| See file ChangeLog.0_9_7-stable_not-in-head for explanations. |
| This is the "FIPS"-related part. |
| |
| |
| |
| 2003-07-27 19:00 ben |
| |
| Changed: |
| Configure (1.314.2.85), "Exp", lines: +2 -0 |
| Makefile.org (1.154.2.67), "Exp", lines: +12 -3 |
| crypto/cryptlib.c (1.32.2.9), "Exp", lines: +5 -0 |
| crypto/md32_common.h (1.22.2.4), "Exp", lines: +11 -0 |
| crypto/aes/Makefile.ssl (1.4.2.6), "Exp", lines: +2 -1 |
| crypto/aes/aes_core.c (1.1.2.4), "Exp", lines: +4 -0 |
| crypto/des/des.h (1.40.2.4), "Exp", lines: +1 -1 |
| crypto/des/des_old.c (1.11.2.4), "Exp", lines: +1 -1 |
| crypto/des/destest.c (1.30.2.6), "Exp", lines: +2 -2 |
| crypto/des/ecb3_enc.c (1.8.2.1), "Exp", lines: +1 -3 |
| crypto/dsa/Makefile.ssl (1.49.2.5), "Exp", lines: +7 -4 |
| crypto/dsa/dsa_ossl.c (1.12.2.4), "Exp", lines: +2 -0 |
| crypto/dsa/dsa_sign.c (1.10.2.3), "Exp", lines: +12 -0 |
| crypto/dsa/dsa_vrf.c (1.10.2.3), "Exp", lines: +8 -0 |
| crypto/engine/engine.h (1.36.2.6), "Exp", lines: +4 -0 |
| crypto/err/err.h (1.35.2.3), "Exp", lines: +2 -0 |
| crypto/err/err_all.c (1.17.2.2), "Exp", lines: +4 -0 |
| crypto/err/openssl.ec (1.11.2.1), "Exp", lines: +1 -0 |
| crypto/evp/Makefile.ssl (1.64.2.8), "Exp", lines: +8 -7 |
| crypto/evp/c_all.c (1.7.8.7), "Exp", lines: +1 -0 |
| crypto/evp/e_aes.c (1.6.2.4), "Exp", lines: +12 -4 |
| crypto/evp/e_des3.c (1.8.2.2), "Exp", lines: +1 -1 |
| crypto/evp/evp.h (1.86.2.10), "Exp", lines: +2 -0 |
| crypto/evp/evp_err.c (1.23.2.1), "Exp", lines: +3 -1 |
| crypto/md4/Makefile.ssl (1.6.2.4), "Exp", lines: +7 -4 |
| crypto/md5/Makefile.ssl (1.33.2.7), "Exp", lines: +7 -4 |
| crypto/rand/Makefile.ssl (1.56.2.4), "Exp", lines: +17 -15 |
| crypto/rand/md_rand.c (1.69.2.2), "Exp", lines: +9 -0 |
| crypto/rand/rand.h (1.26.2.5), "Exp", lines: +2 -0 |
| crypto/rand/rand_err.c (1.6.2.1), "Exp", lines: +3 -1 |
| crypto/rand/rand_lib.c (1.15.2.2), "Exp", lines: +11 -0 |
| crypto/ripemd/Makefile.ssl (1.25.2.5), "Exp", lines: +7 -2 |
| crypto/sha/Makefile.ssl (1.26.2.5), "Exp", lines: +16 -6 |
| fips/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 |
| fips/Makefile.ssl (1.1.2.1), "Exp", lines: +155 -0 |
| fips/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 |
| fips/fips.c (1.1.2.1), "Exp", lines: +74 -0 |
| fips/fips.h (1.1.2.1), "Exp", lines: +85 -0 |
| fips/fips_check_sha1 (1.1.2.1), "Exp", lines: +7 -0 |
| fips/fips_err.c (1.1.2.1), "Exp", lines: +96 -0 |
| fips/fips_make_sha1 (1.1.2.1), "Exp", lines: +21 -0 |
| fips/lib (1.1.2.1), "Exp", lines: +0 -0 |
| fips/aes/.cvsignore (1.1.2.1), "Exp", lines: +4 -0 |
| fips/aes/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 |
| fips/aes/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 |
| fips/aes/fips_aes_core.c (1.1.2.1), "Exp", lines: +1260 -0 |
| fips/aes/fips_aes_locl.h (1.1.2.1), "Exp", lines: +85 -0 |
| fips/aes/fips_aesavs.c (1.1.2.1), "Exp", lines: +896 -0 |
| fips/dsa/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 |
| fips/dsa/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 |
| fips/dsa/fingerprint.sha1 (1.1.2.1), "Exp", lines: +1 -0 |
| fips/dsa/fips_dsa_ossl.c (1.1.2.1), "Exp", lines: +366 -0 |
| fips/dsa/fips_dsatest.c (1.1.2.1), "Exp", lines: +252 -0 |
| fips/rand/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 |
| fips/rand/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 |
| fips/rand/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 |
| fips/rand/fips_rand.c (1.1.2.1), "Exp", lines: +236 -0 |
| fips/rand/fips_rand.h (1.1.2.1), "Exp", lines: +55 -0 |
| fips/rand/fips_randtest.c (1.1.2.1), "Exp", lines: +348 -0 |
| fips/sha1/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 |
| fips/sha1/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 |
| fips/sha1/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 |
| fips/sha1/fips_md32_common.h (1.1.2.1), "Exp", lines: +637 -0 |
| fips/sha1/fips_sha1dgst.c (1.1.2.1), "Exp", lines: +76 -0 |
| fips/sha1/fips_sha1test.c (1.1.2.1), "Exp", lines: +128 -0 |
| fips/sha1/fips_sha_locl.h (1.1.2.1), "Exp", lines: +472 -0 |
| fips/sha1/fips_standalone_sha1.c (1.1.2.1), "Exp", lines: +101 -0 |
| fips/sha1/standalone.sha1 (1.1.2.1), "Exp", lines: +4 -0 |
| test/Makefile.ssl (1.84.2.29), "Exp", lines: +81 -13 |
| util/mkerr.pl (1.18.2.4), "Exp", lines: +2 -1 |
| |
| Unfinished FIPS stuff for review/improvement. |
| |
| 2003-07-27 19:19 ben |
| |
| Changed: |
| fips/fips_check_sha1 (1.1.2.2), "Exp", lines: +1 -1 |
| |
| Use unified diff. |
| |
| 2003-07-27 19:23 ben |
| |
| Changed: |
| fips/Makefile.ssl (1.1.2.2), "Exp", lines: +3 -3 |
| fips/fingerprint.sha1 (1.1.2.2), "Exp", lines: +2 -1 |
| fips/fips_make_sha1 (1.1.2.2), "Exp", lines: +1 -1 |
| |
| Build in non-FIPS mode. |
| |
| 2003-07-27 23:13 ben |
| |
| Changed: |
| Makefile.org (1.154.2.68), "Exp", lines: +1 -1 |
| fips/fips_check_sha1 (1.1.2.3), "Exp", lines: +2 -1 |
| fips/aes/fips_aesavs.c (1.1.2.2), "Exp", lines: +2 -0 |
| fips/dsa/fips_dsa_ossl.c (1.1.2.2), "Exp", lines: +8 -0 |
| fips/dsa/fips_dsatest.c (1.1.2.2), "Exp", lines: +2 -1 |
| fips/sha1/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 |
| fips/sha1/fips_sha1dgst.c (1.1.2.2), "Exp", lines: +5 -1 |
| fips/sha1/fips_standalone_sha1.c (1.1.2.2), "Exp", lines: +2 -0 |
| fips/sha1/standalone.sha1 (1.1.2.2), "Exp", lines: +1 -1 |
| |
| Build when not FIPS. |
| |
| 2003-07-28 11:56 ben |
| |
| Changed: |
| fips/dsa/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 |
| fips/sha1/standalone.sha1 (1.1.2.3), "Exp", lines: +1 -1 |
| |
| New fingerprints. |
| |
| 2003-07-29 16:06 ben |
| |
| Changed: |
| fips/aes/fips_aesavs.c (1.1.2.5), "Exp", lines: +295 -303 |
| |
| Reformat. |
| |
| 2003-07-29 16:34 ben |
| |
| Changed: |
| fips/aes/fips_aesavs.c (1.1.2.6), "Exp", lines: +43 -17 |
| |
| MMT for CFB1 |
| |
| 2003-07-29 17:17 ben |
| |
| Changed: |
| fips/fips_err_wrapper.c (1.1.2.1), "Exp", lines: +5 -0 |
| fips/sha1/sha1hashes.txt (1.1.2.1), "Exp", lines: +342 -0 |
| fips/sha1/sha1vectors.txt (1.1.2.1), "Exp", lines: +2293 -0 |
| |
| Missing files. |
| |
| 2003-07-31 23:30 levitte |
| |
| Changed: |
| Makefile.org (1.154.2.71), "Exp", lines: +2 -0 |
| |
| If FDIRS is to be treated like SDIRS, let's not forget to |
| initialize it in Makefile.org. |
| |
| 2003-07-31 23:41 levitte |
| |
| Changed: |
| fips/sha1/fips_sha1test.c (1.1.2.2), "Exp", lines: +3 -3 |
| |
| No C++ comments in C programs! |
| |
| 2003-08-01 15:07 steve |
| |
| Changed: |
| fips/aes/fips_aesavs.c (1.1.2.8), "Exp", lines: +3 -3 |
| |
| Replace C++ style comments. |
| |
| 2003-08-03 14:22 ben |
| |
| Changed: |
| fips/des/fips_desmovs.c (1.1.2.2), "Exp", lines: +55 -37 |
| |
| Make tests work (CFB1 still doesn't produce the right answers, |
| strangely). |
| |
| 2003-08-08 12:08 levitte |
| |
| Changed: |
| fips/des/fips_des_enc.c (1.1.2.2), "Exp", lines: +9 -0 |
| |
| Avoid clashing with the regular DES functions when not compiling |
| with -DFIPS. This is basically only visible when building with |
| shared library supoort... |
| |
| 2003-08-11 11:36 levitte |
| |
| Deleted: |
| fips/sha1/.cvsignore (1.1.2.2) |
| fips/sha1/Makefile.ssl (1.1.2.3) |
