oweals/openssl.git
20 years agoSync with HEAD. Up to >20% overall performance improvement.
Andy Polyakov [Sat, 17 Jul 2004 13:27:38 +0000 (13:27 +0000)]
Sync with HEAD. Up to >20% overall performance improvement.

20 years agoIA-64 is intolerant to misaligned access. It was a problem on Win64 as
Andy Polyakov [Sat, 17 Jul 2004 12:54:54 +0000 (12:54 +0000)]
IA-64 is intolerant to misaligned access. It was a problem on Win64 as
we were mislead by _MSC_VER macro, which is defined by *all* Windows
Microsoft compilers.

20 years agoEliminate enforced -g from CFLAGS. It switches off optimization with some
Andy Polyakov [Sat, 17 Jul 2004 12:48:35 +0000 (12:48 +0000)]
Eliminate enforced -g from CFLAGS. It switches off optimization with some
compilers, e.g. DEC C.

20 years agoCorrected test program.
Ben Laurie [Mon, 12 Jul 2004 17:59:50 +0000 (17:59 +0000)]
Corrected test program.

20 years agoI think it could be a good thing to know what went wrong with the tests...
Richard Levitte [Mon, 12 Jul 2004 12:25:56 +0000 (12:25 +0000)]
I think it could be a good thing to know what went wrong with the tests...

20 years agoimprove wording
Bodo Möller [Mon, 12 Jul 2004 06:24:21 +0000 (06:24 +0000)]
improve wording

20 years agoBIS correction/addition
Bodo Möller [Sun, 11 Jul 2004 09:29:41 +0000 (09:29 +0000)]
BIS correction/addition

20 years agoo_str.c: Windows doesn't have <strings.h>, and since we use _strnicmp() and
Richard Levitte [Thu, 8 Jul 2004 08:32:51 +0000 (08:32 +0000)]
o_str.c: Windows doesn't have <strings.h>, and since we use _strnicmp() and
_stricmp() on that platform, use the appropriate header file for it,
<string.h>.
o_str.h: we only want to get size_t, which is defined in <stddef.h>.

Philippe Bougeret <philippe.bougeret@freesbee.fr> notified us about Windows
not having a <strings.h>

20 years agoDelta CRL support in extension code.
Dr. Stephen Henson [Tue, 6 Jul 2004 17:26:33 +0000 (17:26 +0000)]
Delta CRL support in extension code.

20 years agoOoops, missed part of PKCS#8 patch.
Dr. Stephen Henson [Tue, 6 Jul 2004 17:25:11 +0000 (17:25 +0000)]
Ooops, missed part of PKCS#8 patch.

20 years agoFix memory leak.
Dr. Stephen Henson [Sun, 4 Jul 2004 16:36:58 +0000 (16:36 +0000)]
Fix memory leak.

20 years agoDon't try to parse none string types.
Dr. Stephen Henson [Thu, 1 Jul 2004 18:50:12 +0000 (18:50 +0000)]
Don't try to parse none string types.

20 years agoExplain a little better what BN_num_bits() and BN_num_bits_word() do.
Richard Levitte [Thu, 1 Jul 2004 12:33:44 +0000 (12:33 +0000)]
Explain a little better what BN_num_bits() and BN_num_bits_word() do.
Add a note as to how these functions do not always return the key size, and
how one can deal with that.

PR: 907

20 years agoChanges for VOS, submitted by Paul Green <Paul.Green@stratus.com>.
Richard Levitte [Mon, 28 Jun 2004 22:01:07 +0000 (22:01 +0000)]
Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>.

PR: 499

20 years agoMake sure the FIPS stuff is only really compiled when in FIPS mode.
Richard Levitte [Mon, 28 Jun 2004 20:33:35 +0000 (20:33 +0000)]
Make sure the FIPS stuff is only really compiled when in FIPS mode.

20 years agoMake the tests of EVP operations without padding. As a consequence,
Richard Levitte [Mon, 28 Jun 2004 16:32:14 +0000 (16:32 +0000)]
Make the tests of EVP operations without padding.  As a consequence,
there's no need for a larger BUFSIZE any more...

