Geoff Thorpe [Fri, 2 Apr 2004 06:25:53 +0000 (06:25 +0000)]
Avoid undefined results when the parameter is out of range.
Dr. Stephen Henson [Sun, 28 Mar 2004 12:29:53 +0000 (12:29 +0000)]
Obsolete files.
Richard Levitte [Thu, 25 Mar 2004 20:09:02 +0000 (20:09 +0000)]
Move the definition of Win32_rename(), since the macro rename gets undefined
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853
Richard Levitte [Thu, 25 Mar 2004 20:01:08 +0000 (20:01 +0000)]
Wrap code starting with a definition.
PR: 854
Richard Levitte [Thu, 25 Mar 2004 19:52:36 +0000 (19:52 +0000)]
Change spaces to symbols in names.
PR: 856
Dr. Stephen Henson [Thu, 25 Mar 2004 00:57:23 +0000 (00:57 +0000)]
Make S/MIME encrypt work again.
Richard Levitte [Wed, 24 Mar 2004 10:55:50 +0000 (10:55 +0000)]
Don't define fd for platforms that do not use it, as some may not declare fileno() properly
Richard Levitte [Tue, 23 Mar 2004 21:01:42 +0000 (21:01 +0000)]
Make it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa)
Richard Levitte [Tue, 23 Mar 2004 17:52:25 +0000 (17:52 +0000)]
make update
Richard Levitte [Sun, 21 Mar 2004 23:03:55 +0000 (23:03 +0000)]
Correct minor spelling error.
PR: 845
Richard Levitte [Sun, 21 Mar 2004 22:50:24 +0000 (22:50 +0000)]
Change \t to real tab in echo argument.
PR: 847
Richard Levitte [Sun, 21 Mar 2004 22:39:59 +0000 (22:39 +0000)]
Remove a warning for conversion double->long. This has impacts on Windows.
PR: 849
Richard Levitte [Sun, 21 Mar 2004 22:36:30 +0000 (22:36 +0000)]
Make sure fd is defined where it should.
PR: 849
Richard Levitte [Fri, 19 Mar 2004 00:20:12 +0000 (00:20 +0000)]
Merge from HEAD:
2003-04-03 22:03 levitte
* apps/apps.c (1.70): Don't try to free NULL values...
Notified by "Steven Reddie" <smr@essemer.com.au>
Mark J. Cox [Wed, 17 Mar 2004 12:03:38 +0000 (12:03 +0000)]
After tagging
Mark J. Cox [Wed, 17 Mar 2004 12:01:19 +0000 (12:01 +0000)]
Fix null-pointer assignment in do_change_cipher_spec() revealed
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
(CAN-2004-0112)
Ready for 0.9.7d build
Submitted by: Steven Henson
Reviewed by: Joe Orton
Approved by: Mark Cox
Dr. Stephen Henson [Tue, 16 Mar 2004 13:50:18 +0000 (13:50 +0000)]
Avoid warnings.
Richard Levitte [Mon, 15 Mar 2004 23:06:59 +0000 (23:06 +0000)]
As in 0.9.8-dev, make sure we use unsigned constants, or some
compilers may complain.
Andy Polyakov [Fri, 12 Mar 2004 21:33:04 +0000 (21:33 +0000)]
Fix typo in "IRIX 6.x shared build fix-up."
Andy Polyakov [Fri, 12 Mar 2004 21:24:45 +0000 (21:24 +0000)]
IRIX 6.x shared build fix-up.
Dr. Stephen Henson [Mon, 8 Mar 2004 13:07:07 +0000 (13:07 +0000)]
Incorporate crlNumber functionality from 0.9.8 except it is commented out
in openssl.cnf .
Richard Levitte [Mon, 8 Mar 2004 02:53:46 +0000 (02:53 +0000)]
Incorporate the following changes from 0.9.8-dev:
2003-04-04 17:10 levitte
* apps/: apps.c (1.72), apps.h (1.56), ca.c (1.135), x509.c (1.82):
Convert save_serial() to work like save_index(), and add a
rotate_serial() that works like rotate_index().
2003-04-03 20:07 levitte
* apps/: apps.c (1.69), ca.c (1.130): Conditionalise all debug
strings.
2003-04-03 18:33 levitte
* apps/apps.c (1.68), apps/apps.h (1.55), apps/ca.c (1.129),
apps/ocsp.c (1.31), apps/openssl.cnf (1.24), apps/x509.c (1.80),
CHANGES (1.1139): Make it possible to have multiple active
certificates with the same subject.
Dr. Stephen Henson [Fri, 5 Mar 2004 23:47:39 +0000 (23:47 +0000)]
Cleanup ASN1 OID module when it exits.
