oweals/openssl.git
20 years agoDownstream update from HEAD
Andy Polyakov [Thu, 2 Dec 2004 10:09:50 +0000 (10:09 +0000)]
Downstream update from HEAD

20 years agoAdd two OIDs, make update
Dr. Stephen Henson [Wed, 1 Dec 2004 17:55:07 +0000 (17:55 +0000)]
Add two OIDs, make update

20 years agoComplete backport of i386 RC4 assembler module from HEAD.
Andy Polyakov [Wed, 1 Dec 2004 15:45:34 +0000 (15:45 +0000)]
Complete backport of i386 RC4 assembler module from HEAD.

20 years agoDownstream update from HEAD.
Andy Polyakov [Wed, 1 Dec 2004 15:30:50 +0000 (15:30 +0000)]
Downstream update from HEAD.

20 years agoPerform partial comparison of different character types in X509_NAME_cmp().
Dr. Stephen Henson [Wed, 1 Dec 2004 01:45:57 +0000 (01:45 +0000)]
Perform partial comparison of different character types in X509_NAME_cmp().

20 years agoBack-port of RC4 assembler support for AMD64 from HEAD branch.
Andy Polyakov [Tue, 30 Nov 2004 18:00:33 +0000 (18:00 +0000)]
Back-port of RC4 assembler support for AMD64 from HEAD branch.

20 years agoDownsync new and updated RC4 assembler modules from HEAD.
Andy Polyakov [Tue, 30 Nov 2004 17:53:44 +0000 (17:53 +0000)]
Downsync new and updated RC4 assembler modules from HEAD.

20 years agoThis commit was manufactured by cvs2svn to create branch
cvs2svn [Tue, 30 Nov 2004 15:46:47 +0000 (15:46 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.

20 years agoAdd 0.9.7 specific comments to RC4 assembler modules.
Andy Polyakov [Tue, 30 Nov 2004 15:46:46 +0000 (15:46 +0000)]
Add 0.9.7 specific comments to RC4 assembler modules.

20 years agoMention that the keys likely to have signed the distribution are now
Mark J. Cox [Tue, 30 Nov 2004 14:34:16 +0000 (14:34 +0000)]
Mention that the keys likely to have signed the distribution are now
listed on the web site for easy finding and downloading

20 years agoSplit X509_check_ca() into a small self and an internal function
Richard Levitte [Tue, 30 Nov 2004 12:18:55 +0000 (12:18 +0000)]
Split X509_check_ca() into a small self and an internal function
check_ca(), to resolve constness issue.  check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().

20 years agoSplit X509_check_ca() into a small self and an internal function
Richard Levitte [Tue, 30 Nov 2004 12:18:53 +0000 (12:18 +0000)]
Split X509_check_ca() into a small self and an internal function
check_ca(), to resolve constness issue.  check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().

20 years agosha1_block_asm_data_order can't hash if message crosses 2GB boundary.
Andy Polyakov [Mon, 29 Nov 2004 21:19:56 +0000 (21:19 +0000)]
sha1_block_asm_data_order can't hash if message crosses 2GB boundary.

20 years agoFinal touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core.
Andy Polyakov [Mon, 29 Nov 2004 21:12:58 +0000 (21:12 +0000)]
Final touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core.

20 years agoDocument the change.
Richard Levitte [Mon, 29 Nov 2004 11:57:00 +0000 (11:57 +0000)]
Document the change.

20 years agoDocument the change.
Richard Levitte [Mon, 29 Nov 2004 11:56:57 +0000 (11:56 +0000)]
Document the change.

20 years agoMake an explicit check during certificate validation to see that the
Richard Levitte [Mon, 29 Nov 2004 11:28:08 +0000 (11:28 +0000)]
Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)

20 years agoMake an explicit check during certificate validation to see that the
Richard Levitte [Mon, 29 Nov 2004 11:18:00 +0000 (11:18 +0000)]
Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)

20 years agoperlasm/x86[ms|nasm] update to accomodate updated RC4 assembler module.
Andy Polyakov [Sat, 27 Nov 2004 15:14:58 +0000 (15:14 +0000)]
perlasm/x86[ms|nasm] update to accomodate updated RC4 assembler module.

20 years agoRemove unnecessary check and call BIO_free_all() on bio_out to avoid a
Dr. Stephen Henson [Sat, 27 Nov 2004 13:02:34 +0000 (13:02 +0000)]
Remove unnecessary check and call BIO_free_all() on bio_out to avoid a
leak on VMS.