| fips/sha1/fingerprint.sha1 (1.1.2.3) |
| fips/sha1/fips_md32_common.h (1.1.2.2) |
| fips/sha1/fips_sha1dgst.c (1.1.2.3) |
| fips/sha1/fips_sha1test.c (1.1.2.3) |
| fips/sha1/fips_sha_locl.h (1.1.2.2) |
| fips/sha1/fips_standalone_sha1.c (1.1.2.3) |
| fips/sha1/sha1hashes.txt (1.1.2.2) |
| fips/sha1/sha1vectors.txt (1.1.2.2) |
| fips/sha1/standalone.sha1 (1.1.2.4) |
| fips/dsa/.cvsignore (1.1.2.2) |
| fips/dsa/Makefile.ssl (1.1.2.2) |
| fips/dsa/fingerprint.sha1 (1.1.2.3) |
| fips/dsa/fips_dsa_ossl.c (1.1.2.3) |
| fips/dsa/fips_dsatest.c (1.1.2.3) |
| fips/rand/.cvsignore (1.1.2.2) |
| fips/rand/Makefile.ssl (1.1.2.2) |
| fips/rand/fingerprint.sha1 (1.1.2.2) |
| fips/rand/fips_rand.c (1.1.2.2) |
| fips/rand/fips_rand.h (1.1.2.2) |
| fips/rand/fips_randtest.c (1.1.2.2) |
| fips/des/.cvsignore (1.1.2.2) |
| fips/des/Makefile.ssl (1.1.2.3) |
| fips/des/fingerprint.sha1 (1.1.2.2) |
| fips/des/fips_des_enc.c (1.1.2.3) |
| fips/des/fips_des_locl.h (1.1.2.2) |
| fips/des/fips_desmovs.c (1.1.2.3) |
| fips/aes/.cvsignore (1.1.2.2) |
| fips/aes/Makefile.ssl (1.1.2.5) |
| fips/aes/fingerprint.sha1 (1.1.2.2) |
| fips/aes/fips_aes_core.c (1.1.2.2) |
| fips/aes/fips_aes_locl.h (1.1.2.2) |
| fips/aes/fips_aesavs.c (1.1.2.9) |
| fips/.cvsignore (1.1.2.2) |
| fips/Makefile.ssl (1.1.2.6) |
| fips/fingerprint.sha1 (1.1.2.3) |
| fips/fips.c (1.1.2.2) |
| fips/fips.h (1.1.2.2) |
| fips/fips_check_sha1 (1.1.2.4) |
| fips/fips_err.c (1.1.2.2) |
| fips/fips_err_wrapper.c (1.1.2.2) |
| fips/fips_make_sha1 (1.1.2.4) |
| fips/lib (1.1.2.2) |
| Changed: |
| util/libeay.num (1.173.2.16), "Exp", lines: +11 -38 |
| util/mkerr.pl (1.18.2.5), "Exp", lines: +1 -2 |
| test/Makefile.ssl (1.84.2.31), "Exp", lines: +54 -180 |
| crypto/ripemd/Makefile.ssl (1.25.2.6), "Exp", lines: +2 -7 |
| crypto/sha/Makefile.ssl (1.26.2.6), "Exp", lines: +6 -16 |
| crypto/rand/Makefile.ssl (1.56.2.5), "Exp", lines: +15 -17 |
| crypto/rand/md_rand.c (1.69.2.3), "Exp", lines: +0 -9 |
| crypto/rand/rand.h (1.26.2.6), "Exp", lines: +0 -2 |
| crypto/rand/rand_err.c (1.6.2.2), "Exp", lines: +1 -3 |
| crypto/rand/rand_lib.c (1.15.2.3), "Exp", lines: +0 -11 |
| crypto/objects/obj_dat.h (1.49.2.18), "Exp", lines: +3 -27 |
| crypto/objects/obj_mac.h (1.19.2.18), "Exp", lines: +0 -32 |
| crypto/objects/obj_mac.num (1.15.2.14), "Exp", lines: +0 -8 |
| crypto/objects/objects.txt (1.20.2.19), "Exp", lines: +0 -11 |
| crypto/md4/Makefile.ssl (1.6.2.5), "Exp", lines: +4 -7 |
| crypto/md5/Makefile.ssl (1.33.2.8), "Exp", lines: +4 -7 |
| crypto/evp/Makefile.ssl (1.64.2.9), "Exp", lines: +7 -8 |
| crypto/evp/c_allc.c (1.8.2.6), "Exp", lines: +0 -4 |
| crypto/evp/e_aes.c (1.6.2.9), "Exp", lines: +4 -22 |
| crypto/evp/e_des.c (1.5.2.5), "Exp", lines: +2 -43 |
| crypto/evp/e_des3.c (1.8.2.4), "Exp", lines: +3 -3 |
| crypto/evp/evp.h (1.86.2.13), "Exp", lines: +11 -36 |
| crypto/evp/evp_err.c (1.23.2.2), "Exp", lines: +1 -3 |
| crypto/evp/evp_lib.c (1.6.8.3), "Exp", lines: +0 -24 |
| crypto/evp/evp_locl.h (1.7.2.5), "Exp", lines: +2 -11 |
| crypto/evp/evp_test.c (1.14.2.12), "Exp", lines: +8 -17 |
| crypto/evp/evptests.txt (1.9.2.6), "Exp", lines: +1 -106 |
| crypto/dsa/Makefile.ssl (1.49.2.7), "Exp", lines: +6 -10 |
| crypto/dsa/dsa_ossl.c (1.12.2.5), "Exp", lines: +0 -2 |
| crypto/dsa/dsa_sign.c (1.10.2.4), "Exp", lines: +0 -12 |
| crypto/dsa/dsa_vrf.c (1.10.2.4), "Exp", lines: +0 -8 |
| crypto/err/Makefile.ssl (1.48.2.5), "Exp", lines: +16 -17 |
| crypto/err/err.h (1.35.2.4), "Exp", lines: +0 -2 |
| crypto/err/err_all.c (1.17.2.3), "Exp", lines: +0 -4 |
| crypto/err/openssl.ec (1.11.2.2), "Exp", lines: +0 -1 |
| crypto/des/des.h (1.40.2.5), "Exp", lines: +1 -1 |
| crypto/des/des_enc.c (1.11.2.3), "Exp", lines: +0 -4 |
| crypto/des/des_old.c (1.11.2.5), "Exp", lines: +1 -1 |
| crypto/des/destest.c (1.30.2.7), "Exp", lines: +2 -2 |
| crypto/des/ecb3_enc.c (1.8.2.2), "Exp", lines: +3 -1 |
| crypto/aes/Makefile.ssl (1.4.2.7), "Exp", lines: +1 -2 |
| crypto/aes/aes.h (1.1.2.8), "Exp", lines: +0 -9 |
| crypto/aes/aes_cfb.c (1.1.2.8), "Exp", lines: +0 -93 |
| crypto/aes/aes_core.c (1.1.2.5), "Exp", lines: +0 -4 |
| crypto/cryptlib.c (1.32.2.10), "Exp", lines: +0 -5 |
| crypto/md32_common.h (1.22.2.5), "Exp", lines: +0 -11 |
| Configure (1.314.2.86), "Exp", lines: +0 -2 |
| Makefile.org (1.154.2.72), "Exp", lines: +8 -34 |
| TABLE (1.99.2.30), "Exp", lines: +0 -50 |
| |
| A new branch for FIPS-related changes has been created with the |
| name OpenSSL-fips-0_9_7-stable. |
| |
| Since the 0.9.7-stable branch is supposed to be in freeze |
| and should only contain bug corrections, this change removes the |
| FIPS changes from that branch. |
| |
| 2004-05-11 14:44 ben |
| |
| Deleted: |
| apps/Makefile.ssl (1.100.2.27) |
| crypto/Makefile.ssl (1.84.2.12) |
| crypto/aes/Makefile.ssl (1.4.2.9) |
| crypto/asn1/Makefile.ssl (1.77.2.7) |
| crypto/bf/Makefile.ssl (1.25.2.6) |
| crypto/bio/Makefile.ssl (1.52.2.4) |
| crypto/bn/Makefile.ssl (1.65.2.9) |
| crypto/buffer/Makefile.ssl (1.32.2.4) |
| crypto/cast/Makefile.ssl (1.31.2.6) |
| crypto/comp/Makefile.ssl (1.32.2.4) |
| crypto/conf/Makefile.ssl (1.38.2.8) |
| crypto/des/Makefile.ssl (1.61.2.13) |
| crypto/dh/Makefile.ssl (1.43.2.5) |
| crypto/dsa/Makefile.ssl (1.49.2.9) |
| crypto/dso/Makefile.ssl (1.11.2.4) |
| crypto/ec/Makefile.ssl (1.7.2.4) |
| crypto/engine/Makefile.ssl (1.30.2.13) |
| crypto/err/Makefile.ssl (1.48.2.7) |
| crypto/evp/Makefile.ssl (1.64.2.12) |
| crypto/hmac/Makefile.ssl (1.33.2.6) |
| crypto/idea/Makefile.ssl (1.20.2.4) |
| crypto/krb5/Makefile.ssl (1.5.2.6) |
| crypto/lhash/Makefile.ssl (1.28.2.4) |
| crypto/md2/Makefile.ssl (1.29.2.5) |
| crypto/md4/Makefile.ssl (1.6.2.7) |
| crypto/md5/Makefile.ssl (1.33.2.10) |
| crypto/mdc2/Makefile.ssl (1.30.2.4) |
| crypto/objects/Makefile.ssl (1.46.2.6) |
| crypto/ocsp/Makefile.ssl (1.19.2.7) |
| crypto/pem/Makefile.ssl (1.51.2.5) |
| crypto/pkcs12/Makefile.ssl (1.37.2.5) |
| crypto/pkcs7/Makefile.ssl (1.47.2.5) |
| crypto/rand/Makefile.ssl (1.56.2.8) |
| crypto/rc2/Makefile.ssl (1.20.2.4) |
| crypto/rc4/Makefile.ssl (1.25.2.6) |
| crypto/rc5/Makefile.ssl (1.22.2.6) |
| crypto/ripemd/Makefile.ssl (1.25.2.9) |
| crypto/rsa/Makefile.ssl (1.53.2.6) |
| crypto/sha/Makefile.ssl (1.26.2.9) |
| crypto/stack/Makefile.ssl (1.28.2.4) |
| crypto/txt_db/Makefile.ssl (1.26.2.4) |
| crypto/ui/Makefile.ssl (1.10.2.6) |
| crypto/x509/Makefile.ssl (1.56.2.5) |
| crypto/x509v3/Makefile.ssl (1.62.2.5) |
| ssl/Makefile.ssl (1.53.2.11) |
| test/Makefile.ssl (1.84.2.36) |
| tools/Makefile.ssl (1.9.2.4) |
| Changed: |
| .cvsignore (1.7.6.2), "Exp", lines: +2 -1 |
| Configure (1.314.2.92), "Exp", lines: +38 -8 |
| FAQ (1.61.2.31), "Exp", lines: +1 -1 |
| INSTALL (1.45.2.9), "Exp", lines: +2 -2 |
| INSTALL.W32 (1.30.2.14), "Exp", lines: +9 -4 |
| Makefile.org (1.154.2.78), "Exp", lines: +51 -19 |
| PROBLEMS (1.4.2.10), "Exp", lines: +2 -2 |
| e_os.h (1.56.2.17), "Exp", lines: +20 -1 |
| apps/.cvsignore (1.5.8.1), "Exp", lines: +1 -0 |
| apps/Makefile (1.1.4.1), "Exp", lines: +1147 -0 |
| apps/apps.c (1.49.2.27), "Exp", lines: +0 -10 |
| apps/ca.c (1.102.2.31), "Exp", lines: +0 -10 |