Dr. Stephen Henson [Fri, 5 Mar 2004 23:45:08 +0000 (23:45 +0000)]
Call autoconfig code in pkcs7 utility.
Dr. Stephen Henson [Fri, 5 Mar 2004 23:39:12 +0000 (23:39 +0000)]
Memory leak fix.
Dr. Stephen Henson [Fri, 5 Mar 2004 17:16:06 +0000 (17:16 +0000)]
Various X509 fixes. Disable broken certificate workarounds
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
Dr. Stephen Henson [Thu, 4 Mar 2004 21:58:13 +0000 (21:58 +0000)]
-passin argument to rsautl
Dr. Stephen Henson [Thu, 4 Mar 2004 21:41:59 +0000 (21:41 +0000)]
Typos.
Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>
Richard Levitte [Thu, 4 Mar 2004 07:48:00 +0000 (07:48 +0000)]
Make our page with pointers to binary distributions visible in the FAQ
Dr. Stephen Henson [Tue, 2 Mar 2004 12:46:30 +0000 (12:46 +0000)]
More configuration docs.
Dr. Stephen Henson [Tue, 2 Mar 2004 01:00:24 +0000 (01:00 +0000)]
Documentation of the KISS autoconfig functions.
Dr. Stephen Henson [Mon, 1 Mar 2004 19:15:54 +0000 (19:15 +0000)]
More autoconfig docs.
Richard Levitte [Mon, 1 Mar 2004 14:58:25 +0000 (14:58 +0000)]
Avoid a memory leak in OCSP_parse_url().
Notified by Paul Siegel <psiegel@corestreet.com>
Dr. Stephen Henson [Mon, 1 Mar 2004 13:23:41 +0000 (13:23 +0000)]
Fix from head.
Dr. Stephen Henson [Mon, 1 Mar 2004 01:04:58 +0000 (01:04 +0000)]
Initial docs for the OpenSSL library configuration via openssl.cnf
Richard Levitte [Fri, 27 Feb 2004 02:24:54 +0000 (02:24 +0000)]
AES is spelled AES, not ASE. Oops...
Richard Levitte [Thu, 26 Feb 2004 22:07:47 +0000 (22:07 +0000)]
Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also.
PR: 833
Richard Levitte [Thu, 26 Feb 2004 21:44:43 +0000 (21:44 +0000)]
Document the AES options for 'openssl smime'.
PR: 834
Dr. Stephen Henson [Thu, 19 Feb 2004 18:17:35 +0000 (18:17 +0000)]
Use an OCTET STRING for the encoding of an OCSP nonce value.
The old raw format can't be handled by some implementations
and updates to RFC2560 will make the OCTET STRING mandatory.
Dr. Stephen Henson [Sun, 8 Feb 2004 13:30:33 +0000 (13:30 +0000)]
Fix handling of -offset and -length in asn1parse tool.
If -offset exceeds -length of data available exit with an error.
Don't read past end of total data available when -offset supplied.
If -length exceeds total available truncate it.
Andy Polyakov [Sat, 7 Feb 2004 09:46:47 +0000 (09:46 +0000)]
Typo in crypto/bn/asm/x86_64.c, bn_div_words().
PR: 821
Dr. Stephen Henson [Sun, 1 Feb 2004 13:37:56 +0000 (13:37 +0000)]
Add flag to avoid continuous
memory allocate when calling EVP_MD_CTX_copy_ex().
Without this HMAC is several times slower than
< 0.9.7.
Richard Levitte [Thu, 29 Jan 2004 10:23:54 +0000 (10:23 +0000)]
make update
Richard Levitte [Thu, 29 Jan 2004 09:41:01 +0000 (09:41 +0000)]
Have the declarations match the definitions.
Richard Levitte [Thu, 29 Jan 2004 02:55:47 +0000 (02:55 +0000)]
Typo
Richard Levitte [Thu, 29 Jan 2004 00:05:54 +0000 (00:05 +0000)]
Make n unsigned, to avoid signed vs. unsigned conflicts.
Richard Levitte [Thu, 29 Jan 2004 00:03:05 +0000 (00:03 +0000)]
-Wstrict-prototypes is too much for 0.9.7-stable (there are tons of
non-strict prototypes, all right? Kind of shadows the few other
warnings so I keep missing them :-)).
Richard Levitte [Wed, 28 Jan 2004 23:31:20 +0000 (23:31 +0000)]
0.9.7-stable is in freeze. That means we do bug fixes only, not new
functionality. Therefore, I'm backing out most of the "CFB DES
sync-up with FIPS branch" commit (I'm keeping the corrections of
DES_cfb_encrypt()).
