Andy Polyakov [Thu, 2 Dec 2004 10:09:50 +0000 (10:09 +0000)]
Downstream update from HEAD
Dr. Stephen Henson [Wed, 1 Dec 2004 17:55:07 +0000 (17:55 +0000)]
Add two OIDs, make update
Andy Polyakov [Wed, 1 Dec 2004 15:45:34 +0000 (15:45 +0000)]
Complete backport of i386 RC4 assembler module from HEAD.
Andy Polyakov [Wed, 1 Dec 2004 15:30:50 +0000 (15:30 +0000)]
Downstream update from HEAD.
Dr. Stephen Henson [Wed, 1 Dec 2004 01:45:57 +0000 (01:45 +0000)]
Perform partial comparison of different character types in X509_NAME_cmp().
Andy Polyakov [Tue, 30 Nov 2004 18:00:33 +0000 (18:00 +0000)]
Back-port of RC4 assembler support for AMD64 from HEAD branch.
Andy Polyakov [Tue, 30 Nov 2004 17:53:44 +0000 (17:53 +0000)]
Downsync new and updated RC4 assembler modules from HEAD.
cvs2svn [Tue, 30 Nov 2004 15:46:47 +0000 (15:46 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
Andy Polyakov [Tue, 30 Nov 2004 15:46:46 +0000 (15:46 +0000)]
Add 0.9.7 specific comments to RC4 assembler modules.
Mark J. Cox [Tue, 30 Nov 2004 14:34:16 +0000 (14:34 +0000)]
Mention that the keys likely to have signed the distribution are now
listed on the web site for easy finding and downloading
Richard Levitte [Tue, 30 Nov 2004 12:18:55 +0000 (12:18 +0000)]
Split X509_check_ca() into a small self and an internal function
check_ca(), to resolve constness issue. check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().
Richard Levitte [Tue, 30 Nov 2004 12:18:53 +0000 (12:18 +0000)]
Split X509_check_ca() into a small self and an internal function
check_ca(), to resolve constness issue. check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().
Andy Polyakov [Mon, 29 Nov 2004 21:19:56 +0000 (21:19 +0000)]
sha1_block_asm_data_order can't hash if message crosses 2GB boundary.
Andy Polyakov [Mon, 29 Nov 2004 21:12:58 +0000 (21:12 +0000)]
Final touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core.
Richard Levitte [Mon, 29 Nov 2004 11:57:00 +0000 (11:57 +0000)]
Document the change.
Richard Levitte [Mon, 29 Nov 2004 11:56:57 +0000 (11:56 +0000)]
Document the change.
Richard Levitte [Mon, 29 Nov 2004 11:28:08 +0000 (11:28 +0000)]
Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct. As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
given)
Richard Levitte [Mon, 29 Nov 2004 11:18:00 +0000 (11:18 +0000)]
Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct. As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
given)
Andy Polyakov [Sat, 27 Nov 2004 15:14:58 +0000 (15:14 +0000)]
perlasm/x86[ms|nasm] update to accomodate updated RC4 assembler module.
Dr. Stephen Henson [Sat, 27 Nov 2004 13:02:34 +0000 (13:02 +0000)]
Remove unnecessary check and call BIO_free_all() on bio_out to avoid a
leak on VMS.
Dr. Stephen Henson [Sat, 27 Nov 2004 12:55:26 +0000 (12:55 +0000)]
Fix leaks and give an error if no argument specified in prime.c
Andy Polyakov [Fri, 26 Nov 2004 15:26:09 +0000 (15:26 +0000)]
Summarize recent RC4 tune-ups.
Andy Polyakov [Fri, 26 Nov 2004 15:12:17 +0000 (15:12 +0000)]
Engage RC4 IA-64 assembler module.
Andy Polyakov [Fri, 26 Nov 2004 15:07:50 +0000 (15:07 +0000)]
RC4 IA-64 assembler implementation.
Dr. Stephen Henson [Fri, 26 Nov 2004 01:06:39 +0000 (01:06 +0000)]
Typo.
Dr. Stephen Henson [Fri, 26 Nov 2004 01:04:55 +0000 (01:04 +0000)]
Typo.