| apps/dgst.c (1.23.2.10), "Exp", lines: +39 -11 |
| apps/openssl.c (1.48.2.9), "Exp", lines: +19 -0 |
| crypto/Makefile (1.1.4.1), "Exp", lines: +217 -0 |
| crypto/cryptlib.c (1.32.2.11), "Exp", lines: +5 -0 |
| crypto/crypto-lib.com (1.53.2.12), "Exp", lines: +1 -1 |
| crypto/md32_common.h (1.22.2.6), "Exp", lines: +12 -0 |
| crypto/aes/Makefile (1.1.4.1), "Exp", lines: +102 -0 |
| crypto/aes/aes.h (1.1.2.9), "Exp", lines: +9 -0 |
| crypto/aes/aes_cfb.c (1.1.2.9), "Exp", lines: +93 -0 |
| crypto/aes/aes_core.c (1.1.2.6), "Exp", lines: +4 -0 |
| crypto/asn1/Makefile (1.1.4.1), "Exp", lines: +1150 -0 |
| crypto/bf/Makefile (1.1.4.1), "Exp", lines: +113 -0 |
| crypto/bio/Makefile (1.1.4.1), "Exp", lines: +214 -0 |
| crypto/bio/bio.h (1.56.2.6), "Exp", lines: +1 -0 |
| crypto/bn/Makefile (1.1.4.1), "Exp", lines: +324 -0 |
| crypto/bn/bntest.c (1.55.2.4), "Exp", lines: +1 -1 |
| crypto/buffer/Makefile (1.1.4.1), "Exp", lines: +92 -0 |
| crypto/cast/Makefile (1.1.4.1), "Exp", lines: +118 -0 |
| crypto/cast/asm/.cvsignore (1.2.8.1), "Exp", lines: +1 -0 |
| crypto/comp/Makefile (1.1.4.1), "Exp", lines: +112 -0 |
| crypto/conf/Makefile (1.1.4.1), "Exp", lines: +181 -0 |
| crypto/des/Makefile (1.1.4.1), "Exp", lines: +314 -0 |
| crypto/des/cfb64ede.c (1.6.2.4), "Exp", lines: +111 -0 |
| crypto/des/des.h (1.40.2.6), "Exp", lines: +5 -1 |
| crypto/des/des_enc.c (1.11.2.4), "Exp", lines: +8 -0 |
| crypto/des/des_old.c (1.11.2.6), "Exp", lines: +1 -1 |
| crypto/des/destest.c (1.30.2.8), "Exp", lines: +2 -2 |
| crypto/des/ecb3_enc.c (1.8.2.3), "Exp", lines: +1 -3 |
| crypto/des/set_key.c (1.18.2.2), "Exp", lines: +4 -0 |
| crypto/dh/Makefile (1.1.4.1), "Exp", lines: +131 -0 |
| crypto/dsa/Makefile (1.1.4.1), "Exp", lines: +173 -0 |
| crypto/dsa/dsa_gen.c (1.19.2.1), "Exp", lines: +4 -1 |
| crypto/dsa/dsa_key.c (1.9.2.1), "Exp", lines: +2 -0 |
| crypto/dsa/dsa_ossl.c (1.12.2.6), "Exp", lines: +2 -0 |
| crypto/dsa/dsa_sign.c (1.10.2.5), "Exp", lines: +12 -0 |
| crypto/dsa/dsa_vrf.c (1.10.2.5), "Exp", lines: +8 -0 |
| crypto/dso/Makefile (1.1.4.1), "Exp", lines: +140 -0 |
| crypto/ec/Makefile (1.1.4.1), "Exp", lines: +126 -0 |
| crypto/engine/Makefile (1.1.4.1), "Exp", lines: +536 -0 |
| crypto/engine/hw_cryptodev.c (1.1.2.6), "Exp", lines: +6 -2 |
| crypto/err/Makefile (1.1.4.1), "Exp", lines: +118 -0 |
| crypto/err/err.h (1.35.2.6), "Exp", lines: +2 -0 |
| crypto/err/err_all.c (1.17.2.4), "Exp", lines: +4 -0 |
| crypto/err/openssl.ec (1.11.2.3), "Exp", lines: +1 -0 |
| crypto/evp/Makefile (1.1.4.1), "Exp", lines: +1057 -0 |
| crypto/evp/bio_md.c (1.11.2.1), "Exp", lines: +6 -0 |
| crypto/evp/c_allc.c (1.8.2.7), "Exp", lines: +8 -0 |
| crypto/evp/e_aes.c (1.6.2.10), "Exp", lines: +22 -4 |
| crypto/evp/e_des.c (1.5.2.8), "Exp", lines: +36 -3 |
| crypto/evp/e_des3.c (1.8.2.7), "Exp", lines: +43 -4 |
| crypto/evp/evp.h (1.86.2.15), "Exp", lines: +39 -11 |
| crypto/evp/evp_err.c (1.23.2.3), "Exp", lines: +3 -1 |
| crypto/evp/evp_lib.c (1.6.8.4), "Exp", lines: +24 -0 |
| crypto/evp/evp_locl.h (1.7.2.6), "Exp", lines: +11 -2 |
| crypto/evp/evp_test.c (1.14.2.13), "Exp", lines: +17 -8 |
| crypto/evp/evptests.txt (1.9.2.7), "Exp", lines: +106 -1 |
| crypto/hmac/Makefile (1.1.4.1), "Exp", lines: +99 -0 |
| crypto/idea/Makefile (1.1.4.1), "Exp", lines: +89 -0 |
| crypto/krb5/Makefile (1.1.4.1), "Exp", lines: +88 -0 |
| crypto/lhash/Makefile (1.1.4.1), "Exp", lines: +91 -0 |
| crypto/md2/Makefile (1.1.4.1), "Exp", lines: +91 -0 |
| crypto/md4/Makefile (1.1.4.1), "Exp", lines: +93 -0 |
| crypto/md5/Makefile (1.1.4.1), "Exp", lines: +129 -0 |
| crypto/mdc2/Makefile (1.1.4.1), "Exp", lines: +96 -0 |
| crypto/objects/Makefile (1.1.4.1), "Exp", lines: +121 -0 |
| crypto/objects/obj_dat.h (1.49.2.19), "Exp", lines: +33 -3 |
| crypto/objects/obj_mac.h (1.19.2.19), "Exp", lines: +40 -0 |
| crypto/objects/obj_mac.num (1.15.2.15), "Exp", lines: +10 -0 |
| crypto/objects/objects.txt (1.20.2.20), "Exp", lines: +13 -0 |
| crypto/ocsp/Makefile (1.1.4.1), "Exp", lines: +291 -0 |
| crypto/pem/Makefile (1.1.4.1), "Exp", lines: +334 -0 |
| crypto/pkcs12/Makefile (1.1.4.1), "Exp", lines: +415 -0 |
| crypto/pkcs7/Makefile (1.1.4.1), "Exp", lines: +241 -0 |
| crypto/rand/Makefile (1.1.4.1), "Exp", lines: +196 -0 |
| crypto/rand/md_rand.c (1.69.2.4), "Exp", lines: +9 -0 |
| crypto/rand/rand.h (1.26.2.7), "Exp", lines: +3 -0 |
| crypto/rand/rand_err.c (1.6.2.3), "Exp", lines: +4 -1 |
| crypto/rand/rand_lib.c (1.15.2.4), "Exp", lines: +11 -0 |
| crypto/rc2/Makefile (1.1.4.1), "Exp", lines: +89 -0 |
| crypto/rc4/Makefile (1.1.4.1), "Exp", lines: +108 -0 |
| crypto/rc5/Makefile (1.1.4.1), "Exp", lines: +106 -0 |
| crypto/ripemd/Makefile (1.1.4.1), "Exp", lines: +111 -0 |
| crypto/rsa/Makefile (1.1.4.1), "Exp", lines: +239 -0 |
| crypto/rsa/rsa_eay.c (1.28.2.9), "Exp", lines: +1 -1 |
| crypto/rsa/rsa_gen.c (1.8.6.1), "Exp", lines: +3 -0 |
| crypto/sha/Makefile (1.1.4.1), "Exp", lines: +118 -0 |
| crypto/sha/sha1dgst.c (1.21.2.1), "Exp", lines: +8 -0 |
| crypto/stack/Makefile (1.1.4.1), "Exp", lines: +86 -0 |
| crypto/txt_db/Makefile (1.1.4.1), "Exp", lines: +86 -0 |
| crypto/ui/Makefile (1.1.4.1), "Exp", lines: +115 -0 |
| crypto/x509/Makefile (1.1.4.1), "Exp", lines: +592 -0 |
| crypto/x509v3/Makefile (1.1.4.1), "Exp", lines: +601 -0 |
| fips/Makefile (1.1.4.1), "Exp", lines: +202 -0 |
| fips/fingerprint.sha1 (1.1.2.4), "Exp", lines: +4 -4 |
| fips/fips.c (1.1.2.3), "Exp", lines: +120 -5 |
| fips/fips.h (1.1.2.3), "Exp", lines: +42 -2 |
| fips/fips_check_sha1 (1.1.2.5), "Exp", lines: +2 -2 |
| fips/fips_err.h (1.1.4.1), "Exp", lines: +117 -0 |
| fips/fips_err_wrapper.c (1.1.2.3), "Exp", lines: +4 -2 |
| fips/fips_locl.h (1.1.4.1), "Exp", lines: +62 -0 |
| fips/fips_make_sha1 (1.1.2.5), "Exp", lines: +9 -6 |
| fips/fips_test_suite.c (1.1.4.1), "Exp", lines: +302 -0 |
| fips/openssl_fips_fingerprint (1.1.4.1), "Exp", lines: +25 -0 |
| fips/aes/Makefile (1.1.4.1), "Exp", lines: +131 -0 |
| fips/aes/fingerprint.sha1 (1.1.2.3), "Exp", lines: +3 -2 |
| fips/aes/fips_aes_core.c (1.1.2.3), "Exp", lines: +5 -2 |
| fips/aes/fips_aes_locl.h (1.1.2.3), "Exp", lines: +0 -0 |
| fips/aes/fips_aes_selftest.c (1.1.4.1), "Exp", lines: +112 -0 |
| fips/aes/fips_aesavs.c (1.1.2.10), "Exp", lines: +12 -6 |
| fips/des/Makefile (1.1.4.1), "Exp", lines: +155 -0 |
| fips/des/fingerprint.sha1 (1.1.2.3), "Exp", lines: +5 -2 |
| fips/des/fips_des_enc.c (1.1.2.4), "Exp", lines: +16 -3 |
| fips/des/fips_des_locl.h (1.1.2.3), "Exp", lines: +1 -1 |
| fips/des/fips_des_selftest.c (1.1.4.1), "Exp", lines: +200 -0 |
| fips/des/fips_desmovs.c (1.1.2.4), "Exp", lines: +186 -79 |
| fips/des/fips_set_key.c (1.1.4.1), "Exp", lines: +415 -0 |
| fips/des/asm/fips-dx86-elf.s (1.1.4.1), "Exp", lines: +2697 -0 |
| fips/dsa/Makefile (1.1.4.1), "Exp", lines: +159 -0 |
| fips/dsa/fingerprint.sha1 (1.1.2.4), "Exp", lines: +3 -1 |
| fips/dsa/fips_dsa_gen.c (1.1.4.1), "Exp", lines: +373 -0 |
| fips/dsa/fips_dsa_ossl.c (1.1.2.4), "Exp", lines: +16 -3 |
| fips/dsa/fips_dsa_selftest.c (1.1.4.1), "Exp", lines: +168 -0 |
| fips/dsa/fips_dsatest.c (1.1.2.4), "Exp", lines: +10 -6 |
| fips/dsa/fips_dssvs.c (1.1.4.1), "Exp", lines: +306 -0 |