20 years agoFix leaks and give an error if no argument specified in prime.c
Dr. Stephen Henson [Sat, 27 Nov 2004 12:55:26 +0000 (12:55 +0000)]
Fix leaks and give an error if no argument specified in prime.c

20 years agoSummarize recent RC4 tune-ups.
Andy Polyakov [Fri, 26 Nov 2004 15:26:09 +0000 (15:26 +0000)]
Summarize recent RC4 tune-ups.

20 years agoEngage RC4 IA-64 assembler module.
Andy Polyakov [Fri, 26 Nov 2004 15:12:17 +0000 (15:12 +0000)]
Engage RC4 IA-64 assembler module.

20 years agoRC4 IA-64 assembler implementation.
Andy Polyakov [Fri, 26 Nov 2004 15:07:50 +0000 (15:07 +0000)]
RC4 IA-64 assembler implementation.

20 years agoTypo.
Dr. Stephen Henson [Fri, 26 Nov 2004 01:06:39 +0000 (01:06 +0000)]
Typo.

20 years agoTypo.
Dr. Stephen Henson [Fri, 26 Nov 2004 01:04:55 +0000 (01:04 +0000)]
Typo.

20 years agoerrstr manual page.
Dr. Stephen Henson [Thu, 25 Nov 2004 18:22:13 +0000 (18:22 +0000)]
errstr manual page.

20 years agoThis commit was manufactured by cvs2svn to create branch
cvs2svn [Thu, 25 Nov 2004 18:21:27 +0000 (18:21 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.

20 years agoAdd errstr manual page
Dr. Stephen Henson [Thu, 25 Nov 2004 18:21:26 +0000 (18:21 +0000)]
Add errstr manual page

20 years agoAllow alternative manual sections to be embedded in .pod file comments.
Dr. Stephen Henson [Thu, 25 Nov 2004 17:47:31 +0000 (17:47 +0000)]
Allow alternative manual sections to be embedded in .pod file comments.

20 years agoUpdate docs
Dr. Stephen Henson [Thu, 25 Nov 2004 14:14:25 +0000 (14:14 +0000)]
Update docs

20 years agoUpdate docs.
Dr. Stephen Henson [Thu, 25 Nov 2004 14:11:25 +0000 (14:11 +0000)]
Update docs.

20 years agoCheck return code of EVP_CipherInit() in PKCS#12 code.
Dr. Stephen Henson [Wed, 24 Nov 2004 01:21:57 +0000 (01:21 +0000)]
Check return code of EVP_CipherInit() in PKCS#12 code.

20 years agoCheck return code of EVP_CipherInit() in PKCS#12 code.
Dr. Stephen Henson [Wed, 24 Nov 2004 01:21:03 +0000 (01:21 +0000)]
Check return code of EVP_CipherInit() in PKCS#12 code.

20 years agoTypo.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:40:32 +0000 (21:40 +0000)]
Typo.

20 years agoTypo.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:40:10 +0000 (21:40 +0000)]
Typo.

20 years agoFix memory leak.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:22:54 +0000 (21:22 +0000)]
Fix memory leak.

20 years agoFix memory leak.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:22:21 +0000 (21:22 +0000)]
Fix memory leak.

20 years agolinux-x86_64 didn't link after EM64T RC4 tune-up...
Andy Polyakov [Tue, 23 Nov 2004 09:06:12 +0000 (09:06 +0000)]
linux-x86_64 didn't link after EM64T RC4 tune-up...

20 years agoRC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's
Andy Polyakov [Sun, 21 Nov 2004 10:36:25 +0000 (10:36 +0000)]
RC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's
apparently impossible to compose blended code with would perform
satisfactory on all x86 and x86_64 cores, an extra RC4_CHAR
code-path is introduced and P4 core is detected at run-time. This
way we keep original performance on non-P4 implementations and
turbo-charge P4 performance by factor of 2.8x (on 32-bit core).

20 years agoIn "req" exit immediately if configuration file is needed and it can't
Dr. Stephen Henson [Wed, 17 Nov 2004 18:36:43 +0000 (18:36 +0000)]
In "req" exit immediately if configuration file is needed and it can't
be loaded instead of giving the misleading:

"unable to find 'distinguised_name' in config"

error message.

20 years agoIn "req" exit immediately if configuration file is needed and it can't
Dr. Stephen Henson [Wed, 17 Nov 2004 18:36:13 +0000 (18:36 +0000)]
In "req" exit immediately if configuration file is needed and it can't
be loaded instead of giving the misleading:

"unable to find 'distinguised_name' in config"

error message.

