generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,466 Commits 16 Branches 258 Tags
Commit Graph

895 Commits

Author SHA1 Message Date
Dr. Stephen Henson
8db3f4ace9 Fix from HEAD. 2006-09-22 17:15:04 +00:00
Dr. Stephen Henson
45e33ebeab Fix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case 
still rewinds the stream.
 2006-07-13 20:36:51 +00:00
Dr. Stephen Henson
6651ac386e Fix from head. 2006-05-17 18:25:38 +00:00
Dr. Stephen Henson
b7508d8396 Change fips directory to fips-1.0 2006-01-30 18:15:29 +00:00
Andy Polyakov
ed457c6e1c Replace detached signature with in-core fingerprinting. 2006-01-21 14:01:30 +00:00
Nils Larsch
62ecdf077f successfully updating the db shouldn't result in an error message 2005-09-30 16:46:29 +00:00
Richard Levitte
b269af6829 The private key should never have ended up in newreq.pem. 
Now, it ends up in newkey.pem instead.
 2005-07-04 21:44:19 +00:00
Nils Larsch
e80f233749 initialize newly allocated data 
PR: 1145
 2005-07-01 16:13:06 +00:00
Richard Levitte
c0c943e82b asn1parse doesn't support any TXT format, so let's stop pretending 
it does.
 2005-06-28 15:44:15 +00:00
Andy Polyakov
84c881d0b5 Fix typos in apps/apps.c. 2005-06-27 16:00:57 +00:00
Andy Polyakov
30fc34625c Make sure detached fingerprints are installed [as well as minor cygwin 
and hpux updates].
 2005-06-14 12:29:34 +00:00
Dr. Stephen Henson
485bcc9cab Preliminary support for X9.31 RSA key generation for FIPS. 
Included prime derivation, random prime generation, test program and
new option to genrsa.
 2005-05-31 12:38:03 +00:00
Richard Levitte
c3d03b70af We have some source with \r\n as line ends. DEC C informs about that, 
and I really can't be bothered...
 2005-05-29 12:13:05 +00:00
Dr. Stephen Henson
e4c2c550b9 Add X9.31 signature support, mainly for FIPS140. Add new option to rsautl and 
include options to use X9.31 in tests.
 2005-05-28 20:15:48 +00:00
Bodo Möller
ecb1445ce2 Implement fixed-window exponentiation to mitigate hyper-threading 
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2005-05-16 01:26:08 +00:00
Nils Larsch
88f62fb98a improve command line argument checking 
PR: 1061
 2005-05-10 09:52:39 +00:00
Dr. Stephen Henson
92ad8e5c37 Remove defunct FIPS_allow_md5() and related functions. 2005-04-22 01:06:59 +00:00
Andy Polyakov
4182f0ffc7 Enable shared link on HP-UX. 2005-04-19 22:21:28 +00:00
Richard Levitte
93aeac64ce Merge RFC3820 source into mainstream 0.9.7-stable. 2005-04-11 15:03:37 +00:00
Richard Levitte
9addd9b6fb Add emacs cache files to .cvsignore. 2005-04-11 14:18:14 +00:00
Andy Polyakov
6286bbecef Fold rules in test/Makefile and provide hooks for updated FIPS build procedures. 2005-03-12 12:15:20 +00:00
Andy Polyakov
aa0d4ed5fa Move copying of .dll to apps/ and test/ to more appropriate place. 2005-03-12 09:28:18 +00:00
Lutz Jänicke
e22e6bf0be Fix hang in EGD/PRNGD query when communication socket is closed 
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
 2005-02-19 10:17:26 +00:00
Dr. Stephen Henson
20e5177105 In FIPS mode use SHA1 as default digest in x509 and req 
utilities.
 2005-02-05 18:24:50 +00:00
Andy Polyakov
43509de33d Shut whiny make's up. 2005-02-03 10:19:36 +00:00
Andy Polyakov
dbaa6f91aa Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms 
and SafeDllSearchMode in Windows.
 2005-02-01 23:45:42 +00:00
Dr. Stephen Henson
7cfcca8ba3 Further FIPS algorithm blocking. 
Fixes to cipher blocking and enabling code.

