Ben Laurie [Tue, 29 Jul 2003 14:06:02 +0000 (14:06 +0000)]
Reformat.
Ben Laurie [Tue, 29 Jul 2003 13:24:27 +0000 (13:24 +0000)]
The rest of the keysizes for CFB1, working AES AVS test for CFB1.
Ben Laurie [Tue, 29 Jul 2003 10:56:56 +0000 (10:56 +0000)]
Working CFB1 and test vectors.
Ben Laurie [Mon, 28 Jul 2003 15:08:00 +0000 (15:08 +0000)]
Add support for partial CFB modes, make tests work, update dependencies.
Ben Laurie [Mon, 28 Jul 2003 09:56:08 +0000 (09:56 +0000)]
New fingerprints.
Ben Laurie [Sun, 27 Jul 2003 21:13:35 +0000 (21:13 +0000)]
Build when not FIPS.
Ben Laurie [Sun, 27 Jul 2003 17:23:08 +0000 (17:23 +0000)]
Build in non-FIPS mode.
Ben Laurie [Sun, 27 Jul 2003 17:19:28 +0000 (17:19 +0000)]
Use unified diff.
Ben Laurie [Sun, 27 Jul 2003 17:00:51 +0000 (17:00 +0000)]
Unfinished FIPS stuff for review/improvement.
Ben Laurie [Sun, 27 Jul 2003 13:46:57 +0000 (13:46 +0000)]
Add untested CFB-r mode. Will be tested soon.
Bodo Möller [Mon, 21 Jul 2003 15:17:49 +0000 (15:17 +0000)]
tolerate extra data at end of client hello for SSL 3.0
PR: 659
Bodo Möller [Mon, 21 Jul 2003 15:08:03 +0000 (15:08 +0000)]
fix: 0.9.7 is based on 0.9.6h, not on 0.9.6k
typo in 0.9.6k section
Richard Levitte [Fri, 4 Jul 2003 11:41:15 +0000 (11:41 +0000)]
Make sure openssl.pc is readable by everyone.
PR: 654
Richard Levitte [Thu, 3 Jul 2003 21:43:39 +0000 (21:43 +0000)]
Add a slash so grep doesn't return both ./crypto/bio/bss_mem.o and
./crypto/mem.o when we're looking for mem.o.
Richard Levitte [Thu, 3 Jul 2003 20:50:46 +0000 (20:50 +0000)]
Oops, I forgot to replace 'counter' with 'ivec' when used...
Richard Levitte [Thu, 3 Jul 2003 07:46:54 +0000 (07:46 +0000)]
The convenience argumetn for -nameopt and -certopt is ca_default, not
default_ca.
PR: 653
Richard Levitte [Thu, 3 Jul 2003 06:42:45 +0000 (06:42 +0000)]
The 'counter' is really the IV.
Richard Levitte [Thu, 3 Jul 2003 06:41:33 +0000 (06:41 +0000)]
Change AES-CTR to increment the IV by 1 instead of 2^64.
Lutz Jänicke [Thu, 26 Jun 2003 14:03:33 +0000 (14:03 +0000)]
Clarify wording of verify_callback() behaviour.
Richard Levitte [Thu, 26 Jun 2003 11:58:04 +0000 (11:58 +0000)]
Only remove old files if they exist. [Maing32].
Notified by Michael Gerdau <mgd@technosis.de>
Dr. Stephen Henson [Tue, 24 Jun 2003 17:12:22 +0000 (17:12 +0000)]
Return EOF when an S/MIME part have been read.
Richard Levitte [Thu, 19 Jun 2003 22:26:29 +0000 (22:26 +0000)]
make update
Richard Levitte [Thu, 19 Jun 2003 19:04:20 +0000 (19:04 +0000)]
Document the last change.
PR: 587
Richard Levitte [Thu, 19 Jun 2003 19:01:11 +0000 (19:01 +0000)]
Prepare for changes in the 0.9.6 branch
Richard Levitte [Thu, 19 Jun 2003 18:59:30 +0000 (18:59 +0000)]
Prepare for changes in the 0.9.6 branch
Richard Levitte [Thu, 19 Jun 2003 18:55:56 +0000 (18:55 +0000)]
We set the export flag for 512 *bit* keys, not 512 *byte* ones.
PR: 587
Richard Levitte [Thu, 19 Jun 2003 17:50:27 +0000 (17:50 +0000)]
Typo.