PR: 904

20 years agoMake sure that the buffers are large enough to contain padding.
Richard Levitte [Mon, 28 Jun 2004 12:23:40 +0000 (12:23 +0000)]
Make sure that the buffers are large enough to contain padding.
PR: 904

20 years agoLinux on ARM needs -ldl
Richard Levitte [Mon, 28 Jun 2004 10:31:09 +0000 (10:31 +0000)]
Linux on ARM needs -ldl
PR: 905

20 years agoMemory leak fixes from main branch.
Dr. Stephen Henson [Thu, 24 Jun 2004 13:05:50 +0000 (13:05 +0000)]
Memory leak fixes from main branch.

20 years agoReformat source for pkcs8.c
Dr. Stephen Henson [Thu, 24 Jun 2004 12:54:38 +0000 (12:54 +0000)]
Reformat source for pkcs8.c

20 years agoReturn an error if an attempt is made to encode or decode
Dr. Stephen Henson [Thu, 24 Jun 2004 12:31:48 +0000 (12:31 +0000)]
Return an error if an attempt is made to encode or decode
cipher ASN1 parameters and the cipher doesn't support it.

20 years agoInclude <string.h> to get definition of strcmp.
Dr. Stephen Henson [Thu, 24 Jun 2004 12:12:43 +0000 (12:12 +0000)]
Include <string.h> to get definition of strcmp.

20 years agoStandard sh doesn't tolerate ! as part of the conditional command.
Richard Levitte [Mon, 21 Jun 2004 18:05:53 +0000 (18:05 +0000)]
Standard sh doesn't tolerate ! as part of the conditional command.

PR: 900

20 years agoMake sure we don't try to loop over an empty EXHEADER. In the
Richard Levitte [Mon, 21 Jun 2004 09:07:41 +0000 (09:07 +0000)]
Make sure we don't try to loop over an empty EXHEADER.  In the
Makefiles where this was fixed by commenting away code, change it to
check for an empty EXHEADER instead, so we have less hassle in a
future where EXHEADER changes.

PR: 900

20 years agoAdd primality tester.
Ben Laurie [Sat, 19 Jun 2004 13:54:59 +0000 (13:54 +0000)]
Add primality tester.

20 years agoMake make tags make tags.
Ben Laurie [Sat, 19 Jun 2004 13:32:28 +0000 (13:32 +0000)]
Make make tags make tags.

20 years agoUpdate ignores.
Ben Laurie [Sat, 19 Jun 2004 13:18:01 +0000 (13:18 +0000)]
Update ignores.

20 years agoAdd Diffie-Hellman to FIPS.
Ben Laurie [Sat, 19 Jun 2004 13:16:51 +0000 (13:16 +0000)]
Add Diffie-Hellman to FIPS.

20 years agoThe version that was actually submitted for FIPS testing.
Ben Laurie [Sat, 19 Jun 2004 13:15:35 +0000 (13:15 +0000)]
The version that was actually submitted for FIPS testing.

20 years agoTypo, setting the first element of nids[] to NULL instead of setting
Richard Levitte [Tue, 15 Jun 2004 11:46:06 +0000 (11:46 +0000)]
Typo, setting the first element of nids[] to NULL instead of setting
*cnids.

20 years agoMore precise explanation of session id context requirements.
Lutz Jänicke [Mon, 14 Jun 2004 13:26:47 +0000 (13:26 +0000)]
More precise explanation of session id context requirements.

20 years agoMake sure o_str.h is reachable.
Richard Levitte [Thu, 27 May 2004 10:19:04 +0000 (10:19 +0000)]
Make sure o_str.h is reachable.

20 years agoRun an installation of FIPS stuff as well.
Richard Levitte [Thu, 27 May 2004 10:07:04 +0000 (10:07 +0000)]
Run an installation of FIPS stuff as well.

20 years agoCompile the FIPS directory on VMS as well. fips-lib.com is
Richard Levitte [Thu, 27 May 2004 10:04:40 +0000 (10:04 +0000)]
Compile the FIPS directory on VMS as well.  fips-lib.com is
essentially a copy of crypto-lib.com, with just a few edits.

