Dr. Stephen Henson [Tue, 23 Nov 2004 21:40:10 +0000 (21:40 +0000)]
Typo.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:22:21 +0000 (21:22 +0000)]
Fix memory leak.
Andy Polyakov [Tue, 23 Nov 2004 09:06:12 +0000 (09:06 +0000)]
linux-x86_64 didn't link after EM64T RC4 tune-up...
Andy Polyakov [Sun, 21 Nov 2004 10:36:25 +0000 (10:36 +0000)]
RC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's
apparently impossible to compose blended code with would perform
satisfactory on all x86 and x86_64 cores, an extra RC4_CHAR
code-path is introduced and P4 core is detected at run-time. This
way we keep original performance on non-P4 implementations and
turbo-charge P4 performance by factor of 2.8x (on 32-bit core).
Dr. Stephen Henson [Wed, 17 Nov 2004 18:36:13 +0000 (18:36 +0000)]
In "req" exit immediately if configuration file is needed and it can't
be loaded instead of giving the misleading:
"unable to find 'distinguised_name' in config"
error message.
Dr. Stephen Henson [Wed, 17 Nov 2004 00:55:43 +0000 (00:55 +0000)]
Update X509v3 doc.
Dr. Stephen Henson [Tue, 16 Nov 2004 17:45:13 +0000 (17:45 +0000)]
Update X509v3 docs.
Dr. Stephen Henson [Tue, 16 Nov 2004 17:30:59 +0000 (17:30 +0000)]
PR: 910
Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.
Update docs.
Dr. Stephen Henson [Tue, 16 Nov 2004 14:09:12 +0000 (14:09 +0000)]
Initial pod documentation of X509V3 config file format.
Dr. Stephen Henson [Sun, 14 Nov 2004 15:40:00 +0000 (15:40 +0000)]
PR: 940
Typo: use prompt_info, not cb_data->prompt_info.
Dr. Stephen Henson [Sun, 14 Nov 2004 15:11:37 +0000 (15:11 +0000)]
PR: 923
Typo.
Dr. Stephen Henson [Sun, 14 Nov 2004 13:55:16 +0000 (13:55 +0000)]
PR: 938
Typo.
Dr. Stephen Henson [Sun, 14 Nov 2004 00:08:36 +0000 (00:08 +0000)]
Zap obsolete der_chop script.
Dr. Stephen Henson [Sat, 13 Nov 2004 13:38:34 +0000 (13:38 +0000)]
PR: 969
Submitted by: David Holmes <davidh@3blackdogs.com>
Dr. Stephen Henson [Sat, 13 Nov 2004 13:26:06 +0000 (13:26 +0000)]
Fix x509.c so it creates serial number file again if no
serial number is supplied on command line.
Richard Levitte [Thu, 11 Nov 2004 19:36:08 +0000 (19:36 +0000)]
Cut'n'paste mistake. All tested OK now...
Richard Levitte [Thu, 11 Nov 2004 18:58:01 +0000 (18:58 +0000)]
Whoops, syntactic mistake...
Richard Levitte [Thu, 11 Nov 2004 18:18:43 +0000 (18:18 +0000)]
Some find it confusing that environment variables are set when shared
libraries aren't built or used. I can see the point, so I'm
reorganising a little for clarity.
Dr. Stephen Henson [Thu, 11 Nov 2004 13:47:06 +0000 (13:47 +0000)]
Use the default_md config file value when signing CRLs.
PR:662
Dr. Stephen Henson [Thu, 11 Nov 2004 02:13:08 +0000 (02:13 +0000)]
Don't return an error with crl -noout.
PR:917
Sumbmitted by: Michael Konietzka <konietzka@schlund.de>
Andy Polyakov [Tue, 9 Nov 2004 17:23:26 +0000 (17:23 +0000)]
As was shown by Marc Bevand reordering of couple of load operations
results in even higher performance gain of 3.3x:-) At least on
Opteron...
Richard Levitte [Fri, 5 Nov 2004 09:12:10 +0000 (09:12 +0000)]
Make sure LD_PRELOAD is only set when we build shared libraries (and
therefore link with them). Add LD_PRELOAD setting code where it was
still missing.
