oweals/openssl.git
25 years agoDelete all the old X509V3 pack and unpack stuff and various structures and
Dr. Stephen Henson [Tue, 13 Apr 1999 23:56:39 +0000 (23:56 +0000)]
Delete all the old X509V3 pack and unpack stuff and various structures and
files associated with them. This stuff is all obsoleted by the new X509V3 code.

25 years agoSSL_ALLOW_ENULL was renamed to SSL_FORBID_ENULL some time ago by Ben.
Ralf S. Engelschall [Tue, 13 Apr 1999 11:01:44 +0000 (11:01 +0000)]
SSL_ALLOW_ENULL was renamed to SSL_FORBID_ENULL some time ago by Ben.

25 years agoSubmitted by:
Bodo Möller [Tue, 13 Apr 1999 02:32:38 +0000 (02:32 +0000)]
Submitted by:
Reviewed by:
PR:

25 years agoNew Configure option "rsaref".
Ulf Möller [Tue, 13 Apr 1999 00:58:49 +0000 (00:58 +0000)]
New Configure option "rsaref".

25 years agoDon#t auto-generate crypto/pem/pem.h -- a fixed file is fine for it.
Bodo Möller [Mon, 12 Apr 1999 19:58:17 +0000 (19:58 +0000)]
Don#t auto-generate crypto/pem/pem.h -- a fixed file is fine for it.

Submitted by:
Reviewed by:
PR:

25 years agoAdd type-safe STACKs and SETs.
Ben Laurie [Mon, 12 Apr 1999 17:23:57 +0000 (17:23 +0000)]
Add type-safe STACKs and SETs.

25 years agogcc claims this is a shadow, though I can't find what it is shadowing...
Ben Laurie [Mon, 12 Apr 1999 17:17:39 +0000 (17:17 +0000)]
gcc claims this is a shadow, though I can't find what it is shadowing...

25 years agoAdd `openssl ca -revoke <certfile>' facility which revokes a certificate
Ralf S. Engelschall [Mon, 12 Apr 1999 11:45:14 +0000 (11:45 +0000)]
Add `openssl ca -revoke <certfile>' facility which revokes a certificate
specified in <certfile> by updating the entry in the index.txt file.
This way one no longer has to edit the index.txt file manually for
revoking a certificate. The -revoke option does the gory details now.

Submitted by: Massimiliano Pala <madwolf@openca.org>
Cleaned up and integrated by: Ralf S. Engelschall

25 years agoFix `openssl crl -noout -text' combination where `-noout' killed the `-text'
Ralf S. Engelschall [Mon, 12 Apr 1999 10:36:16 +0000 (10:36 +0000)]
Fix `openssl crl -noout -text' combination where `-noout' killed the `-text'
option at all and this way the `-noout -text' combination was inconsistent in
`openssl crl' with the friends in `openssl x509|rsa|dsa'.

25 years agoMake sure a corresponding plain text error message exists for the
Ralf S. Engelschall [Mon, 12 Apr 1999 09:59:05 +0000 (09:59 +0000)]
Make sure a corresponding plain text error message exists for the
X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
verify callback function determined that a certificate was revoked.

25 years agoObsoleted by new openssl command "list-cipher-commands".
Bodo Möller [Sun, 11 Apr 1999 02:52:44 +0000 (02:52 +0000)]
Obsoleted by new openssl command "list-cipher-commands".
Submitted by:
Reviewed by:
PR:

25 years agoSubmitted by:
Bodo Möller [Sun, 11 Apr 1999 02:49:35 +0000 (02:49 +0000)]
Submitted by:
Reviewed by:
PR:

25 years agoFix a few typos and tabs while I'm poking around in ca.c...
Ralf S. Engelschall [Sat, 10 Apr 1999 13:15:38 +0000 (13:15 +0000)]
Fix a few typos and tabs while I'm poking around in ca.c...

25 years agoRid the world of yet more evil casts.
Ben Laurie [Sat, 10 Apr 1999 12:09:17 +0000 (12:09 +0000)]
Rid the world of yet more evil casts.

25 years agoAdjust renegotiation slightly.
Ben Laurie [Sat, 10 Apr 1999 12:08:46 +0000 (12:08 +0000)]
Adjust renegotiation slightly.