20 years agoCopy the FIPS files to the temporary openssl include directory.
Richard Levitte [Thu, 27 May 2004 09:33:10 +0000 (09:33 +0000)]
Copy the FIPS files to the temporary openssl include directory.

20 years agoDefine FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation for
Richard Levitte [Wed, 19 May 2004 14:16:33 +0000 (14:16 +0000)]
Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation for
size_t-ification of those algorithms in future version of OpenSSL...

20 years agoMake reservations in FIPS code for upcoming size_t-fication of OpenSSL API.
Andy Polyakov [Mon, 17 May 2004 15:37:26 +0000 (15:37 +0000)]
Make reservations in FIPS code for upcoming size_t-fication of OpenSSL API.
And couple of bug-fixes in fips/rand code [return without lock release and
incorrect return value in fips_rand_bytes].

20 years agoTypo corretced.
Richard Levitte [Mon, 17 May 2004 04:47:26 +0000 (04:47 +0000)]
Typo corretced.

20 years agoRewrite the usage to avoid confusion.
Richard Levitte [Mon, 17 May 2004 04:40:49 +0000 (04:40 +0000)]
Rewrite the usage to avoid confusion.

20 years agoMake it possible for the user to choose the digest used to create the
Richard Levitte [Mon, 17 May 2004 04:39:00 +0000 (04:39 +0000)]
Make it possible for the user to choose the digest used to create the
key.

20 years agoWhen in FIPS mode, use SHA1 to digest the key, rather than MD5, as MD5
Richard Levitte [Mon, 17 May 2004 04:31:14 +0000 (04:31 +0000)]
When in FIPS mode, use SHA1 to digest the key, rather than MD5, as MD5
isn't a FIPS-approved algorithm.

Note: this means the user needs to keep track of this, and we need to
add support for that...

20 years agoMake sure the applications know when we are running in FIPS mode. We
Richard Levitte [Mon, 17 May 2004 04:30:06 +0000 (04:30 +0000)]
Make sure the applications know when we are running in FIPS mode.  We
can't use the variable in libcrypto, since it's supposedly unknown.

Note: currently only supported in MONOLITH mode.

20 years agoGenerate SHA1 files on Windows and other platforms supported by
Richard Levitte [Mon, 17 May 2004 04:28:31 +0000 (04:28 +0000)]
Generate SHA1 files on Windows and other platforms supported by
mk1mf.pl, when building in FIPS mode.

Note: UNTESTED!

20 years agoFix self-tests, ban some things in FIPS mode, fix copyrights.
Ben Laurie [Sat, 15 May 2004 17:51:26 +0000 (17:51 +0000)]
Fix self-tests, ban some things in FIPS mode, fix copyrights.

20 years agoFixes so alerts are sent properly in s3_pkt.c
Dr. Stephen Henson [Sat, 15 May 2004 17:46:50 +0000 (17:46 +0000)]
Fixes so alerts are sent properly in s3_pkt.c

PR: 851

20 years agoCheck error returns.
Ben Laurie [Sat, 15 May 2004 16:39:23 +0000 (16:39 +0000)]
Check error returns.

20 years agoReimplement old functions, so older software that link to libcrypto
Richard Levitte [Fri, 14 May 2004 17:55:59 +0000 (17:55 +0000)]
Reimplement old functions, so older software that link to libcrypto
don't crash and burn.

20 years agoAll EVP_*_cfb functions have changed names to EVP_*_cfb64 or
Richard Levitte [Fri, 14 May 2004 17:54:18 +0000 (17:54 +0000)]
All EVP_*_cfb functions have changed names to EVP_*_cfb64 or
EVP_*_cfb128.

20 years agomake update
Richard Levitte [Thu, 13 May 2004 22:41:01 +0000 (22:41 +0000)]
make update

20 years agoo_str.h is not an exported header.
Richard Levitte [Thu, 13 May 2004 22:40:40 +0000 (22:40 +0000)]
o_str.h is not an exported header.