PR: 966
Richard Levitte [Tue, 2 Nov 2004 23:55:01 +0000 (23:55 +0000)]
Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
Richard Levitte [Tue, 2 Nov 2004 01:13:04 +0000 (01:13 +0000)]
Because -rpath/-R may have been used, our settings of LD_LIBRARY_PATH
and friends may be entirely useless. In such a case, LD_PRELOAD is
the answer, at least on platforms using LD_LIBRARY_PATH. There might
be other variables to set on other platforms, please fill us in...
For now, we only do this with the tests, so they won't fail for silly
reasons like getting dynamically linked to older installed libraries
rather than the newly built ones...
PR: 960
Richard Levitte [Mon, 1 Nov 2004 07:58:38 +0000 (07:58 +0000)]
Make sure memmove() is defined, even on SunOS 4.1.4.
PR: 963
Dr. Stephen Henson [Mon, 25 Oct 2004 17:11:19 +0000 (17:11 +0000)]
Update NEWS
Dr. Stephen Henson [Mon, 25 Oct 2004 12:36:33 +0000 (12:36 +0000)]
Update FAQ.
Dr. Stephen Henson [Mon, 25 Oct 2004 11:14:16 +0000 (11:14 +0000)]
Fix race condition when SSL ciphers are initialized.
Geoff Thorpe [Thu, 21 Oct 2004 00:06:14 +0000 (00:06 +0000)]
Update ECDSA and ECDH for OPENSSL_NO_ENGINE.
Reported by: Maxim Masiutin
Submitted by: Nils Larsch
Richard Levitte [Thu, 14 Oct 2004 05:48:59 +0000 (05:48 +0000)]
Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up. Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.
Dr. Stephen Henson [Mon, 4 Oct 2004 17:28:31 +0000 (17:28 +0000)]
Oops!
Dr. Stephen Henson [Mon, 4 Oct 2004 16:30:12 +0000 (16:30 +0000)]
Fix race condition when CRL checking is enabled.
Dr. Stephen Henson [Fri, 1 Oct 2004 11:35:38 +0000 (11:35 +0000)]
Update debug-steve
Dr. Stephen Henson [Fri, 1 Oct 2004 11:21:53 +0000 (11:21 +0000)]
Don't use C++ reserved work "explicit".
Andy Polyakov [Tue, 28 Sep 2004 20:45:10 +0000 (20:45 +0000)]
Fix Solaris 10_x86 shared build. -Bsymbolic is required to avoid
"remaining relocations" in assembler modules. The latter seems to
be new behaviour, elder as/ld managed to resolve this relocations
as internal. It's possible to address this problem differently,
but I settle for -Bsymbolic...
PR: 546
Richard Levitte [Tue, 28 Sep 2004 13:10:16 +0000 (13:10 +0000)]
usr/doc has recently changed to usr/share/doc on Cygwin.
Notified by Corinna Vinschen <vinschen@redhat.com>
Richard Levitte [Mon, 27 Sep 2004 21:59:44 +0000 (21:59 +0000)]
Move the declaration of alloca() so it's ony declared when really
necessary.
Andy Polyakov [Mon, 27 Sep 2004 09:37:03 +0000 (09:37 +0000)]
SHA1 asm Pentium tune-up. Performance loss is not as bad anymore.
Andy Polyakov [Mon, 27 Sep 2004 09:35:59 +0000 (09:35 +0000)]
sha256_block advances the input pointer double as fast sometimes. Fix the
bug and test that it's actually gone.
PR: 950
Geoff Thorpe [Fri, 24 Sep 2004 23:37:52 +0000 (23:37 +0000)]
Nils Larsch reported that this include is required. Strange that this had
gone unnoticed ...
Richard Levitte [Thu, 23 Sep 2004 22:11:39 +0000 (22:11 +0000)]
Import changed files from LPlib. The changes are logged as follows
for LPdir_unix.c in LPlib. For the other files, only the last log
entry applies.
----------------------------
revision 1.11
date: 2004/09/23 22:07:22; author: _cvs_levitte; state: Exp; lines: +20 -6
Define my own macro LP_ENTRY_SIZE to express the size of my own
buffering of directory entries, and make it depend on whichever comes
first of PATH_MAX and NAME_MAX. As a fallback, make sure it's set to
255 if neither PATH_MAX or NAME_MAX were defined. Also, if the size
given from PATH_MAX or NAME_MAX is less than 255, force LP_ENTRY_SIZE
to be 255.
