of those I have) collect + all options specified with -Wl in the beginnig of the ld command + line which kind of obsoletes the idea as it's -z defaultextract + that will be closest to lib*.a and not -z allextract:-( + +2002-12-17 15:21 levitte + + Changed: + NEWS (1.39.2.16), "Exp", lines: +4 -1 + + A few more NEWS items. + +!2002-12-27 17:49 appro +! +! Changed: +! Configure (1.314.2.62), "Exp", lines: +1 -1 +! +! According to Tim Rice assembler support in +! SCO5 never worked anyway. Note this is not going to HEAD as we +! intend to provide an alternative solution as soon as 0.9.7 is out. + +2002-12-28 02:35 levitte + + Changed: + Configure (1.314.2.63), "Exp", lines: +1 -1 + + Hmm, the variables $x96_elf_asm and others contain a number of + colons, so when removing one reference, if should be replaced with + the appropriate number of colons, or chaos will follow... + + It's rather silly to believe we'd release 0.9.7a in 2002 :-). + +2003-01-01 16:48 ben + + Changed: + crypto/des/des_locl.h (1.19.2.5), "Exp", lines: +1 -1 + crypto/rc5/rc5_locl.h (1.3.2.4), "Exp", lines: +1 -1 + + Fix warnings, use correct -Ds. + +2003-02-06 19:00 bodo + + Changed: + crypto/ec/ec.h (1.34.2.1), "Exp", lines: +0 -2 + crypto/ec/ec_err.c (1.17.2.1), "Exp", lines: +0 -2 + crypto/ec/ec_lib.c (1.13.2.3), "Exp", lines: +2 -0 + + EC_GROUP_get_extra_data() should not set an error when it returns + NULL. (NB: this is not an API change because this internal + function is unused in 0.9.7. 0.9.8-dev will use it, and will + contain a similar change). + +2003-02-06 19:07 bodo + + Changed: + crypto/ec/ec_mult.c (1.18.2.3), "Exp", lines: +11 -0 + + additional sanity checks for arguments to EC_POINTs_mul() + +2003-02-14 15:43 bodo + + Changed: + crypto/ec/ec_lib.c (1.13.2.4), "Exp", lines: +1 -1 + + mask old error codes so that mkerr.pl does not re-add them + + year 2003 + +2003-03-18 13:12 ben + + Changed: + CHANGES (1.977.2.101), "Exp", lines: +6 -0 + crypto/rsa/rsa_eay.c (1.28.2.4), "Exp", lines: +23 -4 + crypto/rsa/rsa_lib.c (1.30.2.3), "Exp", lines: +7 -1 + + Turn on RSA blinding by default. + +2003-03-24 17:57 steve + + Changed: + crypto/x509/x509_vfy.c (1.56.2.5), "Exp", lines: +2 -2 + crypto/x509/x509_vfy.c (1.56.2.6), "Exp", lines: +2 -2 + + Get X509_V_FLAG_CRL_CHECK_ALL logic the right way round. PR:544 + +? 2003-04-04 16:21 levitte + + Changed: + util/mkdef.pl (1.67.2.5), "Exp", lines: +10 -5 + util/mkerr.pl (1.18.2.3), "Exp", lines: +6 -6 + + Transfer the changes to detect multiline comments and the GCC + extension __attribute__. + +2003-04-08 13:54 levitte + + Changed: + test/Makefile.ssl (1.84.2.25), "Exp", lines: +29 -1 + apps/Makefile.ssl (1.100.2.22), "Exp", lines: +1 -0 + Makefile.org (1.154.2.61), "Exp", lines: +4 -5 + + Set LD_LIBRARY_PATH when linking, since OpenUnix' ld uses it to + create a library search path. + + Correct typos. + +2003-04-09 07:25 levitte + + Changed: + test/Makefile.ssl (1.84.2.26), "Exp", lines: +1 -1 + + Typo + +2003-04-09 08:50 levitte + + Changed: + apps/Makefile.ssl (1.100.2.23), "Exp", lines: +1 -0 + + Dont forget req. + +2003-04-10 03:13 steve + + Changed: + crypto/rsa/rsa_sign.c (1.11.2.6), "Exp", lines: +2 -2 + + Only call redirected rsa_sign or rsa_verify if the pointer is set. + + This allows, for example, a smart card to redirect rsa_sign + and keep the default rsa_verify. + +2003-07-03 23:43 levitte + + Changed: + Makefile.org (1.154.2.65), "Exp", lines: +2 -2 + + Add a slash so grep doesn't return both ./crypto/bio/bss_mem.o and + ./crypto/mem.o when we're looking for mem.o. + +2003-07-27 15:46 ben + + Changed: + crypto/aes/aes.h (1.1.2.5), "Exp", lines: +3 -0 + crypto/aes/aes_cfb.c (1.1.2.4), "Exp", lines: +57 -0 + + Add untested CFB-r mode. Will be tested soon. + +2003-07-27 19:00 ben + + Changed: + Configure (1.314.2.85), "Exp", lines: +2 -0 + Makefile.org (1.154.2.67), "Exp", lines: +12 -3 + crypto/cryptlib.c (1.32.2.9), "Exp", lines: +5 -0 + crypto/md32_common.h (1.22.2.4), "Exp", lines: +11 -0 + crypto/aes/Makefile.ssl (1.4.2.6), "Exp", lines: +2 -1 + crypto/aes/aes_core.c (1.1.2.4), "Exp", lines: +4 -0 + crypto/des/des.h (1.40.2.4), "Exp", lines: +1 -1 + crypto/des/des_old.c (1.11.2.4), "Exp", lines: +1 -1 + crypto/des/destest.c (1.30.2.6), "Exp", lines: +2 -2 + crypto/des/ecb3_enc.c (1.8.2.1), "Exp", lines: +1 -3 + crypto/dsa/Makefile.ssl (1.49.2.5), "Exp", lines: +7 -4 + crypto/dsa/dsa_ossl.c (1.12.2.4), "Exp", lines: +2 -0 + crypto/dsa/dsa_sign.c (1.10.2.3), "Exp", lines: +12 -0 + crypto/dsa/dsa_vrf.c (1.10.2.3), "Exp", lines: +8 -0 + crypto/engine/engine.h (1.36.2.6), "Exp", lines: +4 -0 + crypto/err/err.h (1.35.2.3), "Exp", lines: +2 -0 + crypto/err/err_all.c (1.17.2.2), "Exp", lines: +4 -0 + crypto/err/openssl.ec (1.11.2.1), "Exp", lines: +1 -0 + crypto/evp/Makefile.ssl (1.64.2.8), "Exp", lines: +8 -7 + crypto/evp/c_all.c (1.7.8.7), "Exp", lines: +1 -0 + crypto/evp/e_aes.c (1.6.2.4), "Exp", lines: +12 -4 + crypto/evp/e_des3.c (1.8.2.2), "Exp", lines: +1 -1 + crypto/evp/evp.h (1.86.2.10), "Exp", lines: +2 -0 + crypto/evp/evp_err.c (1.23.2.1), "Exp", lines: +3 -1 + crypto/md4/Makefile.ssl (1.6.2.4), "Exp", lines: +7 -4 + crypto/md5/Makefile.ssl (1.33.2.7), "Exp", lines: +7 -4 + crypto/rand/Makefile.ssl (1.56.2.4), "Exp", lines: +17 -15 + crypto/rand/md_rand.c (1.69.2.2), "Exp", lines: +9 -0 + crypto/rand/rand.h (1.26.2.5), "Exp", lines: +2 -0 + crypto/rand/rand_err.c (1.6.2.1), "Exp", lines: +3 -1 + crypto/rand/rand_lib.c (1.15.2.2), "Exp", lines: +11 -0 + crypto/ripemd/Makefile.ssl (1.25.2.5), "Exp", lines: +7 -2 + crypto/sha/Makefile.ssl (1.26.2.5), "Exp", lines: +16 -6 + fips/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 + fips/Makefile.ssl (1.1.2.1), "Exp", lines: +155 -0 + fips/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 + fips/fips.c (1.1.2.1), "Exp", lines: +74 -0 + fips/fips.h (1.1.2.1), "Exp", lines: +85 -0 + fips/fips_check_sha1 (1.1.2.1), "Exp", lines: +7 -0 + fips/fips_err.c (1.1.2.1), "Exp", lines: +96 -0 + fips/fips_make_sha1 (1.1.2.1), "Exp", lines: +21 -0 + fips/lib (1.1.2.1), "Exp", lines: +0 -0 + fips/aes/.cvsignore (1.1.2.1), "Exp", lines: +4 -0 + fips/aes/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 + fips/aes/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 + fips/aes/fips_aes_core.c (1.1.2.1), "Exp", lines: +1260 -0 + fips/aes/fips_aes_locl.h (1.1.2.1), "Exp", lines: +85 -0 + fips/aes/fips_aesavs.c (1.1.2.1), "Exp", lines: +896 -0 + fips/dsa/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 + fips/dsa/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 + fips/dsa/fingerprint.sha1 (1.1.2.1), "Exp", lines: +1 -0 + fips/dsa/fips_dsa_ossl.c (1.1.2.1), "Exp", lines: +366 -0 + fips/dsa/fips_dsatest.c (1.1.2.1), "Exp", lines: +252 -0 + fips/rand/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 + fips/rand/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 + fips/rand/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 + fips/rand/fips_rand.c (1.1.2.1), "Exp", lines: +236 -0 + fips/rand/fips_rand.h (1.1.2.1), "Exp", lines: +55 -0 + fips/rand/fips_randtest.c (1.1.2.1), "Exp", lines: +348 -0 + fips/sha1/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 + fips/sha1/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 + fips/sha1/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 + fips/sha1/fips_md32_common.h (1.1.2.1), "Exp", lines: +637 -0 + fips/sha1/fips_sha1dgst.c (1.1.2.1), "Exp", lines: +76 -0 + fips/sha1/fips_sha1test.c (1.1.2.1), "Exp", lines: +128 -0 + fips/sha1/fips_sha_locl.h (1.1.2.1), "Exp", lines: +472 -0 + fips/sha1/fips_standalone_sha1.c (1.1.2.1), "Exp", lines: +101 -0 + fips/sha1/standalone.sha1 (1.1.2.1), "Exp", lines: +4 -0 + test/Makefile.ssl (1.84.2.29), "Exp", lines: +81 -13 + util/mkerr.pl (1.18.2.4), "Exp", lines: +2 -1 + + Unfinished FIPS stuff for review/improvement. + +2003-07-27 19:19 ben + + Changed: + fips/fips_check_sha1 (1.1.2.2), "Exp", lines: +1 -1 + + Use unified diff. + +2003-07-27 19:23 ben + + Changed: + fips/Makefile.ssl (1.1.2.2), "Exp", lines: +3 -3 + fips/fingerprint.sha1 (1.1.2.2), "Exp", lines: +2 -1 + fips/fips_make_sha1 (1.1.2.2), "Exp", lines: +1 -1 + + Build in non-FIPS mode. + +2003-07-27 23:13 ben + + Changed: + Makefile.org (1.154.2.68), "Exp", lines: +1 -1 + fips/fips_check_sha1 (1.1.2.3), "Exp", lines: +2 -1 + fips/aes/fips_aesavs.c (1.1.2.2), "Exp", lines: +2 -0 + fips/dsa/fips_dsa_ossl.c (1.1.2.2), "Exp", lines: +8 -0 + fips/dsa/fips_dsatest.c (1.1.2.2), "Exp", lines: +2 -1 + fips/sha1/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 + fips/sha1/fips_sha1dgst.c (1.1.2.2), "Exp", lines: +5 -1 + fips/sha1/fips_standalone_sha1.c (1.1.2.2), "Exp", lines: +2 -0 + fips/sha1/standalone.sha1 (1.1.2.2), "Exp", lines: +1 -1 + + Build when not FIPS. + +2003-07-28 11:56 ben + + Changed: + fips/dsa/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.3), "Exp", lines: +1 -1 + + New fingerprints. + +2003-07-28 17:07 ben + + Changed: + Makefile.org (1.154.2.69), "Exp", lines: +5 -1 + crypto/aes/aes.h (1.1.2.6), "Exp", lines: +3 -0 + crypto/aes/aes_cfb.c (1.1.2.5), "Exp", lines: +19 -0 + crypto/dsa/Makefile.ssl (1.49.2.6), "Exp", lines: +3 -2 + crypto/err/Makefile.ssl (1.48.2.4), "Exp", lines: +17 -16 + crypto/evp/e_aes.c (1.6.2.5), "Exp", lines: +8 -0 + crypto/evp/e_des.c (1.5.2.2), "Exp", lines: +1 -1 + crypto/evp/e_des3.c (1.8.2.3), "Exp", lines: +2 -2 + crypto/evp/evp.h (1.86.2.11), "Exp", lines: +28 -11 + crypto/evp/evp_locl.h (1.7.2.3), "Exp", lines: +2 -2 + crypto/objects/obj_dat.h (1.49.2.13), "Exp", lines: +10 -5 + crypto/objects/obj_mac.h (1.19.2.13), "Exp", lines: +5 -0 + crypto/objects/obj_mac.num (1.15.2.9), "Exp", lines: +1 -0 + crypto/objects/objects.txt (1.20.2.14), "Exp", lines: +4 -0 + fips/Makefile.ssl (1.1.2.3), "Exp", lines: +7 -0 + fips/aes/Makefile.ssl (1.1.2.2), "Exp", lines: +23 -1 + fips/aes/fips_aesavs.c (1.1.2.3), "Exp", lines: +9 -1 + test/Makefile.ssl (1.84.2.30), "Exp", lines: +101 -43 + + Add support for partial CFB modes, make tests work, update + dependencies. + +2003-07-29 12:56 ben + + Changed: + crypto/aes/aes_cfb.c (1.1.2.6), "Exp", lines: +9 -6 + crypto/evp/c_allc.c (1.8.2.3), "Exp", lines: +1 -0 + crypto/evp/evp_test.c (1.14.2.11), "Exp", lines: +17 -8 + crypto/evp/evptests.txt (1.9.2.2), "Exp", lines: +48 -1 + + Working CFB1 and test vectors. + +2003-07-29 15:24 ben + + Changed: + crypto/evp/e_aes.c (1.6.2.6), "Exp", lines: +14 -0 + crypto/objects/obj_dat.h (1.49.2.14), "Exp", lines: +15 -5 + crypto/objects/obj_mac.h (1.19.2.14), "Exp", lines: +10 -0 + crypto/objects/obj_mac.num (1.15.2.10), "Exp", lines: +2 -0 + crypto/objects/objects.txt (1.20.2.15), "Exp", lines: +2 -0 + fips/aes/Makefile.ssl (1.1.2.3), "Exp", lines: +1 -1 + fips/aes/fips_aesavs.c (1.1.2.4), "Exp", lines: +34 -19 + + The rest of the keysizes for CFB1, working AES AVS test for CFB1. + +2003-07-29 16:06 ben + + Changed: + fips/aes/fips_aesavs.c (1.1.2.5), "Exp", lines: +295 -303 + + Reformat. + +2003-07-29 16:34 ben + + Changed: + fips/aes/fips_aesavs.c (1.1.2.6), "Exp", lines: +43 -17 + + MMT for CFB1 + +2003-07-29 17:17 ben + + Changed: + fips/fips_err_wrapper.c (1.1.2.1), "Exp", lines: +5 -0 + fips/sha1/sha1hashes.txt (1.1.2.1), "Exp", lines: +342 -0 + fips/sha1/sha1vectors.txt (1.1.2.1), "Exp", lines: +2293 -0 + + Missing files. + +2003-07-29 19:05 ben + + Changed: + crypto/aes/aes.h (1.1.2.7), "Exp", lines: +3 -0 + crypto/aes/aes_cfb.c (1.1.2.7), "Exp", lines: +14 -0 + crypto/evp/c_allc.c (1.8.2.4), "Exp", lines: +1 -0 + crypto/evp/e_aes.c (1.6.2.7), "Exp", lines: +4 -9 + crypto/evp/evptests.txt (1.9.2.3), "Exp", lines: +48 -0 + crypto/objects/obj_dat.h (1.49.2.15), "Exp", lines: +20 -5 + crypto/objects/obj_mac.h (1.19.2.15), "Exp", lines: +15 -0 + crypto/objects/obj_mac.num (1.15.2.11), "Exp", lines: +3 -0 + crypto/objects/objects.txt (1.20.2.16), "Exp", lines: +3 -0 + fips/aes/fips_aesavs.c (1.1.2.7), "Exp", lines: +11 -0 + + AES CFB8. + +2003-07-30 20:30 ben + + Changed: + Makefile.org (1.154.2.70), "Exp", lines: +16 -5 + crypto/des/cfb_enc.c (1.7.2.1), "Exp", lines: +2 -1 + crypto/des/des_enc.c (1.11.2.2), "Exp", lines: +4 -0 + crypto/evp/e_aes.c (1.6.2.8), "Exp", lines: +7 -14 + crypto/evp/e_des.c (1.5.2.3), "Exp", lines: +37 -1 + crypto/evp/evp.h (1.86.2.12), "Exp", lines: +6 -0 + crypto/evp/evp_locl.h (1.7.2.4), "Exp", lines: +9 -0 + crypto/objects/obj_dat.h (1.49.2.16), "Exp", lines: +48 -23 + crypto/objects/obj_mac.h (1.19.2.16), "Exp", lines: +31 -6 + crypto/objects/obj_mac.num (1.15.2.12), "Exp", lines: +5 -0 + crypto/objects/objects.txt (1.20.2.17), "Exp", lines: +12 -6 + fips/Makefile.ssl (1.1.2.4), "Exp", lines: +8 -1 + fips/fips_make_sha1 (1.1.2.3), "Exp", lines: +3 -0 + fips/aes/Makefile.ssl (1.1.2.4), "Exp", lines: +1 -1 + fips/des/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 + fips/des/Makefile.ssl (1.1.2.1), "Exp", lines: +96 -0 + fips/des/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 + fips/des/fips_des_enc.c (1.1.2.1), "Exp", lines: +288 -0 + fips/des/fips_des_locl.h (1.1.2.1), "Exp", lines: +428 -0 + fips/des/fips_desmovs.c (1.1.2.1), "Exp", lines: +659 -0 + + Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8. + +2003-07-31 23:30 levitte + + Changed: + Makefile.org (1.154.2.71), "Exp", lines: +2 -0 + + If FDIRS is to be treated like SDIRS, let's not forget to + initialize it in Makefile.org. + +2003-07-31 23:41 levitte + + Changed: + fips/sha1/fips_sha1test.c (1.1.2.2), "Exp", lines: +3 -3 + + No C++ comments in C programs! + +2003-08-01 12:25 ben + + Changed: + crypto/des/cfb_enc.c (1.7.2.2), "Exp", lines: +45 -36 + crypto/evp/c_allc.c (1.8.2.5), "Exp", lines: +2 -0 + crypto/evp/e_des.c (1.5.2.4), "Exp", lines: +8 -3 + crypto/evp/evptests.txt (1.9.2.4), "Exp", lines: +6 -0 + + Fix DES CFB-r. + +2003-08-01 12:31 ben + + Changed: + crypto/evp/evptests.txt (1.9.2.5), "Exp", lines: +4 -0 + + DES CFB8 test. + +2003-08-01 15:07 steve + + Changed: + fips/aes/fips_aesavs.c (1.1.2.8), "Exp", lines: +3 -3 + + Replace C++ style comments. + +2003-08-01 19:06 steve + + Changed: + crypto/evp/evp_lib.c (1.6.8.2), "Exp", lines: +24 -0 + crypto/objects/obj_dat.h (1.49.2.17), "Exp", lines: +15 -46 + crypto/objects/obj_mac.h (1.19.2.17), "Exp", lines: +1 -24 + crypto/objects/obj_mac.num (1.15.2.13), "Exp", lines: +1 -4 + crypto/objects/objects.txt (1.20.2.18), "Exp", lines: +8 -12 + + Make the EFB NIDs have empty OIDs aliased to the real EFB OID. + +2003-08-03 14:22 ben + + Changed: + fips/des/fips_desmovs.c (1.1.2.2), "Exp", lines: +55 -37 + + Make tests work (CFB1 still doesn't produce the right answers, + strangely). + +2003-08-08 12:08 levitte + + Changed: + fips/des/fips_des_enc.c (1.1.2.2), "Exp", lines: +9 -0 + + Avoid clashing with the regular DES functions when not compiling + with -DFIPS. This is basically only visible when building with + shared library supoort... + +2003-08-11 11:36 levitte + + Deleted: + fips/sha1/.cvsignore (1.1.2.2) + fips/sha1/Makefile.ssl (1.1.2.3) + fips/sha1/fingerprint.sha1 (1.1.2.3) + fips/sha1/fips_md32_common.h (1.1.2.2) + fips/sha1/fips_sha1dgst.c (1.1.2.3) + fips/sha1/fips_sha1test.c (1.1.2.3) + fips/sha1/fips_sha_locl.h (1.1.2.2) + fips/sha1/fips_standalone_sha1.c (1.1.2.3) + fips/sha1/sha1hashes.txt (1.1.2.2) + fips/sha1/sha1vectors.txt (1.1.2.2) + fips/sha1/standalone.sha1 (1.1.2.4) + fips/dsa/.cvsignore (1.1.2.2) + fips/dsa/Makefile.ssl (1.1.2.2) + fips/dsa/fingerprint.sha1 (1.1.2.3) + fips/dsa/fips_dsa_ossl.c (1.1.2.3) + fips/dsa/fips_dsatest.c (1.1.2.3) + fips/rand/.cvsignore (1.1.2.2) + fips/rand/Makefile.ssl (1.1.2.2) + fips/rand/fingerprint.sha1 (1.1.2.2) + fips/rand/fips_rand.c (1.1.2.2) + fips/rand/fips_rand.h (1.1.2.2) + fips/rand/fips_randtest.c (1.1.2.2) + fips/des/.cvsignore (1.1.2.2) + fips/des/Makefile.ssl (1.1.2.3) + fips/des/fingerprint.sha1 (1.1.2.2) + fips/des/fips_des_enc.c (1.1.2.3) + fips/des/fips_des_locl.h (1.1.2.2) + fips/des/fips_desmovs.c (1.1.2.3) + fips/aes/.cvsignore (1.1.2.2) + fips/aes/Makefile.ssl (1.1.2.5) + fips/aes/fingerprint.sha1 (1.1.2.2) + fips/aes/fips_aes_core.c (1.1.2.2) + fips/aes/fips_aes_locl.h (1.1.2.2) + fips/aes/fips_aesavs.c (1.1.2.9) + fips/.cvsignore (1.1.2.2) + fips/Makefile.ssl (1.1.2.6) + fips/fingerprint.sha1 (1.1.2.3) + fips/fips.c (1.1.2.2) + fips/fips.h (1.1.2.2) + fips/fips_check_sha1 (1.1.2.4) + fips/fips_err.c (1.1.2.2) + fips/fips_err_wrapper.c (1.1.2.2) + fips/fips_make_sha1 (1.1.2.4) + fips/lib (1.1.2.2) + Changed: + util/libeay.num (1.173.2.16), "Exp", lines: +11 -38 + util/mkerr.pl (1.18.2.5), "Exp", lines: +1 -2 + test/Makefile.ssl (1.84.2.31), "Exp", lines: +54 -180 + crypto/ripemd/Makefile.ssl (1.25.2.6), "Exp", lines: +2 -7 + crypto/sha/Makefile.ssl (1.26.2.6), "Exp", lines: +6 -16 + crypto/rand/Makefile.ssl (1.56.2.5), "Exp", lines: +15 -17 + crypto/rand/md_rand.c (1.69.2.3), "Exp", lines: +0 -9 + crypto/rand/rand.h (1.26.2.6), "Exp", lines: +0 -2 + crypto/rand/rand_err.c (1.6.2.2), "Exp", lines: +1 -3 + crypto/rand/rand_lib.c (1.15.2.3), "Exp", lines: +0 -11 + crypto/objects/obj_dat.h (1.49.2.18), "Exp", lines: +3 -27 + crypto/objects/obj_mac.h (1.19.2.18), "Exp", lines: +0 -32 + crypto/objects/obj_mac.num (1.15.2.14), "Exp", lines: +0 -8 + crypto/objects/objects.txt (1.20.2.19), "Exp", lines: +0 -11 + crypto/md4/Makefile.ssl (1.6.2.5), "Exp", lines: +4 -7 + crypto/md5/Makefile.ssl (1.33.2.8), "Exp", lines: +4 -7 + crypto/evp/Makefile.ssl (1.64.2.9), "Exp", lines: +7 -8 + crypto/evp/c_allc.c (1.8.2.6), "Exp", lines: +0 -4 + crypto/evp/e_aes.c (1.6.2.9), "Exp", lines: +4 -22 + crypto/evp/e_des.c (1.5.2.5), "Exp", lines: +2 -43 + crypto/evp/e_des3.c (1.8.2.4), "Exp", lines: +3 -3 + crypto/evp/evp.h (1.86.2.13), "Exp", lines: +11 -36 + crypto/evp/evp_err.c (1.23.2.2), "Exp", lines: +1 -3 + crypto/evp/evp_lib.c (1.6.8.3), "Exp", lines: +0 -24 + crypto/evp/evp_locl.h (1.7.2.5), "Exp", lines: +2 -11 + crypto/evp/evp_test.c (1.14.2.12), "Exp", lines: +8 -17 + crypto/evp/evptests.txt (1.9.2.6), "Exp", lines: +1 -106 + crypto/dsa/Makefile.ssl (1.49.2.7), "Exp", lines: +6 -10 + crypto/dsa/dsa_ossl.c (1.12.2.5), "Exp", lines: +0 -2 + crypto/dsa/dsa_sign.c (1.10.2.4), "Exp", lines: +0 -12 + crypto/dsa/dsa_vrf.c (1.10.2.4), "Exp", lines: +0 -8 + crypto/err/Makefile.ssl (1.48.2.5), "Exp", lines: +16 -17 + crypto/err/err.h (1.35.2.4), "Exp", lines: +0 -2 + crypto/err/err_all.c (1.17.2.3), "Exp", lines: +0 -4 + crypto/err/openssl.ec (1.11.2.2), "Exp", lines: +0 -1 + crypto/des/des.h (1.40.2.5), "Exp", lines: +1 -1 + crypto/des/des_enc.c (1.11.2.3), "Exp", lines: +0 -4 + crypto/des/des_old.c (1.11.2.5), "Exp", lines: +1 -1 + crypto/des/destest.c (1.30.2.7), "Exp", lines: +2 -2 + crypto/des/ecb3_enc.c (1.8.2.2), "Exp", lines: +3 -1 + crypto/aes/Makefile.ssl (1.4.2.7), "Exp", lines: +1 -2 + crypto/aes/aes.h (1.1.2.8), "Exp", lines: +0 -9 + crypto/aes/aes_cfb.c (1.1.2.8), "Exp", lines: +0 -93 + crypto/aes/aes_core.c (1.1.2.5), "Exp", lines: +0 -4 + crypto/cryptlib.c (1.32.2.10), "Exp", lines: +0 -5 + crypto/md32_common.h (1.22.2.5), "Exp", lines: +0 -11 + Configure (1.314.2.86), "Exp", lines: +0 -2 + Makefile.org (1.154.2.72), "Exp", lines: +8 -34 + TABLE (1.99.2.30), "Exp", lines: +0 -50 + + A new branch for FIPS-related changes has been created with the + name OpenSSL-fips-0_9_7-stable. + + Since the 0.9.7-stable branch is supposed to be in freeze + and should only contain bug corrections, this change removes the + FIPS changes from that branch. + +2003-08-11 11:56 levitte + + Changed: + apps/Makefile.ssl (1.100.2.24), "Exp", lines: +1 -1 + + Oops, removed a little too much. + +2003-08-11 13:46 levitte + + Changed: + test/Makefile.ssl (1.84.2.33), "Exp", lines: +28 -28 + + Don't fiddle with LD_LIBRARY_PATH when building non-static. + +2003-08-14 08:54 levitte + + Changed: + apps/Makefile.ssl (1.100.2.25), "Exp", lines: +1 -1 + test/Makefile.ssl (1.84.2.34), "Exp", lines: +28 -28 + + Undo the change that left LD_LIBRARY_PATH unchanged. The errors I + saw weren't due to that, but to a change on the SCO machines I used + for testing, where my $PATH was suddenly incorrect. + +2003-09-27 20:31 levitte + + Changed: + apps/pkcs8.c (1.22.2.8), "Exp", lines: +5 -6 + + Remove extra argument to BIO_printf(). PR: 685 + +2003-09-29 19:10 steve + + Changed: + crypto/bio/bss_file.c (1.14.2.4), "Exp", lines: +2 -2 + + Fix to make it compile under Win32. + +2003-11-19 06:18 geoff + + Changed: + crypto/x509/x509.h (1.116.2.4), "Exp", lines: +0 -4 + + Remove duplicate prototypes have already been (correctly) added to + rsa.h, as this is already included by x509.h anyway. + +2003-11-22 11:42 ulf + + Changed: + crypto/bn/asm/bn-586.pl (1.5.2.1), "Exp", lines: +1 -1 + + bn_sub_part_words() is unused in 0.9.7. + + Spotted by Markus Friedl. + +2004-01-21 10:58 appro + + Changed: + Configure (1.314.2.89), "Exp", lines: +1 -0 + config (1.95.2.27), "Exp", lines: +7 -6 + crypto/bn/Makefile.ssl (1.65.2.7), "Exp", lines: +3 -0 + + Proper support for HP-UX64 gcc build. PR: 772 + +2004-01-29 10:41 levitte + + Changed: + crypto/bn/bn_lcl.h (1.23.2.6), "Exp", lines: +8 -9 + + Have the declarations match the definitions. + +2004-03-08 14:07 steve + + Changed: + apps/ca.c (1.102.2.28), "Exp", lines: +32 -4 + apps/openssl.cnf (1.23.2.2), "Exp", lines: +3 -0 + + Incorporate crlNumber functionality from 0.9.8 except it is + commented out in openssl.cnf . + + using the Codenomicon TLS Test Tool (CAN-2004-0079) Fix flaw in + SSL/TLS handshaking when using Kerberos ciphersuites + (CAN-2004-0112) Ready for 0.9.7d build + + Submitted by: Steven Henson Reviewed by: Joe Orton Approved + by: Mark Cox + +2004-03-25 01:57 steve + + Changed: + crypto/pkcs7/pk7_doit.c (1.50.2.9), "Exp", lines: +9 -4 + crypto/pkcs7/pk7_doit.c (1.50.2.4.2.2), "Exp", lines: +9 -4 + + Make S/MIME encrypt work again. + +2004-04-02 14:39 levitte + + Changed: + crypto/bn/Makefile.ssl (1.65.2.8), "Exp", lines: +1 -1 + + Typo. "pa-rics2W" corrected to "pa-risc2W". PR: 868 + +2004-05-11 14:44 ben + + Deleted: + apps/Makefile.ssl (1.100.2.27) + crypto/Makefile.ssl (1.84.2.12) + crypto/aes/Makefile.ssl (1.4.2.9) + crypto/asn1/Makefile.ssl (1.77.2.7) + crypto/bf/Makefile.ssl (1.25.2.6) + crypto/bio/Makefile.ssl (1.52.2.4) + crypto/bn/Makefile.ssl (1.65.2.9) + crypto/buffer/Makefile.ssl (1.32.2.4) + crypto/cast/Makefile.ssl (1.31.2.6) + crypto/comp/Makefile.ssl (1.32.2.4) + crypto/conf/Makefile.ssl (1.38.2.8) + crypto/des/Makefile.ssl (1.61.2.13) + crypto/dh/Makefile.ssl (1.43.2.5) + crypto/dsa/Makefile.ssl (1.49.2.9) + crypto/dso/Makefile.ssl (1.11.2.4) + crypto/ec/Makefile.ssl (1.7.2.4) + crypto/engine/Makefile.ssl (1.30.2.13) + crypto/err/Makefile.ssl (1.48.2.7) + crypto/evp/Makefile.ssl (1.64.2.12) + crypto/hmac/Makefile.ssl (1.33.2.6) + crypto/idea/Makefile.ssl (1.20.2.4) + crypto/krb5/Makefile.ssl (1.5.2.6) + crypto/lhash/Makefile.ssl (1.28.2.4) + crypto/md2/Makefile.ssl (1.29.2.5) + crypto/md4/Makefile.ssl (1.6.2.7) + crypto/md5/Makefile.ssl (1.33.2.10) + crypto/mdc2/Makefile.ssl (1.30.2.4) + crypto/objects/Makefile.ssl (1.46.2.6) + crypto/ocsp/Makefile.ssl (1.19.2.7) + crypto/pem/Makefile.ssl (1.51.2.5) + crypto/pkcs12/Makefile.ssl (1.37.2.5) + crypto/pkcs7/Makefile.ssl (1.47.2.5) + crypto/rand/Makefile.ssl (1.56.2.8) + crypto/rc2/Makefile.ssl (1.20.2.4) + crypto/rc4/Makefile.ssl (1.25.2.6) + crypto/rc5/Makefile.ssl (1.22.2.6) + crypto/ripemd/Makefile.ssl (1.25.2.9) + crypto/rsa/Makefile.ssl (1.53.2.6) + crypto/sha/Makefile.ssl (1.26.2.9) + crypto/stack/Makefile.ssl (1.28.2.4) + crypto/txt_db/Makefile.ssl (1.26.2.4) + crypto/ui/Makefile.ssl (1.10.2.6) + crypto/x509/Makefile.ssl (1.56.2.5) + crypto/x509v3/Makefile.ssl (1.62.2.5) + ssl/Makefile.ssl (1.53.2.11) + test/Makefile.ssl (1.84.2.36) + tools/Makefile.ssl (1.9.2.4) + Changed: + .cvsignore (1.7.6.2), "Exp", lines: +2 -1 + Configure (1.314.2.92), "Exp", lines: +38 -8 + FAQ (1.61.2.31), "Exp", lines: +1 -1 + INSTALL (1.45.2.9), "Exp", lines: +2 -2 + INSTALL.W32 (1.30.2.14), "Exp", lines: +9 -4 + Makefile.org (1.154.2.78), "Exp", lines: +51 -19 + PROBLEMS (1.4.2.10), "Exp", lines: +2 -2 + e_os.h (1.56.2.17), "Exp", lines: +20 -1 + apps/.cvsignore (1.5.8.1), "Exp", lines: +1 -0 + apps/Makefile (1.1.4.1), "Exp", lines: +1147 -0 + apps/apps.c (1.49.2.27), "Exp", lines: +0 -10 + apps/ca.c (1.102.2.31), "Exp", lines: +0 -10 + apps/dgst.c (1.23.2.10), "Exp", lines: +39 -11 + apps/openssl.c (1.48.2.9), "Exp", lines: +19 -0 + crypto/Makefile (1.1.4.1), "Exp", lines: +217 -0 + crypto/cryptlib.c (1.32.2.11), "Exp", lines: +5 -0 + crypto/crypto-lib.com (1.53.2.12), "Exp", lines: +1 -1 + crypto/md32_common.h (1.22.2.6), "Exp", lines: +12 -0 + crypto/aes/Makefile (1.1.4.1), "Exp", lines: +102 -0 + crypto/aes/aes.h (1.1.2.9), "Exp", lines: +9 -0 + crypto/aes/aes_cfb.c (1.1.2.9), "Exp", lines: +93 -0 + crypto/aes/aes_core.c (1.1.2.6), "Exp", lines: +4 -0 + crypto/asn1/Makefile (1.1.4.1), "Exp", lines: +1150 -0 + crypto/bf/Makefile (1.1.4.1), "Exp", lines: +113 -0 + crypto/bio/Makefile (1.1.4.1), "Exp", lines: +214 -0 + crypto/bio/bio.h (1.56.2.6), "Exp", lines: +1 -0 + crypto/bn/Makefile (1.1.4.1), "Exp", lines: +324 -0 + crypto/bn/bntest.c (1.55.2.4), "Exp", lines: +1 -1 + crypto/buffer/Makefile (1.1.4.1), "Exp", lines: +92 -0 + crypto/cast/Makefile (1.1.4.1), "Exp", lines: +118 -0 + crypto/cast/asm/.cvsignore (1.2.8.1), "Exp", lines: +1 -0 + crypto/comp/Makefile (1.1.4.1), "Exp", lines: +112 -0 + crypto/conf/Makefile (1.1.4.1), "Exp", lines: +181 -0 + crypto/des/Makefile (1.1.4.1), "Exp", lines: +314 -0 + crypto/des/cfb64ede.c (1.6.2.4), "Exp", lines: +111 -0 + crypto/des/des.h (1.40.2.6), "Exp", lines: +5 -1 + crypto/des/des_enc.c (1.11.2.4), "Exp", lines: +8 -0 + crypto/des/des_old.c (1.11.2.6), "Exp", lines: +1 -1 + crypto/des/destest.c (1.30.2.8), "Exp", lines: +2 -2 + crypto/des/ecb3_enc.c (1.8.2.3), "Exp", lines: +1 -3 + crypto/des/set_key.c (1.18.2.2), "Exp", lines: +4 -0 + crypto/dh/Makefile (1.1.4.1), "Exp", lines: +131 -0 + crypto/dsa/Makefile (1.1.4.1), "Exp", lines: +173 -0 + crypto/dsa/dsa_gen.c (1.19.2.1), "Exp", lines: +4 -1 + crypto/dsa/dsa_key.c (1.9.2.1), "Exp", lines: +2 -0 + crypto/dsa/dsa_ossl.c (1.12.2.6), "Exp", lines: +2 -0 + crypto/dsa/dsa_sign.c (1.10.2.5), "Exp", lines: +12 -0 + crypto/dsa/dsa_vrf.c (1.10.2.5), "Exp", lines: +8 -0 + crypto/dso/Makefile (1.1.4.1), "Exp", lines: +140 -0 + crypto/ec/Makefile (1.1.4.1), "Exp", lines: +126 -0 + crypto/engine/Makefile (1.1.4.1), "Exp", lines: +536 -0 + crypto/engine/hw_cryptodev.c (1.1.2.6), "Exp", lines: +6 -2 + crypto/err/Makefile (1.1.4.1), "Exp", lines: +118 -0 + crypto/err/err.h (1.35.2.6), "Exp", lines: +2 -0 + crypto/err/err_all.c (1.17.2.4), "Exp", lines: +4 -0 + crypto/err/openssl.ec (1.11.2.3), "Exp", lines: +1 -0 + crypto/evp/Makefile (1.1.4.1), "Exp", lines: +1057 -0 + crypto/evp/bio_md.c (1.11.2.1), "Exp", lines: +6 -0 + crypto/evp/c_allc.c (1.8.2.7), "Exp", lines: +8 -0 + crypto/evp/e_aes.c (1.6.2.10), "Exp", lines: +22 -4 + crypto/evp/e_des.c (1.5.2.8), "Exp", lines: +36 -3 + crypto/evp/e_des3.c (1.8.2.7), "Exp", lines: +43 -4 + crypto/evp/evp.h (1.86.2.15), "Exp", lines: +39 -11 + crypto/evp/evp_err.c (1.23.2.3), "Exp", lines: +3 -1 + crypto/evp/evp_lib.c (1.6.8.4), "Exp", lines: +24 -0 + crypto/evp/evp_locl.h (1.7.2.6), "Exp", lines: +11 -2 + crypto/evp/evp_test.c (1.14.2.13), "Exp", lines: +17 -8 + crypto/evp/evptests.txt (1.9.2.7), "Exp", lines: +106 -1 + crypto/hmac/Makefile (1.1.4.1), "Exp", lines: +99 -0 + crypto/idea/Makefile (1.1.4.1), "Exp", lines: +89 -0 + crypto/krb5/Makefile (1.1.4.1), "Exp", lines: +88 -0 + crypto/lhash/Makefile (1.1.4.1), "Exp", lines: +91 -0 + crypto/md2/Makefile (1.1.4.1), "Exp", lines: +91 -0 + crypto/md4/Makefile (1.1.4.1), "Exp", lines: +93 -0 + crypto/md5/Makefile (1.1.4.1), "Exp", lines: +129 -0 + crypto/mdc2/Makefile (1.1.4.1), "Exp", lines: +96 -0 + crypto/objects/Makefile (1.1.4.1), "Exp", lines: +121 -0 + crypto/objects/obj_dat.h (1.49.2.19), "Exp", lines: +33 -3 + crypto/objects/obj_mac.h (1.19.2.19), "Exp", lines: +40 -0 + crypto/objects/obj_mac.num (1.15.2.15), "Exp", lines: +10 -0 + crypto/objects/objects.txt (1.20.2.20), "Exp", lines: +13 -0 + crypto/ocsp/Makefile (1.1.4.1), "Exp", lines: +291 -0 + crypto/pem/Makefile (1.1.4.1), "Exp", lines: +334 -0 + crypto/pkcs12/Makefile (1.1.4.1), "Exp", lines: +415 -0 + crypto/pkcs7/Makefile (1.1.4.1), "Exp", lines: +241 -0 + crypto/rand/Makefile (1.1.4.1), "Exp", lines: +196 -0 + crypto/rand/md_rand.c (1.69.2.4), "Exp", lines: +9 -0 + crypto/rand/rand.h (1.26.2.7), "Exp", lines: +3 -0 + crypto/rand/rand_err.c (1.6.2.3), "Exp", lines: +4 -1 + crypto/rand/rand_lib.c (1.15.2.4), "Exp", lines: +11 -0 + crypto/rc2/Makefile (1.1.4.1), "Exp", lines: +89 -0 + crypto/rc4/Makefile (1.1.4.1), "Exp", lines: +108 -0 + crypto/rc5/Makefile (1.1.4.1), "Exp", lines: +106 -0 + crypto/ripemd/Makefile (1.1.4.1), "Exp", lines: +111 -0 + crypto/rsa/Makefile (1.1.4.1), "Exp", lines: +239 -0 + crypto/rsa/rsa_eay.c (1.28.2.9), "Exp", lines: +1 -1 + crypto/rsa/rsa_gen.c (1.8.6.1), "Exp", lines: +3 -0 + crypto/sha/Makefile (1.1.4.1), "Exp", lines: +118 -0 + crypto/sha/sha1dgst.c (1.21.2.1), "Exp", lines: +8 -0 + crypto/stack/Makefile (1.1.4.1), "Exp", lines: +86 -0 + crypto/txt_db/Makefile (1.1.4.1), "Exp", lines: +86 -0 + crypto/ui/Makefile (1.1.4.1), "Exp", lines: +115 -0 + crypto/x509/Makefile (1.1.4.1), "Exp", lines: +592 -0 + crypto/x509v3/Makefile (1.1.4.1), "Exp", lines: +601 -0 + fips/Makefile (1.1.4.1), "Exp", lines: +202 -0 + fips/fingerprint.sha1 (1.1.2.4), "Exp", lines: +4 -4 + fips/fips.c (1.1.2.3), "Exp", lines: +120 -5 + fips/fips.h (1.1.2.3), "Exp", lines: +42 -2 + fips/fips_check_sha1 (1.1.2.5), "Exp", lines: +2 -2 + fips/fips_err.h (1.1.4.1), "Exp", lines: +117 -0 + fips/fips_err_wrapper.c (1.1.2.3), "Exp", lines: +4 -2 + fips/fips_locl.h (1.1.4.1), "Exp", lines: +62 -0 + fips/fips_make_sha1 (1.1.2.5), "Exp", lines: +9 -6 + fips/fips_test_suite.c (1.1.4.1), "Exp", lines: +302 -0 + fips/openssl_fips_fingerprint (1.1.4.1), "Exp", lines: +25 -0 + fips/aes/Makefile (1.1.4.1), "Exp", lines: +131 -0 + fips/aes/fingerprint.sha1 (1.1.2.3), "Exp", lines: +3 -2 + fips/aes/fips_aes_core.c (1.1.2.3), "Exp", lines: +5 -2 + fips/aes/fips_aes_locl.h (1.1.2.3), "Exp", lines: +0 -0 + fips/aes/fips_aes_selftest.c (1.1.4.1), "Exp", lines: +112 -0 + fips/aes/fips_aesavs.c (1.1.2.10), "Exp", lines: +12 -6 + fips/des/Makefile (1.1.4.1), "Exp", lines: +155 -0 + fips/des/fingerprint.sha1 (1.1.2.3), "Exp", lines: +5 -2 + fips/des/fips_des_enc.c (1.1.2.4), "Exp", lines: +16 -3 + fips/des/fips_des_locl.h (1.1.2.3), "Exp", lines: +1 -1 + fips/des/fips_des_selftest.c (1.1.4.1), "Exp", lines: +200 -0 + fips/des/fips_desmovs.c (1.1.2.4), "Exp", lines: +186 -79 + fips/des/fips_set_key.c (1.1.4.1), "Exp", lines: +415 -0 + fips/des/asm/fips-dx86-elf.s (1.1.4.1), "Exp", lines: +2697 -0 + fips/dsa/Makefile (1.1.4.1), "Exp", lines: +159 -0 + fips/dsa/fingerprint.sha1 (1.1.2.4), "Exp", lines: +3 -1 + fips/dsa/fips_dsa_gen.c (1.1.4.1), "Exp", lines: +373 -0 + fips/dsa/fips_dsa_ossl.c (1.1.2.4), "Exp", lines: +16 -3 + fips/dsa/fips_dsa_selftest.c (1.1.4.1), "Exp", lines: +168 -0 + fips/dsa/fips_dsatest.c (1.1.2.4), "Exp", lines: +10 -6 + fips/dsa/fips_dssvs.c (1.1.4.1), "Exp", lines: +306 -0 + fips/rand/Makefile (1.1.4.1), "Exp", lines: +104 -0 + fips/rand/fingerprint.sha1 (1.1.2.3), "Exp", lines: +2 -2 + fips/rand/fips_rand.c (1.1.2.3), "Exp", lines: +60 -10 + fips/rand/fips_rand.h (1.1.2.3), "Exp", lines: +19 -1 + fips/rand/fips_randtest.c (1.1.2.3), "Exp", lines: +31 -10 + fips/rsa/Makefile (1.1.4.1), "Exp", lines: +112 -0 + fips/rsa/fingerprint.sha1 (1.1.4.1), "Exp", lines: +3 -0 + fips/rsa/fips_rsa_eay.c (1.1.4.1), "Exp", lines: +735 -0 + fips/rsa/fips_rsa_gen.c (1.1.4.1), "Exp", lines: +249 -0 + fips/rsa/fips_rsa_selftest.c (1.1.4.1), "Exp", lines: +207 -0 + fips/sha1/.cvsignore (1.1.2.3), "Exp", lines: +1 -2 + fips/sha1/Makefile (1.1.4.1), "Exp", lines: +158 -0 + fips/sha1/fingerprint.sha1 (1.1.2.4), "Exp", lines: +5 -3 + fips/sha1/fips_md32_common.h (1.1.2.3), "Exp", lines: +0 -0 + fips/sha1/fips_sha1_selftest.c (1.1.4.1), "Exp", lines: +97 -0 + fips/sha1/fips_sha1dgst.c (1.1.2.4), "Exp", lines: +4 -4 + fips/sha1/fips_sha1test.c (1.1.2.4), "Exp", lines: +17 -0 + fips/sha1/fips_sha_locl.h (1.1.2.3), "Exp", lines: +7 -0 + fips/sha1/fips_standalone_sha1.c (1.1.2.4), "Exp", lines: +60 -7 + fips/sha1/sha1hashes.txt (1.1.2.3), "Exp", lines: +0 -0 + fips/sha1/sha1vectors.txt (1.1.2.3), "Exp", lines: +0 -0 + fips/sha1/standalone.sha1 (1.1.2.5), "Exp", lines: +6 -4 + fips/sha1/asm/sx86-elf.s (1.1.4.1), "Exp", lines: +1568 -0 + ms/do_masm.bat (1.1.8.2), "Exp", lines: +12 -10 + ms/do_ms.bat (1.4.8.2), "Exp", lines: +11 -11 + ms/do_nasm.bat (1.1.8.2), "Exp", lines: +12 -11 + ms/do_nt.bat (1.2.8.1), "Exp", lines: +4 -4 + shlib/hpux10-cc.sh (1.3.2.2), "Exp", lines: +3 -3 + ssl/Makefile (1.1.4.1), "Exp", lines: +1019 -0 + ssl/s3_clnt.c (1.53.2.16), "Exp", lines: +10 -0 + ssl/s3_srvr.c (1.85.2.21), "Exp", lines: +9 -0 + ssl/ssl_cert.c (1.48.2.7), "Exp", lines: +9 -0 + ssl/ssl_lib.c (1.110.2.12), "Exp", lines: +13 -1 + ssl/ssltest.c (1.53.2.23), "Exp", lines: +33 -1 + ssl/t1_enc.c (1.27.2.8), "Exp", lines: +19 -1 + test/.cvsignore (1.4.8.1), "Exp", lines: +4 -0 + test/Makefile (1.1.4.1), "Exp", lines: +941 -0 + test/bctest (1.14.2.1), "Exp", lines: +1 -1 + test/testenc (1.3.8.1), "Exp", lines: +1 -1 + test/testfipsssl (1.1.4.1), "Exp", lines: +113 -0 + tools/Makefile (1.1.4.1), "Exp", lines: +61 -0 + util/cygwin.sh (1.1.2.5), "Exp", lines: +3 -3 + util/domd (1.6.2.3), "Exp", lines: +5 -5 + util/fixNT.sh (1.1.1.2.8.1), "Exp", lines: +3 -3 + util/libeay.num (1.173.2.19), "Exp", lines: +55 -11 + util/mk1mf.pl (1.41.2.10), "Exp", lines: +6 -4 + util/mkdef.pl (1.67.2.7), "Exp", lines: +11 -4 + util/mkerr.pl (1.18.2.6), "Exp", lines: +2 -1 + util/mkfiles.pl (1.12.2.1), "Exp", lines: +8 -1 + util/pod2mantest (1.1.2.7), "Exp", lines: +1 -1 + util/selftest.pl (1.18.2.1), "Exp", lines: +2 -2 + util/pl/BC-16.pl (1.2.2.1), "Exp", lines: +1 -1 + util/pl/BC-32.pl (1.11.2.4), "Exp", lines: +1 -1 + util/pl/Mingw32.pl (1.12.6.5), "Exp", lines: +1 -1 + util/pl/OS2-EMX.pl (1.1.2.3), "Exp", lines: +1 -1 + util/pl/VC-16.pl (1.3.2.1), "Exp", lines: +2 -2 + util/pl/VC-32.pl (1.11.2.3), "Exp", lines: +2 -2 + util/pl/VC-CE.pl (1.1.2.5), "Exp", lines: +1 -1 + util/pl/ultrix.pl (1.2.8.1), "Exp", lines: +1 -1 + + Pull FIPS back into stable. + +2004-05-12 10:27 levitte + + Changed: + apps/Makefile (1.1.4.2), "Exp", lines: +3 -1 + + Only check for FIPS signatures when FIPS is enabled. + +2004-05-12 10:28 levitte + + Changed: + crypto/des/FILES0 (1.1.4.2), "Exp", lines: +1 -1 + + Makefile.ssl changed name to Makefile. + +2004-05-12 10:28 levitte + + Changed: + fips/rand/fips_rand.c (1.1.2.4), "Exp", lines: +5 -1 + + Only really build this file when OPENSSL_FIPS is defined. And oh, + let's keep internal variables static. + +2004-05-12 10:42 levitte + + Changed: + fips/rand/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 + + I forgot to modify the signature for fips_rand.c... + +2004-05-12 10:46 levitte + + Changed: + fips/rsa/.cvsignore (1.1.4.1), "Exp", lines: +1 -0 + fips/.cvsignore (1.1.2.3), "Exp", lines: +1 -1 + fips/aes/.cvsignore (1.1.2.3), "Exp", lines: +0 -3 + fips/des/.cvsignore (1.1.2.3), "Exp", lines: +0 -2 + fips/dsa/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 + fips/rand/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 + + Ignore the 'lib' timestamp file. + +2004-05-12 12:07 levitte + + Changed: + fips/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/aes/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/des/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/dsa/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/rand/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/rsa/.cvsignore (1.1.4.2), "Exp", lines: +1 -0 + fips/sha1/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + + Ignore 'Makefile.save' + +2004-05-12 12:09 levitte + + Changed: + apps/apps.h (1.44.2.13), "Exp", lines: +0 -6 + crypto/o_str.c (1.5.2.1), "Exp", lines: +4 -3 + crypto/o_str.h (1.2.6.1), "Exp", lines: +0 -0 + + The functions OPENSSL_strcasen?cmp() were forgotten when merging + the FIPS branch into this. It's needed at least for certain + OpenVMS versions, and should really be used in a more general way. + +2004-05-12 12:17 levitte + + Changed: + crypto/Makefile (1.1.4.2), "Exp", lines: +3 -3 + + Forgot to update the Makefile with the o_str stuff... + +2004-05-12 16:11 ben + + Changed: + crypto/rand/rand.h (1.26.2.8), "Exp", lines: +2 -0 + crypto/rand/rand_err.c (1.6.2.4), "Exp", lines: +2 -0 + fips/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.4), "Exp", lines: +5 -1 + fips/rand/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 + fips/rand/fips_rand.c (1.1.2.5), "Exp", lines: +29 -0 + + Blow up in people's faces if they don't reseed. + +2004-05-12 19:53 steve + + Changed: + apps/x509.c (1.67.2.16), "Exp", lines: +0 -7 + + Fix memory leak. + +2004-05-14 19:54 levitte + + Changed: + util/libeay.num (1.173.2.20), "Exp", lines: +43 -54 + + All EVP_*_cfb functions have changed names to EVP_*_cfb64 or + EVP_*_cfb128. + +2004-05-15 18:39 ben + + Changed: + ssl/s23_clnt.c (1.20.2.6), "Exp", lines: +5 -2 + ssl/s2_clnt.c (1.37.2.11), "Exp", lines: +5 -2 + ssl/s2_srvr.c (1.36.2.8), "Exp", lines: +6 -3 + ssl/s3_clnt.c (1.53.2.17), "Exp", lines: +2 -1 + ssl/s3_srvr.c (1.85.2.22), "Exp", lines: +4 -2 + ssl/ssl_sess.c (1.40.2.8), "Exp", lines: +2 -1 + + Check error returns. + +2004-05-15 19:51 ben + + Changed: + crypto/dh/dh.h (1.23.2.6), "Exp", lines: +1 -0 + crypto/dh/dh_err.c (1.6.2.3), "Exp", lines: +2 -1 + crypto/dh/dh_gen.c (1.8.8.2), "Exp", lines: +9 -0 + fips/fips_test_suite.c (1.1.4.2), "Exp", lines: +4 -3 + fips/aes/fips_aesavs.c (1.1.2.11), "Exp", lines: +49 -1 + fips/des/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 + fips/des/fips_desmovs.c (1.1.2.5), "Exp", lines: +49 -1 + fips/des/fips_set_key.c (1.1.4.2), "Exp", lines: +2 -0 + fips/sha1/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 + fips/sha1/fips_md32_common.h (1.1.2.4), "Exp", lines: +3 -0 + fips/sha1/standalone.sha1 (1.1.2.6), "Exp", lines: +1 -1 + + Fix self-tests, ban some things in FIPS mode, fix copyrights. + +2004-05-17 06:28 levitte + + Changed: + util/mk1mf.pl (1.41.2.11), "Exp", lines: +8 -2 + util/pl/BC-16.pl (1.2.2.2), "Exp", lines: +9 -4 + util/pl/BC-32.pl (1.11.2.5), "Exp", lines: +8 -3 + util/pl/Mingw32.pl (1.12.6.6), "Exp", lines: +7 -2 + util/pl/OS2-EMX.pl (1.1.2.4), "Exp", lines: +7 -2 + util/pl/VC-16.pl (1.3.2.2), "Exp", lines: +7 -2 + util/pl/VC-32.pl (1.11.2.4), "Exp", lines: +7 -2 + util/pl/VC-CE.pl (1.1.2.6), "Exp", lines: +7 -2 + util/pl/linux.pl (1.3.6.1), "Exp", lines: +7 -2 + util/pl/ultrix.pl (1.2.8.2), "Exp", lines: +7 -2 + util/pl/unix.pl (1.2.8.1), "Exp", lines: +7 -2 + + Generate SHA1 files on Windows and other platforms supported by + mk1mf.pl, when building in FIPS mode. + + Note: UNTESTED! + +2004-05-17 06:30 levitte + + Changed: + apps/apps.h (1.44.2.14), "Exp", lines: +3 -0 + apps/openssl.c (1.48.2.10), "Exp", lines: +9 -5 + + Make sure the applications know when we are running in FIPS mode. + We can't use the variable in libcrypto, since it's supposedly + unknown. + + Note: currently only supported in MONOLITH mode. + +2004-05-17 06:31 levitte + + Changed: + apps/enc.c (1.35.2.9), "Exp", lines: +10 -1 + + When in FIPS mode, use SHA1 to digest the key, rather than MD5, as + MD5 isn't a FIPS-approved algorithm. + + Note: this means the user needs to keep track of this, and + we need to add support for that... + +2004-05-17 06:39 levitte + + Changed: + apps/enc.c (1.35.2.10), "Exp", lines: +14 -0 + + Make it possible for the user to choose the digest used to create + the key. + +2004-05-17 06:40 levitte + + Changed: + apps/enc.c (1.35.2.11), "Exp", lines: +4 -4 + + Rewrite the usage to avoid confusion. + +2004-05-17 06:47 levitte + + Changed: + apps/enc.c (1.35.2.12), "Exp", lines: +1 -1 + + Typo corretced. + +2004-05-19 16:16 levitte + + Changed: + fips/rsa/fingerprint.sha1 (1.1.4.2), "Exp", lines: +2 -2 + fips/rsa/fips_rsa_eay.c (1.1.4.2), "Exp", lines: +8 -8 + fips/rsa/fips_rsa_gen.c (1.1.4.2), "Exp", lines: +1 -1 + fips/dsa/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 + fips/dsa/fips_dsa_gen.c (1.1.4.2), "Exp", lines: +2 -2 + fips/dsa/fips_dsa_ossl.c (1.1.2.5), "Exp", lines: +4 -4 + fips/aes/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 + fips/aes/fips_aes_core.c (1.1.2.4), "Exp", lines: +5 -5 + crypto/rsa/rsa.h (1.36.2.11), "Exp", lines: +4 -0 + crypto/aes/aes.h (1.1.2.10), "Exp", lines: +6 -0 + crypto/dsa/dsa.h (1.26.2.5), "Exp", lines: +4 -0 + + Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation + for size_t-ification of those algorithms in future version of + OpenSSL... + +2004-05-27 11:33 levitte + + Changed: + makevms.com (1.35.2.3), "Exp", lines: +27 -0 + + Copy the FIPS files to the temporary openssl include directory. + +2004-05-27 12:04 levitte + + Changed: + fips/fips-lib.com (1.1.2.1), "Exp", lines: +1179 -0 + makevms.com (1.35.2.4), "Exp", lines: +8 -0 + + Compile the FIPS directory on VMS as well. fips-lib.com is + essentially a copy of crypto-lib.com, with just a few edits. + +2004-05-27 12:07 levitte + + Changed: + fips/install.com (1.1.2.1), "Exp", lines: +55 -0 + install.com (1.4.2.2), "Exp", lines: +6 -6 + + Run an installation of FIPS stuff as well. + +2004-05-27 12:19 levitte + + Changed: + test/maketests.com (1.13.2.5), "Exp", lines: +3 -3 + apps/makeapps.com (1.18.2.5), "Exp", lines: +3 -3 + + Make sure o_str.h is reachable. + +2004-06-19 15:15 ben + + Changed: + Makefile.org (1.154.2.80), "Exp", lines: +1 -1 + crypto/dh/dh.h (1.23.2.7), "Exp", lines: +0 -1 + crypto/dh/dh_check.c (1.6.2.1), "Exp", lines: +4 -0 + crypto/dh/dh_err.c (1.6.2.4), "Exp", lines: +0 -1 + crypto/dh/dh_gen.c (1.8.8.3), "Exp", lines: +5 -9 + crypto/dh/dh_key.c (1.16.2.3), "Exp", lines: +4 -0 + fips/Makefile (1.1.4.2), "Exp", lines: +13 -14 + fips/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 + fips/fips.h (1.1.2.4), "Exp", lines: +1 -0 + fips/fips_err.h (1.1.4.2), "Exp", lines: +1 -0 + fips/fips_make_sha1 (1.1.2.6), "Exp", lines: +3 -0 + fips/fips_test_suite.c (1.1.4.3), "Exp", lines: +13 -9 + fips/openssl_fips_fingerprint (1.1.4.2), "Exp", lines: +1 -2 + + The version that was actually submitted for FIPS testing. + +2004-06-19 15:16 ben + + Changed: + fips/dh/Makefile (1.1.2.1), "Exp", lines: +92 -0 + fips/dh/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 + fips/dh/fips_dh_check.c (1.1.2.1), "Exp", lines: +119 -0 + fips/dh/fips_dh_gen.c (1.1.2.1), "Exp", lines: +182 -0 + fips/dh/fips_dh_key.c (1.1.2.1), "Exp", lines: +222 -0 + + Add Diffie-Hellman to FIPS. + +2004-06-19 15:18 ben + + Changed: + fips/.cvsignore (1.1.2.5), "Exp", lines: +2 -0 + fips/dh/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 + + Update ignores. + +2004-06-19 15:32 ben + + Changed: + Makefile.org (1.154.2.81), "Exp", lines: +2 -7 + + Make make tags make tags. + +2004-06-19 15:54 ben + + Changed: + apps/Makefile (1.1.4.3), "Exp", lines: +3 -3 + apps/prime.c (1.1.2.1), "Exp", lines: +115 -0 + apps/progs.h (1.26.2.3), "Exp", lines: +2 -0 + + Add primality tester. + +2004-06-21 11:07 levitte + + Changed: + fips/aes/Makefile (1.1.4.2), "Exp", lines: +7 -5 + fips/des/Makefile (1.1.4.2), "Exp", lines: +7 -5 + fips/dh/Makefile (1.1.2.2), "Exp", lines: +7 -6 + fips/dsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 + fips/rsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 + fips/sha1/Makefile (1.1.4.2), "Exp", lines: +7 -5 + + Make sure we don't try to loop over an empty EXHEADER. In the + Makefiles where this was fixed by commenting away code, change it + to check for an empty EXHEADER instead, so we have less hassle in a + future where EXHEADER changes. + + PR: 900 + +2004-06-21 20:05 levitte + + Changed: + Makefile.org (1.154.2.82), "Exp", lines: +3 -1 + + Standard sh doesn't tolerate ! as part of the conditional command. + + PR: 900 + +2004-06-24 14:12 steve + + Changed: + apps/prime.c (1.1.2.2), "Exp", lines: +3 -0 + + Include to get definition of strcmp. + +2004-06-24 14:31 steve + + Changed: + crypto/evp/evp_lib.c (1.6.8.5), "Exp", lines: +2 -2 + + Return an error if an attempt is made to encode or decode cipher + ASN1 parameters and the cipher doesn't support it. + +2004-06-28 22:33 levitte + + Changed: + fips/dh/fips_dh_check.c (1.1.2.2), "Exp", lines: +6 -0 + fips/dh/fips_dh_gen.c (1.1.2.2), "Exp", lines: +6 -2 + fips/dh/fips_dh_key.c (1.1.2.2), "Exp", lines: +8 -0 + + Make sure the FIPS stuff is only really compiled when in FIPS mode. + +2004-07-04 18:36 steve + + Changed: + crypto/asn1/p5_pbev2.c (1.20.2.2), "Exp", lines: +2 -1 + + Fix memory leak. + +2004-07-12 19:59 ben + + Changed: + fips/fips_test_suite.c (1.1.4.4), "Exp", lines: +39 -6 + fips/dh/fingerprint.sha1 (1.1.2.2), "Exp", lines: +3 -3 + + Corrected test program. + +2004-07-17 14:48 appro + + Changed: + fips/des/Makefile (1.1.4.3), "Exp", lines: +1 -1 + + Eliminate enforced -g from CFLAGS. It switches off optimization + with some compilers, e.g. DEC C. + +2004-07-21 19:35 steve + + Changed: + fips/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.5), "Exp", lines: +3 -3 + fips/rsa/fingerprint.sha1 (1.1.4.3), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_selftest.c (1.1.4.2), "Exp", lines: +8 -8 + + Avoid compiler warnings. + +2004-07-21 19:41 steve + + Changed: + crypto/pem/pem_all.c (1.20.2.1), "Exp", lines: +119 -0 + + When in FIPS mode write private keys in PKCS#8 and PBES2 format to + avoid use of prohibited MD5 algorithm. + +2004-07-23 15:20 ben + + Changed: + fips/rand/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 + fips/rand/fips_rand.c (1.1.2.7), "Exp", lines: +22 -7 + fips/rand/fips_randtest.c (1.1.2.5), "Exp", lines: +2 -2 + + Convert to X9.31. + +2004-07-24 15:40 appro + + Changed: + ssl/ssl_cert.c (1.48.2.9), "Exp", lines: +5 -2 + + Add casts where casts due. It's "safe" to cast, because "wrong" + casts will either be optimized away or never performed. The trouble + is that compiler first parses code, then optimizes, not both at + once... + +2004-07-27 02:17 steve + + Changed: + fips/fips_test_suite.c (1.1.4.5), "Exp", lines: +9 -8 + + Stop compiler warnings. + +2004-07-27 02:20 steve + + Changed: + crypto/err/err.c (1.51.2.6), "Exp", lines: +1 -0 + + Add FIPS name to error library. + +2004-07-27 14:22 steve + + Changed: + Makefile.org (1.154.2.84), "Exp", lines: +3 -3 + fips/fips_check_sha1 (1.1.2.6), "Exp", lines: +1 -1 + fips/openssl_fips_fingerprint (1.1.4.3), "Exp", lines: +1 -1 + + Rename libcrypto.sha1 to libcrypto.a.sha1 + +2004-07-27 16:09 levitte + + Changed: + makevms.com (1.35.2.5), "Exp", lines: +1 -1 + + Typo + +2004-07-27 20:28 steve + + Changed: + ssl/s3_lib.c (1.57.2.11), "Exp", lines: +33 -33 + ssl/ssl.h (1.126.2.20), "Exp", lines: +1 -0 + ssl/ssl_ciph.c (1.33.2.9), "Exp", lines: +11 -0 + ssl/ssl_locl.h (1.47.2.3), "Exp", lines: +2 -1 + + New cipher "strength" FIPS which specifies that a cipher suite is + FIPS compatible. + + New cipherstring "FIPS" is all FIPS compatible ciphersuites + except eNULL. + + Only allow FIPS ciphersuites in FIPS mode. + +2004-07-28 04:24 levitte + + Changed: + makevms.com (1.35.2.6), "Exp", lines: +2 -2 + + From the FIPS directory, darnit! + +2004-07-28 15:47 levitte + + Changed: + makevms.com (1.35.2.7), "Exp", lines: +5 -1 + + Define OPENSSL_FIPS in opensslconf.h if a logical name with the + same name is defined. + + Go up one directory level before dealing with FIPS stuff. + +2004-07-30 00:26 levitte + + Changed: + fips/fips-lib.com (1.1.2.2), "Exp", lines: +3 -3 + + We're building crypto stuff, not ssl stuff. Additionally, we're in + the fips subdirectory, not the crypto one... + +2004-07-30 16:37 levitte + + Changed: + fips/sha1/fingerprint.sha1 (1.1.2.7), "Exp", lines: +2 -2 + fips/sha1/fips_md32_common.h (1.1.2.6), "Exp", lines: +1 -1 + fips/sha1/fips_sha_locl.h (1.1.2.5), "Exp", lines: +2 -2 + fips/sha1/fips_standalone_sha1.c (1.1.2.5), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.8), "Exp", lines: +3 -3 + ssl/ssl_ciph.c (1.33.2.10), "Exp", lines: +2 -2 + fips/rsa/fingerprint.sha1 (1.1.4.4), "Exp", lines: +2 -2 + fips/rsa/fips_rsa_eay.c (1.1.4.3), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_gen.c (1.1.4.3), "Exp", lines: +1 -1 + fips/dh/fingerprint.sha1 (1.1.2.3), "Exp", lines: +1 -1 + fips/dh/fips_dh_gen.c (1.1.2.3), "Exp", lines: +1 -1 + fips/dsa/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 + fips/dsa/fips_dsa_gen.c (1.1.4.3), "Exp", lines: +4 -3 + fips/dsa/fips_dsa_ossl.c (1.1.2.6), "Exp", lines: +2 -2 + fips/des/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 + fips/des/fips_des_enc.c (1.1.2.5), "Exp", lines: +2 -2 + fips/des/fips_set_key.c (1.1.4.3), "Exp", lines: +3 -3 + fips/fingerprint.sha1 (1.1.2.8), "Exp", lines: +2 -2 + fips/fips.c (1.1.2.6), "Exp", lines: +76 -23 + fips/fips.h (1.1.2.5), "Exp", lines: +2 -3 + fips/fips_locl.h (1.1.4.2), "Exp", lines: +7 -2 + fips/aes/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 + fips/aes/fips_aes_core.c (1.1.2.5), "Exp", lines: +1 -1 + crypto/rand/md_rand.c (1.69.2.5), "Exp", lines: +1 -1 + crypto/rand/rand_lib.c (1.15.2.5), "Exp", lines: +2 -1 + crypto/dsa/dsa_sign.c (1.10.2.6), "Exp", lines: +2 -2 + crypto/dsa/dsa_vrf.c (1.10.2.6), "Exp", lines: +1 -1 + crypto/pem/pem_all.c (1.20.2.2), "Exp", lines: +2 -2 + crypto/cryptlib.c (1.32.2.12), "Exp", lines: +122 -6 + crypto/crypto.h (1.62.2.8), "Exp", lines: +8 -1 + crypto/md32_common.h (1.22.2.7), "Exp", lines: +2 -2 + + To protect FIPS-related global variables, add locking mechanisms + around them. + + NOTE: because two new locks are added, this adds potential + binary incompatibility with earlier versions in the 0.9.7 series. + However, those locks will only ever be touched when FIPS_mode_set() + is called and after, thanks to a variable that's only changed from + 0 to 1 once (when FIPS_mode_set() is called). So basically, as + long as FIPS mode hasn't been engaged explicitely