| fips/rand/Makefile (1.1.4.1), "Exp", lines: +104 -0 |
| fips/rand/fingerprint.sha1 (1.1.2.3), "Exp", lines: +2 -2 |
| fips/rand/fips_rand.c (1.1.2.3), "Exp", lines: +60 -10 |
| fips/rand/fips_rand.h (1.1.2.3), "Exp", lines: +19 -1 |
| fips/rand/fips_randtest.c (1.1.2.3), "Exp", lines: +31 -10 |
| fips/rsa/Makefile (1.1.4.1), "Exp", lines: +112 -0 |
| fips/rsa/fingerprint.sha1 (1.1.4.1), "Exp", lines: +3 -0 |
| fips/rsa/fips_rsa_eay.c (1.1.4.1), "Exp", lines: +735 -0 |
| fips/rsa/fips_rsa_gen.c (1.1.4.1), "Exp", lines: +249 -0 |
| fips/rsa/fips_rsa_selftest.c (1.1.4.1), "Exp", lines: +207 -0 |
| fips/sha1/.cvsignore (1.1.2.3), "Exp", lines: +1 -2 |
| fips/sha1/Makefile (1.1.4.1), "Exp", lines: +158 -0 |
| fips/sha1/fingerprint.sha1 (1.1.2.4), "Exp", lines: +5 -3 |
| fips/sha1/fips_md32_common.h (1.1.2.3), "Exp", lines: +0 -0 |
| fips/sha1/fips_sha1_selftest.c (1.1.4.1), "Exp", lines: +97 -0 |
| fips/sha1/fips_sha1dgst.c (1.1.2.4), "Exp", lines: +4 -4 |
| fips/sha1/fips_sha1test.c (1.1.2.4), "Exp", lines: +17 -0 |
| fips/sha1/fips_sha_locl.h (1.1.2.3), "Exp", lines: +7 -0 |
| fips/sha1/fips_standalone_sha1.c (1.1.2.4), "Exp", lines: +60 -7 |
| fips/sha1/sha1hashes.txt (1.1.2.3), "Exp", lines: +0 -0 |
| fips/sha1/sha1vectors.txt (1.1.2.3), "Exp", lines: +0 -0 |
| fips/sha1/standalone.sha1 (1.1.2.5), "Exp", lines: +6 -4 |
| fips/sha1/asm/sx86-elf.s (1.1.4.1), "Exp", lines: +1568 -0 |
| ms/do_masm.bat (1.1.8.2), "Exp", lines: +12 -10 |
| ms/do_ms.bat (1.4.8.2), "Exp", lines: +11 -11 |
| ms/do_nasm.bat (1.1.8.2), "Exp", lines: +12 -11 |
| ms/do_nt.bat (1.2.8.1), "Exp", lines: +4 -4 |
| shlib/hpux10-cc.sh (1.3.2.2), "Exp", lines: +3 -3 |
| ssl/Makefile (1.1.4.1), "Exp", lines: +1019 -0 |
| ssl/s3_clnt.c (1.53.2.16), "Exp", lines: +10 -0 |
| ssl/s3_srvr.c (1.85.2.21), "Exp", lines: +9 -0 |
| ssl/ssl_cert.c (1.48.2.7), "Exp", lines: +9 -0 |
| ssl/ssl_lib.c (1.110.2.12), "Exp", lines: +13 -1 |
| ssl/ssltest.c (1.53.2.23), "Exp", lines: +33 -1 |
| ssl/t1_enc.c (1.27.2.8), "Exp", lines: +19 -1 |
| test/.cvsignore (1.4.8.1), "Exp", lines: +4 -0 |
| test/Makefile (1.1.4.1), "Exp", lines: +941 -0 |
| test/bctest (1.14.2.1), "Exp", lines: +1 -1 |
| test/testenc (1.3.8.1), "Exp", lines: +1 -1 |
| test/testfipsssl (1.1.4.1), "Exp", lines: +113 -0 |
| tools/Makefile (1.1.4.1), "Exp", lines: +61 -0 |
| util/cygwin.sh (1.1.2.5), "Exp", lines: +3 -3 |
| util/domd (1.6.2.3), "Exp", lines: +5 -5 |
| util/fixNT.sh (1.1.1.2.8.1), "Exp", lines: +3 -3 |
| util/libeay.num (1.173.2.19), "Exp", lines: +55 -11 |
| util/mk1mf.pl (1.41.2.10), "Exp", lines: +6 -4 |
| util/mkdef.pl (1.67.2.7), "Exp", lines: +11 -4 |
| util/mkerr.pl (1.18.2.6), "Exp", lines: +2 -1 |
| util/mkfiles.pl (1.12.2.1), "Exp", lines: +8 -1 |
| util/pod2mantest (1.1.2.7), "Exp", lines: +1 -1 |
| util/selftest.pl (1.18.2.1), "Exp", lines: +2 -2 |
| util/pl/BC-16.pl (1.2.2.1), "Exp", lines: +1 -1 |
| util/pl/BC-32.pl (1.11.2.4), "Exp", lines: +1 -1 |
| util/pl/Mingw32.pl (1.12.6.5), "Exp", lines: +1 -1 |
| util/pl/OS2-EMX.pl (1.1.2.3), "Exp", lines: +1 -1 |
| util/pl/VC-16.pl (1.3.2.1), "Exp", lines: +2 -2 |
| util/pl/VC-32.pl (1.11.2.3), "Exp", lines: +2 -2 |
| util/pl/VC-CE.pl (1.1.2.5), "Exp", lines: +1 -1 |
| util/pl/ultrix.pl (1.2.8.1), "Exp", lines: +1 -1 |
| |
| Pull FIPS back into stable. |
| |
| 2004-05-12 10:27 levitte |
| |
| Changed: |
| apps/Makefile (1.1.4.2), "Exp", lines: +3 -1 |
| |
| Only check for FIPS signatures when FIPS is enabled. |
| |
| 2004-05-12 10:28 levitte |
| |
| Changed: |
| crypto/des/FILES0 (1.1.4.2), "Exp", lines: +1 -1 |
| |
| Makefile.ssl changed name to Makefile. |
| |
| 2004-05-12 10:28 levitte |
| |
| Changed: |
| fips/rand/fips_rand.c (1.1.2.4), "Exp", lines: +5 -1 |
| |
| Only really build this file when OPENSSL_FIPS is defined. And oh, |
| let's keep internal variables static. |
| |
| 2004-05-12 10:42 levitte |
| |
| Changed: |
| fips/rand/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 |
| |
| I forgot to modify the signature for fips_rand.c... |
| |
| 2004-05-12 10:46 levitte |
| |
| Changed: |
| fips/rsa/.cvsignore (1.1.4.1), "Exp", lines: +1 -0 |
| fips/.cvsignore (1.1.2.3), "Exp", lines: +1 -1 |
| fips/aes/.cvsignore (1.1.2.3), "Exp", lines: +0 -3 |
| fips/des/.cvsignore (1.1.2.3), "Exp", lines: +0 -2 |
| fips/dsa/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 |
| fips/rand/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 |
| |
| Ignore the 'lib' timestamp file. |
| |
| 2004-05-12 12:07 levitte |
| |
| Changed: |
| fips/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 |
| fips/aes/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 |
| fips/des/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 |
| fips/dsa/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 |
| fips/rand/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 |
| fips/rsa/.cvsignore (1.1.4.2), "Exp", lines: +1 -0 |
| fips/sha1/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 |
| |
| Ignore 'Makefile.save' |
| |
| 2004-05-12 16:11 ben |
| |
| Changed: |
| crypto/rand/rand.h (1.26.2.8), "Exp", lines: +2 -0 |
| crypto/rand/rand_err.c (1.6.2.4), "Exp", lines: +2 -0 |
| fips/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 |
| fips/fips.c (1.1.2.4), "Exp", lines: +5 -1 |
| fips/rand/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 |
| fips/rand/fips_rand.c (1.1.2.5), "Exp", lines: +29 -0 |
| |
| Blow up in people's faces if they don't reseed. |
| |
| 2004-05-15 19:51 ben |
| |
| Changed: |
| crypto/dh/dh.h (1.23.2.6), "Exp", lines: +1 -0 |
| crypto/dh/dh_err.c (1.6.2.3), "Exp", lines: +2 -1 |
| crypto/dh/dh_gen.c (1.8.8.2), "Exp", lines: +9 -0 |
| fips/fips_test_suite.c (1.1.4.2), "Exp", lines: +4 -3 |
| fips/aes/fips_aesavs.c (1.1.2.11), "Exp", lines: +49 -1 |
| fips/des/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 |
| fips/des/fips_desmovs.c (1.1.2.5), "Exp", lines: +49 -1 |
| fips/des/fips_set_key.c (1.1.4.2), "Exp", lines: +2 -0 |
| fips/sha1/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 |
| fips/sha1/fips_md32_common.h (1.1.2.4), "Exp", lines: +3 -0 |
| fips/sha1/standalone.sha1 (1.1.2.6), "Exp", lines: +1 -1 |
| |
| Fix self-tests, ban some things in FIPS mode, fix copyrights. |
| |
| 2004-05-17 06:28 levitte |
| |
| Changed: |
| util/mk1mf.pl (1.41.2.11), "Exp", lines: +8 -2 |
| util/pl/BC-16.pl (1.2.2.2), "Exp", lines: +9 -4 |
| util/pl/BC-32.pl (1.11.2.5), "Exp", lines: +8 -3 |
| util/pl/Mingw32.pl (1.12.6.6), "Exp", lines: +7 -2 |
| util/pl/OS2-EMX.pl (1.1.2.4), "Exp", lines: +7 -2 |
| util/pl/VC-16.pl (1.3.2.2), "Exp", lines: +7 -2 |
| util/pl/VC-32.pl (1.11.2.4), "Exp", lines: +7 -2 |
| util/pl/VC-CE.pl (1.1.2.6), "Exp", lines: +7 -2 |
| util/pl/linux.pl (1.3.6.1), "Exp", lines: +7 -2 |
| util/pl/ultrix.pl (1.2.8.2), "Exp", lines: +7 -2 |
| util/pl/unix.pl (1.2.8.1), "Exp", lines: +7 -2 |
| |
| Generate SHA1 files on Windows and other platforms supported by |
| mk1mf.pl, when building in FIPS mode. |
| |
| Note: UNTESTED! |
| |
| 2004-05-17 06:30 levitte |
| |
| Changed: |
| apps/apps.h (1.44.2.14), "Exp", lines: +3 -0 |
| apps/openssl.c (1.48.2.10), "Exp", lines: +9 -5 |