20 years agoSynchronise o_str.c between 0.9.8-dev and 0.9.7-stable.
Richard Levitte [Thu, 13 May 2004 22:40:08 +0000 (22:40 +0000)]
Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable.

20 years agomake update
Richard Levitte [Thu, 13 May 2004 21:38:37 +0000 (21:38 +0000)]
make update

20 years agoLet's make life easier and have the VMS version of the configuration be
Richard Levitte [Thu, 13 May 2004 21:38:23 +0000 (21:38 +0000)]
Let's make life easier and have the VMS version of the configuration be
generated from the Unixly configuration file.

20 years agoMake self signing option of 'x509' use random serial numbers too.
Dr. Stephen Henson [Wed, 12 May 2004 18:20:57 +0000 (18:20 +0000)]
Make self signing option of 'x509' use random serial numbers too.

20 years agoFix memory leak.
Dr. Stephen Henson [Wed, 12 May 2004 17:53:22 +0000 (17:53 +0000)]
Fix memory leak.

20 years agoBlow up in people's faces if they don't reseed.
Ben Laurie [Wed, 12 May 2004 14:11:10 +0000 (14:11 +0000)]
Blow up in people's faces if they don't reseed.

20 years agomake update
Richard Levitte [Wed, 12 May 2004 10:17:15 +0000 (10:17 +0000)]
make update

20 years agoForgot to update the Makefile with the o_str stuff...
Richard Levitte [Wed, 12 May 2004 10:17:02 +0000 (10:17 +0000)]
Forgot to update the Makefile with the o_str stuff...

20 years agoThe functions OPENSSL_strcasen?cmp() were forgotten when merging the
Richard Levitte [Wed, 12 May 2004 10:09:00 +0000 (10:09 +0000)]
The functions OPENSSL_strcasen?cmp() were forgotten when merging the
FIPS branch into this.  It's needed at least for certain OpenVMS
versions, and should really be used in a more general way.

20 years agoIgnore 'Makefile.save'
Richard Levitte [Wed, 12 May 2004 10:07:20 +0000 (10:07 +0000)]
Ignore 'Makefile.save'

20 years agoIgnore the 'lib' timestamp file.
Richard Levitte [Wed, 12 May 2004 08:46:43 +0000 (08:46 +0000)]
Ignore the 'lib' timestamp file.

20 years agoI forgot to modify the signature for fips_rand.c...
Richard Levitte [Wed, 12 May 2004 08:42:55 +0000 (08:42 +0000)]
I forgot to modify the signature for fips_rand.c...

20 years agoOnly really build this file when OPENSSL_FIPS is defined. And oh,
Richard Levitte [Wed, 12 May 2004 08:28:51 +0000 (08:28 +0000)]
Only really build this file when OPENSSL_FIPS is defined.  And oh,
let's keep internal variables static.

20 years agoMakefile.ssl changed name to Makefile.
Richard Levitte [Wed, 12 May 2004 08:28:00 +0000 (08:28 +0000)]
Makefile.ssl changed name to Makefile.

20 years agoOnly check for FIPS signatures when FIPS is enabled.
Richard Levitte [Wed, 12 May 2004 08:27:38 +0000 (08:27 +0000)]
Only check for FIPS signatures when FIPS is enabled.

20 years agoPull FIPS back into stable.
Ben Laurie [Tue, 11 May 2004 12:46:24 +0000 (12:46 +0000)]
Pull FIPS back into stable.

20 years agoRemove the creation of $(INSTALL_PREFIX)$(OPENSSLDIR)/lib, since we don't
Richard Levitte [Thu, 6 May 2004 09:46:48 +0000 (09:46 +0000)]
Remove the creation of $(INSTALL_PREFIX)$(OPENSSLDIR)/lib, since we don't
use it.

Notified by Frédéric L. W. Meunier <0@pervalidus.tk> in PR 713

20 years agoWhen the pointer 'from' changes, it's stored length needs to change as
Richard Levitte [Thu, 6 May 2004 09:31:31 +0000 (09:31 +0000)]
When the pointer 'from' changes, it's stored length needs to change as
well.