It makes no harm whatsoever if LP_ENTRY_SIZE is larger than the
maximum local path name limit. It does make a lot of harm if
LP_ENTRY_SIZE is smaller. 255 seemed like a fairly acceptable default
when nothing else is available.
----------------------------
revision 1.10
date: 2004/08/26 13:36:05; author: _cvs_levitte; state: Exp; lines: +13 -13
License correction. I am not REGENTS, just a COPYRIGHT HOLDER.
----------------------------
Geoff Thorpe [Sun, 19 Sep 2004 04:55:15 +0000 (04:55 +0000)]
Remove distracting comments and code. Thanks to Nils for picking up on the
outstanding ticket.
PR: 926
Geoff Thorpe [Sun, 19 Sep 2004 04:43:46 +0000 (04:43 +0000)]
Two TODO comments taken care of. Nils pointed out that one of them had already
been done, and took care of the other one (which hadn't).
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
Geoff Thorpe [Sat, 18 Sep 2004 01:32:32 +0000 (01:32 +0000)]
Make -Werror happy again.
Dr. Stephen Henson [Wed, 15 Sep 2004 23:47:25 +0000 (23:47 +0000)]
Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap().
Dr. Stephen Henson [Mon, 13 Sep 2004 22:33:56 +0000 (22:33 +0000)]
Change values of MBSTRING_* to the form MBSTRING_FLAG|nbyte as assumed
in ASN1_STRING_to_UTF8().
Richard Levitte [Mon, 13 Sep 2004 09:15:06 +0000 (09:15 +0000)]
- There's no more need for the snprintf macro.
- Move the inclusion of malloc.h until after all other includes, so we
can do proper tests of system macros.
- Make sure the correct header file is included to get the builtin
"alloca" under VMS, and define a macro to map the symbol 'alloca' to
it.
Richard Levitte [Sun, 12 Sep 2004 13:02:04 +0000 (13:02 +0000)]
Synchronise with Unix build.
Dr. Stephen Henson [Fri, 10 Sep 2004 20:20:54 +0000 (20:20 +0000)]
When looking for request extensions in a certificate look first
for the PKCS#9 OID then the non standard MS OID.
Richard Levitte [Fri, 10 Sep 2004 10:30:33 +0000 (10:30 +0000)]
make update
Andy Polyakov [Thu, 9 Sep 2004 14:54:12 +0000 (14:54 +0000)]
Make VIA Padlock engine more platform friendly and eliminate compiler
warning.
Submitted by: Doug Kaufman <dkaufman@rahul.net>
Andy Polyakov [Thu, 9 Sep 2004 14:50:32 +0000 (14:50 +0000)]
x86 assembler updates: more instructions, new OPENSSL_instrument_halt
[for DJGPP]...
Richard Levitte [Wed, 8 Sep 2004 08:13:34 +0000 (08:13 +0000)]
Synchronise VMS build files with Unixly Makefiles.
Richard Levitte [Wed, 8 Sep 2004 08:13:03 +0000 (08:13 +0000)]
Another symbol longer than 31 characters...
Dr. Stephen Henson [Tue, 7 Sep 2004 18:38:46 +0000 (18:38 +0000)]
Reformat smime utility.
Add support for policy checking in verify utility.
Dr. Stephen Henson [Tue, 7 Sep 2004 00:31:08 +0000 (00:31 +0000)]
Don't use 'explicit' for variable name.
Dr. Stephen Henson [Tue, 7 Sep 2004 00:28:17 +0000 (00:28 +0000)]
Reformat smime.c
Dr. Stephen Henson [Mon, 6 Sep 2004 18:43:01 +0000 (18:43 +0000)]
New X509_VERIFY_PARAM structure and associated functionality.
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
Dr. Stephen Henson [Mon, 6 Sep 2004 18:37:46 +0000 (18:37 +0000)]
Stop compiler warnings.
Andy Polyakov [Sun, 29 Aug 2004 22:05:02 +0000 (22:05 +0000)]
TABLE OpenBSD-i386 update
Andy Polyakov [Sun, 29 Aug 2004 21:36:37 +0000 (21:36 +0000)]
Proper support for OpenBSD-i386 shared build, including assember modules!
"Proper" means "compiles and passes test." Versioning is broken (I think).