| |
| Make sure the applications know when we are running in FIPS mode. |
| We can't use the variable in libcrypto, since it's supposedly |
| unknown. |
| |
| Note: currently only supported in MONOLITH mode. |
| |
| 2004-05-17 06:31 levitte |
| |
| Changed: |
| apps/enc.c (1.35.2.9), "Exp", lines: +10 -1 |
| |
| When in FIPS mode, use SHA1 to digest the key, rather than MD5, as |
| MD5 isn't a FIPS-approved algorithm. |
| |
| Note: this means the user needs to keep track of this, and |
| we need to add support for that... |
| |
| 2004-05-19 16:16 levitte |
| |
| Changed: |
| fips/rsa/fingerprint.sha1 (1.1.4.2), "Exp", lines: +2 -2 |
| fips/rsa/fips_rsa_eay.c (1.1.4.2), "Exp", lines: +8 -8 |
| fips/rsa/fips_rsa_gen.c (1.1.4.2), "Exp", lines: +1 -1 |
| fips/dsa/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 |
| fips/dsa/fips_dsa_gen.c (1.1.4.2), "Exp", lines: +2 -2 |
| fips/dsa/fips_dsa_ossl.c (1.1.2.5), "Exp", lines: +4 -4 |
| fips/aes/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 |
| fips/aes/fips_aes_core.c (1.1.2.4), "Exp", lines: +5 -5 |
| crypto/rsa/rsa.h (1.36.2.11), "Exp", lines: +4 -0 |
| crypto/aes/aes.h (1.1.2.10), "Exp", lines: +6 -0 |
| crypto/dsa/dsa.h (1.26.2.5), "Exp", lines: +4 -0 |
| |
| Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation |
| for size_t-ification of those algorithms in future version of |
| OpenSSL... |
| |
| 2004-05-27 11:33 levitte |
| |
| Changed: |
| makevms.com (1.35.2.3), "Exp", lines: +27 -0 |
| |
| Copy the FIPS files to the temporary openssl include directory. |
| |
| 2004-05-27 12:04 levitte |
| |
| Changed: |
| fips/fips-lib.com (1.1.2.1), "Exp", lines: +1179 -0 |
| makevms.com (1.35.2.4), "Exp", lines: +8 -0 |
| |
| Compile the FIPS directory on VMS as well. fips-lib.com is |
| essentially a copy of crypto-lib.com, with just a few edits. |
| |
| 2004-05-27 12:07 levitte |
| |
| Changed: |
| fips/install.com (1.1.2.1), "Exp", lines: +55 -0 |
| install.com (1.4.2.2), "Exp", lines: +6 -6 |
| |
| Run an installation of FIPS stuff as well. |
| |
| 2004-05-27 12:19 levitte |
| |
| Changed: |
| test/maketests.com (1.13.2.5), "Exp", lines: +3 -3 |
| apps/makeapps.com (1.18.2.5), "Exp", lines: +3 -3 |
| |
| Make sure o_str.h is reachable. |
| |
| 2004-06-19 15:15 ben |
| |
| Changed: |
| Makefile.org (1.154.2.80), "Exp", lines: +1 -1 |
| crypto/dh/dh.h (1.23.2.7), "Exp", lines: +0 -1 |
| crypto/dh/dh_check.c (1.6.2.1), "Exp", lines: +4 -0 |
| crypto/dh/dh_err.c (1.6.2.4), "Exp", lines: +0 -1 |
| crypto/dh/dh_gen.c (1.8.8.3), "Exp", lines: +5 -9 |
| crypto/dh/dh_key.c (1.16.2.3), "Exp", lines: +4 -0 |
| fips/Makefile (1.1.4.2), "Exp", lines: +13 -14 |
| fips/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 |
| fips/fips.h (1.1.2.4), "Exp", lines: +1 -0 |
| fips/fips_err.h (1.1.4.2), "Exp", lines: +1 -0 |
| fips/fips_make_sha1 (1.1.2.6), "Exp", lines: +3 -0 |
| fips/fips_test_suite.c (1.1.4.3), "Exp", lines: +13 -9 |
| fips/openssl_fips_fingerprint (1.1.4.2), "Exp", lines: +1 -2 |
| |
| The version that was actually submitted for FIPS testing. |
| |
| 2004-06-19 15:16 ben |
| |
| Changed: |
| fips/dh/Makefile (1.1.2.1), "Exp", lines: +92 -0 |
| fips/dh/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 |
| fips/dh/fips_dh_check.c (1.1.2.1), "Exp", lines: +119 -0 |
| fips/dh/fips_dh_gen.c (1.1.2.1), "Exp", lines: +182 -0 |
| fips/dh/fips_dh_key.c (1.1.2.1), "Exp", lines: +222 -0 |
| |
| Add Diffie-Hellman to FIPS. |
| |
| 2004-06-19 15:18 ben |
| |
| Changed: |
| fips/.cvsignore (1.1.2.5), "Exp", lines: +2 -0 |
| fips/dh/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 |
| |
| Update ignores. |
| |
| 2004-06-21 11:07 levitte |
| |
| Changed: |
| fips/aes/Makefile (1.1.4.2), "Exp", lines: +7 -5 |
| fips/des/Makefile (1.1.4.2), "Exp", lines: +7 -5 |
| fips/dh/Makefile (1.1.2.2), "Exp", lines: +7 -6 |
| fips/dsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 |
| fips/rsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 |
| fips/sha1/Makefile (1.1.4.2), "Exp", lines: +7 -5 |
| |
| Make sure we don't try to loop over an empty EXHEADER. In the |
| Makefiles where this was fixed by commenting away code, change it |
| to check for an empty EXHEADER instead, so we have less hassle in a |
| future where EXHEADER changes. |
| |
| PR: 900 |
| |
| 2004-06-21 20:05 levitte |
| |
| Changed: |
| Makefile.org (1.154.2.82), "Exp", lines: +3 -1 |
| |
| Standard sh doesn't tolerate ! as part of the conditional command. |
| |
| PR: 900 |
| |
| 2004-06-28 22:33 levitte |
| |
| Changed: |
| fips/dh/fips_dh_check.c (1.1.2.2), "Exp", lines: +6 -0 |
| fips/dh/fips_dh_gen.c (1.1.2.2), "Exp", lines: +6 -2 |
| fips/dh/fips_dh_key.c (1.1.2.2), "Exp", lines: +8 -0 |
| |
| Make sure the FIPS stuff is only really compiled when in FIPS mode. |
| |
| 2004-07-12 19:59 ben |
| |
| Changed: |
| fips/fips_test_suite.c (1.1.4.4), "Exp", lines: +39 -6 |
| fips/dh/fingerprint.sha1 (1.1.2.2), "Exp", lines: +3 -3 |
| |
| Corrected test program. |
| |
| 2004-07-17 14:48 appro |
| |
| Changed: |
| fips/des/Makefile (1.1.4.3), "Exp", lines: +1 -1 |
| |
| Eliminate enforced -g from CFLAGS. It switches off optimization |
| with some compilers, e.g. DEC C. |
| |
| 2004-07-21 19:41 steve |
| |
| Changed: |
| crypto/pem/pem_all.c (1.20.2.1), "Exp", lines: +119 -0 |
| |
| When in FIPS mode write private keys in PKCS#8 and PBES2 format to |
| avoid use of prohibited MD5 algorithm. |
| |
| 2004-07-23 15:20 ben |
| |
| Changed: |
| fips/rand/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 |
| fips/rand/fips_rand.c (1.1.2.7), "Exp", lines: +22 -7 |
| fips/rand/fips_randtest.c (1.1.2.5), "Exp", lines: +2 -2 |
| |
| Convert to X9.31. |
| |
| 2004-07-21 19:35 steve |
| |
| Changed: |
| fips/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 |
| fips/fips.c (1.1.2.5), "Exp", lines: +3 -3 |
| fips/rsa/fingerprint.sha1 (1.1.4.3), "Exp", lines: +1 -1 |
| fips/rsa/fips_rsa_selftest.c (1.1.4.2), "Exp", lines: +8 -8 |
| |
| Avoid compiler warnings. |
| |
| 2004-07-27 02:17 steve |
| |
| Changed: |
| fips/fips_test_suite.c (1.1.4.5), "Exp", lines: +9 -8 |
| |
| Stop compiler warnings. |
| |
| 2004-07-27 02:20 steve |
| |
| Changed: |
| crypto/err/err.c (1.51.2.6), "Exp", lines: +1 -0 |
| |
| Add FIPS name to error library. |
| |
| 2004-07-27 14:22 steve |
| |
| Changed: |
| Makefile.org (1.154.2.84), "Exp", lines: +3 -3 |
| fips/fips_check_sha1 (1.1.2.6), "Exp", lines: +1 -1 |
| fips/openssl_fips_fingerprint (1.1.4.3), "Exp", lines: +1 -1 |
| |
| Rename libcrypto.sha1 to libcrypto.a.sha1 |
| |
| 2004-07-27 20:28 steve |
| |
| Changed: |
| ssl/s3_lib.c (1.57.2.11), "Exp", lines: +33 -33 |
| ssl/ssl.h (1.126.2.20), "Exp", lines: +1 -0 |
| ssl/ssl_ciph.c (1.33.2.9), "Exp", lines: +11 -0 |
| ssl/ssl_locl.h (1.47.2.3), "Exp", lines: +2 -1 |
| |
| New cipher "strength" FIPS which specifies that a cipher suite is |
| FIPS compatible. |
| |
| New cipherstring "FIPS" is all FIPS compatible ciphersuites |
| except eNULL. |
| |
| Only allow FIPS ciphersuites in FIPS mode. |
| |
| 2004-07-28 04:24 levitte |
| |
| Changed: |
| makevms.com (1.35.2.6), "Exp", lines: +2 -2 |
| |