Dr. Stephen Henson [Thu, 25 Nov 2004 18:22:13 +0000 (18:22 +0000)]
errstr manual page.
cvs2svn [Thu, 25 Nov 2004 18:21:27 +0000 (18:21 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
Dr. Stephen Henson [Thu, 25 Nov 2004 18:21:26 +0000 (18:21 +0000)]
Add errstr manual page
Dr. Stephen Henson [Thu, 25 Nov 2004 17:47:31 +0000 (17:47 +0000)]
Allow alternative manual sections to be embedded in .pod file comments.
Dr. Stephen Henson [Thu, 25 Nov 2004 14:14:25 +0000 (14:14 +0000)]
Update docs
Dr. Stephen Henson [Thu, 25 Nov 2004 14:11:25 +0000 (14:11 +0000)]
Update docs.
Dr. Stephen Henson [Wed, 24 Nov 2004 01:21:57 +0000 (01:21 +0000)]
Check return code of EVP_CipherInit() in PKCS#12 code.
Dr. Stephen Henson [Wed, 24 Nov 2004 01:21:03 +0000 (01:21 +0000)]
Check return code of EVP_CipherInit() in PKCS#12 code.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:40:32 +0000 (21:40 +0000)]
Typo.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:40:10 +0000 (21:40 +0000)]
Typo.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:22:54 +0000 (21:22 +0000)]
Fix memory leak.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:22:21 +0000 (21:22 +0000)]
Fix memory leak.
Andy Polyakov [Tue, 23 Nov 2004 09:06:12 +0000 (09:06 +0000)]
linux-x86_64 didn't link after EM64T RC4 tune-up...
Andy Polyakov [Sun, 21 Nov 2004 10:36:25 +0000 (10:36 +0000)]
RC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's
apparently impossible to compose blended code with would perform
satisfactory on all x86 and x86_64 cores, an extra RC4_CHAR
code-path is introduced and P4 core is detected at run-time. This
way we keep original performance on non-P4 implementations and
turbo-charge P4 performance by factor of 2.8x (on 32-bit core).
Dr. Stephen Henson [Wed, 17 Nov 2004 18:36:43 +0000 (18:36 +0000)]
In "req" exit immediately if configuration file is needed and it can't
be loaded instead of giving the misleading:
"unable to find 'distinguised_name' in config"
error message.
Dr. Stephen Henson [Wed, 17 Nov 2004 18:36:13 +0000 (18:36 +0000)]
In "req" exit immediately if configuration file is needed and it can't
be loaded instead of giving the misleading:
"unable to find 'distinguised_name' in config"
error message.
Dr. Stephen Henson [Wed, 17 Nov 2004 00:55:43 +0000 (00:55 +0000)]
Update X509v3 doc.
Dr. Stephen Henson [Tue, 16 Nov 2004 17:45:13 +0000 (17:45 +0000)]
Update X509v3 docs.
Dr. Stephen Henson [Tue, 16 Nov 2004 17:30:59 +0000 (17:30 +0000)]
PR: 910
Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.
Update docs.
Dr. Stephen Henson [Tue, 16 Nov 2004 14:09:12 +0000 (14:09 +0000)]
Initial pod documentation of X509V3 config file format.
Dr. Stephen Henson [Sun, 14 Nov 2004 15:40:25 +0000 (15:40 +0000)]
PR: 940
Typo: use prompt_info, not cb_data->prompt_info.
Dr. Stephen Henson [Sun, 14 Nov 2004 15:40:00 +0000 (15:40 +0000)]
PR: 940
Typo: use prompt_info, not cb_data->prompt_info.
Dr. Stephen Henson [Sun, 14 Nov 2004 15:11:37 +0000 (15:11 +0000)]
PR: 923
Typo.
Dr. Stephen Henson [Sun, 14 Nov 2004 15:11:16 +0000 (15:11 +0000)]
PR: 923
Typo.
Dr. Stephen Henson [Sun, 14 Nov 2004 13:55:48 +0000 (13:55 +0000)]
PR: 938
Typo.
Dr. Stephen Henson [Sun, 14 Nov 2004 13:55:16 +0000 (13:55 +0000)]
PR: 938
Typo.
Dr. Stephen Henson [Sun, 14 Nov 2004 00:08:36 +0000 (00:08 +0000)]
Zap obsolete der_chop script.
Dr. Stephen Henson [Sat, 13 Nov 2004 23:56:15 +0000 (23:56 +0000)]
Zap obsolete der_chop script.