20 years agoUpdate X509v3 doc.
Dr. Stephen Henson [Wed, 17 Nov 2004 00:55:43 +0000 (00:55 +0000)]
Update X509v3 doc.

20 years agoUpdate X509v3 docs.
Dr. Stephen Henson [Tue, 16 Nov 2004 17:45:13 +0000 (17:45 +0000)]
Update X509v3 docs.

20 years agoPR: 910
Dr. Stephen Henson [Tue, 16 Nov 2004 17:30:59 +0000 (17:30 +0000)]
PR: 910

Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.

Update docs.

20 years agoInitial pod documentation of X509V3 config file format.
Dr. Stephen Henson [Tue, 16 Nov 2004 14:09:12 +0000 (14:09 +0000)]
Initial pod documentation of X509V3 config file format.

20 years agoPR: 940
Dr. Stephen Henson [Sun, 14 Nov 2004 15:40:25 +0000 (15:40 +0000)]
PR: 940

Typo: use prompt_info, not cb_data->prompt_info.

20 years agoPR: 940
Dr. Stephen Henson [Sun, 14 Nov 2004 15:40:00 +0000 (15:40 +0000)]
PR: 940

Typo: use prompt_info, not cb_data->prompt_info.

20 years agoPR: 923
Dr. Stephen Henson [Sun, 14 Nov 2004 15:11:37 +0000 (15:11 +0000)]
PR: 923

Typo.

20 years agoPR: 923
Dr. Stephen Henson [Sun, 14 Nov 2004 15:11:16 +0000 (15:11 +0000)]
PR: 923

Typo.

20 years agoPR: 938
Dr. Stephen Henson [Sun, 14 Nov 2004 13:55:48 +0000 (13:55 +0000)]
PR: 938

Typo.

20 years agoPR: 938
Dr. Stephen Henson [Sun, 14 Nov 2004 13:55:16 +0000 (13:55 +0000)]
PR: 938

Typo.

20 years agoZap obsolete der_chop script.
Dr. Stephen Henson [Sun, 14 Nov 2004 00:08:36 +0000 (00:08 +0000)]
Zap obsolete der_chop script.

20 years agoZap obsolete der_chop script.
Dr. Stephen Henson [Sat, 13 Nov 2004 23:56:15 +0000 (23:56 +0000)]
Zap obsolete der_chop script.

20 years agoPR: 959
Dr. Stephen Henson [Sat, 13 Nov 2004 13:52:34 +0000 (13:52 +0000)]
PR: 959

Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c

20 years agoPR: 969
Dr. Stephen Henson [Sat, 13 Nov 2004 13:38:58 +0000 (13:38 +0000)]
PR: 969
Submitted by: David Holmes <davidh@3blackdogs.com>

20 years agoPR: 969
Dr. Stephen Henson [Sat, 13 Nov 2004 13:38:34 +0000 (13:38 +0000)]
PR: 969
Submitted by: David Holmes <davidh@3blackdogs.com>

20 years agoFix x509.c so it creates serial number file again if no
Dr. Stephen Henson [Sat, 13 Nov 2004 13:26:24 +0000 (13:26 +0000)]
Fix x509.c so it creates serial number file again if no
serial number is supplied on command line.

20 years agoFix x509.c so it creates serial number file again if no
Dr. Stephen Henson [Sat, 13 Nov 2004 13:26:06 +0000 (13:26 +0000)]
Fix x509.c so it creates serial number file again if no
serial number is supplied on command line.

20 years agoCut'n'paste mistake. All tested OK now...
Richard Levitte [Thu, 11 Nov 2004 19:36:25 +0000 (19:36 +0000)]
Cut'n'paste mistake.  All tested OK now...

20 years agoCut'n'paste mistake. All tested OK now...
Richard Levitte [Thu, 11 Nov 2004 19:36:08 +0000 (19:36 +0000)]
Cut'n'paste mistake.  All tested OK now...

20 years agoWhoops, syntactic mistake...
Richard Levitte [Thu, 11 Nov 2004 18:58:01 +0000 (18:58 +0000)]
Whoops, syntactic mistake...

20 years agoWhoops, syntactic mistake...
Richard Levitte [Thu, 11 Nov 2004 18:57:30 +0000 (18:57 +0000)]
Whoops, syntactic mistake...

20 years agoSome find it confusing that environment variables are set when shared
Richard Levitte [Thu, 11 Nov 2004 18:18:43 +0000 (18:18 +0000)]
Some find it confusing that environment variables are set when shared
libraries aren't built or used.  I can see the point, so I'm
reorganising a little for clarity.

