oweals/openssl.git
21 years agoNo C++ comments in C programs!
Richard Levitte [Thu, 31 Jul 2003 21:41:51 +0000 (21:41 +0000)]
No C++ comments in C programs!

21 years agoIf FDIRS is to be treated like SDIRS, let's not forget to initialize
Richard Levitte [Thu, 31 Jul 2003 21:30:07 +0000 (21:30 +0000)]
If FDIRS is to be treated like SDIRS, let's not forget to initialize
it in Makefile.org.

21 years agoWhoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.
Ben Laurie [Wed, 30 Jul 2003 18:30:18 +0000 (18:30 +0000)]
Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.

21 years agoTest vectors and useless samples.
Ben Laurie [Tue, 29 Jul 2003 17:53:41 +0000 (17:53 +0000)]
Test vectors and useless samples.

21 years agoAES CFB8.
Ben Laurie [Tue, 29 Jul 2003 17:05:16 +0000 (17:05 +0000)]
AES CFB8.

21 years agoMissing files.
Ben Laurie [Tue, 29 Jul 2003 15:17:22 +0000 (15:17 +0000)]
Missing files.

21 years agoMMT for CFB1
Ben Laurie [Tue, 29 Jul 2003 14:34:48 +0000 (14:34 +0000)]
MMT for CFB1

21 years agoReformat.
Ben Laurie [Tue, 29 Jul 2003 14:06:02 +0000 (14:06 +0000)]
Reformat.

21 years agoThe rest of the keysizes for CFB1, working AES AVS test for CFB1.
Ben Laurie [Tue, 29 Jul 2003 13:24:27 +0000 (13:24 +0000)]
The rest of the keysizes for CFB1, working AES AVS test for CFB1.

21 years agoWorking CFB1 and test vectors.
Ben Laurie [Tue, 29 Jul 2003 10:56:56 +0000 (10:56 +0000)]
Working CFB1 and test vectors.

21 years agoAdd support for partial CFB modes, make tests work, update dependencies.
Ben Laurie [Mon, 28 Jul 2003 15:08:00 +0000 (15:08 +0000)]
Add support for partial CFB modes, make tests work, update dependencies.

21 years agoNew fingerprints.
Ben Laurie [Mon, 28 Jul 2003 09:56:08 +0000 (09:56 +0000)]
New fingerprints.

21 years agoBuild when not FIPS.
Ben Laurie [Sun, 27 Jul 2003 21:13:35 +0000 (21:13 +0000)]
Build when not FIPS.

21 years agoBuild in non-FIPS mode.
Ben Laurie [Sun, 27 Jul 2003 17:23:08 +0000 (17:23 +0000)]
Build in non-FIPS mode.

21 years agoUse unified diff.
Ben Laurie [Sun, 27 Jul 2003 17:19:28 +0000 (17:19 +0000)]
Use unified diff.

21 years agoUnfinished FIPS stuff for review/improvement.
Ben Laurie [Sun, 27 Jul 2003 17:00:51 +0000 (17:00 +0000)]
Unfinished FIPS stuff for review/improvement.

21 years agoAdd untested CFB-r mode. Will be tested soon.
Ben Laurie [Sun, 27 Jul 2003 13:46:57 +0000 (13:46 +0000)]
Add untested CFB-r mode. Will be tested soon.

21 years agotolerate extra data at end of client hello for SSL 3.0
Bodo Möller [Mon, 21 Jul 2003 15:17:49 +0000 (15:17 +0000)]
tolerate extra data at end of client hello for SSL 3.0

PR: 659

21 years agofix: 0.9.7 is based on 0.9.6h, not on 0.9.6k
Bodo Möller [Mon, 21 Jul 2003 15:08:03 +0000 (15:08 +0000)]
fix: 0.9.7 is based on 0.9.6h, not on 0.9.6k

typo in 0.9.6k section

21 years agoMake sure openssl.pc is readable by everyone.
Richard Levitte [Fri, 4 Jul 2003 11:41:15 +0000 (11:41 +0000)]
Make sure openssl.pc is readable by everyone.
PR: 654

21 years agoAdd a slash so grep doesn't return both ./crypto/bio/bss_mem.o and
Richard Levitte [Thu, 3 Jul 2003 21:43:39 +0000 (21:43 +0000)]
Add a slash so grep doesn't return both ./crypto/bio/bss_mem.o and
./crypto/mem.o when we're looking for mem.o.

21 years agoOops, I forgot to replace 'counter' with 'ivec' when used...
Richard Levitte [Thu, 3 Jul 2003 20:50:46 +0000 (20:50 +0000)]
Oops, I forgot to replace 'counter' with 'ivec' when used...