Dr. Stephen Henson [Sat, 13 Nov 2004 13:52:34 +0000 (13:52 +0000)]
PR: 959
Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
Dr. Stephen Henson [Sat, 13 Nov 2004 13:38:58 +0000 (13:38 +0000)]
PR: 969
Submitted by: David Holmes <davidh@3blackdogs.com>
Dr. Stephen Henson [Sat, 13 Nov 2004 13:38:34 +0000 (13:38 +0000)]
PR: 969
Submitted by: David Holmes <davidh@3blackdogs.com>
Dr. Stephen Henson [Sat, 13 Nov 2004 13:26:24 +0000 (13:26 +0000)]
Fix x509.c so it creates serial number file again if no
serial number is supplied on command line.
Dr. Stephen Henson [Sat, 13 Nov 2004 13:26:06 +0000 (13:26 +0000)]
Fix x509.c so it creates serial number file again if no
serial number is supplied on command line.
Richard Levitte [Thu, 11 Nov 2004 19:36:25 +0000 (19:36 +0000)]
Cut'n'paste mistake. All tested OK now...
Richard Levitte [Thu, 11 Nov 2004 19:36:08 +0000 (19:36 +0000)]
Cut'n'paste mistake. All tested OK now...
Richard Levitte [Thu, 11 Nov 2004 18:58:01 +0000 (18:58 +0000)]
Whoops, syntactic mistake...
Richard Levitte [Thu, 11 Nov 2004 18:57:30 +0000 (18:57 +0000)]
Whoops, syntactic mistake...
Richard Levitte [Thu, 11 Nov 2004 18:18:43 +0000 (18:18 +0000)]
Some find it confusing that environment variables are set when shared
libraries aren't built or used. I can see the point, so I'm
reorganising a little for clarity.
Richard Levitte [Thu, 11 Nov 2004 18:18:10 +0000 (18:18 +0000)]
Some find it confusing that environment variables are set when shared
libraries aren't built or used. I can see the point, so I'm
reorganising a little for clarity.
Dr. Stephen Henson [Thu, 11 Nov 2004 13:47:06 +0000 (13:47 +0000)]
Use the default_md config file value when signing CRLs.
PR:662
Dr. Stephen Henson [Thu, 11 Nov 2004 13:46:44 +0000 (13:46 +0000)]
Use the default_md config file value when signing CRLs.
PR:662
Dr. Stephen Henson [Thu, 11 Nov 2004 02:13:08 +0000 (02:13 +0000)]
Don't return an error with crl -noout.
PR:917
Sumbmitted by: Michael Konietzka <konietzka@schlund.de>
Dr. Stephen Henson [Thu, 11 Nov 2004 02:12:48 +0000 (02:12 +0000)]
Don't return an error with crl -noout.
PR:917
Sumbmitted by: Michael Konietzka <konietzka@schlund.de>
Dr. Stephen Henson [Thu, 11 Nov 2004 01:18:57 +0000 (01:18 +0000)]
The use of "exp" as a variable name in a prototype causes a conflict with FC2
headers.
Andy Polyakov [Tue, 9 Nov 2004 17:23:26 +0000 (17:23 +0000)]
As was shown by Marc Bevand reordering of couple of load operations
results in even higher performance gain of 3.3x:-) At least on
Opteron...
Richard Levitte [Fri, 5 Nov 2004 09:12:18 +0000 (09:12 +0000)]
Make sure LD_PRELOAD is only set when we build shared libraries (and
therefore link with them). Add LD_PRELOAD setting code where it was
still missing.
PR: 966
Richard Levitte [Fri, 5 Nov 2004 09:12:10 +0000 (09:12 +0000)]
Make sure LD_PRELOAD is only set when we build shared libraries (and
therefore link with them). Add LD_PRELOAD setting code where it was
still missing.
PR: 966
Richard Levitte [Tue, 2 Nov 2004 23:55:01 +0000 (23:55 +0000)]
Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
Richard Levitte [Tue, 2 Nov 2004 23:53:31 +0000 (23:53 +0000)]
Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
Richard Levitte [Tue, 2 Nov 2004 01:13:04 +0000 (01:13 +0000)]
Because -rpath/-R may have been used, our settings of LD_LIBRARY_PATH
and friends may be entirely useless. In such a case, LD_PRELOAD is
the answer, at least on platforms using LD_LIBRARY_PATH. There might
be other variables to set on other platforms, please fill us in...