25 years agoFix a typo in the X.509v3 docs: cRLSign instead of cRLCertSign is correct
Ralf S. Engelschall [Sat, 10 Apr 1999 11:33:28 +0000 (11:33 +0000)]
Fix a typo in the X.509v3 docs: cRLSign instead of cRLCertSign is correct
according to the sources.... found by Steffen Dettmer <steffen@tfh-berlin.de>.

25 years agoRid the world of more evil casts.
Ben Laurie [Sat, 10 Apr 1999 10:36:19 +0000 (10:36 +0000)]
Rid the world of more evil casts.

25 years agoInstall signal handler if we are using sigaction.
Ben Laurie [Sat, 10 Apr 1999 10:21:44 +0000 (10:21 +0000)]
Install signal handler if we are using sigaction.

25 years agoBugfix: s_client occasionally would sleep in select() when it should
Bodo Möller [Fri, 9 Apr 1999 20:54:25 +0000 (20:54 +0000)]
Bugfix: s_client occasionally would sleep in select() when it should
have checked SSL_pending() first.
Submitted by:
Reviewed by:
PR:

25 years agorecent changes.
Ulf Möller [Fri, 9 Apr 1999 17:04:32 +0000 (17:04 +0000)]
recent changes.

25 years agoTest PKCS#1 v1.5 padding as well.
Ulf Möller [Fri, 9 Apr 1999 16:26:37 +0000 (16:26 +0000)]
Test PKCS#1 v1.5 padding as well.

25 years agoUse Perl 5 even if Perl 4 comes first in the search path.
Ulf Möller [Fri, 9 Apr 1999 16:25:25 +0000 (16:25 +0000)]
Use Perl 5 even if Perl 4 comes first in the search path.

25 years agoSeparate DSA functionality from ASN.1 encoding.
Ulf Möller [Fri, 9 Apr 1999 16:24:32 +0000 (16:24 +0000)]
Separate DSA functionality from ASN.1 encoding.
New functions DSA_do_sign and DSA_do_verify to provide access to
the raw DSA values.

25 years agoPreprocessor file to allow testenc to test only those ciphers
Bodo Möller [Fri, 9 Apr 1999 10:44:50 +0000 (10:44 +0000)]
Preprocessor file to allow testenc to test only those ciphers
that are available.
Submitted by:
Reviewed by:
PR:

25 years agoTiny comment to improve code comprehensibility.
Bodo Möller [Fri, 9 Apr 1999 07:12:17 +0000 (07:12 +0000)]
Tiny comment to improve code comprehensibility.
Submitted by:
Reviewed by:
PR:

25 years agoAdd PKCS#5 v2.0 ASN1 structures.
Dr. Stephen Henson [Thu, 8 Apr 1999 23:55:42 +0000 (23:55 +0000)]
Add PKCS#5 v2.0 ASN1 structures.

25 years agoBugs.
Ulf Möller [Thu, 8 Apr 1999 20:45:53 +0000 (20:45 +0000)]
Bugs.

25 years agoNew "open issue" (ERR_...).
Bodo Möller [Thu, 8 Apr 1999 20:29:19 +0000 (20:29 +0000)]
New "open issue" (ERR_...).

Submitted by:
Reviewed by:
PR:

25 years agoAvoid error message about missing gcc.
Ulf Möller [Thu, 8 Apr 1999 19:51:16 +0000 (19:51 +0000)]
Avoid error message about missing gcc.

Submitted by: Niels Poppe <niels@netbox.org>

25 years agoBe more optimistic about the availability of termios for ~ECHO,
Bodo Möller [Thu, 8 Apr 1999 17:10:27 +0000 (17:10 +0000)]
Be more optimistic about the availability of termios for ~ECHO,
because sgtty emulation tends to fail on various systems.
Submitted by:
Reviewed by:
PR:

25 years agoBad dependencies.
Ulf Möller [Thu, 8 Apr 1999 15:19:36 +0000 (15:19 +0000)]
Bad dependencies.

25 years agoTest RSA after the BN library it is based on.
Ulf Möller [Thu, 8 Apr 1999 15:09:24 +0000 (15:09 +0000)]
Test RSA after the BN library it is based on.

