oweals/openssl.git
21 years agoReally get X509_CRL_CHECK_ALL right this time...
Dr. Stephen Henson [Wed, 4 Jun 2003 00:40:47 +0000 (00:40 +0000)]
Really get X509_CRL_CHECK_ALL right this time...

21 years agoClarify return value of SSL_connect() and SSL_accept() in case of the
Lutz Jänicke [Tue, 3 Jun 2003 09:59:10 +0000 (09:59 +0000)]
Clarify return value of SSL_connect() and SSL_accept() in case of the
WANT_READ and WANT_WRITE conditions.

21 years agoMove the base64 BIO fixes to 0.9.7-stable
Dr. Stephen Henson [Tue, 3 Jun 2003 00:11:37 +0000 (00:11 +0000)]
Move the base64 BIO fixes to 0.9.7-stable

21 years agoOnly count 'LF' as EOL in pk7_mime.c, this avoids incorrect
Dr. Stephen Henson [Mon, 2 Jun 2003 17:52:19 +0000 (17:52 +0000)]
Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect
results if CR+LF straddles the line buffer.

21 years agoStop checking for CRLF when start of buffer is reached.
Dr. Stephen Henson [Mon, 2 Jun 2003 01:03:08 +0000 (01:03 +0000)]
Stop checking for CRLF when start of buffer is reached.

21 years agoVarious S/MIME bug and compatibility fixes.
Dr. Stephen Henson [Sun, 1 Jun 2003 20:45:44 +0000 (20:45 +0000)]
Various S/MIME bug and compatibility fixes.

21 years agoClarify ordering of certificates when using certificate chains
Lutz Jänicke [Fri, 30 May 2003 07:45:50 +0000 (07:45 +0000)]
Clarify ordering of certificates when using certificate chains

21 years agoInclude openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration
Richard Levitte [Thu, 29 May 2003 22:22:34 +0000 (22:22 +0000)]
Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration
macros get properly defined.

21 years agoHave ASFLAGS be defined the same way as CFLAGS
Richard Levitte [Thu, 29 May 2003 22:20:57 +0000 (22:20 +0000)]
Have ASFLAGS be defined the same way as CFLAGS

21 years agoPR: 630
Richard Levitte [Thu, 29 May 2003 20:59:30 +0000 (20:59 +0000)]
PR: 630

Avoid looking outside the key_data array.

21 years agoAdd minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before)
Lutz Jänicke [Wed, 28 May 2003 20:24:20 +0000 (20:24 +0000)]
Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before)
Submitted by: dg@sunet.ru (Daniel Ginsburg)

PR: #613

21 years agoMove header file inclusion to prevent irritation of users forgetting to
Lutz Jänicke [Wed, 28 May 2003 19:56:04 +0000 (19:56 +0000)]
Move header file inclusion to prevent irritation of users forgetting to
call "make depend" after enabling or disabling ciphers...
Submitted by: Tal Mozes <talm@cyber-ark.com>

PR: #628

21 years agoPR: 627
Dr. Stephen Henson [Wed, 28 May 2003 17:28:42 +0000 (17:28 +0000)]
PR: 627

Allocate certificatePolicies correctly if CPS field is absent.

Fix various memory leaks in certificatePolicies.

21 years agoPR: 631
Dr. Stephen Henson [Wed, 28 May 2003 16:57:22 +0000 (16:57 +0000)]
PR: 631
Submitted by: Doug Sauder <dws+001@hunnysoft.com>

Fix bug in X509V3_get_d2i() when idx in not NULL.

21 years agoMake sure to compare unsigned against unsigned.
Richard Levitte [Wed, 28 May 2003 10:34:04 +0000 (10:34 +0000)]
Make sure to compare unsigned against unsigned.