Andy Polyakov [Sun, 29 Aug 2004 16:36:05 +0000 (16:36 +0000)]
OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a
symbol, but a macro expanded as (*(OPENSSL_ia32cap_loc())). The latter
is the only one to be exported to application.
Andy Polyakov [Sun, 29 Aug 2004 16:19:27 +0000 (16:19 +0000)]
Fix compiler warnings in crypto/evp/bio_ok.c as pointed out by Geoff.
Andy Polyakov [Sun, 29 Aug 2004 16:10:27 +0000 (16:10 +0000)]
crypto/perlasm update primarily to unify Netware modules. Once it's verified
x86*_nw.pl will be deleted. In addition this update implements initseg
on several additional [in addition to ELF] platforms. Functions registered
with initseg are supposed to be called prior main().
Andy Polyakov [Tue, 24 Aug 2004 09:01:09 +0000 (09:01 +0000)]
Minor VIA Padlock engine update: eliminate -Wunused warning when *not*
compiling the engine and inline memcpy in performance critical pathes.
Andy Polyakov [Mon, 23 Aug 2004 22:19:51 +0000 (22:19 +0000)]
Make aes_ctr.c 64-bit savvy.
Richard Levitte [Wed, 18 Aug 2004 15:48:33 +0000 (15:48 +0000)]
'compatibility', not 'computability' :-)...
Richard Levitte [Thu, 12 Aug 2004 08:58:55 +0000 (08:58 +0000)]
On systems that use case-insensitive symbol names (i.e. they're all
converted to upper case or something like that), the application-
level bio_dump_cb() has a name clash with the new library function
BIO_dump_cb(). The easiest fix is to rename the function at the
application level.
Richard Levitte [Wed, 11 Aug 2004 21:13:57 +0000 (21:13 +0000)]
Basically, I wanted to be able to make a dump to a FILE*, and not have
to bother creating a BIO around it. So here's a few more functions to
make it possible to make the dump using a printing callback, and to
print to a FILE* (based on the callback variant), done in the same
style as the functions in crypto/err/err_prn.c.
Richard Levitte [Wed, 11 Aug 2004 17:41:15 +0000 (17:41 +0000)]
Stupid casts...
Dr. Stephen Henson [Wed, 11 Aug 2004 17:22:13 +0000 (17:22 +0000)]
Update FAQ.
Dr. Stephen Henson [Tue, 10 Aug 2004 17:40:14 +0000 (17:40 +0000)]
Make ASN1_INTEGER_cmp() work as expected with negative integers.
Dr. Stephen Henson [Fri, 6 Aug 2004 12:44:34 +0000 (12:44 +0000)]
Call setup_engine after autoconfig.
Dr. Stephen Henson [Thu, 5 Aug 2004 18:09:50 +0000 (18:09 +0000)]
Don't ignore return value of EVP_DigestInit_ex() in md BIOs and dgst utility.
Geoff Thorpe [Wed, 4 Aug 2004 22:42:29 +0000 (22:42 +0000)]
Make a note of the new engine.
Andy Polyakov [Wed, 4 Aug 2004 12:58:26 +0000 (12:58 +0000)]
Padlock engine update to fix a typo in MSC assembler and to address
potential corruption problem if user manages to inter-leave aligined
and misaligned requests [as well as some MSC-specific tweaks].
Richard Levitte [Tue, 3 Aug 2004 19:15:21 +0000 (19:15 +0000)]
DJGPP has opendir() and friends, according to Gisle Vanem <giva@bgnett.no>.
Andy Polyakov [Mon, 2 Aug 2004 22:41:19 +0000 (22:41 +0000)]
If they ask for 386, keep it as 386 as possible...
Andy Polyakov [Mon, 2 Aug 2004 22:02:17 +0000 (22:02 +0000)]
Avoid a.out name table pollition.
Andy Polyakov [Mon, 2 Aug 2004 21:54:40 +0000 (21:54 +0000)]
Minor clean-up to make Microsoft compiler shut up.
Andy Polyakov [Mon, 2 Aug 2004 21:48:11 +0000 (21:48 +0000)]
VIA C3 processor extends IA-32 instruction set with instuctions
performing AES encryption in hardware, as well as one accessing
hardware RNG. As you surely imagine this engine access this
extended instruction set. Well, only AES for the moment, support
for RNG is to be added later on...