Richard Levitte [Thu, 19 Jun 2003 17:01:42 +0000 (17:01 +0000)]
EXIT() should mainly be exit(n), not return(n). OPENSSL_EXIT() will
take care of returning if necessary.
Richard Levitte [Thu, 12 Jun 2003 01:04:12 +0000 (01:04 +0000)]
Typo.
PR: 584
Richard Levitte [Thu, 12 Jun 2003 00:57:27 +0000 (00:57 +0000)]
Do not try to use non-existent gmtime_r() on SunOS4.
PR: 585
Richard Levitte [Thu, 12 Jun 2003 00:56:33 +0000 (00:56 +0000)]
Make sure ssize_t is defined on SunOS4.
PR: 585
Richard Levitte [Thu, 12 Jun 2003 00:51:59 +0000 (00:51 +0000)]
Make sure DSO-dlfcn works properly on SunOS4.
PR: 585
Richard Levitte [Wed, 11 Jun 2003 22:45:55 +0000 (22:45 +0000)]
Typo.
PR: 593
Richard Levitte [Wed, 11 Jun 2003 21:22:34 +0000 (21:22 +0000)]
Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[].
PR: 617
Richard Levitte [Wed, 11 Jun 2003 19:44:40 +0000 (19:44 +0000)]
Handle des_modes.pod properly.
PR: 634
Richard Levitte [Wed, 11 Jun 2003 18:43:49 +0000 (18:43 +0000)]
Make sure to NUL-terminate the string on end-of-file (and error)
PR: 643
Richard Levitte [Tue, 10 Jun 2003 04:42:42 +0000 (04:42 +0000)]
Document the AES_cbc_encrypt() change
Richard Levitte [Tue, 10 Jun 2003 04:11:46 +0000 (04:11 +0000)]
The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting
Geoff Thorpe [Fri, 6 Jun 2003 17:53:24 +0000 (17:53 +0000)]
This memset() in the ubsec ENGINE is a bug. Zeroing out the result array
should not be necessary in any case, but more importantly the result and
input BIGNUMs could be the same, in which case this is clearly a problem.
Submitted by: Jonathan Hersch
Reviewed by: Joe Orton
Approved by: Geoff Thorpe
Dr. Stephen Henson [Wed, 4 Jun 2003 00:40:47 +0000 (00:40 +0000)]
Really get X509_CRL_CHECK_ALL right this time...
Lutz Jänicke [Tue, 3 Jun 2003 09:59:10 +0000 (09:59 +0000)]
Clarify return value of SSL_connect() and SSL_accept() in case of the
WANT_READ and WANT_WRITE conditions.
Dr. Stephen Henson [Tue, 3 Jun 2003 00:11:37 +0000 (00:11 +0000)]
Move the base64 BIO fixes to 0.9.7-stable
Dr. Stephen Henson [Mon, 2 Jun 2003 17:52:19 +0000 (17:52 +0000)]
Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect
results if CR+LF straddles the line buffer.
Dr. Stephen Henson [Mon, 2 Jun 2003 01:03:08 +0000 (01:03 +0000)]
Stop checking for CRLF when start of buffer is reached.
Dr. Stephen Henson [Sun, 1 Jun 2003 20:45:44 +0000 (20:45 +0000)]
Various S/MIME bug and compatibility fixes.
Lutz Jänicke [Fri, 30 May 2003 07:45:50 +0000 (07:45 +0000)]
Clarify ordering of certificates when using certificate chains
Richard Levitte [Thu, 29 May 2003 22:22:34 +0000 (22:22 +0000)]
Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration
macros get properly defined.
Richard Levitte [Thu, 29 May 2003 22:20:57 +0000 (22:20 +0000)]
Have ASFLAGS be defined the same way as CFLAGS
Richard Levitte [Thu, 29 May 2003 20:59:30 +0000 (20:59 +0000)]
PR: 630
Avoid looking outside the key_data array.
Lutz Jänicke [Wed, 28 May 2003 20:24:20 +0000 (20:24 +0000)]
Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before)
Submitted by: dg@sunet.ru (Daniel Ginsburg)
PR: #613
Lutz Jänicke [Wed, 28 May 2003 19:56:04 +0000 (19:56 +0000)]
Move header file inclusion to prevent irritation of users forgetting to
call "make depend" after enabling or disabling ciphers...