Add option -non-fips-allow to 'enc' and update testenc.
 2005-01-28 14:03:54 +00:00
Dr. Stephen Henson
6be00c7e16 More FIPS algorithm blocking. 
Catch attempted use of non FIPS algorithms with HMAC.

Give an assertion error for applications that ignore FIPS digest errors.

Make -non-fips-allow work with dgst and HMAC.
 2005-01-27 01:49:42 +00:00
Dr. Stephen Henson
d0edffc7da FIPS algorithm blocking. 
Non FIPS algorithms are not normally allowed in FIPS mode.

Any attempt to use them via high level functions will return an error.

The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.

There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.

For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().

For high level functions an override is performed by setting a flag in
the context.
 2005-01-26 20:00:40 +00:00
Richard Levitte
630b9d70fb Use EXIT() instead of exit(). 2005-01-11 18:25:28 +00:00
Richard Levitte
97c2c819b3 Remove VMS_strcasecmp() from apps.c, it's not used any more. And 
besides, the implementation is bogus.
 2005-01-11 06:53:30 +00:00
Andy Polyakov
b58560b915 DJGPP update. 
PR: 989
Submitted by: Doug Kaufman
 2005-01-04 10:21:55 +00:00
Andy Polyakov
1c8415fdf3 Remove naming conflict between variable and label. 2004-12-30 11:08:27 +00:00
Dr. Stephen Henson
370d418a7b Prompt for passphrases with PKCS12 input format. 2004-12-29 01:05:35 +00:00
Andy Polyakov
5868130e7a Eliminate dependency on UNICODE macro. 2004-12-09 18:00:26 +00:00
Dr. Stephen Henson
b0ab906524 Use X509_cmp_time() in -checkend option, to support GeneralizedTime. 2004-12-05 18:26:48 +00:00
Dr. Stephen Henson
3384bdd6fe Add -passin argument to dgst command. 2004-12-03 12:29:17 +00:00
Richard Levitte
cd52956357 Make an explicit check during certificate validation to see that the 
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)
 2004-11-29 11:18:00 +00:00
Dr. Stephen Henson
6826d26ea7 Remove unnecessary check and call BIO_free_all() on bio_out to avoid a 
leak on VMS.
 2004-11-27 13:02:34 +00:00
Dr. Stephen Henson
18ad97bbe7 Fix leaks and give an error if no argument specified in prime.c 2004-11-27 12:55:26 +00:00
Dr. Stephen Henson
14c8986f75 Typo. 2004-11-23 21:40:32 +00:00
Dr. Stephen Henson
6237528c82 Fix memory leak. 2004-11-23 21:22:54 +00:00
Dr. Stephen Henson
2b354390b8 In "req" exit immediately if configuration file is needed and it can't 
be loaded instead of giving the misleading:

"unable to find 'distinguised_name' in config"

error message.
 2004-11-17 18:36:43 +00:00
Dr. Stephen Henson
1ec0d15e54 PR: 940 
Typo: use prompt_info, not cb_data->prompt_info.
 2004-11-14 15:40:25 +00:00
Dr. Stephen Henson
22a7a3b91b Zap obsolete der_chop script. 2004-11-13 23:56:15 +00:00
Dr. Stephen Henson
e510c62a38 Fix x509.c so it creates serial number file again if no 
serial number is supplied on command line.
 2004-11-13 13:26:24 +00:00
Richard Levitte
671c1bcfce Cut'n'paste mistake. All tested OK now... 2004-11-11 19:36:25 +00:00
Richard Levitte
28a896f7fe Whoops, syntactic mistake... 2004-11-11 18:57:30 +00:00
Richard Levitte
f6549efa61 Some find it confusing that environment variables are set when shared 
libraries aren't built or used.  I can see the point, so I'm
reorganising a little for clarity.
 2004-11-11 18:18:10 +00:00
Dr. Stephen Henson
4ae135eb0d Use the default_md config file value when signing CRLs. 
PR:662
 2004-11-11 13:46:44 +00:00