PR: 889
Submitted by: Michal Ludvig <michal@logix.cz>
Obtained from: http://www.logix.cz/michal/devel/padlock/
Andy Polyakov [Sun, 1 Aug 2004 21:24:34 +0000 (21:24 +0000)]
Cygwin fix-up for shared build.
Andy Polyakov [Sun, 1 Aug 2004 21:16:26 +0000 (21:16 +0000)]
OpenBSD fix-up for new a.out targets. OpenBSD .s.o rule is busted...
Andy Polyakov [Sun, 1 Aug 2004 17:33:58 +0000 (17:33 +0000)]
Clean-up GAS targets: get rid of "cpp" stuff and replace it with "purified"
COFF and a.out targets [similar to ELF targets]. You might notice some
rudementary support for shared mingw builds under cygwin. It works (it
produces cryptoeay32.dll and ssleay32.dll with everything exported by
name), but it's primarily for testing/debugging purposes, at least for
now...
Andy Polyakov [Sun, 1 Aug 2004 17:03:50 +0000 (17:03 +0000)]
Deprecate cpp and gaswin targets. New coff fills in for gaswin, but cpp is
going out...
Andy Polyakov [Sun, 1 Aug 2004 14:27:43 +0000 (14:27 +0000)]
DLLEntryPoint is a collective name, not what linker looks for. However,
if we explicitly intruct the linker to set entry point, then we become
obliged to initialize run-time library. Instead we can pick name run-time
will call and such name is DllMain. Note that this applies to both
"native" Win32 environment and Cygwin:-)
Richard Levitte [Thu, 29 Jul 2004 22:25:59 +0000 (22:25 +0000)]
We build the crypto stuff, not the ssl stuff, in this command procedure...
Richard Levitte [Tue, 27 Jul 2004 13:58:27 +0000 (13:58 +0000)]
The compiler may complain about what looks like a double definition of a
static variable
Dr. Stephen Henson [Tue, 27 Jul 2004 00:19:58 +0000 (00:19 +0000)]
Oops, wrong version...
Dr. Stephen Henson [Tue, 27 Jul 2004 00:19:18 +0000 (00:19 +0000)]
Add FIPS library name to error routines.
Andy Polyakov [Mon, 26 Jul 2004 22:01:50 +0000 (22:01 +0000)]
This is so to say "damage control" for jumbo "cpuid" patch, see
http://cvs.openssl.org/chngview?cn=12493. Now all platform should
be operational, while SSE2 code pathes get engaged on ELF platforms
only.
Andy Polyakov [Mon, 26 Jul 2004 20:18:55 +0000 (20:18 +0000)]
Add framework for yet another assembler module dubbed "cpuid." Idea
is to have a placeholder to small routines, which can be written only
in assembler. In IA-32 case this includes processor capability
identification and access to Time-Stamp Counter. As discussed earlier
OPENSSL_ia32cap is introduced to control recently added SSE2 code
pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the
code is operational on ELF platforms only. I haven't checked it yet,
but I have all reasons to believe that Windows build should fail to
link too. I'll be looking into it shortly...
Andy Polyakov [Sun, 25 Jul 2004 20:24:49 +0000 (20:24 +0000)]
Zero key-length for HMAC is apparently OK.
Andy Polyakov [Sun, 25 Jul 2004 20:13:30 +0000 (20:13 +0000)]
Make bio_ok.c Microsoft compiler savvy.
Andy Polyakov [Sun, 25 Jul 2004 20:09:56 +0000 (20:09 +0000)]
Typos, typos...
Andy Polyakov [Sun, 25 Jul 2004 19:37:41 +0000 (19:37 +0000)]
Make bio_ok.c 64-bit savvy.
Andy Polyakov [Sun, 25 Jul 2004 19:25:05 +0000 (19:25 +0000)]
Stricter boundary condition check in HMAC_Init_ex.
Andy Polyakov [Sun, 25 Jul 2004 19:10:43 +0000 (19:10 +0000)]
Minor 64-bit md32_common.h update and minor unsignification of digests.
Andy Polyakov [Sun, 25 Jul 2004 18:57:35 +0000 (18:57 +0000)]
'apps/openssl dgst -help' update and minor apps/speed.c update.
Andy Polyakov [Sun, 25 Jul 2004 18:25:24 +0000 (18:25 +0000)]
Make SHA-256/-512 optional. Note that no-sha switches off *all* SHA.