Richard Levitte [Wed, 28 Jan 2004 08:48:15 +0000 (08:48 +0000)]
Unsigned vs. signed problem removed
Andy Polyakov [Tue, 27 Jan 2004 21:46:19 +0000 (21:46 +0000)]
CFB DES sync-up with FIPS branch.
Richard Levitte [Tue, 27 Jan 2004 01:16:09 +0000 (01:16 +0000)]
Avoid signed vs. unsigned warnings (which are treated like errors on
Windows).
Richard Levitte [Mon, 26 Jan 2004 23:46:03 +0000 (23:46 +0000)]
S_IFBLK and S_IFCHR may not exist in some places (like Windows), so
let's check for those macros, and if they aren't defined, let's assume
there aren't Unixly devices on this platform.
Richard Levitte [Thu, 22 Jan 2004 22:36:48 +0000 (22:36 +0000)]
Typo...
Dr. Stephen Henson [Wed, 21 Jan 2004 13:04:58 +0000 (13:04 +0000)]
Replace expired certificate.
Andy Polyakov [Wed, 21 Jan 2004 10:07:23 +0000 (10:07 +0000)]
TABLE update for hpux64-paric2-gcc, addenum for HPUX64 gcc build update.
Andy Polyakov [Wed, 21 Jan 2004 09:58:18 +0000 (09:58 +0000)]
Proper support for HP-UX64 gcc build.
PR: 772
Andy Polyakov [Wed, 21 Jan 2004 08:19:36 +0000 (08:19 +0000)]
SHA-1 assembler tune-up for Intel P4
Richard Levitte [Sat, 10 Jan 2004 18:04:36 +0000 (18:04 +0000)]
Adding a slash between the directoryt and the file is a problem with
VMS. The C RTL can handle it well if the "directory" is a logical
name with no colon, therefore ending being 'logname/file'. However,
if the given logical names actually has a colon, or if you use a full
VMS-syntax directory, you end up with 'logname:/file' or
'dev:[dir1.dir2]/file', and that isn't handled in any good way.
So, on VMS, we need to check if the directory string ends with a
separator (one of ':', ']' or '>' (< and > can be used instead [ and
])), and handle that by not inserting anything between the directory
spec and the file name. In all other cases, it's assumed the
directory spec is a logical name, so we need to place a colon between
it and the file.
Notified by Kevin Greaney <kevin.greaney@hp.com>.
Lutz Jänicke [Thu, 8 Jan 2004 07:46:12 +0000 (07:46 +0000)]
Cover all DSA setups when running tests
PR: #748
Submitted by: Kirill Kochetkov <kochet@ixbt.com>
Lutz Jänicke [Thu, 8 Jan 2004 07:39:33 +0000 (07:39 +0000)]
Updates to s_time manual page
PR: #570
Submitted by: Martin Witzel <MWITZEL@de.ibm.com>
Lutz Jänicke [Sun, 4 Jan 2004 19:03:51 +0000 (19:03 +0000)]
One more change to merge from -dev.
Lutz Jänicke [Sun, 4 Jan 2004 19:00:17 +0000 (19:00 +0000)]
Add s_time manual page
Submitted by: "Martin Witzel" <MWITZEL@de.ibm.com>
PR: #570
cvs2svn [Sun, 4 Jan 2004 18:59:15 +0000 (18:59 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
Lutz Jänicke [Sun, 4 Jan 2004 18:59:14 +0000 (18:59 +0000)]
Add s_time manual page
Submitted by: "Martin Witzel" <MWITZEL@de.ibm.com>
PR: #570
Lutz Jänicke [Sun, 4 Jan 2004 18:06:51 +0000 (18:06 +0000)]
Update URI
Submitted by: Gertjan van Oosten <gertjan@West.NL>
PR: #804
Lutz Jänicke [Sun, 4 Jan 2004 18:05:50 +0000 (18:05 +0000)]
Update URI
Submitted by: Gertjan van Oosten <gertjan@West.NL>
PR: #804
Lutz Jänicke [Sun, 4 Jan 2004 17:54:02 +0000 (17:54 +0000)]
unintptr_t and <inttypes.h> are not strictly portable with respect to
ANSI C 89.
Undo change to maintain compatibility.
Lutz Jänicke [Sun, 4 Jan 2004 17:53:21 +0000 (17:53 +0000)]
unintptr_t and <inttypes.h> are not strictly portable with respect to
ANSI C 89.
Undo change to maintain compatibility.
Richard Levitte [Sat, 27 Dec 2003 16:13:18 +0000 (16:13 +0000)]
Fix Perl problems on sparc64.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 16:13:16 +0000 (16:13 +0000)]
Fix Perl problems on sparc64.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 16:10:30 +0000 (16:10 +0000)]
Avoid including cryptlib.h, it's not really needed.
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 16:09:59 +0000 (16:09 +0000)]
Avoid including cryptlib.h, it's not really needed.
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 16:07:20 +0000 (16:07 +0000)]
Only use environment variables if uid and gid are the same as euid and egid.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 16:07:18 +0000 (16:07 +0000)]
Only use environment variables if uid and gid are the same as euid and egid.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 16:02:22 +0000 (16:02 +0000)]
Check if a random "file" is really a device file, and treat it
specially if it is.
Add a few OpenBSD-specific cases.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 16:01:52 +0000 (16:01 +0000)]
Check if a random "file" is really a device file, and treat it
specially if it is.
Add a few OpenBSD-specific cases.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 15:05:26 +0000 (15:05 +0000)]
Correct documentation typos.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 15:04:54 +0000 (15:04 +0000)]
Correct documentation typos.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 15:02:56 +0000 (15:02 +0000)]
OpenBSD-internal changes.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 15:02:54 +0000 (15:02 +0000)]
OpenBSD-internal changes.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 15:00:24 +0000 (15:00 +0000)]
Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 14:59:07 +0000 (14:59 +0000)]
Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 14:54:48 +0000 (14:54 +0000)]
Include strings.h so strcasecmp() and strncasecmp() get properly declared.
Richard Levitte [Sat, 27 Dec 2003 14:40:57 +0000 (14:40 +0000)]
Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 14:40:17 +0000 (14:40 +0000)]
Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 14:26:15 +0000 (14:26 +0000)]
Add a newline at the end of the last line.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 14:26:14 +0000 (14:26 +0000)]
Add a newline at the end of the last line.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Richard Levitte [Sat, 27 Dec 2003 14:24:20 +0000 (14:24 +0000)]
Change 'exp' to something else, as 'exp' is predefined by GNU C. This
was already done in HEAD, but not in this branch (I wonder why...).
Dr. Stephen Henson [Sat, 20 Dec 2003 22:49:05 +0000 (22:49 +0000)]
Typos.
Dr. Stephen Henson [Sat, 20 Dec 2003 22:48:21 +0000 (22:48 +0000)]
Typos.
Richard Levitte [Thu, 11 Dec 2003 18:01:06 +0000 (18:01 +0000)]
To figure out if we're going outside the buffer, use the size of the buffer,
not the size of the integer used to index in said buffer.
PR: 794
Notified by: Rhett Garber <rhett_garber@hp.com>
Richard Levitte [Thu, 11 Dec 2003 18:01:03 +0000 (18:01 +0000)]
To figure out if we're going outside the buffer, use the size of the buffer,
not the size of the integer used to index in said buffer.
PR: 794
Notified by: Rhett Garber <rhett_garber@hp.com>
Richard Levitte [Wed, 10 Dec 2003 14:31:57 +0000 (14:31 +0000)]
Document that you need to include x509.h (to get [i2d|d2i]_RSA_PUBKEY()).
Correct the typo PUKEY...
Richard Levitte [Wed, 10 Dec 2003 14:31:55 +0000 (14:31 +0000)]
Document that you need to include x509.h (to get [i2d|d2i]_RSA_PUBKEY()).
Correct the typo PUKEY...
Richard Levitte [Wed, 10 Dec 2003 13:57:52 +0000 (13:57 +0000)]
Document that you need to include x509.h (to get [i2d|d2i]_DSA_PUBKEY()).
Correct the typo PUKEY...
Richard Levitte [Wed, 10 Dec 2003 13:57:51 +0000 (13:57 +0000)]
Document that you need to include x509.h (to get [i2d|d2i]_DSA_PUBKEY()).
Correct the typo PUKEY...
Ulf Möller [Sat, 6 Dec 2003 11:55:46 +0000 (11:55 +0000)]
Add "dif" variable to clean up the loop implementations.
Submitted by: Nils Larsch
Ulf Möller [Sat, 6 Dec 2003 11:41:22 +0000 (11:41 +0000)]
Skip a curve with generator of non-prime order.
Submitted by: Nils Larsch
Ulf Möller [Sat, 6 Dec 2003 11:39:37 +0000 (11:39 +0000)]
Avoid segfault if ret==0.
Submitted by: Nils Larsch
Lutz Jänicke [Wed, 3 Dec 2003 16:29:41 +0000 (16:29 +0000)]
Restructure make targets to allow parallel make.
Submitted by: Witold Filipczyk <witekfl@poczta.gazeta.pl>
PR: #513