| From the FIPS directory, darnit! |
| |
| 2004-07-28 15:47 levitte |
| |
| Changed: |
| makevms.com (1.35.2.7), "Exp", lines: +5 -1 |
| |
| Define OPENSSL_FIPS in opensslconf.h if a logical name with the |
| same name is defined. |
| |
| Go up one directory level before dealing with FIPS stuff. |
| |
| 2004-07-30 00:26 levitte |
| |
| Changed: |
| fips/fips-lib.com (1.1.2.2), "Exp", lines: +3 -3 |
| |
| We're building crypto stuff, not ssl stuff. Additionally, we're in |
| the fips subdirectory, not the crypto one... |
| |
| 2004-07-30 16:37 levitte |
| |
| Changed: |
| fips/sha1/fingerprint.sha1 (1.1.2.7), "Exp", lines: +2 -2 |
| fips/sha1/fips_md32_common.h (1.1.2.6), "Exp", lines: +1 -1 |
| fips/sha1/fips_sha_locl.h (1.1.2.5), "Exp", lines: +2 -2 |
| fips/sha1/fips_standalone_sha1.c (1.1.2.5), "Exp", lines: +1 -1 |
| fips/sha1/standalone.sha1 (1.1.2.8), "Exp", lines: +3 -3 |
| ssl/ssl_ciph.c (1.33.2.10), "Exp", lines: +2 -2 |
| fips/rsa/fingerprint.sha1 (1.1.4.4), "Exp", lines: +2 -2 |
| fips/rsa/fips_rsa_eay.c (1.1.4.3), "Exp", lines: +1 -1 |
| fips/rsa/fips_rsa_gen.c (1.1.4.3), "Exp", lines: +1 -1 |
| fips/dh/fingerprint.sha1 (1.1.2.3), "Exp", lines: +1 -1 |
| fips/dh/fips_dh_gen.c (1.1.2.3), "Exp", lines: +1 -1 |
| fips/dsa/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 |
| fips/dsa/fips_dsa_gen.c (1.1.4.3), "Exp", lines: +4 -3 |
| fips/dsa/fips_dsa_ossl.c (1.1.2.6), "Exp", lines: +2 -2 |
| fips/des/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 |
| fips/des/fips_des_enc.c (1.1.2.5), "Exp", lines: +2 -2 |
| fips/des/fips_set_key.c (1.1.4.3), "Exp", lines: +3 -3 |
| fips/fingerprint.sha1 (1.1.2.8), "Exp", lines: +2 -2 |
| fips/fips.c (1.1.2.6), "Exp", lines: +76 -23 |
| fips/fips.h (1.1.2.5), "Exp", lines: +2 -3 |
| fips/fips_locl.h (1.1.4.2), "Exp", lines: +7 -2 |
| fips/aes/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 |
| fips/aes/fips_aes_core.c (1.1.2.5), "Exp", lines: +1 -1 |
| crypto/rand/md_rand.c (1.69.2.5), "Exp", lines: +1 -1 |
| crypto/rand/rand_lib.c (1.15.2.5), "Exp", lines: +2 -1 |
| crypto/dsa/dsa_sign.c (1.10.2.6), "Exp", lines: +2 -2 |
| crypto/dsa/dsa_vrf.c (1.10.2.6), "Exp", lines: +1 -1 |
| crypto/pem/pem_all.c (1.20.2.2), "Exp", lines: +2 -2 |
| crypto/cryptlib.c (1.32.2.12), "Exp", lines: +122 -6 |
| crypto/crypto.h (1.62.2.8), "Exp", lines: +8 -1 |
| crypto/md32_common.h (1.22.2.7), "Exp", lines: +2 -2 |
| |
| To protect FIPS-related global variables, add locking mechanisms |
| around them. |
| |
| NOTE: because two new locks are added, this adds potential |
| binary incompatibility with earlier versions in the 0.9.7 series. |
| However, those locks will only ever be touched when FIPS_mode_set() |
| is called and after, thanks to a variable that's only changed from |
| 0 to 1 once (when FIPS_mode_set() is called). So basically, as |
| long as FIPS mode hasn't been engaged explicitely by the calling |
| application, the new locks are treated as if they didn't exist at |
| all, thus not becoming a problem. Applications that are built or |
| rebuilt to use FIPS functionality will need to be recompiled in any |
| case, thus not being a problem either. |
| |
| 2004-08-02 16:15 levitte |
| |
| Changed: |
| crypto/cryptlib.c (1.32.2.13), "Exp", lines: +4 -4 |
| |
| Let's lock a write lock when changing values, shall we? |
| |
| Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk> |
| for making me aware of this error. |
| |
| 2004-08-05 20:11 steve |
| |
| Changed: |
| fips/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 |
| fips/fips.c (1.1.2.7), "Exp", lines: +1 -1 |
| |
| Stop compiler giving bogus shadow warning. |
| |
| 2004-08-09 14:13 levitte |
| |
| Changed: |
| makevms.com (1.35.2.8), "Exp", lines: +1 -1 |
| |
| In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM... |
| |
| 2004-08-09 14:14 levitte |
| |
| Changed: |
| fips/fips-lib.com (1.1.2.3), "Exp", lines: +4 -4 |
| |
| Correct typos and include directory specifications. |
| |
| 2004-08-10 11:11 levitte |
| |
| Changed: |
| fips/fips-lib.com (1.1.2.4), "Exp", lines: +2 -1 |
| |
| Update the VMS fips library builder with the DH library. |
| |
| 2004-08-10 12:04 levitte |
| |
| Changed: |
| fips/rand/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 |
| fips/rand/fips_rand.c (1.1.2.8), "Exp", lines: +7 -1 |
| |
| With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED |
| to get struct timeval and gettimeofday(). |
| |
| 2004-09-06 16:19 levitte |
| |
| Changed: |
| fips/fips.c (1.1.2.8), "Exp", lines: +5 -4 |
| |
| Replace the bogus checks of n with proper uses of feof(), ferror() |
| and clearerr(). |
| |
| 2004-09-06 16:21 levitte |
| |
| Changed: |
| fips/sha1/fips_sha_locl.h (1.1.2.6), "Exp", lines: +2 -2 |
| |
| num is an unsigned long, but since it was transfered from |
| crypto/sha/sha_locl.h, where it is in fact an int, we need to check |
| for less-than-zero as if it was an int... |
| |
| 2004-10-08 12:03 ben |
| |
| Changed: |
| fips/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 |
| fips/sha1/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 |
| fips/sha1/standalone.sha1 (1.1.2.9), "Exp", lines: +1 -1 |
| |
| Update fingerprints. |
| |
| 2004-10-14 07:51 levitte |
| |
| Changed: |
| VMS/mkshared.com (1.3.2.1), "Exp", lines: +8 -0 |
| |
| We need to check for OPENSSL_FIPS when building shared libraries, |
| so we get correct transfer vectors for those functions when |
| required. |
| |
| 2004-10-26 13:47 steve |
| |
| Changed: |
| util/mkfiles.pl (1.12.2.2), "Exp", lines: +1 -0 |
| |
| Add fips/dh directory to mkfiles.pl |
| |
| 2004-10-26 14:17 levitte |
| |
| Changed: |
| fips/sha1/Makefile (1.1.4.4), "Exp", lines: +3 -1 |
| util/mkfiles.pl (1.12.2.3), "Exp", lines: +1 -0 |
| fips/Makefile (1.1.4.5), "Exp", lines: +7 -1 |
| crypto/sha/Makefile (1.1.4.4), "Exp", lines: +1 -7 |
| |
| fips/dh was missing in mkfiles.pl. make update |
| |
| 2004-10-26 15:01 steve |
| |
| Changed: |
| util/mkfiles.pl (1.12.2.4), "Exp", lines: +0 -1 |
| |
| Only add fips/dh once... |
| |
| 2004-11-01 09:20 levitte |
| |
| Changed: |
| fips/rand/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 |
| fips/rand/fips_rand.c (1.1.2.9), "Exp", lines: +3 -1 |
| |
| Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if |
| not already defined. |
| |
| 2004-12-09 19:03 appro |
| |
| vChanged: |
| crypto/Makefile (1.1.4.4), "Exp", lines: +2 -0 |
| |
| Postpone linking of shared libcrypto in FIPS build. |
| |
| 2004-12-09 19:13 appro |
| |
| Changed: |
| fips/fingerprint.sha1 (1.1.2.11), "Exp", lines: +1 -1 |
| fips/fips.c (1.1.2.9), "Exp", lines: +13 -1 |
| fips/openssl_fips_fingerprint (1.1.4.4), "Exp", lines: +4 -2 |
| |
| Cygwin specific FIPS fix-ups. |
| |
| 2004-12-09 23:43 appro |
| |
| Changed: |
| Configure (1.314.2.100), "Exp", lines: +2 -3 |
| crypto/des/des_enc.c (1.11.2.5), "Exp", lines: +2 -2 |
| |
| Eliminate false dependency on 386 config option is FIPS context. |
| At the same time limit assembler support to ELF platforms [that's |
| what is there, ELF modules]. |
| |
| 2004-12-10 12:37 appro |
| |
| Changed: |
| Configure (1.314.2.101), "Exp", lines: +10 -3 |