21 years agoFix sign bugs.
Richard Levitte [Wed, 21 May 2003 14:29:33 +0000 (14:29 +0000)]
Fix sign bugs.
PR: 621

21 years agoMake sure EC_window_bits_for_scalar_size() returns a size_t
Richard Levitte [Wed, 21 May 2003 08:40:18 +0000 (08:40 +0000)]
Make sure EC_window_bits_for_scalar_size() returns a size_t

21 years agoFix docs.
Dr. Stephen Henson [Sun, 18 May 2003 23:10:22 +0000 (23:10 +0000)]
Fix docs.

21 years agoAdd correct DN entry for serialNumber.
Dr. Stephen Henson [Wed, 7 May 2003 23:20:41 +0000 (23:20 +0000)]
Add correct DN entry for serialNumber.

21 years ago/usr/lib/pkgconfig/openssl.pc was never installed in the RPM.
Richard Levitte [Wed, 7 May 2003 12:02:34 +0000 (12:02 +0000)]
/usr/lib/pkgconfig/openssl.pc was never installed in the RPM.
Notified by Bennett Todd <bet@rahul.net>.

21 years agoDO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function
Richard Levitte [Wed, 7 May 2003 11:38:13 +0000 (11:38 +0000)]
DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function
called downstream that need it to be non-const.  The fact that the RSA_METHOD
functions take the RSA* as a const doesn't matter, it just expresses that
*they* won't touch it.
PR: 602

21 years agoConstify RSA_sign() and RSA_verify().
Richard Levitte [Mon, 5 May 2003 13:55:23 +0000 (13:55 +0000)]
Constify RSA_sign() and RSA_verify().
PR: 602

21 years agoTypo.
Dr. Stephen Henson [Fri, 2 May 2003 11:42:17 +0000 (11:42 +0000)]
Typo.

21 years agofix typo
Bodo Möller [Tue, 22 Apr 2003 12:44:58 +0000 (12:44 +0000)]
fix typo

Submitted by: Nils Larsch

21 years agoMake it possible to affect the extension of man pages.
Richard Levitte [Mon, 21 Apr 2003 22:00:49 +0000 (22:00 +0000)]
Make it possible to affect the extension of man pages.
PR: 578

21 years agoMemory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.
Richard Levitte [Wed, 16 Apr 2003 06:25:29 +0000 (06:25 +0000)]
Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.
Memory leak fix: RSA_blinding_on() would leave a dangling pointer in
                 rsa->blinding under certain circumstances.
Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.

21 years agoMemory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()
Richard Levitte [Tue, 15 Apr 2003 13:01:50 +0000 (13:01 +0000)]
Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()

21 years agoinclude 'Changes between 0.9.6i and 0.9.6j'
Bodo Möller [Fri, 11 Apr 2003 15:01:42 +0000 (15:01 +0000)]
include 'Changes between 0.9.6i and 0.9.6j'

21 years agoThe release is tagged, time to work on 0.9.7c.
Richard Levitte [Thu, 10 Apr 2003 20:40:19 +0000 (20:40 +0000)]
The release is tagged, time to work on 0.9.7c.

21 years agoInclude the 0.9.6j news. OpenSSL_0_9_7b
Richard Levitte [Thu, 10 Apr 2003 20:37:53 +0000 (20:37 +0000)]
Include the 0.9.6j news.

This file will be retagged.

21 years agoForgot to code the status bits for release. This file will be
Richard Levitte [Thu, 10 Apr 2003 20:29:08 +0000 (20:29 +0000)]
Forgot to code the status bits for release.  This file will be
retagged.

21 years agoTime to release 0.9.7b.
Richard Levitte [Thu, 10 Apr 2003 20:22:15 +0000 (20:22 +0000)]
Time to release 0.9.7b.
The tag will be OpenSSL_0_9_7b.

21 years agomake update.
Richard Levitte [Thu, 10 Apr 2003 20:10:22 +0000 (20:10 +0000)]
make update.