Submitted by: Tal Mozes <talm@cyber-ark.com>
PR: #628
Dr. Stephen Henson [Wed, 28 May 2003 17:28:42 +0000 (17:28 +0000)]
PR: 627
Allocate certificatePolicies correctly if CPS field is absent.
Fix various memory leaks in certificatePolicies.
Dr. Stephen Henson [Wed, 28 May 2003 16:57:22 +0000 (16:57 +0000)]
PR: 631
Submitted by: Doug Sauder <dws+001@hunnysoft.com>
Fix bug in X509V3_get_d2i() when idx in not NULL.
Richard Levitte [Wed, 28 May 2003 10:34:04 +0000 (10:34 +0000)]
Make sure to compare unsigned against unsigned.
Richard Levitte [Wed, 21 May 2003 14:29:33 +0000 (14:29 +0000)]
Fix sign bugs.
PR: 621
Richard Levitte [Wed, 21 May 2003 08:40:18 +0000 (08:40 +0000)]
Make sure EC_window_bits_for_scalar_size() returns a size_t
Dr. Stephen Henson [Sun, 18 May 2003 23:10:22 +0000 (23:10 +0000)]
Fix docs.
Dr. Stephen Henson [Wed, 7 May 2003 23:20:41 +0000 (23:20 +0000)]
Add correct DN entry for serialNumber.
Richard Levitte [Wed, 7 May 2003 12:02:34 +0000 (12:02 +0000)]
/usr/lib/pkgconfig/openssl.pc was never installed in the RPM.
Notified by Bennett Todd <bet@rahul.net>.
Richard Levitte [Wed, 7 May 2003 11:38:13 +0000 (11:38 +0000)]
DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function
called downstream that need it to be non-const. The fact that the RSA_METHOD
functions take the RSA* as a const doesn't matter, it just expresses that
*they* won't touch it.
PR: 602
Richard Levitte [Mon, 5 May 2003 13:55:23 +0000 (13:55 +0000)]
Constify RSA_sign() and RSA_verify().
PR: 602
Dr. Stephen Henson [Fri, 2 May 2003 11:42:17 +0000 (11:42 +0000)]
Typo.
Bodo Möller [Tue, 22 Apr 2003 12:44:58 +0000 (12:44 +0000)]
fix typo
Submitted by: Nils Larsch
Richard Levitte [Mon, 21 Apr 2003 22:00:49 +0000 (22:00 +0000)]
Make it possible to affect the extension of man pages.
PR: 578
Richard Levitte [Wed, 16 Apr 2003 06:25:29 +0000 (06:25 +0000)]
Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.
Memory leak fix: RSA_blinding_on() would leave a dangling pointer in
rsa->blinding under certain circumstances.
Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.
Richard Levitte [Tue, 15 Apr 2003 13:01:50 +0000 (13:01 +0000)]
Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()
Bodo Möller [Fri, 11 Apr 2003 15:01:42 +0000 (15:01 +0000)]
include 'Changes between 0.9.6i and 0.9.6j'
Richard Levitte [Thu, 10 Apr 2003 20:40:19 +0000 (20:40 +0000)]
The release is tagged, time to work on 0.9.7c.
Richard Levitte [Thu, 10 Apr 2003 20:37:53 +0000 (20:37 +0000)]
Include the 0.9.6j news.
This file will be retagged.
Richard Levitte [Thu, 10 Apr 2003 20:29:08 +0000 (20:29 +0000)]
Forgot to code the status bits for release. This file will be
retagged.
Richard Levitte [Thu, 10 Apr 2003 20:22:15 +0000 (20:22 +0000)]
Time to release 0.9.7b.
The tag will be OpenSSL_0_9_7b.
Richard Levitte [Thu, 10 Apr 2003 20:10:22 +0000 (20:10 +0000)]
make update.
Richard Levitte [Thu, 10 Apr 2003 19:33:11 +0000 (19:33 +0000)]
New NEWS
Richard Levitte [Thu, 10 Apr 2003 19:11:35 +0000 (19:11 +0000)]
Remove all those infernal stupid CR characters
Richard Levitte [Thu, 10 Apr 2003 18:36:34 +0000 (18:36 +0000)]
There's a problem building shared libraries on the sco5-gcc target. However,
it's time for a release, so I'm just adding an enty in PROBLEMS, and will
hopefully solve this for a later release
Richard Levitte [Thu, 10 Apr 2003 05:46:55 +0000 (05:46 +0000)]
Explicitely tell the compiler we're mips3 for the target irix-mips3-cc.