| crypto/des/des_enc.c (1.11.2.6), "Exp", lines: +2 -2 |
| |
| Respect no-asm with fips option and disable FIPS DES assembler in |
| shared context [because it's not PIC]. |
| |
| 2004-12-10 14:15 appro |
| |
| Changed: |
| fips/sha1/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 |
| fips/sha1/standalone.sha1 (1.1.2.11), "Exp", lines: +1 -1 |
| fips/sha1/asm/sx86-elf.s (1.1.4.3), "Exp", lines: +32 -32 |
| |
| Solaris x86 assembler update. |
| |
| 2004-12-10 17:30 appro |
| |
| Changed: |
| fips/fips_check_sha1 (1.1.2.7), "Exp", lines: +1 -1 |
| fips/openssl_fips_fingerprint (1.1.4.5), "Exp", lines: +1 -1 |
| fips/sha1/Makefile (1.1.4.6), "Exp", lines: +1 -1 |
| |
| Adapt FIPS sub-tree for mingw. |
| |
| 2005-01-03 18:46 steve |
| |
| Changed: |
| fips/rsa/fingerprint.sha1 (1.1.4.5), "Exp", lines: +1 -1 |
| fips/rsa/fips_rsa_selftest.c (1.1.4.3), "Exp", lines: +55 -11 |
| |
| RSA KAT. |
| |
| 2005-01-11 17:54 levitte |
| |
| Changed: |
| fips/rsa/fingerprint.sha1 (1.1.4.6), "Exp", lines: +1 -1 |
| fips/rsa/fips_rsa_selftest.c (1.1.4.4), "Exp", lines: +2 -2 |
| |
| Clear signed vs. unsigned conflicts. Change the fingerprint |
| accordingly. |
| |
| 2005-01-11 19:25 levitte |
| |
| Changed: |
| ssl/ssltest.c (1.53.2.24), "Exp", lines: +2 -2 |
| fips/rand/fips_randtest.c (1.1.2.6), "Exp", lines: +3 -3 |
| fips/sha1/fips_sha1test.c (1.1.2.5), "Exp", lines: +10 -4 |
| fips/des/fips_desmovs.c (1.1.2.6), "Exp", lines: +8 -7 |
| fips/dsa/fips_dsatest.c (1.1.2.5), "Exp", lines: +2 -2 |
| apps/openssl.c (1.48.2.12), "Exp", lines: +1 -1 |
| fips/aes/fips_aesavs.c (1.1.2.12), "Exp", lines: +8 -7 |
| |
| Use EXIT() instead of exit(). |
| |
| 2005-01-26 21:00 steve |
| |
| Changed: |
| apps/dgst.c (1.23.2.13), "Exp", lines: +10 -0 |
| apps/pkcs12.c (1.60.2.13), "Exp", lines: +8 -1 |
| crypto/crypto.h (1.62.2.9), "Exp", lines: +49 -0 |
| crypto/md32_common.h (1.22.2.9), "Exp", lines: +1 -1 |
| crypto/bf/bf_skey.c (1.6.2.1), "Exp", lines: +2 -1 |
| crypto/bf/blowfish.h (1.9.2.1), "Exp", lines: +4 -1 |
| crypto/cast/c_skey.c (1.5.6.1), "Exp", lines: +3 -1 |
| crypto/cast/cast.h (1.7.2.1), "Exp", lines: +4 -1 |
| crypto/evp/bio_md.c (1.11.2.3), "Exp", lines: +2 -7 |
| crypto/evp/digest.c (1.21.2.7), "Exp", lines: +11 -0 |
| crypto/evp/e_aes.c (1.6.2.11), "Exp", lines: +11 -11 |
| crypto/evp/e_des.c (1.5.2.9), "Exp", lines: +5 -3 |
| crypto/evp/e_des3.c (1.8.2.8), "Exp", lines: +6 -6 |
| crypto/evp/evp.h (1.86.2.16), "Exp", lines: +17 -0 |
| crypto/evp/evp_enc.c (1.28.2.11), "Exp", lines: +15 -1 |
| crypto/evp/evp_err.c (1.23.2.4), "Exp", lines: +6 -1 |
| crypto/evp/evp_locl.h (1.7.2.7), "Exp", lines: +17 -2 |
| crypto/evp/m_dss.c (1.8.2.1), "Exp", lines: +1 -1 |
| crypto/evp/m_md2.c (1.9.2.1), "Exp", lines: +1 -0 |
| crypto/evp/m_md4.c (1.8.2.1), "Exp", lines: +1 -0 |
| crypto/evp/m_md5.c (1.9.2.1), "Exp", lines: +1 -0 |
| crypto/evp/m_mdc2.c (1.9.2.1), "Exp", lines: +1 -0 |
| crypto/evp/m_sha.c (1.8.2.2), "Exp", lines: +1 -0 |
| crypto/evp/m_sha1.c (1.8.2.1), "Exp", lines: +1 -1 |
| crypto/evp/names.c (1.7.2.1), "Exp", lines: +3 -0 |
| crypto/hmac/hmac.c (1.12.2.3), "Exp", lines: +7 -0 |
| crypto/hmac/hmac.h (1.14.2.2), "Exp", lines: +1 -0 |
| crypto/idea/i_skey.c (1.5.6.1), "Exp", lines: +13 -0 |
| crypto/idea/idea.h (1.10.2.1), "Exp", lines: +4 -0 |
| crypto/md2/md2.h (1.11.2.1), "Exp", lines: +3 -0 |
| crypto/md2/md2_dgst.c (1.13.2.4), "Exp", lines: +3 -1 |
| crypto/md4/md4.h (1.3.2.1), "Exp", lines: +3 -0 |
| crypto/md4/md4_dgst.c (1.2.2.2), "Exp", lines: +1 -1 |
| crypto/md5/md5.h (1.10.2.3), "Exp", lines: +3 -0 |
| crypto/md5/md5_dgst.c (1.16.2.2), "Exp", lines: +1 -1 |
| crypto/mdc2/mdc2.h (1.9.2.1), "Exp", lines: +3 -1 |
| crypto/mdc2/mdc2dgst.c (1.13.2.1), "Exp", lines: +3 -1 |
| crypto/rc2/rc2.h (1.10.2.1), "Exp", lines: +4 -1 |
| crypto/rc2/rc2_skey.c (1.4.6.1), "Exp", lines: +13 -0 |
| crypto/rc4/rc4.h (1.10.2.2), "Exp", lines: +3 -0 |
| crypto/rc4/rc4_skey.c (1.10.8.2), "Exp", lines: +2 -1 |
| crypto/rc5/rc5.h (1.5.2.1), "Exp", lines: +4 -1 |
| crypto/rc5/rc5_skey.c (1.4.6.1), "Exp", lines: +14 -0 |
| crypto/ripemd/ripemd.h (1.8.2.1), "Exp", lines: +3 -0 |
| crypto/ripemd/rmd_dgst.c (1.13.2.2), "Exp", lines: +2 -1 |
| crypto/sha/sha.h (1.11.2.2), "Exp", lines: +3 -0 |
| crypto/sha/sha_locl.h (1.16.2.3), "Exp", lines: +4 -0 |
| crypto/x509/x509_cmp.c (1.22.2.4), "Exp", lines: +7 -1 |
| crypto/x509/x509_vfy.c (1.56.2.13), "Exp", lines: +1 -1 |
| ssl/s3_clnt.c (1.53.2.18), "Exp", lines: +2 -0 |
| ssl/s3_enc.c (1.31.2.9), "Exp", lines: +3 -0 |
| ssl/s3_srvr.c (1.85.2.23), "Exp", lines: +2 -0 |
| ssl/t1_enc.c (1.27.2.9), "Exp", lines: +2 -0 |
| |
| FIPS algorithm blocking. |
| |
| Non FIPS algorithms are not normally allowed in FIPS mode. |
| |
| Any attempt to use them via high level functions will |
| return an error. |
| |
| The low level non-FIPS algorithm functions cannot return |
| errors so they produce assertion failures. HMAC also has to give an |
| assertion error because it (erroneously) can't return an error |
| either. |
| |
| There are exceptions (such as MD5 in TLS and non |
| cryptographic use of algorithms) and applications can override the |
| blocking and use non FIPS algorithms anyway. |
| |
| For low level functions the override is perfomed by |
| prefixing the algorithm initalization function with "private_" for |
| example private_MD5_Init(). |
| |
| For high level functions an override is performed by |
| setting a flag in the context. |
| |
| 2005-01-27 02:49 steve |
| |
| Changed: |
| apps/dgst.c (1.23.2.14), "Exp", lines: +9 -5 |
| crypto/crypto.h (1.62.2.10), "Exp", lines: +3 -0 |
| crypto/evp/digest.c (1.21.2.8), "Exp", lines: +34 -0 |
| crypto/hmac/hmac.c (1.12.2.4), "Exp", lines: +9 -0 |
| |
| More FIPS algorithm blocking. |
| |
| Catch attempted use of non FIPS algorithms with HMAC. |
| |
| Give an assertion error for applications that ignore FIPS |
| digest errors. |
| |
| Make -non-fips-allow work with dgst and HMAC. |
| |
| 2005-01-28 15:03 steve |
| |
| Changed: |
| apps/dgst.c (1.23.2.15), "Exp", lines: +2 -1 |
| apps/enc.c (1.35.2.13), "Exp", lines: +38 -4 |
| crypto/evp/e_rc4.c (1.11.2.2), "Exp", lines: +1 -0 |
| crypto/evp/evp.h (1.86.2.17), "Exp", lines: +3 -0 |
| crypto/evp/evp_enc.c (1.28.2.12), "Exp", lines: +60 -15 |
| crypto/evp/evp_locl.h (1.7.2.8), "Exp", lines: +1 -0 |
| test/testenc (1.3.8.2), "Exp", lines: +8 -8 |
| |
| Further FIPS algorithm blocking. |
| |
| Fixes to cipher blocking and enabling code. |
| |
| Add option -non-fips-allow to 'enc' and update testenc. |
| |
| 2005-01-31 02:33 steve |
| |
| Changed: |
| ssl/s23_clnt.c (1.20.2.7), "Exp", lines: +16 -0 |
| ssl/s23_srvr.c (1.41.2.6), "Exp", lines: +9 -0 |
| ssl/s3_clnt.c (1.53.2.19), "Exp", lines: +0 -8 |
| ssl/s3_enc.c (1.31.2.10), "Exp", lines: +1 -0 |
| ssl/s3_srvr.c (1.85.2.24), "Exp", lines: +0 -8 |
| ssl/ssl.h (1.126.2.21), "Exp", lines: +1 -0 |
| ssl/ssl_cert.c (1.48.2.10), "Exp", lines: +0 -8 |
| ssl/ssl_err.c (1.41.2.4), "Exp", lines: +2 -1 |
| ssl/ssl_lib.c (1.110.2.13), "Exp", lines: +8 -9 |
| ssl/t1_enc.c (1.27.2.10), "Exp", lines: +0 -18 |
| |
| Only allow TLS is FIPS mode. |
| |