21 years agoNew NEWS
Richard Levitte [Thu, 10 Apr 2003 19:33:11 +0000 (19:33 +0000)]
New NEWS

21 years agoRemove all those infernal stupid CR characters
Richard Levitte [Thu, 10 Apr 2003 19:11:35 +0000 (19:11 +0000)]
Remove all those infernal stupid CR characters

21 years agoThere's a problem building shared libraries on the sco5-gcc target. However,
Richard Levitte [Thu, 10 Apr 2003 18:36:34 +0000 (18:36 +0000)]
There's a problem building shared libraries on the sco5-gcc target.  However,
it's time for a release, so I'm just adding an enty in PROBLEMS, and will
hopefully solve this for a later release

21 years agoExplicitely tell the compiler we're mips3 for the target irix-mips3-cc.
Richard Levitte [Thu, 10 Apr 2003 05:46:55 +0000 (05:46 +0000)]
Explicitely tell the compiler we're mips3 for the target irix-mips3-cc.

21 years agoOnly call redirected rsa_sign or rsa_verify if the pointer is set.
Dr. Stephen Henson [Thu, 10 Apr 2003 01:13:37 +0000 (01:13 +0000)]
Only call redirected rsa_sign or rsa_verify if the pointer is set.

This allows, for example, a smart card to redirect rsa_sign and keep
the default rsa_verify.

21 years agoTypo.
Dr. Stephen Henson [Thu, 10 Apr 2003 00:03:22 +0000 (00:03 +0000)]
Typo.

21 years agoDont forget req.
Richard Levitte [Wed, 9 Apr 2003 06:50:39 +0000 (06:50 +0000)]
Dont forget req.

21 years agoTypo
Richard Levitte [Wed, 9 Apr 2003 05:25:22 +0000 (05:25 +0000)]
Typo

21 years agoSet LD_LIBRARY_PATH when linking, since OpenUnix' ld uses it to create
Richard Levitte [Tue, 8 Apr 2003 11:54:32 +0000 (11:54 +0000)]
Set LD_LIBRARY_PATH when linking, since OpenUnix' ld uses it to create
a library search path.

Correct typos.

21 years agoInclude rand.h, so RAND_status() and friends get properly declared.
Richard Levitte [Tue, 8 Apr 2003 11:07:13 +0000 (11:07 +0000)]
Include rand.h, so RAND_status() and friends get properly declared.

21 years agoFix ordering of compare functions: strncmp() must be used first, as it
Lutz Jänicke [Tue, 8 Apr 2003 06:28:34 +0000 (06:28 +0000)]
Fix ordering of compare functions: strncmp() must be used first, as it
the cipher name in the list is not guaranteed to be at least "buflen"
long.
PR: 567
Submitted by: "Matt Harren" <matth@cs.berkeley.edu>

21 years agoWe seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in
Richard Levitte [Tue, 8 Apr 2003 06:02:00 +0000 (06:02 +0000)]
We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in
form of unneeded direct calls through the engine pointer..

21 years agoWe seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form
Richard Levitte [Tue, 8 Apr 2003 06:00:17 +0000 (06:00 +0000)]
We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form
of unneeded includes of openssl/engine.h.

21 years agoRSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function
Richard Levitte [Mon, 7 Apr 2003 19:15:29 +0000 (19:15 +0000)]
RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function
pointers should be used.  It doesn't necessarely mean it should go through
the ENGINE framework.

21 years agoDo not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined.
Richard Levitte [Sat, 5 Apr 2003 21:21:29 +0000 (21:21 +0000)]
Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined.
PR: 564

21 years agomake update
Richard Levitte [Fri, 4 Apr 2003 14:41:40 +0000 (14:41 +0000)]
make update

21 years agoTransfer the changes to detect multiline comments and the GCC
Richard Levitte [Fri, 4 Apr 2003 14:21:04 +0000 (14:21 +0000)]
Transfer the changes to detect multiline comments and the GCC
extension __attribute__.

21 years agoMake %p and %# work properly, at least with pointers and floats.
Richard Levitte [Thu, 3 Apr 2003 23:35:16 +0000 (23:35 +0000)]
Make %p and %# work properly, at least with pointers and floats.

