Commit Graph

116 Commits

Author SHA1 Message Date
simonb 2c43674831 Remove fips_standalone_sha1.c - fixes problem mentioned by Hubert Feyrer
on current-users.

OK'd by christos.
2005-06-29 14:41:16 +00:00
wiz 4878707c24 Oops, openssl_errstr(1), not (3). 2005-04-24 00:13:50 +00:00
wiz d3e15626be Add openssl_errstr(1). 2005-04-24 00:12:07 +00:00
wiz e19d039592 regen (sync with 0.9.7g). 2005-04-24 00:10:02 +00:00
christos c20fe9e615 add new files. 2005-04-23 20:32:17 +00:00
christos b97f63a242 Regen for OpenSSL 0.9.7f 2005-03-26 03:26:46 +00:00
christos 039caef355 bump minor. 2005-03-26 02:22:01 +00:00
christos 1adff5028c enable FIPS. 2005-03-26 02:21:34 +00:00
christos 4d2554560d Add fips include files, needed for compilation only. FIPS is not enabled
right now, but we will enable it later (adding -DOPENSSL_FIPS).
2005-03-25 20:14:40 +00:00
lukem 1e6ef7af3f remove unnecessary (and possibly incorrect for non-ELF) duplicate LIBDPLIBS 2005-03-09 01:55:51 +00:00
christos 0713fcd141 Make at least the ELF version work. crypt was broken because it was
compiled against the wrong headers. Now we just depend on libcrypt.
2005-03-02 01:04:21 +00:00
jmc 693535a5d9 Spelling errors 'dependant' vs 'dependent' from PR#27345 2004-10-22 18:35:41 +00:00
sjg 3a0c68edfd Add support for SHA1 hashed passwords.
The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).

 * The format of the encrypted password is:
 * $<tag>$<iterations>$<salt>$<digest>
 *
 * where:
 *      <tag>           is "sha1"
 *      <iterations>    is an unsigned int identifying how many rounds
 *                      have been applied to <digest>.  The number
 *                      should vary slightly for each password to make
 *                      it harder to generate a dictionary of
 *                      pre-computed hashes.  See crypt_sha1_iterations.
 *      <salt>          up to 64 bytes of random data, 8 bytes is
 *                      currently considered more than enough.
 *      <digest>        the hashed password.

hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.

It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.
2004-07-02 00:05:23 +00:00
groo 19aa054c0d Actually install the new man pages. 2004-03-22 00:48:04 +00:00
groo 80ddfc8cb9 update documentation from 0.9.7b to 0.9.7d 2004-03-20 21:48:44 +00:00
wiz 73e1501b98 parameter with two es. From Peter Postma. 2004-02-24 15:22:01 +00:00
itojun 08cbee504f avoid bswapl, which is post-i486 (including i486) insn. markus@openbsd 2003-11-13 19:36:31 +00:00
itojun 015dc7875b accelerate sha1 by using asm (i386). markus@openbsd.
there's internal symbol name changes, but it does not warrant shlib minor
bump as the symbol is totally internal.
2003-11-13 02:10:00 +00:00
itojun b6743615c4 correction made in 0.9.7c; from markus@openbsd 2003-11-12 16:20:27 +00:00
itojun aec01dda91 sync w/ openssl 0.9.7c. shlib minor bump for libcrypto.
(ERR_release_err_state_table() added)
2003-11-04 23:54:26 +00:00
itojun 87abfaaaff resurrect assembly version of bignum operation; pointed out by perry 2003-11-04 21:06:32 +00:00
ragge 2fc6066af3 Add assembly routines for some of the bignum functions. Most comes from VMS,
a few written by me.  This speeds up ssh 2-3 times.
2003-11-03 10:22:28 +00:00
lukem f85d2d1c14 Use ${HOST_SH} instead of `sh'.
If necessary, pull in <bsd.sys.mk> to get the definition of HOST_SH;
Makefiles that pull in one of (most of) <bsd.*.mk> will get this anyway.
2003-10-26 07:25:33 +00:00
itojun f4401cd869 upgrade openssl to 0.9.7b. (AES is now supported)
alter des.h to be friendly with openssl/des.h (you can include both in the
same file)
make libkrb to depend on libdes.  bump major.
massage various portioin of heimdal to be friendly with openssl 0.9.7b.
2003-07-24 14:16:30 +00:00
itojun df738798b1 install des_modes(7) from libdes, not from libcrypto 2003-07-23 05:46:00 +00:00
itojun 98cf94c860 install des.3 from libdes, not from libcrypto.
(eventually libcrypto will switch to DES_xx)
2003-07-23 05:43:43 +00:00
itojun 9f89c3577c split libdes from libcrypto. libdes bumps shlib major.
(no dependency in libraries)