Notified by Frank Kardel <kardel@acm.org> in PR 879.

20 years agoupdate from current 0.9.6-stable CHANGES file
Bodo Möller [Tue, 4 May 2004 01:08:33 +0000 (01:08 +0000)]
update from current 0.9.6-stable CHANGES file

20 years agoFix memory leak.
Dr. Stephen Henson [Thu, 22 Apr 2004 12:33:03 +0000 (12:33 +0000)]
Fix memory leak.

PR:870

20 years agoPort the random serial number generation to 0.9.7-stable.
Dr. Stephen Henson [Thu, 22 Apr 2004 12:19:48 +0000 (12:19 +0000)]
Port the random serial number generation to 0.9.7-stable.

Due to the changes in CA.pl in 0.9.8 (use of -self_sign) a slightly different
technique is used to ensure that 'ca' uses the next serial number. It
now initializes the serial number using 'openssl x509 -next_serial'.

20 years agoExtend the index parameter checking from sk_value to sk_set(). Also tidy up
Geoff Thorpe [Wed, 21 Apr 2004 15:09:25 +0000 (15:09 +0000)]
Extend the index parameter checking from sk_value to sk_set(). Also tidy up
some similar code elsewhere.

Thanks to Francesco Petruzzi for bringing this to my attention.

20 years agoClear error if unique_subject lookup fails.
Dr. Stephen Henson [Thu, 15 Apr 2004 00:33:24 +0000 (00:33 +0000)]
Clear error if unique_subject lookup fails.

20 years agoAdd some root CAs.
Dr. Stephen Henson [Tue, 13 Apr 2004 17:49:05 +0000 (17:49 +0000)]
Add some root CAs.

20 years agoThis commit was manufactured by cvs2svn to create branch
cvs2svn [Tue, 13 Apr 2004 17:47:38 +0000 (17:47 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.

20 years agoAdd some root CAs.
Dr. Stephen Henson [Tue, 13 Apr 2004 17:47:37 +0000 (17:47 +0000)]
Add some root CAs.

20 years agoTypo. "pa-rics2W" corrected to "pa-risc2W".
Richard Levitte [Fri, 2 Apr 2004 12:39:54 +0000 (12:39 +0000)]
Typo.  "pa-rics2W" corrected to "pa-risc2W".
PR: 868

20 years agoAvoid undefined results when the parameter is out of range.
Geoff Thorpe [Fri, 2 Apr 2004 06:25:53 +0000 (06:25 +0000)]
Avoid undefined results when the parameter is out of range.

20 years agoAvoid undefined results when the parameter is out of range.
Geoff Thorpe [Fri, 2 Apr 2004 06:25:11 +0000 (06:25 +0000)]
Avoid undefined results when the parameter is out of range.

20 years agoDon't use C++ reserved word.
Dr. Stephen Henson [Thu, 1 Apr 2004 22:23:46 +0000 (22:23 +0000)]
Don't use C++ reserved word.

20 years agoOops forgot CHANGES entry.
Dr. Stephen Henson [Wed, 31 Mar 2004 12:55:33 +0000 (12:55 +0000)]
Oops forgot CHANGES entry.

20 years agoNew function X509_POLICY_NODE_print()
Dr. Stephen Henson [Wed, 31 Mar 2004 12:17:24 +0000 (12:17 +0000)]
New function X509_POLICY_NODE_print()

20 years agoAdd symbol hacks for some long names.
Richard Levitte [Mon, 29 Mar 2004 08:13:49 +0000 (08:13 +0000)]
Add symbol hacks for some long names.
make update

20 years agoThis is essentially Intel 32-bit compiler tune-up. To start with all
Andy Polyakov [Sun, 28 Mar 2004 21:27:47 +0000 (21:27 +0000)]
This is essentially Intel 32-bit compiler tune-up. To start with all
available compiler versions generated bogus machine code trying to
compile new crypto/des/cfb_enc.c. Secondly, 8th version defines
__GNUC__ macro, but fails to compile *some* inline assembler correctly.
Note that all versions of icc implement MSC-like _lrot[rl] intrinsic,
which is used now instead of offensive asm. Finally, unnecessary linker
dependencies are eliminated. Most notably dependency from libirc.a
caused trouble at application start-up, if libcrypto.so is linked with
-Bsymbolic (which it is).

20 years agoEnhance EVP code to generate random symmetric keys of the
Dr. Stephen Henson [Sun, 28 Mar 2004 17:38:00 +0000 (17:38 +0000)]
Enhance EVP code to generate random symmetric keys of the
appropriate form, for example correct DES parity.

Update S/MIME code and EVP_SealInit to use new functions.

PR: 700

20 years agoMake {i2v,v2i}_ASN1_BIT_STRING global.
Dr. Stephen Henson [Sun, 28 Mar 2004 12:40:11 +0000 (12:40 +0000)]
Make {i2v,v2i}_ASN1_BIT_STRING global.

make update

20 years agoObsolete files.
Dr. Stephen Henson [Sun, 28 Mar 2004 12:29:53 +0000 (12:29 +0000)]
Obsolete files.

20 years agoRemove obsolete files.
Dr. Stephen Henson [Sun, 28 Mar 2004 12:29:05 +0000 (12:29 +0000)]
Remove obsolete files.

20 years agoAllow CRLs to be passed into X509_STORE_CTX. This is useful when the
Dr. Stephen Henson [Sat, 27 Mar 2004 22:49:28 +0000 (22:49 +0000)]
Allow CRLs to be passed into X509_STORE_CTX. This is useful when the
verified structure can contain its own CRLs (such as PKCS#7 signedData).

Tidy up some of the verify code.

20 years agoExtend OID config module format.
Dr. Stephen Henson [Sat, 27 Mar 2004 13:30:14 +0000 (13:30 +0000)]
Extend OID config module format.

20 years agoFree up BIO properly when using streaming S/MIME sign.
Dr. Stephen Henson [Fri, 26 Mar 2004 00:24:38 +0000 (00:24 +0000)]
Free up BIO properly when using streaming S/MIME sign.

20 years agoRemove BN_CTX debug from debug-steve
Dr. Stephen Henson [Thu, 25 Mar 2004 23:32:06 +0000 (23:32 +0000)]
Remove BN_CTX debug from debug-steve

20 years agoSSL_COMP_get_compression_method is a typo (a missing 's' at the end of
Richard Levitte [Thu, 25 Mar 2004 21:32:30 +0000 (21:32 +0000)]
SSL_COMP_get_compression_method is a typo (a missing 's' at the end of
the symbol name).

20 years agoMove the definition of Win32_rename(), since the macro rename gets undefined
Richard Levitte [Thu, 25 Mar 2004 20:09:02 +0000 (20:09 +0000)]
Move the definition of Win32_rename(), since the macro rename gets undefined
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853

20 years agoMove the definition of Win32_rename(), since the macro rename gets undefined
Richard Levitte [Thu, 25 Mar 2004 20:09:00 +0000 (20:09 +0000)]
Move the definition of Win32_rename(), since the macro rename gets undefined
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853

20 years agoWrap code starting with a definition.
Richard Levitte [Thu, 25 Mar 2004 20:01:08 +0000 (20:01 +0000)]
Wrap code starting with a definition.
PR: 854

20 years agoWrap code starting with a definition.
Richard Levitte [Thu, 25 Mar 2004 20:01:01 +0000 (20:01 +0000)]
Wrap code starting with a definition.
PR: 854

20 years agoChange spaces to symbols in names.
Richard Levitte [Thu, 25 Mar 2004 19:52:36 +0000 (19:52 +0000)]
Change spaces to symbols in names.
PR: 856

20 years agoChange spaces to symbols in names.
Richard Levitte [Thu, 25 Mar 2004 19:52:34 +0000 (19:52 +0000)]
Change spaces to symbols in names.
PR: 856

20 years agoMake prototypes for some callback pointers.
Richard Levitte [Thu, 25 Mar 2004 16:21:42 +0000 (16:21 +0000)]
Make prototypes for some callback pointers.