21 years agoIt's recommended to use req rather than x509 to create self-signed certificates
Richard Levitte [Thu, 3 Apr 2003 22:12:50 +0000 (22:12 +0000)]
It's recommended to use req rather than x509 to create self-signed certificates

21 years agoTypo correction
Richard Levitte [Thu, 3 Apr 2003 21:55:57 +0000 (21:55 +0000)]
Typo correction

21 years agoReset the version number of the issuer certificate? I believe this
Richard Levitte [Thu, 3 Apr 2003 18:50:48 +0000 (18:50 +0000)]
Reset the version number of the issuer certificate?  I believe this
hasn't been tested in a long while...

21 years agomake RSA blinding thread-safe
Bodo Möller [Wed, 2 Apr 2003 09:50:55 +0000 (09:50 +0000)]
make RSA blinding thread-safe

21 years agoIt seems like gcc-drivven shared library building on OpenUnix 8 requires
Richard Levitte [Tue, 1 Apr 2003 10:59:40 +0000 (10:59 +0000)]
It seems like gcc-drivven shared library building on OpenUnix 8 requires
-shared rather than -G.

21 years agoNo need to test -setalias twice.
Richard Levitte [Mon, 31 Mar 2003 13:56:55 +0000 (13:56 +0000)]
No need to test -setalias twice.
PR: 556

21 years agoDon't feil when indent is 0.
Richard Levitte [Mon, 31 Mar 2003 13:24:04 +0000 (13:24 +0000)]
Don't feil when indent is 0.
PR: 559

21 years agoAdd usage string for -fingerprint.
Richard Levitte [Mon, 31 Mar 2003 13:06:27 +0000 (13:06 +0000)]
Add usage string for -fingerprint.
PR: 560

21 years agoOpenUNIX 8 has some problems using -G with gcc. Maybe using gnu-shared works better...
Richard Levitte [Fri, 28 Mar 2003 08:57:09 +0000 (08:57 +0000)]
OpenUNIX 8 has some problems using -G with gcc.  Maybe using gnu-shared works better (will be tested tonight).

21 years agoAdd warning about unwanted side effect when calling SSL_CTX_free():
Lutz Jänicke [Thu, 27 Mar 2003 22:03:11 +0000 (22:03 +0000)]
Add warning about unwanted side effect when calling SSL_CTX_free():
sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>

PR: 547

21 years agoUpdate ocsp usage message and docs.
Dr. Stephen Henson [Wed, 26 Mar 2003 00:47:07 +0000 (00:47 +0000)]
Update ocsp usage message and docs.

21 years agoLet's limit the extent of the definition of _XOPEN_SOURCE.
Richard Levitte [Tue, 25 Mar 2003 21:17:31 +0000 (21:17 +0000)]
Let's limit the extent of the definition of _XOPEN_SOURCE.

21 years agoMissed a few dollars.
Richard Levitte [Tue, 25 Mar 2003 20:56:10 +0000 (20:56 +0000)]
Missed a few dollars.
PR: 528

21 years agoGet X509_V_FLAG_CRL_CHECK_ALL logic the right way round.
Dr. Stephen Henson [Mon, 24 Mar 2003 16:58:01 +0000 (16:58 +0000)]
Get X509_V_FLAG_CRL_CHECK_ALL logic the right way round.
PR:544

21 years agoGet X509_V_FLAG_CRL_CHECK_ALL logic the right way round.
Dr. Stephen Henson [Mon, 24 Mar 2003 16:57:08 +0000 (16:57 +0000)]
Get X509_V_FLAG_CRL_CHECK_ALL logic the right way round.
PR:544

21 years agoAdd SCO5 shared library scripts.
Lutz Jänicke [Sun, 23 Mar 2003 10:16:04 +0000 (10:16 +0000)]
Add SCO5 shared library scripts.
Upate SVR5 scripts for the upcoming 0.9.7b.
Submitted by: Boyd Lynn Gerber <gerberb@zenez.com>