libdes provides des_xx functions based on openssl 0.9.6j.
2003-07-23 05:20:17 +00:00
itojun df0916cac9 MDC2 is patented 2003-07-14 13:49:21 +00:00
wiz 03cb7d2b4f Remove .UC -- not Berkeley Distribution man pages. 2003-06-30 14:18:56 +00:00
jmc 84b2ae9f5b Typo police 2003-05-15 16:46:55 +00:00
thorpej 69c5577b0b Make the des.h -> openssl/des.h symlink relative. 2003-04-26 00:53:17 +00:00
thorpej aef8e968bf Don't link libcrypto against libcrypt; that doesn't work on systems
that don't support shared libraries.  Instead, build the NetBSD crypt(3)
library directly into libcrypto.
2003-04-17 00:32:22 +00:00
perry 50f8bf598f symlink /usr/include/des.h to openssl/des.h
This is done in FreeBSD, and OpenBSD apparently also has a des.h
inspired by Greg Woods in PR lib/10528
2003-04-06 18:12:36 +00:00
perry d3a7a45513 add links for des functions. PR bin/10528 from Greg Woods 2003-04-06 17:44:41 +00:00
mycroft 76126365c9 Link libcrypto against libcrypt to make sure crypt() is still there -- and
therefore build it earlier in the build process as well.
2003-04-03 00:41:50 +00:00
wiz 83de4abed2 Use "its" instead of "it's" where appropriate.
From Soren Jacobsen in PR 20730.
2003-03-15 23:48:27 +00:00
jschauma 432d470724 Fix typos pointed out by Igor Sobrado in PR misc/19621. 2003-01-02 00:22:29 +00:00
jschauma ba40d7ee64 Fix tyops pointed out by Igor Sobrado in PR misc/19627
openssl_rand(1)     - generater (generator?)
openssl_req(1)      - stateOrPrivinceName (stateOrProvinceName),
			eg. (e.g., Latin exempli gratia)
openssl_rsa(1)      - thse (these, perhaps those)
openssl_s_client(1) - implicitely (implicitly),
			renegociated (renegotiated)
openssl_x509(1)     - beginnging (beginning, whow!),
			repesents (represents)
2003-01-01 21:43:13 +00:00
lukem 93305911e9 Move libcrypto.so* from /usr/lib to /lib, as /sbin/cgdconfig needs it.
Requested by elric@.
2002-10-07 00:53:31 +00:00
thorpej 09a0767aa9 Only use the MKDYNAMICROOT semantics (i.e. -rpath=/lib,/usr/lib and
-dynamic-linker=/libexec/ld.elf_so) if the BINDIR of the program being
built is /bin or /sbin.

The reason we do this is because now all programs *except* those in
/bin and /sbin (i.e. the "special cases") match the default the compiler
uses, which is what is used for things in e.g. xsrc, pkgsrc, and other
random 3rd party programs.

This is done by decoupling where a shlib is installed from how it
is located.  Two new variables, SHLIBINSTALLDIR and SHLINKINSTALLDIR,
contain the former information, and key off MKDYNAMICROOT only.  SHLIBDIR
and SHLINKDIR contain the latter, and key off MKDYNAMICROOT and BINDIR.

The SHLIBINSTALLDIR, SHLIBDIR, _LIBSODIR, SHLINKINSTALLDIR, and
SHLINKDIR parameters are moved to a new <bsd.shlib.mk>; see bsd.README
for usage details.
2002-09-27 21:37:50 +00:00
itojun 633fb3b891 dummy funtion decls 2002-09-26 13:06:25 +00:00
itojun d24389cf67 MDC2 is a patented algorithm; don't ship it in default libcrypto.
MKCRYPTO_MDC2 will build a separate library, libcrypto_mdc2.
2002-09-26 13:05:54 +00:00
thorpej 93b1f286b7 Add (commented out) CPP flags for making DES faster on StrongARM
and XScale systems.
2002-09-20 23:59:40 +00:00
itojun 50d422c24f e_os.h is not part of exported openssl interface, so don't install it into
/usr/include/openssl (e_os.h has an explicit comment about it).  it obviously
is a bug in openssl 0.9.6 Makefile.
based on openssl 0.9.7 snapshot.
2002-08-31 10:46:36 +00:00
jdarrow 48ee0561fe Belatedly bump libdes shared library major number, due to bump of
libcrypto shared major when we moved from OpenSSL 0.9.5 to 0.9.6.

Add note to libcrypto shlib_version file to remind people to also
update libdes shlib_version.
2002-08-20 13:49:55 +00:00
lukem 91d06a031b More use of ${NETBSDSRCDIR}/some/path instead of ${.CURDIR}/../../some/path 2002-08-19 13:35:05 +00:00
lukem ebb6fc9eb8 Use ${NETBSDSRCDIR}/some/path instead of ${.CURDIR}/../../some/path (etc).
(Reduces make output by ~ 20%)
2002-08-19 09:41:27 +00:00
itojun 6043eb4818 regen manpages 2002-08-09 16:15:36 +00:00
itojun 182c0b6e08 sync with 0.9.6f. prevents DoS attack and regen of manpages. 2002-08-08 23:47:34 +00:00
itojun 151d7bb9f3 regen openssl manpage from 0.9.6e source. 2002-07-31 01:45:20 +00:00