20 years agoSome find it confusing that environment variables are set when shared
Richard Levitte [Thu, 11 Nov 2004 18:18:10 +0000 (18:18 +0000)]
Some find it confusing that environment variables are set when shared
libraries aren't built or used.  I can see the point, so I'm
reorganising a little for clarity.

20 years agoUse the default_md config file value when signing CRLs.
Dr. Stephen Henson [Thu, 11 Nov 2004 13:47:06 +0000 (13:47 +0000)]
Use the default_md config file value when signing CRLs.

PR:662

20 years agoUse the default_md config file value when signing CRLs.
Dr. Stephen Henson [Thu, 11 Nov 2004 13:46:44 +0000 (13:46 +0000)]
Use the default_md config file value when signing CRLs.

PR:662

20 years agoDon't return an error with crl -noout.
Dr. Stephen Henson [Thu, 11 Nov 2004 02:13:08 +0000 (02:13 +0000)]
Don't return an error with crl -noout.

PR:917
Sumbmitted by: Michael Konietzka <konietzka@schlund.de>

20 years agoDon't return an error with crl -noout.
Dr. Stephen Henson [Thu, 11 Nov 2004 02:12:48 +0000 (02:12 +0000)]
Don't return an error with crl -noout.

PR:917
Sumbmitted by: Michael Konietzka <konietzka@schlund.de>

20 years agoThe use of "exp" as a variable name in a prototype causes a conflict with FC2
Dr. Stephen Henson [Thu, 11 Nov 2004 01:18:57 +0000 (01:18 +0000)]
The use of "exp" as a variable name in a prototype causes a conflict with FC2
headers.

20 years agoAs was shown by Marc Bevand reordering of couple of load operations
Andy Polyakov [Tue, 9 Nov 2004 17:23:26 +0000 (17:23 +0000)]
As was shown by Marc Bevand reordering of couple of load operations
results in even higher performance gain of 3.3x:-) At least on
Opteron...

20 years agoMake sure LD_PRELOAD is only set when we build shared libraries (and
Richard Levitte [Fri, 5 Nov 2004 09:12:18 +0000 (09:12 +0000)]
Make sure LD_PRELOAD is only set when we build shared libraries (and
therefore link with them).  Add LD_PRELOAD setting code where it was
still missing.

PR: 966

20 years agoMake sure LD_PRELOAD is only set when we build shared libraries (and
Richard Levitte [Fri, 5 Nov 2004 09:12:10 +0000 (09:12 +0000)]
Make sure LD_PRELOAD is only set when we build shared libraries (and
therefore link with them).  Add LD_PRELOAD setting code where it was
still missing.

PR: 966

20 years agoDon't use $(EXHEADER) directly in for loops, as most shells will break
Richard Levitte [Tue, 2 Nov 2004 23:55:01 +0000 (23:55 +0000)]
Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>

20 years agoDon't use $(EXHEADER) directly in for loops, as most shells will break
Richard Levitte [Tue, 2 Nov 2004 23:53:31 +0000 (23:53 +0000)]
Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>

20 years agoBecause -rpath/-R may have been used, our settings of LD_LIBRARY_PATH
Richard Levitte [Tue, 2 Nov 2004 01:13:04 +0000 (01:13 +0000)]
Because -rpath/-R may have been used, our settings of LD_LIBRARY_PATH
and friends may be entirely useless.  In such a case, LD_PRELOAD is
the answer, at least on platforms using LD_LIBRARY_PATH.  There might
be other variables to set on other platforms, please fill us in...

For now, we only do this with the tests, so they won't fail for silly
reasons like getting dynamically linked to older installed libraries
rather than the newly built ones...

PR: 960

20 years agoBecause -rpath/-R may have been used, our settings of LD_LIBRARY_PATH
Richard Levitte [Tue, 2 Nov 2004 01:13:02 +0000 (01:13 +0000)]
Because -rpath/-R may have been used, our settings of LD_LIBRARY_PATH
and friends may be entirely useless.  In such a case, LD_PRELOAD is
the answer, at least on platforms using LD_LIBRARY_PATH.  There might
be other variables to set on other platforms, please fill us in...

For now, we only do this with the tests, so they won't fail for silly
reasons like getting dynamically linked to older installed libraries
rather than the newly built ones...

PR: 960

20 years agoMake sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if not
Richard Levitte [Mon, 1 Nov 2004 08:20:28 +0000 (08:20 +0000)]
Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if not
already defined.