Dr. Stephen Henson [Thu, 10 Apr 2003 01:13:37 +0000 (01:13 +0000)]
Only call redirected rsa_sign or rsa_verify if the pointer is set.
This allows, for example, a smart card to redirect rsa_sign and keep
the default rsa_verify.
Dr. Stephen Henson [Thu, 10 Apr 2003 00:03:22 +0000 (00:03 +0000)]
Typo.
Richard Levitte [Wed, 9 Apr 2003 06:50:39 +0000 (06:50 +0000)]
Dont forget req.
Richard Levitte [Wed, 9 Apr 2003 05:25:22 +0000 (05:25 +0000)]
Typo
Richard Levitte [Tue, 8 Apr 2003 11:54:32 +0000 (11:54 +0000)]
Set LD_LIBRARY_PATH when linking, since OpenUnix' ld uses it to create
a library search path.
Correct typos.
Richard Levitte [Tue, 8 Apr 2003 11:07:13 +0000 (11:07 +0000)]
Include rand.h, so RAND_status() and friends get properly declared.
Lutz Jänicke [Tue, 8 Apr 2003 06:28:34 +0000 (06:28 +0000)]
Fix ordering of compare functions: strncmp() must be used first, as it
the cipher name in the list is not guaranteed to be at least "buflen"
long.
PR: 567
Submitted by: "Matt Harren" <matth@cs.berkeley.edu>
Richard Levitte [Tue, 8 Apr 2003 06:02:00 +0000 (06:02 +0000)]
We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in
form of unneeded direct calls through the engine pointer..
Richard Levitte [Tue, 8 Apr 2003 06:00:17 +0000 (06:00 +0000)]
We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form
of unneeded includes of openssl/engine.h.
Richard Levitte [Mon, 7 Apr 2003 19:15:29 +0000 (19:15 +0000)]
RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function
pointers should be used. It doesn't necessarely mean it should go through
the ENGINE framework.
Richard Levitte [Sat, 5 Apr 2003 21:21:29 +0000 (21:21 +0000)]
Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined.
PR: 564
Richard Levitte [Fri, 4 Apr 2003 14:41:40 +0000 (14:41 +0000)]
make update
Richard Levitte [Fri, 4 Apr 2003 14:21:04 +0000 (14:21 +0000)]
Transfer the changes to detect multiline comments and the GCC
extension __attribute__.
Richard Levitte [Thu, 3 Apr 2003 23:35:16 +0000 (23:35 +0000)]
Make %p and %# work properly, at least with pointers and floats.
Richard Levitte [Thu, 3 Apr 2003 22:12:50 +0000 (22:12 +0000)]
It's recommended to use req rather than x509 to create self-signed certificates
Richard Levitte [Thu, 3 Apr 2003 21:55:57 +0000 (21:55 +0000)]
Typo correction
Richard Levitte [Thu, 3 Apr 2003 18:50:48 +0000 (18:50 +0000)]
Reset the version number of the issuer certificate? I believe this
hasn't been tested in a long while...
Bodo Möller [Wed, 2 Apr 2003 09:50:55 +0000 (09:50 +0000)]
make RSA blinding thread-safe
Richard Levitte [Tue, 1 Apr 2003 10:59:40 +0000 (10:59 +0000)]
It seems like gcc-drivven shared library building on OpenUnix 8 requires
-shared rather than -G.
Richard Levitte [Mon, 31 Mar 2003 13:56:55 +0000 (13:56 +0000)]
No need to test -setalias twice.
PR: 556
Richard Levitte [Mon, 31 Mar 2003 13:24:04 +0000 (13:24 +0000)]
Don't feil when indent is 0.
PR: 559
Richard Levitte [Mon, 31 Mar 2003 13:06:27 +0000 (13:06 +0000)]
Add usage string for -fingerprint.
PR: 560
Richard Levitte [Fri, 28 Mar 2003 08:57:09 +0000 (08:57 +0000)]
OpenUNIX 8 has some problems using -G with gcc. Maybe using gnu-shared works better (will be tested tonight).
Lutz Jänicke [Thu, 27 Mar 2003 22:03:11 +0000 (22:03 +0000)]
Add warning about unwanted side effect when calling SSL_CTX_free():
sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>
PR: 547