changelog.0_9_7-stable_not-in-head_fips

mediastreamer2是开源的网络传输媒体流的库

	Update ignores.

2004-06-21 11:07  levitte

	Changed:
		fips/aes/Makefile (1.1.4.2), "Exp", lines: +7 -5
		fips/des/Makefile (1.1.4.2), "Exp", lines: +7 -5
		fips/dh/Makefile (1.1.2.2), "Exp", lines: +7 -6
		fips/dsa/Makefile (1.1.4.2), "Exp", lines: +7 -6
		fips/rsa/Makefile (1.1.4.2), "Exp", lines: +7 -6
		fips/sha1/Makefile (1.1.4.2), "Exp", lines: +7 -5

	Make sure we don't try to loop over an empty EXHEADER.	In the
	Makefiles where this was fixed by commenting away code, change it
	to check for an empty EXHEADER instead, so we have less hassle in a
	future where EXHEADER changes.

		PR: 900

2004-06-21 20:05  levitte

	Changed:
		Makefile.org (1.154.2.82), "Exp", lines: +3 -1

	Standard sh doesn't tolerate ! as part of the conditional command.

		PR: 900

2004-06-28 22:33  levitte

	Changed:
		fips/dh/fips_dh_check.c (1.1.2.2), "Exp", lines: +6 -0
		fips/dh/fips_dh_gen.c (1.1.2.2), "Exp", lines: +6 -2
		fips/dh/fips_dh_key.c (1.1.2.2), "Exp", lines: +8 -0

	Make sure the FIPS stuff is only really compiled when in FIPS mode.

2004-07-12 19:59  ben

	Changed:
		fips/fips_test_suite.c (1.1.4.4), "Exp", lines: +39 -6
		fips/dh/fingerprint.sha1 (1.1.2.2), "Exp", lines: +3 -3

	Corrected test program.

2004-07-17 14:48  appro

	Changed:
		fips/des/Makefile (1.1.4.3), "Exp", lines: +1 -1

	Eliminate enforced -g from CFLAGS. It switches off optimization
	with some compilers, e.g. DEC C.

2004-07-21 19:41  steve

	Changed:
		crypto/pem/pem_all.c (1.20.2.1), "Exp", lines: +119 -0

	When in FIPS mode write private keys in PKCS#8 and PBES2 format to
	avoid use of prohibited MD5 algorithm.

2004-07-23 15:20  ben

	Changed:
		fips/rand/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1
		fips/rand/fips_rand.c (1.1.2.7), "Exp", lines: +22 -7
		fips/rand/fips_randtest.c (1.1.2.5), "Exp", lines: +2 -2

	Convert to X9.31.

2004-07-21 19:35  steve

	Changed:
		fips/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1
		fips/fips.c (1.1.2.5), "Exp", lines: +3 -3
		fips/rsa/fingerprint.sha1 (1.1.4.3), "Exp", lines: +1 -1
		fips/rsa/fips_rsa_selftest.c (1.1.4.2), "Exp", lines: +8 -8

	Avoid compiler warnings.

2004-07-27 02:17  steve

	Changed:
		fips/fips_test_suite.c (1.1.4.5), "Exp", lines: +9 -8

	Stop compiler warnings.

2004-07-27 02:20  steve

	Changed:
		crypto/err/err.c (1.51.2.6), "Exp", lines: +1 -0

	Add FIPS name to error library.

2004-07-27 14:22  steve

	Changed:
		Makefile.org (1.154.2.84), "Exp", lines: +3 -3
		fips/fips_check_sha1 (1.1.2.6), "Exp", lines: +1 -1
		fips/openssl_fips_fingerprint (1.1.4.3), "Exp", lines: +1 -1

	Rename libcrypto.sha1 to libcrypto.a.sha1

2004-07-27 20:28  steve

	Changed:
		ssl/s3_lib.c (1.57.2.11), "Exp", lines: +33 -33
		ssl/ssl.h (1.126.2.20), "Exp", lines: +1 -0
		ssl/ssl_ciph.c (1.33.2.9), "Exp", lines: +11 -0
		ssl/ssl_locl.h (1.47.2.3), "Exp", lines: +2 -1

	New cipher "strength" FIPS which specifies that a cipher suite is
	FIPS compatible.

		New cipherstring "FIPS" is all FIPS compatible ciphersuites
	except eNULL.

		Only allow FIPS ciphersuites in FIPS mode.

2004-07-28 04:24  levitte

	Changed:
		makevms.com (1.35.2.6), "Exp", lines: +2 -2

	From the FIPS directory, darnit!