21 years agoAdd documentation for -starttls (s_client) and -id_prefix (s_server).
Richard Levitte [Thu, 20 Mar 2003 16:34:29 +0000 (16:34 +0000)]
Add documentation for -starttls (s_client) and -id_prefix (s_server).
PR: 542

21 years agoSome shells (ksh in this case) don't say 'command not found'.
Richard Levitte [Thu, 20 Mar 2003 11:44:31 +0000 (11:44 +0000)]
Some shells (ksh in this case) don't say 'command not found'.
PR: 540

21 years agoSpelling errors.
Richard Levitte [Thu, 20 Mar 2003 11:42:01 +0000 (11:42 +0000)]
Spelling errors.
PR: 538

21 years agoMake sure that all the library paths are modified in prepend mode, not
Richard Levitte [Thu, 20 Mar 2003 11:37:55 +0000 (11:37 +0000)]
Make sure that all the library paths are modified in prepend mode, not
replace mode.
PR: 528

21 years agohinv may generate more than one line (1 line per CPU).
Richard Levitte [Thu, 20 Mar 2003 11:15:16 +0000 (11:15 +0000)]
hinv may generate more than one line (1 line per CPU).
PR: 520

21 years agoShut up an ANSI compiler about uninitialised variables.
Richard Levitte [Thu, 20 Mar 2003 10:57:12 +0000 (10:57 +0000)]
Shut up an ANSI compiler about uninitialised variables.
PR: 517

21 years agoAdd the target linux-ia64-ecc, suggested by Keith Thompson <kst@sdsc.edu>.
Richard Levitte [Thu, 20 Mar 2003 10:50:40 +0000 (10:50 +0000)]
Add the target linux-ia64-ecc, suggested by Keith Thompson <kst@sdsc.edu>.
PR: 516

21 years agocountermeasure against new Klima-Pokorny-Rosa atack
Bodo Möller [Wed, 19 Mar 2003 19:19:58 +0000 (19:19 +0000)]
countermeasure against new Klima-Pokorny-Rosa atack

21 years agomake sure RSA blinding works when the PRNG is not properly seeded;
Bodo Möller [Wed, 19 Mar 2003 18:58:55 +0000 (18:58 +0000)]
make sure RSA blinding works when the PRNG is not properly seeded;
enable it automatically only for the built-in engine

21 years agoFix Certificate and CRL adding in X509_load_cert_crl_file:
Dr. Stephen Henson [Wed, 19 Mar 2003 13:56:32 +0000 (13:56 +0000)]
Fix Certificate and CRL adding in X509_load_cert_crl_file:
an X509_INFO structure can contain more than one object,
for example a certififcate and a CRL.

21 years agofix formatting
Bodo Möller [Tue, 18 Mar 2003 12:50:21 +0000 (12:50 +0000)]
fix formatting

21 years agoTurn on RSA blinding by default.
Ben Laurie [Tue, 18 Mar 2003 12:12:10 +0000 (12:12 +0000)]
Turn on RSA blinding by default.

21 years agoFix for no-ec on Windows.
Dr. Stephen Henson [Sat, 15 Mar 2003 01:29:18 +0000 (01:29 +0000)]
Fix for no-ec on Windows.

21 years agoDon't give an error if response reason absent in OCSP HTTP.
Dr. Stephen Henson [Fri, 14 Mar 2003 23:37:17 +0000 (23:37 +0000)]
Don't give an error if response reason absent in OCSP HTTP.

21 years agoAdd entry for domainComponent so it is treated correctly.
Dr. Stephen Henson [Fri, 14 Mar 2003 01:45:44 +0000 (01:45 +0000)]
Add entry for domainComponent so it is treated correctly.

Add table order test to end of a_strnid.c

21 years agoGet the PEDANTIC stuff right this time...
Dr. Stephen Henson [Thu, 13 Mar 2003 21:26:31 +0000 (21:26 +0000)]
Get the PEDANTIC stuff right this time...

21 years agoFix a bone-head bug. This warrants a CHANGES entry because it could affect
Geoff Thorpe [Thu, 13 Mar 2003 20:23:19 +0000 (20:23 +0000)]
Fix a bone-head bug. This warrants a CHANGES entry because it could affect
applications if they were passing a bogus 'flags' parameter yet having
things work as they wanted anyway.

21 years agoReturn an error if gmtime returns NULL.
Dr. Stephen Henson [Thu, 13 Mar 2003 14:10:11 +0000 (14:10 +0000)]
Return an error if gmtime returns NULL.

21 years agoAvoid warnings for no-engine and PEDANTIC
Dr. Stephen Henson [Wed, 12 Mar 2003 02:38:35 +0000 (02:38 +0000)]
Avoid warnings for no-engine and PEDANTIC

21 years agoFixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE.
Dr. Stephen Henson [Wed, 12 Mar 2003 02:31:12 +0000 (02:31 +0000)]
Fixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE.

21 years agomemset problem has been handled
Bodo Möller [Fri, 28 Feb 2003 15:16:30 +0000 (15:16 +0000)]
memset problem has been handled

PR: 343

21 years agoEncryption BIOs misbehave when used with non blocking I/O.
Dr. Stephen Henson [Thu, 27 Feb 2003 14:08:44 +0000 (14:08 +0000)]
Encryption BIOs misbehave when used with non blocking I/O.

Two fixes:

1. If BIO_write() fails inside enc_write() it should return the
   total number of bytes successfully written.

2. If BIO_write() fails during BIO_flush() it should return immediately
   with the error code: previously it would fall through to the final
   encrypt, corrupting the buffer.

21 years agoTypo.
Dr. Stephen Henson [Thu, 27 Feb 2003 13:03:27 +0000 (13:03 +0000)]
Typo.

21 years agoyear 2003
Bodo Möller [Mon, 24 Feb 2003 17:16:32 +0000 (17:16 +0000)]
year 2003

21 years agoget rid of a bad character
Ulf Möller [Sat, 22 Feb 2003 23:13:55 +0000 (23:13 +0000)]
get rid of a bad character

21 years agoAdd instructions for building the MinGW target in Cygwin, and
Ulf Möller [Sat, 22 Feb 2003 23:00:25 +0000 (23:00 +0000)]
Add instructions for building the MinGW target in Cygwin, and
rearrange some of the other text for better readability.

21 years agoreplace symlink with copy, as in head
Ulf Möller [Sat, 22 Feb 2003 22:59:01 +0000 (22:59 +0000)]
replace symlink with copy, as in head

21 years agomingw related cleanups, as in head
Ulf Möller [Sat, 22 Feb 2003 18:02:46 +0000 (18:02 +0000)]
mingw related cleanups, as in head

21 years agoRemove duplication and have clean depend on libclean
Richard Levitte [Sat, 22 Feb 2003 15:04:06 +0000 (15:04 +0000)]
Remove duplication and have clean depend on libclean

21 years agomingw related changes as in head
Ulf Möller [Sat, 22 Feb 2003 01:25:37 +0000 (01:25 +0000)]
mingw related changes as in head

21 years agoLet's move on to development of 0.9.7b.
Richard Levitte [Wed, 19 Feb 2003 12:55:39 +0000 (12:55 +0000)]
Let's move on to development of 0.9.7b.

21 years agoTime to release 0.9.7a. OpenSSL_0_9_7a
Richard Levitte [Wed, 19 Feb 2003 12:33:55 +0000 (12:33 +0000)]
Time to release 0.9.7a.
The tag will be OpenSSL_0_9_7a.

21 years agoSecurity fix: Vaudenay timing attack on CBC.
Richard Levitte [Wed, 19 Feb 2003 12:04:16 +0000 (12:04 +0000)]
Security fix: Vaudenay timing attack on CBC.
An advisory will be posted to the web.  Expect a release within the hour.