Submitted by: Anonymous <nobody@replay.com>

25 years agoFix linux-mips entry.
Ulf Möller [Thu, 8 Apr 1999 00:10:19 +0000 (00:10 +0000)]
Fix linux-mips entry.

Submitted by: Niels Poppe <niels@netbox.org>

25 years agobn_div_words has been added to alpha.s (Hannes Reinecke's patch).
Ulf Möller [Wed, 7 Apr 1999 23:37:33 +0000 (23:37 +0000)]
bn_div_words has been added to alpha.s (Hannes Reinecke's patch).

25 years agoMore assembler problems; new OCSP patch; obsolete patches removed from
Ulf Möller [Wed, 7 Apr 1999 17:31:11 +0000 (17:31 +0000)]
More assembler problems; new OCSP patch; obsolete patches removed from
list.

25 years agoBug fix for X.509 two-digit year.
Ulf Möller [Tue, 6 Apr 1999 15:29:54 +0000 (15:29 +0000)]
Bug fix for X.509 two-digit year.

Pointed out by Alexander Tyshlek <tyshlek@fuib.com> and Peter Gutmann
<pgut001@cs.auckland.ac.nz>

25 years agoRemove obsolete files from SSLeay 0.8.
Ulf Möller [Tue, 6 Apr 1999 15:22:55 +0000 (15:22 +0000)]
Remove obsolete files from SSLeay 0.8.

25 years agoDon't shadow.
Ben Laurie [Sat, 3 Apr 1999 14:52:01 +0000 (14:52 +0000)]
Don't shadow.

25 years agoAvoid EADDRINUSE for s_server.
Bodo Möller [Fri, 2 Apr 1999 23:35:43 +0000 (23:35 +0000)]
Avoid EADDRINUSE for s_server.

Submitted by:
Reviewed by:
PR:

25 years agoDid a 'make errors' to update asn1 error codes now typo is fixed
Dr. Stephen Henson [Thu, 1 Apr 1999 23:42:53 +0000 (23:42 +0000)]
Did a 'make errors' to update asn1 error codes now typo is fixed

25 years agoDelete some auto generated files and correct a typo in crypto/asn1/p5_pbe.c
Dr. Stephen Henson [Thu, 1 Apr 1999 23:18:05 +0000 (23:18 +0000)]
Delete some auto generated files and correct a typo in crypto/asn1/p5_pbe.c

25 years agoInclude bn.h instead of defining BIGNUM as char.
Ulf Möller [Thu, 1 Apr 1999 20:05:04 +0000 (20:05 +0000)]
Include bn.h instead of defining BIGNUM as char.

25 years agoUpdate dependencies.
Ben Laurie [Thu, 1 Apr 1999 15:51:21 +0000 (15:51 +0000)]
Update dependencies.

25 years agoRemove obsolete files.
Ulf Möller [Thu, 1 Apr 1999 13:34:22 +0000 (13:34 +0000)]
Remove obsolete files.

25 years agoPointer to Ariel Glenn's SSLeay documentation.
Ulf Möller [Thu, 1 Apr 1999 13:09:56 +0000 (13:09 +0000)]
Pointer to Ariel Glenn's SSLeay documentation.

25 years agoNew Makefile variables $(RANLIB) and $(PERL).
Ulf Möller [Thu, 1 Apr 1999 12:34:33 +0000 (12:34 +0000)]
New Makefile variables $(RANLIB) and $(PERL).

25 years agopre-0.9.3 development version.
Ulf Möller [Thu, 1 Apr 1999 11:58:28 +0000 (11:58 +0000)]
pre-0.9.3 development version.

25 years agoAdd .cvsignore in new pkcs12 directory
Ralf S. Engelschall [Thu, 1 Apr 1999 10:24:51 +0000 (10:24 +0000)]
Add .cvsignore in new pkcs12 directory

25 years agoDon't shadow.
Ben Laurie [Thu, 1 Apr 1999 10:17:35 +0000 (10:17 +0000)]
Don't shadow.

25 years agoNew option to generate 80386 code.
Ulf Möller [Wed, 31 Mar 1999 12:38:27 +0000 (12:38 +0000)]
New option to generate 80386 code.

25 years agoNew option "-showcerts" for s_client
Bodo Möller [Wed, 31 Mar 1999 12:06:30 +0000 (12:06 +0000)]
New option "-showcerts" for s_client

Slight cleanup in ssl/

25 years agoRemove file that is to be auto-generated by sha1-586.pl.
Ulf Möller [Tue, 30 Mar 1999 18:41:16 +0000 (18:41 +0000)]
Remove file that is to be auto-generated by sha1-586.pl.

PR:

25 years agoTypo.
Ulf Möller [Tue, 30 Mar 1999 16:17:03 +0000 (16:17 +0000)]
Typo.

PR:

25 years agoNew switch "386" to generate 80386 code (emulate bswap).
Ulf Möller [Tue, 30 Mar 1999 12:49:36 +0000 (12:49 +0000)]
New switch "386" to generate 80386 code (emulate bswap).

25 years agoRemove deleted PKCS#12 functions from pkcs12.h, get rid of object creation
Dr. Stephen Henson [Mon, 29 Mar 1999 22:18:54 +0000 (22:18 +0000)]
Remove deleted PKCS#12 functions from pkcs12.h, get rid of object creation
kludge, remove CRs from ssl_ciph.c and update Win32 functions for PKCS#12
code. It might compile under Win32 now ...

25 years agoInclude pkcs12 program as part of openssl. This completes most of the PKCS#12
Dr. Stephen Henson [Mon, 29 Mar 1999 17:50:26 +0000 (17:50 +0000)]
Include pkcs12 program as part of openssl. This completes most of the PKCS#12
integration.

25 years agoAdded comments to des_enc_{read,write} functions warning about their
Bodo Möller [Mon, 29 Mar 1999 16:07:36 +0000 (16:07 +0000)]
Added comments to des_enc_{read,write} functions warning about their
cryptographic weakness (IV reuse).

25 years agoVarious PKCS#12 related tidies and fixes: it might even compile now :-)
Dr. Stephen Henson [Mon, 29 Mar 1999 00:19:55 +0000 (00:19 +0000)]
Various PKCS#12 related tidies and fixes: it might even compile now :-)

25 years agoYet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add
Dr. Stephen Henson [Sun, 28 Mar 1999 23:17:34 +0000 (23:17 +0000)]
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add
them to the build environment.

25 years agoFurther PKCS#12 integration, PBE, PKCS#8 additions.
Dr. Stephen Henson [Sun, 28 Mar 1999 17:46:10 +0000 (17:46 +0000)]
Further PKCS#12 integration, PBE, PKCS#8 additions.

25 years agoThis is the beginning of PKCS#12 integration. This just adds the PKCS#12
Dr. Stephen Henson [Sun, 28 Mar 1999 01:00:56 +0000 (01:00 +0000)]
This is the beginning of PKCS#12 integration. This just adds the PKCS#12
objects to objects.h

NOTE: during this integration it will not be possible to compile my PKCS#12
program against OpenSSL because there will be conflicts between the external
functionality and that being added to the core code.

25 years agoextranet file added...
Dr. Stephen Henson [Sat, 27 Mar 1999 14:07:44 +0000 (14:07 +0000)]
extranet file added...

25 years agoAdd initial support for Thawte strong extranet certificate extensions and
Dr. Stephen Henson [Sat, 27 Mar 1999 14:06:25 +0000 (14:06 +0000)]
Add initial support for Thawte strong extranet certificate extensions and
include an 'indent' option to V3 stuff.

25 years agoLinux PPC support.
Ben Laurie [Sat, 27 Mar 1999 13:03:37 +0000 (13:03 +0000)]
Linux PPC support.

25 years agoFix Alpha assembler, remove redundant file.
Ben Laurie [Sat, 27 Mar 1999 12:53:21 +0000 (12:53 +0000)]
Fix Alpha assembler, remove redundant file.

25 years agoMake sure the RSA OAEP test is skipped under -DRSAref because
Ralf S. Engelschall [Thu, 25 Mar 1999 07:49:33 +0000 (07:49 +0000)]
Make sure the RSA OAEP test is skipped under -DRSAref because
OAEP isn't supported when OpenSSL is built with RSAref.

Submitted by: Ulf Moeller <ulf@fitug.de>
Reviewed by: Ralf S. Engelschall

25 years agoMove definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h
Ralf S. Engelschall [Wed, 24 Mar 1999 10:24:35 +0000 (10:24 +0000)]
Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h
so they no longer are missing under -DNOPROTO.

Submitted by: Soren S. Jorvang <soren@t.dk>
Reviewed by: Ralf S. Engelschall

25 years agoUpdate after release...
Ralf S. Engelschall [Tue, 23 Mar 1999 14:48:59 +0000 (14:48 +0000)]
Update after release...

25 years agoTypo
Ralf S. Engelschall [Tue, 23 Mar 1999 07:33:13 +0000 (07:33 +0000)]
Typo

25 years agoOps, interrupted commit. Fixed OpenSSL_0_9_2b
Ralf S. Engelschall [Mon, 22 Mar 1999 16:27:02 +0000 (16:27 +0000)]
Ops, interrupted commit. Fixed

25 years agoupdate list
Ralf S. Engelschall [Mon, 22 Mar 1999 15:56:31 +0000 (15:56 +0000)]
update list

25 years agoMerge ext-conf.txt and buffer.txt into a global openssl.txt because we
Ralf S. Engelschall [Mon, 22 Mar 1999 15:55:01 +0000 (15:55 +0000)]
Merge ext-conf.txt and buffer.txt into a global openssl.txt because we
shouldn't again start with thousend little text files or we quickly come back
to the old SSLeay days ;-)

25 years agoAdd two recently added functions
Ralf S. Engelschall [Mon, 22 Mar 1999 15:53:08 +0000 (15:53 +0000)]
Add two recently added functions

25 years agofunction names recently changed - consistency.
Ralf S. Engelschall [Mon, 22 Mar 1999 15:50:34 +0000 (15:50 +0000)]
function names recently changed - consistency.

25 years agoOne more 0.9.2b
Ralf S. Engelschall [Mon, 22 Mar 1999 15:44:10 +0000 (15:44 +0000)]
One more 0.9.2b

25 years agoFinal polishing for README file
Ralf S. Engelschall [Mon, 22 Mar 1999 15:38:59 +0000 (15:38 +0000)]
Final polishing for README file

25 years agoAdd latest changes to NEWS file
Ralf S. Engelschall [Mon, 22 Mar 1999 15:38:12 +0000 (15:38 +0000)]
Add latest changes to NEWS file

25 years agoBring style of INSTALL* documents in sync with README file
Ralf S. Engelschall [Mon, 22 Mar 1999 15:36:37 +0000 (15:36 +0000)]
Bring style of INSTALL* documents in sync with README file
and fix some inconsistencies.

25 years agoRemove up_ver.pl call
Ralf S. Engelschall [Mon, 22 Mar 1999 15:02:34 +0000 (15:02 +0000)]
Remove up_ver.pl call

25 years agoup_ver.pl is now obsolete
Ralf S. Engelschall [Mon, 22 Mar 1999 15:01:30 +0000 (15:01 +0000)]
up_ver.pl is now obsolete

25 years agoMore 0.9.2 -> 0.9.2b
Ralf S. Engelschall [Mon, 22 Mar 1999 14:57:24 +0000 (14:57 +0000)]
More 0.9.2 -> 0.9.2b

25 years agoBe consistent: 0.9.2b
Ralf S. Engelschall [Mon, 22 Mar 1999 14:54:52 +0000 (14:54 +0000)]
Be consistent: 0.9.2b

25 years agoRemove obsolete references to SSLeay and change default PLATFORM from
Ralf S. Engelschall [Mon, 22 Mar 1999 14:45:08 +0000 (14:45 +0000)]
Remove obsolete references to SSLeay and change default PLATFORM from
"FreeBSD" to the generic "dist" as it's done implicitly by "make dist".

25 years agoPrint a little bit more information
Ralf S. Engelschall [Mon, 22 Mar 1999 14:38:33 +0000 (14:38 +0000)]
Print a little bit more information

25 years agoFix security hole.
Ben Laurie [Mon, 22 Mar 1999 12:22:14 +0000 (12:22 +0000)]
Fix security hole.

25 years agoAdd missing pipe char to "make dist" target.
Ralf S. Engelschall [Sat, 20 Mar 1999 13:49:32 +0000 (13:49 +0000)]
Add missing pipe char to "make dist" target.
Found by Richard Levitte <levitte@stacken.kth.se>

25 years agoRemove confusing hint to non-existing file. Instead make it clear that one
Ralf S. Engelschall [Sat, 20 Mar 1999 13:17:22 +0000 (13:17 +0000)]
Remove confusing hint to non-existing file.  Instead make it clear that one
shouldn't change it manually just here. The util/ssldir.pl script does more
and has to be used for this.  Pointed out by Jacques Supcik
<supcik@inf.ethz.ch>.

25 years agoSome more source tree cleanups (removed obsolete files crypto/bf/asm/bf586.pl,
Ralf S. Engelschall [Sat, 20 Mar 1999 13:04:12 +0000 (13:04 +0000)]
Some more source tree cleanups (removed obsolete files crypto/bf/asm/bf586.pl,
test/test.txt and crypto/sha/asm/f.s; changed permission on "config" script to
be executable) and a fix for the INSTALL document.

Submitted by: Ulf Moeller <ulf@fitug.de>
Reviewed by: Ralf S. Engelschall

25 years agoComment out the lines that generated by mk1mf.pl include three separate rules
Dr. Stephen Henson [Wed, 17 Mar 1999 23:30:39 +0000 (23:30 +0000)]
Comment out the lines that generated by mk1mf.pl include three separate rules
that are equivalent to $(OUT_D). This was what was causing the 'too many rules'
warning under VC++.

25 years agoUsing int for the digest length in EVP_DigestFinal() broke some compilers.
Dr. Stephen Henson [Sun, 14 Mar 1999 13:31:42 +0000 (13:31 +0000)]
Using int for the digest length in EVP_DigestFinal() broke some compilers.
Changed to unsigned int: also need an evil cast in pk7_doit.c because a
signed, unsigned comparison chokes VC++.

25 years agoRemove some references which called malloc and free instead of Malloc and Free.
Dr. Stephen Henson [Sun, 14 Mar 1999 01:16:45 +0000 (01:16 +0000)]
Remove some references which called malloc and free instead of Malloc and Free.

25 years agoDelete Win32 test with testreq.pem and req: there is already a test with
Dr. Stephen Henson [Fri, 12 Mar 1999 22:59:13 +0000 (22:59 +0000)]
Delete Win32 test with testreq.pem and req: there is already a test with
testreq2.pem.

25 years agoFail if test fails.
Ben Laurie [Fri, 12 Mar 1999 20:41:09 +0000 (20:41 +0000)]
Fail if test fails.

25 years agoUpdate dependencies.
Ben Laurie [Fri, 12 Mar 1999 20:33:26 +0000 (20:33 +0000)]
Update dependencies.

25 years agoAllow bsdi-gcc - see if it gets anyone anywhere.
Ben Laurie [Fri, 12 Mar 1999 20:31:13 +0000 (20:31 +0000)]
Allow bsdi-gcc - see if it gets anyone anywhere.

25 years agoSolaris shared library support.
Ben Laurie [Fri, 12 Mar 1999 20:26:27 +0000 (20:26 +0000)]
Solaris shared library support.

25 years agoThis is now generated, it seems.
Ben Laurie [Fri, 12 Mar 1999 20:19:45 +0000 (20:19 +0000)]
This is now generated, it seems.

25 years agoUse the right compiler for ctx_size.
Ben Laurie [Fri, 12 Mar 1999 19:58:43 +0000 (19:58 +0000)]
Use the right compiler for ctx_size.

25 years agoDelete NULL ciphers from 'ALL' in the cipher list aliases. This means that
Dr. Stephen Henson [Fri, 12 Mar 1999 01:43:28 +0000 (01:43 +0000)]
Delete NULL ciphers from 'ALL' in the cipher list aliases. This means that
NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This
prevents cipher lists from inadvertantly having NULL ciphers at the top
of their list (e.g. the default ones) because they didn't have to be taken
into account before.

25 years agoFix for RSA private key encryption if p < q. This took ***ages*** to track down.
Dr. Stephen Henson [Thu, 11 Mar 1999 02:42:13 +0000 (02:42 +0000)]
Fix for RSA private key encryption if p < q. This took ***ages*** to track down.