2004-07-28 15:47  levitte

	Changed:
		makevms.com (1.35.2.7), "Exp", lines: +5 -1

	Define OPENSSL_FIPS in opensslconf.h if a logical name with the
	same name is defined.

		Go up one directory level before dealing with FIPS stuff.

2004-07-30 00:26  levitte

	Changed:
		fips/fips-lib.com (1.1.2.2), "Exp", lines: +3 -3

	We're building crypto stuff, not ssl stuff.  Additionally, we're in
	the fips subdirectory, not the crypto one...

2004-07-30 16:37  levitte

	Changed:
		fips/sha1/fingerprint.sha1 (1.1.2.7), "Exp", lines: +2 -2
		fips/sha1/fips_md32_common.h (1.1.2.6), "Exp", lines: +1 -1
		fips/sha1/fips_sha_locl.h (1.1.2.5), "Exp", lines: +2 -2
		fips/sha1/fips_standalone_sha1.c (1.1.2.5), "Exp", lines: +1 -1
		fips/sha1/standalone.sha1 (1.1.2.8), "Exp", lines: +3 -3
		ssl/ssl_ciph.c (1.33.2.10), "Exp", lines: +2 -2
		fips/rsa/fingerprint.sha1 (1.1.4.4), "Exp", lines: +2 -2
		fips/rsa/fips_rsa_eay.c (1.1.4.3), "Exp", lines: +1 -1
		fips/rsa/fips_rsa_gen.c (1.1.4.3), "Exp", lines: +1 -1
		fips/dh/fingerprint.sha1 (1.1.2.3), "Exp", lines: +1 -1
		fips/dh/fips_dh_gen.c (1.1.2.3), "Exp", lines: +1 -1
		fips/dsa/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2
		fips/dsa/fips_dsa_gen.c (1.1.4.3), "Exp", lines: +4 -3
		fips/dsa/fips_dsa_ossl.c (1.1.2.6), "Exp", lines: +2 -2
		fips/des/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2
		fips/des/fips_des_enc.c (1.1.2.5), "Exp", lines: +2 -2
		fips/des/fips_set_key.c (1.1.4.3), "Exp", lines: +3 -3
		fips/fingerprint.sha1 (1.1.2.8), "Exp", lines: +2 -2
		fips/fips.c (1.1.2.6), "Exp", lines: +76 -23
		fips/fips.h (1.1.2.5), "Exp", lines: +2 -3
		fips/fips_locl.h (1.1.4.2), "Exp", lines: +7 -2
		fips/aes/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
		fips/aes/fips_aes_core.c (1.1.2.5), "Exp", lines: +1 -1
		crypto/rand/md_rand.c (1.69.2.5), "Exp", lines: +1 -1
		crypto/rand/rand_lib.c (1.15.2.5), "Exp", lines: +2 -1
		crypto/dsa/dsa_sign.c (1.10.2.6), "Exp", lines: +2 -2
		crypto/dsa/dsa_vrf.c (1.10.2.6), "Exp", lines: +1 -1
		crypto/pem/pem_all.c (1.20.2.2), "Exp", lines: +2 -2
		crypto/cryptlib.c (1.32.2.12), "Exp", lines: +122 -6
		crypto/crypto.h (1.62.2.8), "Exp", lines: +8 -1
		crypto/md32_common.h (1.22.2.7), "Exp", lines: +2 -2

	To protect FIPS-related global variables, add locking mechanisms
	around them.

		NOTE: because two new locks are added, this adds potential
	binary incompatibility with earlier versions in the 0.9.7 series.
	However, those locks will only ever be touched when FIPS_mode_set()
	is called and after, thanks to a variable that's only changed from
	0 to 1 once (when FIPS_mode_set() is called).  So basically, as
	long as FIPS mode hasn't been engaged explicitely by the calling
	application, the new locks are treated as if they didn't exist at
	all, thus not becoming a problem.  Applications that are built or
	rebuilt to use FIPS functionality will need to be recompiled in any
	case, thus not being a problem either.

2004-08-02 16:15  levitte

	Changed:
		crypto/cryptlib.c (1.32.2.13), "Exp", lines: +4 -4

	Let's lock a write lock when changing values, shall we?

		Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk>
	for making me aware of this error.

2004-08-05 20:11  steve

	Changed:
		fips/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1
		fips/fips.c (1.1.2.7), "Exp", lines: +1 -1

	Stop compiler giving bogus shadow warning.

2004-08-09 14:13  levitte

	Changed:
		makevms.com (1.35.2.8), "Exp", lines: +1 -1

	In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM...

2004-08-09 14:14  levitte

	Changed:
		fips/fips-lib.com (1.1.2.3), "Exp", lines: +4 -4

	Correct typos and include directory specifications.