20 years agoMake sure memmove() is defined, even on SunOS 4.1.4.
Richard Levitte [Mon, 1 Nov 2004 07:58:43 +0000 (07:58 +0000)]
Make sure memmove() is defined, even on SunOS 4.1.4.
PR: 963

20 years agoMake sure memmove() is defined, even on SunOS 4.1.4.
Richard Levitte [Mon, 1 Nov 2004 07:58:38 +0000 (07:58 +0000)]
Make sure memmove() is defined, even on SunOS 4.1.4.
PR: 963

20 years agoOnly add fips/dh once...
Dr. Stephen Henson [Tue, 26 Oct 2004 13:01:37 +0000 (13:01 +0000)]
Only add fips/dh once...

20 years agofips/dh was missing in mkfiles.pl.
Richard Levitte [Tue, 26 Oct 2004 12:17:25 +0000 (12:17 +0000)]
fips/dh was missing in mkfiles.pl.
make update

20 years agoAdd fips/dh directory to mkfiles.pl
Dr. Stephen Henson [Tue, 26 Oct 2004 11:47:14 +0000 (11:47 +0000)]
Add fips/dh directory to mkfiles.pl

20 years agoUpdate NEWS
Dr. Stephen Henson [Mon, 25 Oct 2004 17:11:19 +0000 (17:11 +0000)]
Update NEWS

20 years agoUpdate FAQ.
Dr. Stephen Henson [Mon, 25 Oct 2004 12:36:33 +0000 (12:36 +0000)]
Update FAQ.

20 years agoChange version numbers to 0.9.7f-dev
Dr. Stephen Henson [Mon, 25 Oct 2004 11:31:28 +0000 (11:31 +0000)]
Change version numbers to 0.9.7f-dev

20 years agoUpdates for 0.9.7e release. OpenSSL_0_9_7e
Dr. Stephen Henson [Mon, 25 Oct 2004 11:24:39 +0000 (11:24 +0000)]
Updates for 0.9.7e release.

20 years agoFix race condition.
Dr. Stephen Henson [Mon, 25 Oct 2004 11:15:49 +0000 (11:15 +0000)]
Fix race condition.

20 years agoFix race condition when SSL ciphers are initialized.
Dr. Stephen Henson [Mon, 25 Oct 2004 11:14:16 +0000 (11:14 +0000)]
Fix race condition when SSL ciphers are initialized.

20 years agomake update
Dr. Stephen Henson [Mon, 25 Oct 2004 00:04:22 +0000 (00:04 +0000)]
make update

20 years agoUpdate ECDSA and ECDH for OPENSSL_NO_ENGINE.
Geoff Thorpe [Thu, 21 Oct 2004 00:06:14 +0000 (00:06 +0000)]
Update ECDSA and ECDH for OPENSSL_NO_ENGINE.

Reported by: Maxim Masiutin
Submitted by: Nils Larsch

20 years agoStop VC++ complaining...
Dr. Stephen Henson [Wed, 20 Oct 2004 17:24:06 +0000 (17:24 +0000)]
Stop VC++ complaining...

20 years agoUpdate NEWS file.
Dr. Stephen Henson [Wed, 20 Oct 2004 00:54:27 +0000 (00:54 +0000)]
Update NEWS file.

20 years agoTypo.
Dr. Stephen Henson [Wed, 20 Oct 2004 00:48:15 +0000 (00:48 +0000)]
Typo.

20 years agomake update
Richard Levitte [Thu, 14 Oct 2004 05:52:07 +0000 (05:52 +0000)]
make update

20 years agoWe need to check for OPENSSL_FIPS when building shared libraries, so
Richard Levitte [Thu, 14 Oct 2004 05:51:15 +0000 (05:51 +0000)]
We need to check for OPENSSL_FIPS when building shared libraries, so
we get correct transfer vectors for those functions when required.

20 years agoBecause libraries on Windows lack useful version information, the zlib
Richard Levitte [Thu, 14 Oct 2004 05:49:01 +0000 (05:49 +0000)]
Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up.  Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.

20 years agoBecause libraries on Windows lack useful version information, the zlib
Richard Levitte [Thu, 14 Oct 2004 05:48:59 +0000 (05:48 +0000)]
Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up.  Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.

20 years agoUpdate fingerprints.
Ben Laurie [Fri, 8 Oct 2004 10:03:57 +0000 (10:03 +0000)]
Update fingerprints.

20 years agoOops..
Dr. Stephen Henson [Mon, 4 Oct 2004 17:28:57 +0000 (17:28 +0000)]
Oops..