by the calling + application, the new locks are treated as if they didn't exist at + all, thus not becoming a problem. Applications that are built or + rebuilt to use FIPS functionality will need to be recompiled in any + case, thus not being a problem either. + +2004-08-02 16:15 levitte + + Changed: + crypto/cryptlib.c (1.32.2.13), "Exp", lines: +4 -4 + + Let's lock a write lock when changing values, shall we? + + Thanks to Dr Stephen Henson + for making me aware of this error. + +2004-08-05 20:11 steve + + Changed: + fips/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.7), "Exp", lines: +1 -1 + + Stop compiler giving bogus shadow warning. + +2004-08-09 14:13 levitte + + Changed: + makevms.com (1.35.2.8), "Exp", lines: +1 -1 + + In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM... + +2004-08-09 14:14 levitte + + Changed: + fips/fips-lib.com (1.1.2.3), "Exp", lines: +4 -4 + + Correct typos and include directory specifications. + +2004-08-10 11:11 levitte + + Changed: + fips/fips-lib.com (1.1.2.4), "Exp", lines: +2 -1 + + Update the VMS fips library builder with the DH library. + +2004-08-10 12:04 levitte + + Changed: + fips/rand/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 + fips/rand/fips_rand.c (1.1.2.8), "Exp", lines: +7 -1 + + With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED + to get struct timeval and gettimeofday(). + +2004-08-11 22:34 levitte + + Changed: + apps/makeapps.com (1.18.2.6), "Exp", lines: +2 -2 + + Another missing module in the VMS build files. I believe this is + the last, though... + +2004-09-06 16:19 levitte + + Changed: + fips/fips.c (1.1.2.8), "Exp", lines: +5 -4 + + Replace the bogus checks of n with proper uses of feof(), ferror() + and clearerr(). + +2004-09-06 16:21 levitte + + Changed: + fips/sha1/fips_sha_locl.h (1.1.2.6), "Exp", lines: +2 -2 + + num is an unsigned long, but since it was transfered from + crypto/sha/sha_locl.h, where it is in fact an int, we need to check + for less-than-zero as if it was an int... + +2004-09-10 22:27 steve + + Changed: + crypto/x509/x509_req.c (1.13.2.2), "Exp", lines: +1 -1 + + Stop warning. + +2004-09-11 11:45 levitte + + Changed: + test/testenc.com (1.6.8.2), "Exp", lines: +1 -1 + + Makefile.ssl changed name to Makefile... + +2004-09-14 00:30 steve + + Changed: + crypto/asn1/a_strex.c (1.8.2.6), "Exp", lines: +7 -2 + + ASN1_STRING_to_UTF8() assumed that the MBSTRING_* flags were of the + form MBSTRING_FLAG|nbyte where "nbyte" is the number of bytes per + character. + + Unfortunately this isn't so and we can't change the + #defines because this would break binary compatibility, so for + 0.9.7X only translate between the two. + +2004-09-14 00:39 steve + + Changed: + crypto/x509/x509_req.c (1.13.2.3), "Exp", lines: +1 -1 + + Oops, forgot to reorder extension request nids. + +2004-10-08 12:03 ben + + Changed: + fips/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 + fips/sha1/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.9), "Exp", lines: +1 -1 + + Update fingerprints. + +2004-10-14 07:51 levitte + + Changed: + VMS/mkshared.com (1.3.2.1), "Exp", lines: +8 -0 + + We need to check for OPENSSL_FIPS when building shared libraries, + so we get correct transfer vectors for those functions when + required. + +2004-10-26 13:47 steve + + Changed: + util/mkfiles.pl (1.12.2.2), "Exp", lines: +1 -0 + + Add fips/dh directory to mkfiles.pl + +2004-10-26 14:17 levitte + + Changed: + fips/sha1/Makefile (1.1.4.4), "Exp", lines: +3 -1 + util/mkfiles.pl (1.12.2.3), "Exp", lines: +1 -0 + fips/Makefile (1.1.4.5), "Exp", lines: +7 -1 + crypto/sha/Makefile (1.1.4.4), "Exp", lines: +1 -7 + + fips/dh was missing in mkfiles.pl. make update + +2004-10-26 15:01 steve + + Changed: + util/mkfiles.pl (1.12.2.4), "Exp", lines: +0 -1 + + Only add fips/dh once... + +2004-11-01 09:20 levitte + + Changed: + fips/rand/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 + fips/rand/fips_rand.c (1.1.2.9), "Exp", lines: +3 -1 + + Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if + not already defined. + +2004-11-11 02:18 steve + + Changed: + crypto/engine/vendor_defns/sureware.h (1.2.2.1), "Exp", lines: +1 -1 + + The use of "exp" as a variable name in a prototype causes a + conflict with FC2 headers. + +2004-11-13 14:52 steve + + Changed: + crypto/evp/e_old.c (1.1.2.2), "Exp", lines: +1 -1 + + PR: 959 + + Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c + +2004-11-27 13:55 steve + + Changed: + apps/prime.c (1.1.2.3), "Exp", lines: +28 -17 + + Fix leaks and give an error if no argument specified in prime.c + +2004-11-27 14:02 steve + + Changed: + apps/prime.c (1.1.2.4), "Exp", lines: +7 -8 + + Remove unnecessary check and call BIO_free_all() on bio_out to + avoid a leak on VMS. + +2004-12-09 19:00 appro + + Changed: + apps/openssl.c (1.48.2.11), "Exp", lines: +1 -1 + + Eliminate dependency on UNICODE macro. + +2004-12-09 19:03 appro + + Changed: + crypto/Makefile (1.1.4.4), "Exp", lines: +2 -0 + + Postpone linking of shared libcrypto in FIPS build. + +2004-12-09 19:13 appro + + Changed: + fips/fingerprint.sha1 (1.1.2.11), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.9), "Exp", lines: +13 -1 + fips/openssl_fips_fingerprint (1.1.4.4), "Exp", lines: +4 -2 + + Cygwin specific FIPS fix-ups. + +2004-12-09 23:43 appro + + Changed: + Configure (1.314.2.100), "Exp", lines: +2 -3 + crypto/des/des_enc.c (1.11.2.5), "Exp", lines: +2 -2 + + Eliminate false dependency on 386 config option is FIPS context. + At the same time limit assembler support to ELF platforms [that's + what is there, ELF modules]. + +2004-12-10 12:37 appro + + Changed: + Configure (1.314.2.101), "Exp", lines: +10 -3 + crypto/des/des_enc.c (1.11.2.6), "Exp", lines: +2 -2 + + Respect no-asm with fips option and disable FIPS DES assembler in + shared context [because it's not PIC]. + +2004-12-10 14:15 appro + + Changed: + fips/sha1/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.11), "Exp", lines: +1 -1 + fips/sha1/asm/sx86-elf.s (1.1.4.3), "Exp", lines: +32 -32 + + Solaris x86 assembler update. + +2004-12-10 17:30 appro + + Changed: + fips/fips_check_sha1 (1.1.2.7), "Exp", lines: +1 -1 + fips/openssl_fips_fingerprint (1.1.4.5), "Exp", lines: +1 -1 + fips/sha1/Makefile (1.1.4.6), "Exp", lines: +1 -1 + + Adapt FIPS sub-tree for mingw. + +2004-12-20 14:18 appro + + Changed: + util/mklink.pl (1.6.2.2), "Exp", lines: +1 -0 + + When re-linking files, really relink them. In other words, emulate + ln -f. + +2004-12-28 00:48 appro + + Changed: + Configure (1.314.2.103), "Exp", lines: +1 -2 + Makefile.org (1.154.2.92), "Exp", lines: +2 -2 + + Cosmetic mingw update. PR: 924 + +2005-01-03 18:46 steve + + Changed: + fips/rsa/fingerprint.sha1 (1.1.4.5), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_selftest.c (1.1.4.3), "Exp", lines: +55 -11 + + RSA KAT. + +2005-01-09 18:58 appro + + Changed: + crypto/evp/c_alld.c (1.4.2.1), "Exp", lines: +1 -1 + crypto/evp/m_sha.c (1.8.2.1), "Exp", lines: +1 -1 + crypto/sha/shatest.c (1.11.2.2), "Exp", lines: +2 -2 + + Allow for ./config no-sha0. PR: 993 + +2005-01-11 07:53 levitte + + Changed: + apps/apps.c (1.49.2.31), "Exp", lines: +0 -16 + + Remove VMS_strcasecmp() from apps.c, it's not used any more. And + besides, the implementation is bogus. + +2005-01-11 17:54 levitte + + Changed: + fips/rsa/fingerprint.sha1 (1.1.4.6), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_selftest.c (1.1.4.4), "Exp", lines: +2 -2 + + Clear signed vs. unsigned conflicts. Change the fingerprint + accordingly. + +2005-01-11 19:25 levitte + + Changed: + ssl/ssltest.c (1.53.2.24), "Exp", lines: +2 -2 + fips/rand/fips_randtest.c (1.1.2.6), "Exp", lines: +3 -3 + fips/sha1/fips_sha1test.c (1.1.2.5), "Exp", lines: +10 -4 + fips/des/fips_desmovs.c (1.1.2.6), "Exp", lines: +8 -7 + fips/dsa/fips_dsatest.c (1.1.2.5), "Exp", lines: +2 -2 + apps/openssl.c (1.48.2.12), "Exp", lines: +1 -1 + fips/aes/fips_aesavs.c (1.1.2.12), "Exp", lines: +8 -7 + + Use EXIT() instead of exit(). + +2005-01-26 21:00 steve + + Changed: + apps/dgst.c (1.23.2.13), "Exp", lines: +10 -0 + apps/pkcs12.c (1.60.2.13), "Exp", lines: +8 -1 + crypto/crypto.h (1.62.2.9), "Exp", lines: +49 -0 + crypto/md32_common.h (1.22.2.9), "Exp", lines: +1 -1 + crypto/bf/bf_skey.c (1.6.2.1), "Exp", lines: +2 -1 + crypto/bf/blowfish.h (1.9.2.1), "Exp", lines: +4 -1 + crypto/cast/c_skey.c (1.5.6.1), "Exp", lines: +3 -1 + crypto/cast/cast.h (1.7.2.1), "Exp", lines: +4 -1 + crypto/evp/bio_md.c (1.11.2.3), "Exp", lines: +2 -7 + crypto/evp/digest.c (1.21.2.7), "Exp", lines: +11 -0 + crypto/evp/e_aes.c (1.6.2.11), "Exp", lines: +11 -11 + crypto/evp/e_des.c (1.5.2.9), "Exp", lines: +5 -3 + crypto/evp/e_des3.c (1.8.2.8), "Exp", lines: +6 -6 + crypto/evp/evp.h (1.86.2.16), "Exp", lines: +17 -0 + crypto/evp/evp_enc.c (1.28.2.11), "Exp", lines: +15 -1 + crypto/evp/evp_err.c (1.23.2.4), "Exp", lines: +6 -1 + crypto/evp/evp_locl.h (1.7.2.7), "Exp", lines: +17 -2 + crypto/evp/m_dss.c (1.8.2.1), "Exp", lines: +1 -1 + crypto/evp/m_md2.c (1.9.2.1), "Exp", lines: +1 -0 + crypto/evp/m_md4.c (1.8.2.1), "Exp", lines: +1 -0 + crypto/evp/m_md5.c (1.9.2.1), "Exp", lines: +1 -0 + crypto/evp/m_mdc2.c (1.9.2.1), "Exp", lines: +1 -0 + crypto/evp/m_sha.c (1.8.2.2), "Exp", lines: +1 -0 + crypto/evp/m_sha1.c (1.8.2.1), "Exp", lines: +1 -1 + crypto/evp/names.c (1.7.2.1), "Exp", lines: +3 -0 + crypto/hmac/hmac.c (1.12.2.3), "Exp", lines: +7 -0 + crypto/hmac/hmac.h (1.14.2.2), "Exp", lines: +1 -0 + crypto/idea/i_skey.c (1.5.6.1), "Exp", lines: +13 -0 + crypto/idea/idea.h (1.10.2.1), "Exp", lines: +4 -0 + crypto/md2/md2.h (1.11.2.1), "Exp", lines: +3 -0 + crypto/md2/md2_dgst.c (1.13.2.4), "Exp", lines: +3 -1 + crypto/md4/md4.h (1.3.2.1), "Exp", lines: +3 -0 + crypto/md4/md4_dgst.c (1.2.2.2), "Exp", lines: +1 -1 + crypto/md5/md5.h (1.10.2.3), "Exp", lines: +3 -0 + crypto/md5/md5_dgst.c (1.16.2.2), "Exp", lines: +1 -1 + crypto/mdc2/mdc2.h (1.9.2.1), "Exp", lines: +3 -1 + crypto/mdc2/mdc2dgst.c (1.13.2.1), "Exp", lines: +3 -1 + crypto/rc2/rc2.h (1.10.2.1), "Exp", lines: +4 -1 + crypto/rc2/rc2_skey.c (1.4.6.1), "Exp", lines: +13 -0 + crypto/rc4/rc4.h (1.10.2.2), "Exp", lines: +3 -0 + crypto/rc4/rc4_skey.c (1.10.8.2), "Exp", lines: +2 -1 + crypto/rc5/rc5.h (1.5.2.1), "Exp", lines: +4 -1 + crypto/rc5/rc5_skey.c (1.4.6.1), "Exp", lines: +14 -0 + crypto/ripemd/ripemd.h (1.8.2.1), "Exp", lines: +3 -0 + crypto/ripemd/rmd_dgst.c (1.13.2.2), "Exp", lines: +2 -1 + crypto/sha/sha.h (1.11.2.2), "Exp", lines: +3 -0 + crypto/sha/sha_locl.h (1.16.2.3), "Exp", lines: +4 -0 + crypto/x509/x509_cmp.c (1.22.2.4), "Exp", lines: +7 -1 + crypto/x509/x509_vfy.c (1.56.2.13), "Exp", lines: +1 -1 + ssl/s3_clnt.c (1.53.2.18), "Exp", lines: +2 -0 + ssl/s3_enc.c (1.31.2.9), "Exp", lines: +3 -0 + ssl/s3_srvr.c (1.85.2.23), "Exp", lines: +2 -0 + ssl/t1_enc.c (1.27.2.9), "Exp", lines: +2 -0 + + FIPS algorithm blocking. + + Non FIPS algorithms are not normally allowed in FIPS mode. + + Any attempt to use them via high level functions will + return an error. + + The low level non-FIPS algorithm functions cannot return + errors so they produce assertion failures. HMAC also has to give an + assertion error because it (erroneously) can't return an error + either. + + There are exceptions (such as MD5 in TLS and non + cryptographic use of algorithms) and applications can override the + blocking and use non FIPS algorithms anyway. + + For low level functions the override is perfomed by + prefixing the algorithm initalization function with "private_" for + example private_MD5_Init(). + + For high level functions an override is performed by + setting a flag in the context. + +2005-01-26 21:05 steve + + Changed: + crypto/bf/Makefile (1.1.4.3), "Exp", lines: +5 -2 + crypto/cast/Makefile (1.1.4.3), "Exp", lines: +4 -2 + crypto/des/Makefile (1.1.4.6), "Exp", lines: +1 -1 + crypto/evp/Makefile (1.1.4.5), "Exp", lines: +5 -5 + crypto/idea/Makefile (1.1.4.3), "Exp", lines: +3 -0 + crypto/md2/Makefile (1.1.4.3), "Exp", lines: +3 -1 + crypto/mdc2/Makefile (1.1.4.3), "Exp", lines: +4 -2 + crypto/rc2/Makefile (1.1.4.3), "Exp", lines: +5 -2 + crypto/rc5/Makefile (1.1.4.3), "Exp", lines: +5 -1 + crypto/sha/Makefile (1.1.4.7), "Exp", lines: +7 -1 + fips/Makefile (1.1.4.7), "Exp", lines: +1 -7 + fips/sha1/Makefile (1.1.4.8), "Exp", lines: +1 -3 + util/libeay.num (1.173.2.24), "Exp", lines: +13 -0 + + make update + +2005-01-27 02:49 steve + + Changed: + apps/dgst.c (1.23.2.14), "Exp", lines: +9 -5 + crypto/crypto.h (1.62.2.10), "Exp", lines: +3 -0 + crypto/evp/digest.c (1.21.2.8), "Exp", lines: +34 -0 + crypto/hmac/hmac.c (1.12.2.4), "Exp", lines: +9 -0 + + More FIPS algorithm blocking. + + Catch attempted use of non FIPS algorithms with HMAC. + + Give an assertion error for applications that ignore FIPS + digest errors. + + Make -non-fips-allow work with dgst and HMAC. + +2005-01-28 15:03 steve + + Changed: + apps/dgst.c (1.23.2.15), "Exp", lines: +2 -1 + apps/enc.c (1.35.2.13), "Exp", lines: +38 -4 + crypto/evp/e_rc4.c (1.11.2.2), "Exp", lines: +1 -0 + crypto/evp/evp.h (1.86.2.17), "Exp", lines: +3 -0 + crypto/evp/evp_enc.c (1.28.2.12), "Exp", lines: +60 -15 + crypto/evp/evp_locl.h (1.7.2.8), "Exp", lines: +1 -0 + test/testenc (1.3.8.2), "Exp", lines: +8 -8 + + Further FIPS algorithm blocking. + + Fixes to cipher blocking and enabling code. + + Add option -non-fips-allow to 'enc' and update testenc. + +2005-01-31 02:33 steve + + Changed: + ssl/s23_clnt.c (1.20.2.7), "Exp", lines: +16 -0 + ssl/s23_srvr.c (1.41.2.6), "Exp", lines: +9 -0 + ssl/s3_clnt.c (1.53.2.19), "Exp", lines: +0 -8 + ssl/s3_enc.c (1.31.2.10), "Exp", lines: +1 -0 + ssl/s3_srvr.c (1.85.2.24), "Exp", lines: +0 -8 + ssl/ssl.h (1.126.2.21), "Exp", lines: +1 -0 + ssl/ssl_cert.c (1.48.2.10), "Exp", lines: +0 -8 + ssl/ssl_err.c (1.41.2.4), "Exp", lines: +2 -1 + ssl/ssl_lib.c (1.110.2.13), "Exp", lines: +8 -9 + ssl/t1_enc.c (1.27.2.10), "Exp", lines: +0 -18 + + Only allow TLS is FIPS mode. + + Remove old FIPS_allow_md5() calls. + +2005-01-31 02:40 steve + + Changed: + crypto/asn1/a_verify.c (1.12.2.3), "Exp", lines: +7 -6 + + Avoid memory leak. + +2005-01-31 02:46 steve + + Changed: + test/testss (1.7.2.1), "Exp", lines: +1 -1 + + Use SHA1 for test certificates so FIPS SSL/TLS tests work. + +2005-02-03 12:09 appro + + Changed: + Configure (1.314.2.105), "Exp", lines: +2 -2 + Makefile.org (1.154.2.94), "Exp", lines: +16 -6 + TABLE (1.99.2.44), "Exp", lines: +2 -2 + + Final HP-UX specific touches to "cope with run-time linker on + multi-ABI platforms." + +2005-02-05 19:24 steve + + Changed: + apps/req.c (1.88.2.18), "Exp", lines: +8 -1 + apps/x509.c (1.67.2.20), "Exp", lines: +8 -1 + + In FIPS mode use SHA1 as default digest in x509 and req utilities. + +2005-03-12 10:28 appro + + Changed: + Makefile.org (1.154.2.95), "Exp", lines: +9 -2 + apps/Makefile (1.1.4.13), "Exp", lines: +0 -1 + test/Makefile (1.1.4.9), "Exp", lines: +0 -1 + + Move copying of .dll to apps/ and test/ to more appropriate place. + +2005-03-12 13:15 appro + + Changed: + apps/Makefile (1.1.4.14), "Exp", lines: +4 -2 + test/Makefile (1.1.4.10), "Exp", lines: +42 -194 + + Fold rules in test/Makefile and provide hooks for updated FIPS + build procedures. + +2005-03-15 10:46 appro + + Changed: + Makefile.org (1.154.2.96), "Exp", lines: +1 -1 + crypto/Makefile (1.1.4.6), "Exp", lines: +2 -3 + fips/Makefile (1.1.4.8), "Exp", lines: +4 -1 + + Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this + in crypto/Makefile and make Makefile.org and fips/Makefile more + discreet. + +2005-03-22 18:29 steve + + Changed: + fips/fingerprint.sha1 (1.1.2.12), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.10), "Exp", lines: +1 -0 + + Fix memory leak. + +2005-03-26 20:32 appro + + Changed: + crypto/perlasm/x86nasm.pl (1.2.8.8), "Exp", lines: +6 -1 + + Resolve "operation size not specified" in NASM modules. + +2005-03-27 05:36 steve + + Changed: + crypto/evp/e_null.c (1.9.2.1), "Exp", lines: +1 -1 + ssl/s3_lib.c (1.57.2.13), "Exp", lines: +3 -3 + + Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS + mode. + +2005-04-03 21:16 appro + + Changed: + Configure (1.314.2.109), "Exp", lines: +10 -0 + TABLE (1.99.2.48), "Exp", lines: +50 -0 + config (1.95.2.33), "Exp", lines: +9 -2 + crypto/bn/Makefile (1.1.4.4), "Exp", lines: +1 -0 + crypto/rc4/Makefile (1.1.4.6), "Exp", lines: +1 -1 + + Extend Solaris x86 support to amd64. Note that if both gcc and Sun + C are installed, it defaults to gcc, because it beats Sun C on + every benchmark. Also note that gcc shared build was verified to + work woth Sun C... + +2005-04-14 00:47 appro + + Changed: + Makefile.org (1.154.2.98), "Exp", lines: +1 -1 + + Move cygcrypto.dll above cygwin.dll. +