| Remove old FIPS_allow_md5() calls. |
| |
| 2005-02-05 19:24 steve |
| |
| Changed: |
| apps/req.c (1.88.2.18), "Exp", lines: +8 -1 |
| apps/x509.c (1.67.2.20), "Exp", lines: +8 -1 |
| |
| In FIPS mode use SHA1 as default digest in x509 and req utilities. |
| |
| 2005-03-15 10:46 appro |
| |
| Changed: |
| Makefile.org (1.154.2.96), "Exp", lines: +1 -1 |
| crypto/Makefile (1.1.4.6), "Exp", lines: +2 -3 |
| fips/Makefile (1.1.4.8), "Exp", lines: +4 -1 |
| |
| Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this |
| in crypto/Makefile and make Makefile.org and fips/Makefile more |
| discreet. |
| |
| 2005-03-22 18:29 steve |
| |
| Changed: |
| fips/fingerprint.sha1 (1.1.2.12), "Exp", lines: +1 -1 |
| fips/fips.c (1.1.2.10), "Exp", lines: +1 -0 |
| |
| Fix memory leak. |
| |
| 2005-03-27 05:36 steve |
| |
| Changed: |
| crypto/evp/e_null.c (1.9.2.1), "Exp", lines: +1 -1 |
| ssl/s3_lib.c (1.57.2.13), "Exp", lines: +3 -3 |
| |
| Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS |
| mode. |
| |
| 2005-04-14 14:44 steve |
| |
| Changed: |
| fips/fipshashes.sha1 (1.1.2.1), "Exp", lines: +29 -0 |
| util/checkhash.pl (1.1.2.1), "Exp", lines: +181 -0 |
| |
| Perl script that checks or rebuilds FIPS hash files. This works on |
| both Unix and Windows. |
| |
| Merge all FIPS hash files into a single hash file |
| fips/fips.sha1 |
| |
| 2005-04-15 05:27 steve |
| |
| Changed: |
| fips/Makefile (1.1.4.9), "Exp", lines: +1 -1 |
| fips/aes/Makefile (1.1.4.4), "Exp", lines: +1 -4 |
| fips/des/Makefile (1.1.4.6), "Exp", lines: +1 -4 |
| fips/dh/Makefile (1.1.2.5), "Exp", lines: +1 -4 |
| fips/dsa/Makefile (1.1.4.4), "Exp", lines: +1 -4 |
| fips/rand/Makefile (1.1.4.3), "Exp", lines: +1 -4 |
| fips/rsa/Makefile (1.1.4.5), "Exp", lines: +1 -4 |
| fips/sha1/Makefile (1.1.4.9), "Exp", lines: +1 -7 |
| |
| Update hash checking in makefiles to use new perl script. |
| |
| 2005-04-17 06:37 steve |
| |
| Changed: |
| util/checkhash.pl (1.1.2.2), "Exp", lines: +163 -127 |
| |
| Modify checkhash.pl so it can be run standalone or included as a |
| funtion in another perl script. |
| |
| 2005-04-17 16:00 appro |
| |
| Changed: |
| fips/sha1/Makefile (1.1.4.10), "Exp", lines: +9 -5 |
| |
| Bring back fips_standalone_sha1. |
| |
| 2005-04-17 16:17 appro |
| |
| Deleted: |
| fips/sha1/asm/sx86-elf.s (1.1.4.4) |
| Changed: |
| Configure (1.314.2.114), "Exp", lines: +1 -1 |
| fips/fipshashes.sha1 (1.1.2.2), "Exp", lines: +1 -1 |
| fips/sha1/Makefile (1.1.4.11), "Exp", lines: +1 -1 |
| fips/sha1/standalone.sha1 (1.1.2.13), "Exp", lines: +1 -1 |
| fips/sha1/asm/fips-sx86-elf.s (1.1.2.1), "Exp", lines: +1568 -0 |
| |
| Rename fips/sha1/sx86-elf.s to fips/sha1/fips-sx86-elf.s. |
| |
| 2005-04-17 16:21 steve |
| |
| Changed: |
| util/checkhash.pl (1.1.2.3), "Exp", lines: +2 -0 |
| |
| Return 0 for successful hash check. |
| |
| 2005-04-17 16:54 appro |
| |
| Changed: |
| Configure (1.314.2.116), "Exp", lines: +8 -1 |
| Makefile.org (1.154.2.99), "Exp", lines: +3 -2 |
| crypto/aes/aes_cbc.c (1.1.2.11), "Exp", lines: +2 -0 |
| fips/fipshashes.sha1 (1.1.2.4), "Exp", lines: +1 -0 |
| fips/aes/Makefile (1.1.4.5), "Exp", lines: +4 -2 |
| fips/aes/asm/fips-ax86-elf.s (1.1.2.1), "Exp", lines: +1822 -0 |
| |
| Throw in fips/aes/asm/fips-ax86-elf.s. |
| |
| 2005-04-17 16:35 appro |
| |
| Changed: |
| Configure (1.314.2.115), "Exp", lines: +1 -1 |
| fips/fipshashes.sha1 (1.1.2.3), "Exp", lines: +1 -1 |
| fips/des/asm/fips-dx86-elf.s (1.1.4.2), "Exp", lines: +108 -98 |
| |
| Regenerate fips/des/asm/fips-dx86-elf.s with -fPIC flag. |
| |
| 2005-04-17 17:26 appro |
| |
| Changed: |
| crypto/cryptlib.c (1.32.2.18), "Exp", lines: +6 -55 |
| crypto/crypto.h (1.62.2.11), "Exp", lines: +0 -3 |
| fips/fips.c (1.1.2.11), "Exp", lines: +62 -8 |
| fips/fips.h (1.1.2.7), "Exp", lines: +2 -3 |
| fips/fips_locl.h (1.1.4.3), "Exp", lines: +6 -3 |
| fips/fipshashes.sha1 (1.1.2.5), "Exp", lines: +4 -4 |
| fips/rand/fips_rand.c (1.1.2.10), "Exp", lines: +3 -1 |
| fips/rsa/fips_rsa_gen.c (1.1.4.4), "Exp", lines: +4 -2 |
| |
| Resolve minor binary compatibility issues in fips. |
| |
| 2005-04-17 18:22 appro |
| |
| Changed: |
| fips/fipshashes.sha1 (1.1.2.6), "Exp", lines: +12 -12 |
| fips/des/fips_des_locl.h (1.1.2.4), "Exp", lines: +1 -1 |
| fips/des/fips_set_key.c (1.1.4.4), "Exp", lines: +2 -2 |
| fips/dh/fips_dh_key.c (1.1.2.3), "Exp", lines: +1 -1 |
| fips/dsa/fips_dsa_ossl.c (1.1.2.7), "Exp", lines: +1 -1 |
| fips/dsa/fips_dsa_selftest.c (1.1.4.2), "Exp", lines: +3 -3 |
| fips/rand/fips_rand.c (1.1.2.11), "Exp", lines: +2 -2 |
| fips/rand/fips_rand.h (1.1.2.5), "Exp", lines: +1 -1 |
| fips/rsa/fips_rsa_eay.c (1.1.4.4), "Exp", lines: +1 -1 |
| fips/rsa/fips_rsa_gen.c (1.1.4.5), "Exp", lines: +1 -1 |
| fips/rsa/fips_rsa_selftest.c (1.1.4.5), "Exp", lines: +11 -11 |
| fips/sha1/fips_sha1_selftest.c (1.1.4.2), "Exp", lines: +1 -1 |
| fips/sha1/fips_sha1dgst.c (1.1.2.5), "Exp", lines: +1 -1 |
| fips/sha1/standalone.sha1 (1.1.2.14), "Exp", lines: +2 -2 |
| |
| Minor fips const-ification. |
| |
| 2005-04-18 07:02 steve |
| |
| Changed: |
| crypto/bf/bf_skey.c (1.6.2.2), "Exp", lines: +1 -0 |
| crypto/cast/c_skey.c (1.5.6.2), "Exp", lines: +1 -0 |
| crypto/idea/i_skey.c (1.5.6.2), "Exp", lines: +1 -0 |
| crypto/rc2/rc2_skey.c (1.4.6.2), "Exp", lines: +1 -0 |
| crypto/rc4/rc4_skey.c (1.10.8.3), "Exp", lines: +1 -0 |
| crypto/rc5/rc5_skey.c (1.4.6.2), "Exp", lines: +1 -0 |
| |
| Pick up definition of FIPS_mode() in fips.h to avoid warnings. |
| |
| 2005-04-18 10:34 steve |
| |
| Deleted: |
| fips/fingerprint.sha1 (1.1.2.14) |
| fips/fips_check_sha1 (1.1.2.8) |
| fips/fips_make_sha1 (1.1.2.7) |
| fips/aes/fingerprint.sha1 (1.1.2.7) |
| fips/des/fingerprint.sha1 (1.1.2.6) |
| fips/dh/fingerprint.sha1 (1.1.2.4) |
| fips/dsa/fingerprint.sha1 (1.1.2.7) |
| fips/rand/fingerprint.sha1 (1.1.2.10) |
| fips/rsa/fingerprint.sha1 (1.1.4.7) |
| fips/sha1/fingerprint.sha1 (1.1.2.12) |
| Changed: |
| fips/sha1/Makefile (1.1.4.12), "Exp", lines: +1 -4 |
| |
| Remove obsolete fingerprint.sha1 files and associated scripts. |
| Delete test in fips/sha1/Makefile: the top level test checks the |
| same files. |
| |
| 2005-04-19 09:11 appro |
| |
| Deleted: |
| fips/fipshashes.sha1 (1.1.2.7) |
| fips/sha1/standalone.sha1 (1.1.2.15) |
| Changed: |
| fips/fipshashes.c (1.1.2.1), "Exp", lines: +32 -0 |
| util/checkhash.pl (1.1.2.4), "Exp", lines: +7 -4 |
| |
| Maintain fingerprint hashes as C source. |
| |
| 2005-04-19 09:17 appro |
| |
| Changed: |
| util/checkhash.pl (1.1.2.5), "Exp", lines: +1 -1 |
| |
| Complete the transition C-code hashes. |
| |
| 2005-04-21 19:06 steve |
| |
| Changed: |
| apps/openssl.c (1.48.2.13), "Exp", lines: +0 -2 |
| fips/fips.c (1.1.2.12), "Exp", lines: +0 -27 |
| fips/fips.h (1.1.2.8), "Exp", lines: +0 -2 |
| fips/fipshashes.c (1.1.2.2), "Exp", lines: +2 -2 |
| |
| Remove defunct FIPS_allow_md5() and related functions. |
| |
| 2005-04-22 06:15 appro |
| |
| Changed: |
| fips/fips.c (1.1.2.13), "Exp", lines: +3 -3 |
| fips/fips_err.h (1.1.4.4), "Exp", lines: +3 -3 |
| fips/fipshashes.c (1.1.2.4), "Exp", lines: +2 -2 |
| |
| Move some variables to .bss. |
| |