21 years agoThe convenience argumetn for -nameopt and -certopt is ca_default, not
Richard Levitte [Thu, 3 Jul 2003 07:46:54 +0000 (07:46 +0000)]
The convenience argumetn for -nameopt and -certopt is ca_default, not
default_ca.
PR: 653

21 years agoThe 'counter' is really the IV.
Richard Levitte [Thu, 3 Jul 2003 06:42:45 +0000 (06:42 +0000)]
The 'counter' is really the IV.

21 years agoChange AES-CTR to increment the IV by 1 instead of 2^64.
Richard Levitte [Thu, 3 Jul 2003 06:41:33 +0000 (06:41 +0000)]
Change AES-CTR to increment the IV by 1 instead of 2^64.

21 years agoClarify wording of verify_callback() behaviour.
Lutz Jänicke [Thu, 26 Jun 2003 14:03:33 +0000 (14:03 +0000)]
Clarify wording of verify_callback() behaviour.

21 years agoOnly remove old files if they exist. [Maing32].
Richard Levitte [Thu, 26 Jun 2003 11:58:04 +0000 (11:58 +0000)]
Only remove old files if they exist.  [Maing32].
Notified by Michael Gerdau <mgd@technosis.de>

21 years agoReturn EOF when an S/MIME part have been read.
Dr. Stephen Henson [Tue, 24 Jun 2003 17:12:22 +0000 (17:12 +0000)]
Return EOF when an S/MIME part have been read.

21 years agomake update
Richard Levitte [Thu, 19 Jun 2003 22:26:29 +0000 (22:26 +0000)]
make update

21 years agoDocument the last change.
Richard Levitte [Thu, 19 Jun 2003 19:04:20 +0000 (19:04 +0000)]
Document the last change.
PR: 587

21 years agoPrepare for changes in the 0.9.6 branch
Richard Levitte [Thu, 19 Jun 2003 19:01:11 +0000 (19:01 +0000)]
Prepare for changes in the 0.9.6 branch

21 years agoPrepare for changes in the 0.9.6 branch
Richard Levitte [Thu, 19 Jun 2003 18:59:30 +0000 (18:59 +0000)]
Prepare for changes in the 0.9.6 branch

21 years agoWe set the export flag for 512 *bit* keys, not 512 *byte* ones.
Richard Levitte [Thu, 19 Jun 2003 18:55:56 +0000 (18:55 +0000)]
We set the export flag for 512 *bit* keys, not 512 *byte* ones.
PR: 587

21 years agoTypo.
Richard Levitte [Thu, 19 Jun 2003 17:50:27 +0000 (17:50 +0000)]
Typo.

21 years agoEXIT() should mainly be exit(n), not return(n). OPENSSL_EXIT() will
Richard Levitte [Thu, 19 Jun 2003 17:01:42 +0000 (17:01 +0000)]
EXIT() should mainly be exit(n), not return(n).  OPENSSL_EXIT() will
take care of returning if necessary.

21 years agoTypo.
Richard Levitte [Thu, 12 Jun 2003 01:04:12 +0000 (01:04 +0000)]
Typo.
PR: 584

21 years agoDo not try to use non-existent gmtime_r() on SunOS4.
Richard Levitte [Thu, 12 Jun 2003 00:57:27 +0000 (00:57 +0000)]
Do not try to use non-existent gmtime_r() on SunOS4.
PR: 585

21 years agoMake sure ssize_t is defined on SunOS4.
Richard Levitte [Thu, 12 Jun 2003 00:56:33 +0000 (00:56 +0000)]
Make sure ssize_t is defined on SunOS4.
PR: 585

21 years agoMake sure DSO-dlfcn works properly on SunOS4.
Richard Levitte [Thu, 12 Jun 2003 00:51:59 +0000 (00:51 +0000)]
Make sure DSO-dlfcn works properly on SunOS4.
PR: 585

21 years agoTypo.
Richard Levitte [Wed, 11 Jun 2003 22:45:55 +0000 (22:45 +0000)]
Typo.
PR: 593

21 years agoAdd an entry for X509_TRUST_OBJECT_SIGN in trstandard[].
Richard Levitte [Wed, 11 Jun 2003 21:22:34 +0000 (21:22 +0000)]
Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[].
PR: 617

21 years agoHandle des_modes.pod properly.
Richard Levitte [Wed, 11 Jun 2003 19:44:40 +0000 (19:44 +0000)]
Handle des_modes.pod properly.
PR: 634

21 years agoMake sure to NUL-terminate the string on end-of-file (and error)
Richard Levitte [Wed, 11 Jun 2003 18:43:49 +0000 (18:43 +0000)]
Make sure to NUL-terminate the string on end-of-file (and error)
PR: 643

21 years agoDocument the AES_cbc_encrypt() change
Richard Levitte [Tue, 10 Jun 2003 04:42:42 +0000 (04:42 +0000)]
Document the AES_cbc_encrypt() change

21 years agoThe output from AES_cbc_encrypt() should be exact multiple blocks when encrypting
Richard Levitte [Tue, 10 Jun 2003 04:11:46 +0000 (04:11 +0000)]
The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting

21 years agoThis memset() in the ubsec ENGINE is a bug. Zeroing out the result array
Geoff Thorpe [Fri, 6 Jun 2003 17:53:24 +0000 (17:53 +0000)]
This memset() in the ubsec ENGINE is a bug. Zeroing out the result array
should not be necessary in any case, but more importantly the result and
input BIGNUMs could be the same, in which case this is clearly a problem.

Submitted by: Jonathan Hersch
Reviewed by: Joe Orton
Approved by: Geoff Thorpe

21 years agoReally get X509_CRL_CHECK_ALL right this time...
Dr. Stephen Henson [Wed, 4 Jun 2003 00:40:47 +0000 (00:40 +0000)]
Really get X509_CRL_CHECK_ALL right this time...

21 years agoClarify return value of SSL_connect() and SSL_accept() in case of the
Lutz Jänicke [Tue, 3 Jun 2003 09:59:10 +0000 (09:59 +0000)]
Clarify return value of SSL_connect() and SSL_accept() in case of the
WANT_READ and WANT_WRITE conditions.

21 years agoMove the base64 BIO fixes to 0.9.7-stable
Dr. Stephen Henson [Tue, 3 Jun 2003 00:11:37 +0000 (00:11 +0000)]
Move the base64 BIO fixes to 0.9.7-stable

21 years agoOnly count 'LF' as EOL in pk7_mime.c, this avoids incorrect
Dr. Stephen Henson [Mon, 2 Jun 2003 17:52:19 +0000 (17:52 +0000)]
Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect
results if CR+LF straddles the line buffer.

21 years agoStop checking for CRLF when start of buffer is reached.
Dr. Stephen Henson [Mon, 2 Jun 2003 01:03:08 +0000 (01:03 +0000)]
Stop checking for CRLF when start of buffer is reached.

21 years agoVarious S/MIME bug and compatibility fixes.
Dr. Stephen Henson [Sun, 1 Jun 2003 20:45:44 +0000 (20:45 +0000)]
Various S/MIME bug and compatibility fixes.

21 years agoClarify ordering of certificates when using certificate chains
Lutz Jänicke [Fri, 30 May 2003 07:45:50 +0000 (07:45 +0000)]
Clarify ordering of certificates when using certificate chains

21 years agoInclude openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration
Richard Levitte [Thu, 29 May 2003 22:22:34 +0000 (22:22 +0000)]
Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration
macros get properly defined.

21 years agoHave ASFLAGS be defined the same way as CFLAGS
Richard Levitte [Thu, 29 May 2003 22:20:57 +0000 (22:20 +0000)]
Have ASFLAGS be defined the same way as CFLAGS

21 years agoPR: 630
Richard Levitte [Thu, 29 May 2003 20:59:30 +0000 (20:59 +0000)]
PR: 630

Avoid looking outside the key_data array.

21 years agoAdd minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before)
Lutz Jänicke [Wed, 28 May 2003 20:24:20 +0000 (20:24 +0000)]
Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before)
Submitted by: dg@sunet.ru (Daniel Ginsburg)

PR: #613

21 years agoMove header file inclusion to prevent irritation of users forgetting to
Lutz Jänicke [Wed, 28 May 2003 19:56:04 +0000 (19:56 +0000)]
Move header file inclusion to prevent irritation of users forgetting to
call "make depend" after enabling or disabling ciphers...
Submitted by: Tal Mozes <talm@cyber-ark.com>

PR: #628

21 years agoPR: 627
Dr. Stephen Henson [Wed, 28 May 2003 17:28:42 +0000 (17:28 +0000)]
PR: 627

Allocate certificatePolicies correctly if CPS field is absent.

Fix various memory leaks in certificatePolicies.

21 years agoPR: 631
Dr. Stephen Henson [Wed, 28 May 2003 16:57:22 +0000 (16:57 +0000)]
PR: 631
Submitted by: Doug Sauder <dws+001@hunnysoft.com>

Fix bug in X509V3_get_d2i() when idx in not NULL.

21 years agoMake sure to compare unsigned against unsigned.
Richard Levitte [Wed, 28 May 2003 10:34:04 +0000 (10:34 +0000)]
Make sure to compare unsigned against unsigned.

21 years agoFix sign bugs.
Richard Levitte [Wed, 21 May 2003 14:29:33 +0000 (14:29 +0000)]
Fix sign bugs.
PR: 621

21 years agoMake sure EC_window_bits_for_scalar_size() returns a size_t
Richard Levitte [Wed, 21 May 2003 08:40:18 +0000 (08:40 +0000)]
Make sure EC_window_bits_for_scalar_size() returns a size_t

21 years agoFix docs.
Dr. Stephen Henson [Sun, 18 May 2003 23:10:22 +0000 (23:10 +0000)]
Fix docs.

21 years agoAdd correct DN entry for serialNumber.
Dr. Stephen Henson [Wed, 7 May 2003 23:20:41 +0000 (23:20 +0000)]
Add correct DN entry for serialNumber.

21 years ago/usr/lib/pkgconfig/openssl.pc was never installed in the RPM.
Richard Levitte [Wed, 7 May 2003 12:02:34 +0000 (12:02 +0000)]
/usr/lib/pkgconfig/openssl.pc was never installed in the RPM.
Notified by Bennett Todd <bet@rahul.net>.

21 years agoDO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function
Richard Levitte [Wed, 7 May 2003 11:38:13 +0000 (11:38 +0000)]
DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function
called downstream that need it to be non-const.  The fact that the RSA_METHOD
functions take the RSA* as a const doesn't matter, it just expresses that
*they* won't touch it.
PR: 602

21 years agoConstify RSA_sign() and RSA_verify().
Richard Levitte [Mon, 5 May 2003 13:55:23 +0000 (13:55 +0000)]
Constify RSA_sign() and RSA_verify().
PR: 602

21 years agoTypo.
Dr. Stephen Henson [Fri, 2 May 2003 11:42:17 +0000 (11:42 +0000)]
Typo.

21 years agofix typo
Bodo Möller [Tue, 22 Apr 2003 12:44:58 +0000 (12:44 +0000)]
fix typo

Submitted by: Nils Larsch

21 years agoMake it possible to affect the extension of man pages.
Richard Levitte [Mon, 21 Apr 2003 22:00:49 +0000 (22:00 +0000)]
Make it possible to affect the extension of man pages.
PR: 578

21 years agoMemory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.
Richard Levitte [Wed, 16 Apr 2003 06:25:29 +0000 (06:25 +0000)]
Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.
Memory leak fix: RSA_blinding_on() would leave a dangling pointer in
                 rsa->blinding under certain circumstances.
Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.

21 years agoMemory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()
Richard Levitte [Tue, 15 Apr 2003 13:01:50 +0000 (13:01 +0000)]
Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()

21 years agoinclude 'Changes between 0.9.6i and 0.9.6j'
Bodo Möller [Fri, 11 Apr 2003 15:01:42 +0000 (15:01 +0000)]
include 'Changes between 0.9.6i and 0.9.6j'

21 years agoThe release is tagged, time to work on 0.9.7c.
Richard Levitte [Thu, 10 Apr 2003 20:40:19 +0000 (20:40 +0000)]
The release is tagged, time to work on 0.9.7c.

21 years agoInclude the 0.9.6j news. OpenSSL_0_9_7b
Richard Levitte [Thu, 10 Apr 2003 20:37:53 +0000 (20:37 +0000)]
Include the 0.9.6j news.

This file will be retagged.

21 years agoForgot to code the status bits for release. This file will be
Richard Levitte [Thu, 10 Apr 2003 20:29:08 +0000 (20:29 +0000)]
Forgot to code the status bits for release.  This file will be
retagged.

21 years agoTime to release 0.9.7b.
Richard Levitte [Thu, 10 Apr 2003 20:22:15 +0000 (20:22 +0000)]
Time to release 0.9.7b.
The tag will be OpenSSL_0_9_7b.

21 years agomake update.
Richard Levitte [Thu, 10 Apr 2003 20:10:22 +0000 (20:10 +0000)]
make update.

21 years agoNew NEWS
Richard Levitte [Thu, 10 Apr 2003 19:33:11 +0000 (19:33 +0000)]
New NEWS

21 years agoRemove all those infernal stupid CR characters
Richard Levitte [Thu, 10 Apr 2003 19:11:35 +0000 (19:11 +0000)]
Remove all those infernal stupid CR characters

21 years agoThere's a problem building shared libraries on the sco5-gcc target. However,
Richard Levitte [Thu, 10 Apr 2003 18:36:34 +0000 (18:36 +0000)]
There's a problem building shared libraries on the sco5-gcc target.  However,
it's time for a release, so I'm just adding an enty in PROBLEMS, and will
hopefully solve this for a later release

21 years agoExplicitely tell the compiler we're mips3 for the target irix-mips3-cc.
Richard Levitte [Thu, 10 Apr 2003 05:46:55 +0000 (05:46 +0000)]
Explicitely tell the compiler we're mips3 for the target irix-mips3-cc.

21 years agoOnly call redirected rsa_sign or rsa_verify if the pointer is set.
Dr. Stephen Henson [Thu, 10 Apr 2003 01:13:37 +0000 (01:13 +0000)]
Only call redirected rsa_sign or rsa_verify if the pointer is set.

This allows, for example, a smart card to redirect rsa_sign and keep
the default rsa_verify.

21 years agoTypo.
Dr. Stephen Henson [Thu, 10 Apr 2003 00:03:22 +0000 (00:03 +0000)]
Typo.

21 years agoDont forget req.
Richard Levitte [Wed, 9 Apr 2003 06:50:39 +0000 (06:50 +0000)]
Dont forget req.

21 years agoTypo
Richard Levitte [Wed, 9 Apr 2003 05:25:22 +0000 (05:25 +0000)]
Typo

21 years agoSet LD_LIBRARY_PATH when linking, since OpenUnix' ld uses it to create
Richard Levitte [Tue, 8 Apr 2003 11:54:32 +0000 (11:54 +0000)]
Set LD_LIBRARY_PATH when linking, since OpenUnix' ld uses it to create
a library search path.

Correct typos.

21 years agoInclude rand.h, so RAND_status() and friends get properly declared.
Richard Levitte [Tue, 8 Apr 2003 11:07:13 +0000 (11:07 +0000)]
Include rand.h, so RAND_status() and friends get properly declared.

21 years agoFix ordering of compare functions: strncmp() must be used first, as it
Lutz Jänicke [Tue, 8 Apr 2003 06:28:34 +0000 (06:28 +0000)]
Fix ordering of compare functions: strncmp() must be used first, as it
the cipher name in the list is not guaranteed to be at least "buflen"
long.
PR: 567
Submitted by: "Matt Harren" <matth@cs.berkeley.edu>

21 years agoWe seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in
Richard Levitte [Tue, 8 Apr 2003 06:02:00 +0000 (06:02 +0000)]
We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in
form of unneeded direct calls through the engine pointer..

21 years agoWe seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form
Richard Levitte [Tue, 8 Apr 2003 06:00:17 +0000 (06:00 +0000)]
We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form
of unneeded includes of openssl/engine.h.

21 years agoRSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function
Richard Levitte [Mon, 7 Apr 2003 19:15:29 +0000 (19:15 +0000)]
RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function
pointers should be used.  It doesn't necessarely mean it should go through
the ENGINE framework.

21 years agoDo not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined.
Richard Levitte [Sat, 5 Apr 2003 21:21:29 +0000 (21:21 +0000)]
Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined.
PR: 564

21 years agomake update
Richard Levitte [Fri, 4 Apr 2003 14:41:40 +0000 (14:41 +0000)]
make update

21 years agoTransfer the changes to detect multiline comments and the GCC
Richard Levitte [Fri, 4 Apr 2003 14:21:04 +0000 (14:21 +0000)]
Transfer the changes to detect multiline comments and the GCC
extension __attribute__.

21 years agoMake %p and %# work properly, at least with pointers and floats.
Richard Levitte [Thu, 3 Apr 2003 23:35:16 +0000 (23:35 +0000)]
Make %p and %# work properly, at least with pointers and floats.

21 years agoIt's recommended to use req rather than x509 to create self-signed certificates
Richard Levitte [Thu, 3 Apr 2003 22:12:50 +0000 (22:12 +0000)]
It's recommended to use req rather than x509 to create self-signed certificates

21 years agoTypo correction
Richard Levitte [Thu, 3 Apr 2003 21:55:57 +0000 (21:55 +0000)]
Typo correction

21 years agoReset the version number of the issuer certificate? I believe this
Richard Levitte [Thu, 3 Apr 2003 18:50:48 +0000 (18:50 +0000)]
Reset the version number of the issuer certificate?  I believe this
hasn't been tested in a long while...