2004-08-10 11:11  levitte

	Changed:
		fips/fips-lib.com (1.1.2.4), "Exp", lines: +2 -1

	Update the VMS fips library builder with the DH library.

2004-08-10 12:04  levitte

	Changed:
		fips/rand/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1
		fips/rand/fips_rand.c (1.1.2.8), "Exp", lines: +7 -1

	With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED
	to get struct timeval and gettimeofday().

2004-09-06 16:19  levitte

	Changed:
		fips/fips.c (1.1.2.8), "Exp", lines: +5 -4

	Replace the bogus checks of n with proper uses of feof(), ferror()
	and clearerr().

2004-09-06 16:21  levitte

	Changed:
		fips/sha1/fips_sha_locl.h (1.1.2.6), "Exp", lines: +2 -2

	num is an unsigned long, but since it was transfered from
	crypto/sha/sha_locl.h, where it is in fact an int, we need to check
	for less-than-zero as if it was an int...

2004-10-08 12:03  ben

	Changed:
		fips/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1
		fips/sha1/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1
		fips/sha1/standalone.sha1 (1.1.2.9), "Exp", lines: +1 -1

	Update fingerprints.

2004-10-14 07:51  levitte

	Changed:
		VMS/mkshared.com (1.3.2.1), "Exp", lines: +8 -0

	We need to check for OPENSSL_FIPS when building shared libraries,
	so we get correct transfer vectors for those functions when
	required.

2004-10-26 13:47  steve

	Changed:
		util/mkfiles.pl (1.12.2.2), "Exp", lines: +1 -0

	Add fips/dh directory to mkfiles.pl

2004-10-26 14:17  levitte

	Changed:
		fips/sha1/Makefile (1.1.4.4), "Exp", lines: +3 -1
		util/mkfiles.pl (1.12.2.3), "Exp", lines: +1 -0
		fips/Makefile (1.1.4.5), "Exp", lines: +7 -1
		crypto/sha/Makefile (1.1.4.4), "Exp", lines: +1 -7

	fips/dh was missing in mkfiles.pl.  make update

2004-10-26 15:01  steve

	Changed:
		util/mkfiles.pl (1.12.2.4), "Exp", lines: +0 -1

	Only add fips/dh once...

2004-11-01 09:20  levitte

	Changed:
		fips/rand/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1
		fips/rand/fips_rand.c (1.1.2.9), "Exp", lines: +3 -1

	Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if
	not already defined.

2004-12-09 19:03  appro

	vChanged:
		crypto/Makefile (1.1.4.4), "Exp", lines: +2 -0

	Postpone linking of shared libcrypto in FIPS build.

2004-12-09 19:13  appro

	Changed:
		fips/fingerprint.sha1 (1.1.2.11), "Exp", lines: +1 -1
		fips/fips.c (1.1.2.9), "Exp", lines: +13 -1
		fips/openssl_fips_fingerprint (1.1.4.4), "Exp", lines: +4 -2

	Cygwin specific FIPS fix-ups.

2004-12-09 23:43  appro

	Changed:
		Configure (1.314.2.100), "Exp", lines: +2 -3
		crypto/des/des_enc.c (1.11.2.5), "Exp", lines: +2 -2

	Eliminate false dependency on 386 config option is FIPS context.
	At the same time limit assembler support to ELF platforms [that's
	what is there, ELF modules].

2004-12-10 12:37  appro

	Changed:
		Configure (1.314.2.101), "Exp", lines: +10 -3
		crypto/des/des_enc.c (1.11.2.6), "Exp", lines: +2 -2

	Respect no-asm with fips option and disable FIPS DES assembler in
	shared context [because it's not PIC].

2004-12-10 14:15  appro

	Changed:
		fips/sha1/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1
		fips/sha1/standalone.sha1 (1.1.2.11), "Exp", lines: +1 -1
		fips/sha1/asm/sx86-elf.s (1.1.4.3), "Exp", lines: +32 -32

	Solaris x86 assembler update.

2004-12-10 17:30  appro

	Changed:
		fips/fips_check_sha1 (1.1.2.7), "Exp", lines: +1 -1
		fips/openssl_fips_fingerprint (1.1.4.5), "Exp", lines: +1 -1
		fips/sha1/Makefile (1.1.4.6), "Exp", lines: +1 -1

	Adapt FIPS sub-tree for mingw.

2005-01-03 18:46  steve

	Changed:
		fips/rsa/fingerprint.sha1 (1.1.4.5), "Exp", lines: +1 -1
		fips/rsa/fips_rsa_selftest.c (1.1.4.3), "Exp", lines: +55 -11

	RSA KAT.

2005-01-11 17:54  levitte

	Changed: