oweals/openssl.git
21 years agoChanges for release OpenSSL_0_9_7c
Dr. Stephen Henson [Tue, 30 Sep 2003 12:08:23 +0000 (12:08 +0000)]
Changes for release

21 years agoFix for ASN1 parsing bugs.
Dr. Stephen Henson [Tue, 30 Sep 2003 12:05:44 +0000 (12:05 +0000)]
Fix for ASN1 parsing bugs.

21 years agomake update
Dr. Stephen Henson [Mon, 29 Sep 2003 20:17:37 +0000 (20:17 +0000)]
make update

21 years agoFix to make it compile under Win32.
Dr. Stephen Henson [Mon, 29 Sep 2003 17:10:01 +0000 (17:10 +0000)]
Fix to make it compile under Win32.

21 years agoFurther VxWorks changes from Bob Bradley <bob@chaoticsoftware.com>, this
Richard Levitte [Sun, 28 Sep 2003 14:07:01 +0000 (14:07 +0000)]
Further VxWorks changes from Bob Bradley <bob@chaoticsoftware.com>, this
time involving VxWorks on MIPS

21 years agomake update
Richard Levitte [Sun, 28 Sep 2003 09:25:33 +0000 (09:25 +0000)]
make update

21 years agoUhmm, It seem to have forgotten one file when I committed the MSDOS
Richard Levitte [Sun, 28 Sep 2003 07:11:37 +0000 (07:11 +0000)]
Uhmm, It seem to have forgotten one file when I committed the MSDOS
change yesterday.
PR: 669

21 years agoChange the indentation from 12 to indent+4.
Richard Levitte [Sat, 27 Sep 2003 22:48:36 +0000 (22:48 +0000)]
Change the indentation from 12 to indent+4.
PR: 657

21 years agoMake MD5 assembler code able to handle messages larger than 2GB on 32-bit
Richard Levitte [Sat, 27 Sep 2003 22:14:47 +0000 (22:14 +0000)]
Make MD5 assembler code able to handle messages larger than 2GB on 32-bit
systems and above.
PR: 664

21 years agoSelected changes for MSDOS, contributed by Gisle Vanem <giva@bgnett.no>.
Richard Levitte [Sat, 27 Sep 2003 21:56:12 +0000 (21:56 +0000)]
Selected changes for MSDOS, contributed by Gisle Vanem <giva@bgnett.no>.
PR: 669

21 years agoAdd reference counting around the thread state hash table.
Richard Levitte [Sat, 27 Sep 2003 20:29:11 +0000 (20:29 +0000)]
Add reference counting around the thread state hash table.
Unfortunately, this means that the dynamic ENGINE version just went up, and
isn't backward compatible.
PR: 678

21 years agoHave ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B.
Richard Levitte [Sat, 27 Sep 2003 19:32:09 +0000 (19:32 +0000)]
Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B.
PR: 679

21 years agoHave ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B.
Richard Levitte [Sat, 27 Sep 2003 19:27:09 +0000 (19:27 +0000)]
Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B.
PR: 680

21 years agoRemove extra argument to BIO_printf().
Richard Levitte [Sat, 27 Sep 2003 18:31:41 +0000 (18:31 +0000)]
Remove extra argument to BIO_printf().
PR: 685

21 years agoInclude the instance in the Kerberos ticket information.
Richard Levitte [Sat, 27 Sep 2003 17:55:18 +0000 (17:55 +0000)]
Include the instance in the Kerberos ticket information.
In s_server, print the received Kerberos information.
PR: 693

21 years agoCorrect small documentation error.
Richard Levitte [Sat, 27 Sep 2003 10:39:19 +0000 (10:39 +0000)]
Correct small documentation error.
PR: 698

21 years agoFree the Kerberos context upon freeing the SSL.
Richard Levitte [Sat, 27 Sep 2003 07:33:28 +0000 (07:33 +0000)]
Free the Kerberos context upon freeing the SSL.
Contributed by Andrew Mann <amann@tccgi.com>

21 years agoAdd necessary changes to be able to build on VxWorks for PPC860.
Richard Levitte [Sat, 27 Sep 2003 07:24:47 +0000 (07:24 +0000)]
Add necessary changes to be able to build on VxWorks for PPC860.
Contributed by Bob Bradley <bob@chaoticsoftware.com>

21 years agoIn order to get the expected self signed error when
Dr. Stephen Henson [Sun, 21 Sep 2003 02:15:07 +0000 (02:15 +0000)]
In order to get the expected self signed error when
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.

21 years agoThese should be write-locks, not read-locks.
Geoff Thorpe [Mon, 8 Sep 2003 16:00:46 +0000 (16:00 +0000)]
These should be write-locks, not read-locks.

21 years agocertain changes have to be listed twice in this file because OpenSSL
Bodo Möller [Thu, 4 Sep 2003 12:52:10 +0000 (12:52 +0000)]
certain changes have to be listed twice in this file because OpenSSL
0.9.6h forked into 0.9.6i and 0.9.7 ...

21 years agoNew -ignore_err option in ocsp application to stop the server
Dr. Stephen Henson [Wed, 3 Sep 2003 23:54:00 +0000 (23:54 +0000)]
New -ignore_err option in ocsp application to stop the server
exiting on the first error in a request.

21 years agoOnly accept a client certificate if the server requests
Dr. Stephen Henson [Wed, 3 Sep 2003 23:42:17 +0000 (23:42 +0000)]
Only accept a client certificate if the server requests
one, as required by SSL/TLS specs.

21 years agooutlen should be int * in out_utf8.
Dr. Stephen Henson [Thu, 21 Aug 2003 12:31:17 +0000 (12:31 +0000)]
outlen should be int * in out_utf8.

21 years agofix out-of-bounds check in lock_dbg_cb (was too lose to detect all
Bodo Möller [Thu, 14 Aug 2003 10:33:26 +0000 (10:33 +0000)]
fix out-of-bounds check in lock_dbg_cb (was too lose to detect all
invalid cases)

PR: 674

21 years agoUndo the change that left LD_LIBRARY_PATH unchanged. The errors I saw
Richard Levitte [Thu, 14 Aug 2003 06:54:29 +0000 (06:54 +0000)]
Undo the change that left LD_LIBRARY_PATH unchanged.  The errors I saw
weren't due to that, but to a change on the SCO machines I used for
testing, where my $PATH was suddenly incorrect.

21 years agomake sure no error is left in the queue that is intentionally ignored
Bodo Möller [Mon, 11 Aug 2003 18:56:19 +0000 (18:56 +0000)]
make sure no error is left in the queue that is intentionally ignored

21 years agoDon't fiddle with LD_LIBRARY_PATH when building non-static.
Richard Levitte [Mon, 11 Aug 2003 11:46:01 +0000 (11:46 +0000)]
Don't fiddle with LD_LIBRARY_PATH when building non-static.

21 years agoOops, removed a little too much.
Richard Levitte [Mon, 11 Aug 2003 09:56:17 +0000 (09:56 +0000)]
Oops, removed a little too much.

21 years agomake update
Richard Levitte [Mon, 11 Aug 2003 09:53:24 +0000 (09:53 +0000)]
make update

21 years agoA new branch for FIPS-related changes has been created with the name
Richard Levitte [Mon, 11 Aug 2003 09:37:17 +0000 (09:37 +0000)]
A new branch for FIPS-related changes has been created with the name
OpenSSL-fips-0_9_7-stable.

Since the 0.9.7-stable branch is supposed to be in freeze and should
only contain bug corrections, this change removes the FIPS changes
from that branch.

21 years agoAvoid clashing with the regular DES functions when not compiling with
Richard Levitte [Fri, 8 Aug 2003 10:08:14 +0000 (10:08 +0000)]
Avoid clashing with the regular DES functions when not compiling with
-DFIPS.  This is basically only visible when building with shared
library supoort...

21 years agoCorrect two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:
Richard Levitte [Thu, 7 Aug 2003 11:57:21 +0000 (11:57 +0000)]
Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:

1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
   not CloseHandle.

21 years agoadd OpenSSL license
Bodo Möller [Wed, 6 Aug 2003 10:38:37 +0000 (10:38 +0000)]
add OpenSSL license

fix typo

21 years agomake update
Richard Levitte [Mon, 4 Aug 2003 13:26:14 +0000 (13:26 +0000)]
make update

(I'm quite worried about what this will do to compatibility with
earlier 0.9.7 versions)

21 years agoAdd an empty list of AES tests. At least, the test suite will pass,
Richard Levitte [Mon, 4 Aug 2003 12:03:56 +0000 (12:03 +0000)]
Add an empty list of AES tests.  At least, the test suite will pass,
and perhaps the conflict this generates on the person that hasn't yet
committed the real file will prompt him to do so :-).

21 years agoInclusion of openssl/engine.h should always be wrapped with a check that
Richard Levitte [Mon, 4 Aug 2003 10:12:38 +0000 (10:12 +0000)]
Inclusion of openssl/engine.h should always be wrapped with a check that
OPENSSL_NO_ENGINE is not defined.

21 years agoMake tests work (CFB1 still doesn't produce the right answers, strangely).
Ben Laurie [Sun, 3 Aug 2003 12:22:35 +0000 (12:22 +0000)]
Make tests work (CFB1 still doesn't produce the right answers, strangely).

21 years agoMake the EFB NIDs have empty OIDs aliased to the real EFB OID.
Dr. Stephen Henson [Fri, 1 Aug 2003 17:06:48 +0000 (17:06 +0000)]
Make the EFB NIDs have empty OIDs aliased to the real EFB OID.

21 years agoReplace C++ style comments.
Dr. Stephen Henson [Fri, 1 Aug 2003 13:07:29 +0000 (13:07 +0000)]
Replace C++ style comments.

21 years agoDES CFB8 test.
Ben Laurie [Fri, 1 Aug 2003 10:31:25 +0000 (10:31 +0000)]
DES CFB8 test.

21 years agoFix DES CFB-r.
Ben Laurie [Fri, 1 Aug 2003 10:25:58 +0000 (10:25 +0000)]
Fix DES CFB-r.

21 years agoNo C++ comments in C programs!
Richard Levitte [Thu, 31 Jul 2003 21:41:51 +0000 (21:41 +0000)]
No C++ comments in C programs!

21 years agoIf FDIRS is to be treated like SDIRS, let's not forget to initialize
Richard Levitte [Thu, 31 Jul 2003 21:30:07 +0000 (21:30 +0000)]
If FDIRS is to be treated like SDIRS, let's not forget to initialize
it in Makefile.org.

21 years agoWhoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.
Ben Laurie [Wed, 30 Jul 2003 18:30:18 +0000 (18:30 +0000)]
Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.

21 years agoTest vectors and useless samples.
Ben Laurie [Tue, 29 Jul 2003 17:53:41 +0000 (17:53 +0000)]
Test vectors and useless samples.

21 years agoAES CFB8.
Ben Laurie [Tue, 29 Jul 2003 17:05:16 +0000 (17:05 +0000)]
AES CFB8.

21 years agoMissing files.
Ben Laurie [Tue, 29 Jul 2003 15:17:22 +0000 (15:17 +0000)]
Missing files.

21 years agoMMT for CFB1
Ben Laurie [Tue, 29 Jul 2003 14:34:48 +0000 (14:34 +0000)]
MMT for CFB1

21 years agoReformat.
Ben Laurie [Tue, 29 Jul 2003 14:06:02 +0000 (14:06 +0000)]
Reformat.

21 years agoThe rest of the keysizes for CFB1, working AES AVS test for CFB1.
Ben Laurie [Tue, 29 Jul 2003 13:24:27 +0000 (13:24 +0000)]
The rest of the keysizes for CFB1, working AES AVS test for CFB1.

21 years agoWorking CFB1 and test vectors.
Ben Laurie [Tue, 29 Jul 2003 10:56:56 +0000 (10:56 +0000)]
Working CFB1 and test vectors.

21 years agoAdd support for partial CFB modes, make tests work, update dependencies.
Ben Laurie [Mon, 28 Jul 2003 15:08:00 +0000 (15:08 +0000)]
Add support for partial CFB modes, make tests work, update dependencies.

21 years agoNew fingerprints.
Ben Laurie [Mon, 28 Jul 2003 09:56:08 +0000 (09:56 +0000)]
New fingerprints.

21 years agoBuild when not FIPS.
Ben Laurie [Sun, 27 Jul 2003 21:13:35 +0000 (21:13 +0000)]
Build when not FIPS.

21 years agoBuild in non-FIPS mode.
Ben Laurie [Sun, 27 Jul 2003 17:23:08 +0000 (17:23 +0000)]
Build in non-FIPS mode.

21 years agoUse unified diff.
Ben Laurie [Sun, 27 Jul 2003 17:19:28 +0000 (17:19 +0000)]
Use unified diff.

21 years agoUnfinished FIPS stuff for review/improvement.
Ben Laurie [Sun, 27 Jul 2003 17:00:51 +0000 (17:00 +0000)]
Unfinished FIPS stuff for review/improvement.

21 years agoAdd untested CFB-r mode. Will be tested soon.
Ben Laurie [Sun, 27 Jul 2003 13:46:57 +0000 (13:46 +0000)]
Add untested CFB-r mode. Will be tested soon.

21 years agotolerate extra data at end of client hello for SSL 3.0
Bodo Möller [Mon, 21 Jul 2003 15:17:49 +0000 (15:17 +0000)]
tolerate extra data at end of client hello for SSL 3.0

PR: 659

21 years agofix: 0.9.7 is based on 0.9.6h, not on 0.9.6k
Bodo Möller [Mon, 21 Jul 2003 15:08:03 +0000 (15:08 +0000)]
fix: 0.9.7 is based on 0.9.6h, not on 0.9.6k

typo in 0.9.6k section

21 years agoMake sure openssl.pc is readable by everyone.
Richard Levitte [Fri, 4 Jul 2003 11:41:15 +0000 (11:41 +0000)]
Make sure openssl.pc is readable by everyone.
PR: 654

21 years agoAdd a slash so grep doesn't return both ./crypto/bio/bss_mem.o and
Richard Levitte [Thu, 3 Jul 2003 21:43:39 +0000 (21:43 +0000)]
Add a slash so grep doesn't return both ./crypto/bio/bss_mem.o and
./crypto/mem.o when we're looking for mem.o.

21 years agoOops, I forgot to replace 'counter' with 'ivec' when used...
Richard Levitte [Thu, 3 Jul 2003 20:50:46 +0000 (20:50 +0000)]
Oops, I forgot to replace 'counter' with 'ivec' when used...

21 years agoThe convenience argumetn for -nameopt and -certopt is ca_default, not
Richard Levitte [Thu, 3 Jul 2003 07:46:54 +0000 (07:46 +0000)]
The convenience argumetn for -nameopt and -certopt is ca_default, not
default_ca.
PR: 653

21 years agoThe 'counter' is really the IV.
Richard Levitte [Thu, 3 Jul 2003 06:42:45 +0000 (06:42 +0000)]
The 'counter' is really the IV.

21 years agoChange AES-CTR to increment the IV by 1 instead of 2^64.
Richard Levitte [Thu, 3 Jul 2003 06:41:33 +0000 (06:41 +0000)]
Change AES-CTR to increment the IV by 1 instead of 2^64.

21 years agoClarify wording of verify_callback() behaviour.
Lutz Jänicke [Thu, 26 Jun 2003 14:03:33 +0000 (14:03 +0000)]
Clarify wording of verify_callback() behaviour.

21 years agoOnly remove old files if they exist. [Maing32].
Richard Levitte [Thu, 26 Jun 2003 11:58:04 +0000 (11:58 +0000)]
Only remove old files if they exist.  [Maing32].
Notified by Michael Gerdau <mgd@technosis.de>

21 years agoReturn EOF when an S/MIME part have been read.
Dr. Stephen Henson [Tue, 24 Jun 2003 17:12:22 +0000 (17:12 +0000)]
Return EOF when an S/MIME part have been read.

21 years agomake update
Richard Levitte [Thu, 19 Jun 2003 22:26:29 +0000 (22:26 +0000)]
make update

21 years agoDocument the last change.
Richard Levitte [Thu, 19 Jun 2003 19:04:20 +0000 (19:04 +0000)]
Document the last change.
PR: 587

21 years agoPrepare for changes in the 0.9.6 branch
Richard Levitte [Thu, 19 Jun 2003 19:01:11 +0000 (19:01 +0000)]
Prepare for changes in the 0.9.6 branch

21 years agoPrepare for changes in the 0.9.6 branch
Richard Levitte [Thu, 19 Jun 2003 18:59:30 +0000 (18:59 +0000)]
Prepare for changes in the 0.9.6 branch

21 years agoWe set the export flag for 512 *bit* keys, not 512 *byte* ones.
Richard Levitte [Thu, 19 Jun 2003 18:55:56 +0000 (18:55 +0000)]
We set the export flag for 512 *bit* keys, not 512 *byte* ones.
PR: 587

21 years agoTypo.
Richard Levitte [Thu, 19 Jun 2003 17:50:27 +0000 (17:50 +0000)]
Typo.

21 years agoEXIT() should mainly be exit(n), not return(n). OPENSSL_EXIT() will
Richard Levitte [Thu, 19 Jun 2003 17:01:42 +0000 (17:01 +0000)]
EXIT() should mainly be exit(n), not return(n).  OPENSSL_EXIT() will
take care of returning if necessary.

21 years agoTypo.
Richard Levitte [Thu, 12 Jun 2003 01:04:12 +0000 (01:04 +0000)]
Typo.
PR: 584

21 years agoDo not try to use non-existent gmtime_r() on SunOS4.
Richard Levitte [Thu, 12 Jun 2003 00:57:27 +0000 (00:57 +0000)]
Do not try to use non-existent gmtime_r() on SunOS4.
PR: 585

21 years agoMake sure ssize_t is defined on SunOS4.
Richard Levitte [Thu, 12 Jun 2003 00:56:33 +0000 (00:56 +0000)]
Make sure ssize_t is defined on SunOS4.
PR: 585

21 years agoMake sure DSO-dlfcn works properly on SunOS4.
Richard Levitte [Thu, 12 Jun 2003 00:51:59 +0000 (00:51 +0000)]
Make sure DSO-dlfcn works properly on SunOS4.
PR: 585

21 years agoTypo.
Richard Levitte [Wed, 11 Jun 2003 22:45:55 +0000 (22:45 +0000)]
Typo.
PR: 593

21 years agoAdd an entry for X509_TRUST_OBJECT_SIGN in trstandard[].
Richard Levitte [Wed, 11 Jun 2003 21:22:34 +0000 (21:22 +0000)]
Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[].
PR: 617

21 years agoHandle des_modes.pod properly.
Richard Levitte [Wed, 11 Jun 2003 19:44:40 +0000 (19:44 +0000)]
Handle des_modes.pod properly.
PR: 634

21 years agoMake sure to NUL-terminate the string on end-of-file (and error)
Richard Levitte [Wed, 11 Jun 2003 18:43:49 +0000 (18:43 +0000)]
Make sure to NUL-terminate the string on end-of-file (and error)
PR: 643

21 years agoDocument the AES_cbc_encrypt() change
Richard Levitte [Tue, 10 Jun 2003 04:42:42 +0000 (04:42 +0000)]
Document the AES_cbc_encrypt() change

21 years agoThe output from AES_cbc_encrypt() should be exact multiple blocks when encrypting
Richard Levitte [Tue, 10 Jun 2003 04:11:46 +0000 (04:11 +0000)]
The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting

21 years agoThis memset() in the ubsec ENGINE is a bug. Zeroing out the result array
Geoff Thorpe [Fri, 6 Jun 2003 17:53:24 +0000 (17:53 +0000)]
This memset() in the ubsec ENGINE is a bug. Zeroing out the result array
should not be necessary in any case, but more importantly the result and
input BIGNUMs could be the same, in which case this is clearly a problem.

Submitted by: Jonathan Hersch
Reviewed by: Joe Orton
Approved by: Geoff Thorpe

21 years agoReally get X509_CRL_CHECK_ALL right this time...
Dr. Stephen Henson [Wed, 4 Jun 2003 00:40:47 +0000 (00:40 +0000)]
Really get X509_CRL_CHECK_ALL right this time...

21 years agoClarify return value of SSL_connect() and SSL_accept() in case of the
Lutz Jänicke [Tue, 3 Jun 2003 09:59:10 +0000 (09:59 +0000)]
Clarify return value of SSL_connect() and SSL_accept() in case of the
WANT_READ and WANT_WRITE conditions.

21 years agoMove the base64 BIO fixes to 0.9.7-stable
Dr. Stephen Henson [Tue, 3 Jun 2003 00:11:37 +0000 (00:11 +0000)]
Move the base64 BIO fixes to 0.9.7-stable

21 years agoOnly count 'LF' as EOL in pk7_mime.c, this avoids incorrect
Dr. Stephen Henson [Mon, 2 Jun 2003 17:52:19 +0000 (17:52 +0000)]
Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect
results if CR+LF straddles the line buffer.

21 years agoStop checking for CRLF when start of buffer is reached.
Dr. Stephen Henson [Mon, 2 Jun 2003 01:03:08 +0000 (01:03 +0000)]
Stop checking for CRLF when start of buffer is reached.

21 years agoVarious S/MIME bug and compatibility fixes.
Dr. Stephen Henson [Sun, 1 Jun 2003 20:45:44 +0000 (20:45 +0000)]
Various S/MIME bug and compatibility fixes.

21 years agoClarify ordering of certificates when using certificate chains
Lutz Jänicke [Fri, 30 May 2003 07:45:50 +0000 (07:45 +0000)]
Clarify ordering of certificates when using certificate chains

21 years agoInclude openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration
Richard Levitte [Thu, 29 May 2003 22:22:34 +0000 (22:22 +0000)]
Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration
macros get properly defined.

21 years agoHave ASFLAGS be defined the same way as CFLAGS
Richard Levitte [Thu, 29 May 2003 22:20:57 +0000 (22:20 +0000)]
Have ASFLAGS be defined the same way as CFLAGS

21 years agoPR: 630
Richard Levitte [Thu, 29 May 2003 20:59:30 +0000 (20:59 +0000)]
PR: 630

Avoid looking outside the key_data array.

21 years agoAdd minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before)
Lutz Jänicke [Wed, 28 May 2003 20:24:20 +0000 (20:24 +0000)]
Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before)
Submitted by: dg@sunet.ru (Daniel Ginsburg)

PR: #613

21 years agoMove header file inclusion to prevent irritation of users forgetting to
Lutz Jänicke [Wed, 28 May 2003 19:56:04 +0000 (19:56 +0000)]
Move header file inclusion to prevent irritation of users forgetting to
call "make depend" after enabling or disabling ciphers...
Submitted by: Tal Mozes <talm@cyber-ark.com>

PR: #628