For now, we only do this with the tests, so they won't fail for silly
reasons like getting dynamically linked to older installed libraries
rather than the newly built ones...
PR: 960
Richard Levitte [Tue, 2 Nov 2004 01:13:02 +0000 (01:13 +0000)]
Because -rpath/-R may have been used, our settings of LD_LIBRARY_PATH
and friends may be entirely useless. In such a case, LD_PRELOAD is
the answer, at least on platforms using LD_LIBRARY_PATH. There might
be other variables to set on other platforms, please fill us in...
For now, we only do this with the tests, so they won't fail for silly
reasons like getting dynamically linked to older installed libraries
rather than the newly built ones...
PR: 960
Richard Levitte [Mon, 1 Nov 2004 08:20:28 +0000 (08:20 +0000)]
Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if not
already defined.
Richard Levitte [Mon, 1 Nov 2004 07:58:43 +0000 (07:58 +0000)]
Make sure memmove() is defined, even on SunOS 4.1.4.
PR: 963
Richard Levitte [Mon, 1 Nov 2004 07:58:38 +0000 (07:58 +0000)]
Make sure memmove() is defined, even on SunOS 4.1.4.
PR: 963
Dr. Stephen Henson [Tue, 26 Oct 2004 13:01:37 +0000 (13:01 +0000)]
Only add fips/dh once...
Richard Levitte [Tue, 26 Oct 2004 12:17:25 +0000 (12:17 +0000)]
fips/dh was missing in mkfiles.pl.
make update
Dr. Stephen Henson [Tue, 26 Oct 2004 11:47:14 +0000 (11:47 +0000)]
Add fips/dh directory to mkfiles.pl
Dr. Stephen Henson [Mon, 25 Oct 2004 17:11:19 +0000 (17:11 +0000)]
Update NEWS
Dr. Stephen Henson [Mon, 25 Oct 2004 12:36:33 +0000 (12:36 +0000)]
Update FAQ.
Dr. Stephen Henson [Mon, 25 Oct 2004 11:31:28 +0000 (11:31 +0000)]
Change version numbers to 0.9.7f-dev
Dr. Stephen Henson [Mon, 25 Oct 2004 11:24:39 +0000 (11:24 +0000)]
Updates for 0.9.7e release.
Dr. Stephen Henson [Mon, 25 Oct 2004 11:15:49 +0000 (11:15 +0000)]
Fix race condition.
Dr. Stephen Henson [Mon, 25 Oct 2004 11:14:16 +0000 (11:14 +0000)]
Fix race condition when SSL ciphers are initialized.
Dr. Stephen Henson [Mon, 25 Oct 2004 00:04:22 +0000 (00:04 +0000)]
make update
Geoff Thorpe [Thu, 21 Oct 2004 00:06:14 +0000 (00:06 +0000)]
Update ECDSA and ECDH for OPENSSL_NO_ENGINE.
Reported by: Maxim Masiutin
Submitted by: Nils Larsch
Dr. Stephen Henson [Wed, 20 Oct 2004 17:24:06 +0000 (17:24 +0000)]
Stop VC++ complaining...
Dr. Stephen Henson [Wed, 20 Oct 2004 00:54:27 +0000 (00:54 +0000)]
Update NEWS file.
Dr. Stephen Henson [Wed, 20 Oct 2004 00:48:15 +0000 (00:48 +0000)]
Typo.
Richard Levitte [Thu, 14 Oct 2004 05:52:07 +0000 (05:52 +0000)]
make update
Richard Levitte [Thu, 14 Oct 2004 05:51:15 +0000 (05:51 +0000)]
We need to check for OPENSSL_FIPS when building shared libraries, so
we get correct transfer vectors for those functions when required.
Richard Levitte [Thu, 14 Oct 2004 05:49:01 +0000 (05:49 +0000)]
Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up. Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.
Richard Levitte [Thu, 14 Oct 2004 05:48:59 +0000 (05:48 +0000)]
Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up. Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.
Ben Laurie [Fri, 8 Oct 2004 10:03:57 +0000 (10:03 +0000)]
Update fingerprints.
Dr. Stephen Henson [Mon, 4 Oct 2004 17:28:57 +0000 (17:28 +0000)]
Oops..