generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,513 Commits 16 Branches 258 Tags
Commit Graph

151 Commits

Author SHA1 Message Date
Dr. Stephen Henson
e3435a51f7 Include changes from 0.9.7-stable. 2007-02-21 13:50:22 +00:00
Dr. Stephen Henson
566933a8ba Update from HEAD. 2007-01-21 16:02:37 +00:00
Dr. Stephen Henson
ea474c567f Rebuild error source files. 2006-11-21 19:27:19 +00:00
Dr. Stephen Henson
3c1ee6c147 Fix from HEAD. 2006-02-04 01:50:41 +00:00
Dr. Stephen Henson
342b7e0458 Rebuild error codes. 2005-04-12 13:47:58 +00:00
Richard Levitte
9addd9b6fb Add emacs cache files to .cvsignore. 2005-04-11 14:18:14 +00:00
Bodo Möller
97d49cdd6f fix potential memory leak when allocation fails 
PR: 801
Submitted by: Nils Larsch
 2005-03-11 09:00:59 +00:00
Richard Levitte
0cae19f5ef The first argument to load_iv should really be a char ** instead of an 
unsigned char **, since it points at text.

Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out
the inelegance of our code :-)
 2005-01-27 11:42:25 +00:00
Richard Levitte
d88edf1447 Get rid if the annoying warning 2005-01-27 01:47:27 +00:00
Dr. Stephen Henson
da8534693c Add lots of checks for memory allocation failure, error codes to indicate 
failure and freeing up memory if a failure occurs.

PR:620
 2004-12-05 01:04:44 +00:00
Richard Levitte
a2617f727d Don't use $(EXHEADER) directly in for loops, as most shells will break 
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
 2004-11-02 23:53:31 +00:00
Richard Levitte
1033449613 make update 2004-08-10 09:09:08 +00:00
Richard Levitte
7f9c37457a To protect FIPS-related global variables, add locking mechanisms 
around them.

NOTE: because two new locks are added, this adds potential binary
incompatibility with earlier versions in the 0.9.7 series.  However,
those locks will only ever be touched when FIPS_mode_set() is called
and after, thanks to a variable that's only changed from 0 to 1 once
(when FIPS_mode_set() is called).  So basically, as long as FIPS mode
hasn't been engaged explicitely by the calling application, the new
locks are treated as if they didn't exist at all, thus not becoming a
problem.  Applications that are built or rebuilt to use FIPS
functionality will need to be recompiled in any case, thus not being a
problem either.
 2004-07-30 14:38:02 +00:00
Dr. Stephen Henson
43894f9c0d When in FIPS mode write private keys in PKCS#8 and PBES2 format to 
avoid use of prohibited MD5 algorithm.
 2004-07-21 17:41:26 +00:00
Ben Laurie
3642f632d3 Pull FIPS back into stable. 2004-05-11 12:46:24 +00:00
Dr. Stephen Henson
6e308baf5a Fix memory leak. 
PR:870
 2004-04-22 12:33:03 +00:00
Dr. Stephen Henson
ef3565aed2 Memory leak fix. 2004-03-05 23:39:12 +00:00
Richard Levitte
ee121033dc Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also. 
PR: 833
 2004-02-26 22:07:47 +00:00
Richard Levitte
cc056d6395 Use sh explicitely to run point.sh 
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 15:00:24 +00:00
Richard Levitte
394178c94c Use BUF_strlcpy() instead of strcpy(). 
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 14:40:57 +00:00
Richard Levitte
c9ea7400b4 A few more memset()s converted to OPENSSL_cleanse(). 
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
 2002-11-29 11:31:51 +00:00
Richard Levitte
75e3026a14 Cleanse memory using the new OPENSSL_cleanse() function. 
I've covered all the memset()s I felt safe modifying, but may have missed some.
 2002-11-28 08:09:03 +00:00
Richard Levitte
024a20905d C++ comments in C code, 'nuff said... 2002-11-13 13:36:29 +00:00
Ben Laurie
9831d941ca Many security improvements (CHATS) and a warning fix. 2002-11-12 13:23:40 +00:00
Richard Levitte
0eae6cd5f2 Plug potential memory leak. 
Identified by Goetz Babin-Ebell <babinebell@trustcenter.de>
 2002-10-30 09:42:47 +00:00
Richard Levitte
ff90d659e6 Use double dashes so makedepend doesn't misunderstand the flags we 
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
 2002-10-09 13:21:33 +00:00
Bodo Möller
535cedf136 don't memset(data,0,...) if data is NULL 
Submitted by: anonymous
PR: 254
 2002-08-29 11:35:42 +00:00
Lutz Jänicke
3720ea24f0 "make update" 
Submitted by:
Reviewed by:
PR:
 2002-07-30 07:18:03 +00:00
Richard Levitte
a69e8ea1a1 Try to avoid double declaration of ERR_load_PEM_strings(). 
PR 71
 2002-06-27 17:06:41 +00:00
Richard Levitte
ca55c617e5 Pass CFLAG to dependency makers, so non-standard system include paths are 
handled properly.
Part of PR 75
 2002-06-27 16:44:52 +00:00
Richard Levitte
231360a3b7 Check errors when parsing a PKCS8INF PEM FILE, or there will be a core dump on error. 
PR: 77
 2002-06-05 11:58:23 +00:00
Richard Levitte
69a305d434 Uhmmm, if we use && after having tested for the presence of the certificate, 
we just *might* stand a certain chance of actually getting it written
to file...
 2002-04-23 13:15:27 +00:00
Bodo Möller
98fa4fce09 use ERR_peek_last_error() instead of ERR_peek_error() to ignore 
any other errors that may be left in the error queue

Submitted by: Jeffrey Altman
 2002-02-28 14:03:41 +00:00
Richard Levitte
34aa216a65 Stop assuming the IV is 8 bytes long, use the real size instead. 
This is especially important for AES that has a 16 bytes IV.
 2002-02-20 17:56:01 +00:00
Richard Levitte
de2f6e4dae 'make update' 2002-02-05 17:34:58 +00:00
Richard Levitte
fe19c448f0 make update 
libeay.num got tweaked so the old des symbols would retain their
positions.
 2002-01-24 12:31:54 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Richard Levitte
b476df64a1 make update 
perl util/mkerr.pl -recurse -write -rebuild
 2001-11-15 12:25:14 +00:00
Dr. Stephen Henson
cecd263878 Add missing EVP_CIPHER_CTX_{init,cleanup} 2001-10-20 16:18:03 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way 
to digests to retain compatibility.
 2001-10-17 00:37:12 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() 
with existing code.

Modify library to use digest *_ex() functions.
 2001-10-16 01:24:29 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
1241126adf More linker bloat reorganisation: 
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
 2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
19da130053 First of several reorganisations to 
reduce linker bloat. For example the
single line:

PEM_read_X509()

results in a binary of around 400K in Linux!

This first step separates some of the PEM functions and
avoids linking in some PKCS#7 and PKCS#12 code.
 2001-07-26 22:34:45 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib 
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
 2001-03-09 14:01:42 +00:00
Richard Levitte
d88a26c489 make update 
Note that all *_it variables are suddenly non-existant according to
libeay.num.  This is a bug that will be corrected.  Please be patient.
 2001-02-26 10:54:08 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there 
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
 2001-02-22 14:45:02 +00:00