Lutz Jänicke [Tue, 29 Jan 2002 17:14:50 +0000 (17:14 +0000)]
Shut up compiler warnings for inconsistent declarations.
Lutz Jänicke [Tue, 29 Jan 2002 16:32:40 +0000 (16:32 +0000)]
HP-UX 32bit:
* When linking against shared libraries, the absolute path is remembered.
- When linking against -L.., '..' is remembered inside the executable,
so it will fail after "make install" or when not called from inside the
"apps/" subdirectory of the build tree.
- When using the "+cdp" option of "ld", the ".." information can be
exchanged against $(INSTALL_TOP)/lib. In this case the executable
will however refuse to work before "make install" has been called.
This makes testing the 'openssl' executable a problem.
* Solution 1:
Relink the "openssl" executable, when "make install" is called.
This would however require significant changes to the toplevel Makefile
and the apps/ Makefile.
* Solution 2:
Statically link against libssl and libcrypto, so that the "openssl"
executable is no longer dependant on the openssl shared libraries.
Select option 2 for HP-UX 32bit, as this requires the smallest change.
Lutz Jänicke [Tue, 29 Jan 2002 16:20:08 +0000 (16:20 +0000)]
Make SHLIB_TARGET available in subdirs (here: apps/)
Richard Levitte [Tue, 29 Jan 2002 12:36:01 +0000 (12:36 +0000)]
Apply patch from Toomas Kiisk <vix@cyber.ee> and complete it.
Lutz Jänicke [Mon, 28 Jan 2002 16:30:06 +0000 (16:30 +0000)]
Superflous '\' messes up with HP-UX make.
Bodo Möller [Sun, 27 Jan 2002 17:41:12 +0000 (17:41 +0000)]
Undo previous change, X509_check_issued() was correct.
[See
Message-ID: <
3BB07999.
30432AD2@celocom.com>
Date: Tue, 25 Sep 2001 13:33:29 +0100
From: Dr S N Henson <drh@celocom.com>
To: openssl-dev@openssl.org
Subject: Re: Error in v3_purp.c
]
Richard Levitte [Sun, 27 Jan 2002 16:12:27 +0000 (16:12 +0000)]
Spelling correction.
Richard Levitte [Sun, 27 Jan 2002 16:03:40 +0000 (16:03 +0000)]
Correct the number of colons for the targets aix43-cc, aix43-gcc,
alpha-cc, alpha-cc-rpath, alpha-gcc, alpha164-cc and alphaold-cc.
Richard Levitte [Sun, 27 Jan 2002 15:58:34 +0000 (15:58 +0000)]
Detect one-step shifts of the dso_scheme.
Richard Levitte [Sun, 27 Jan 2002 15:52:37 +0000 (15:52 +0000)]
I got some reports that some targets have weird dso_schemes.
Therefore, I've added a sanity checker.
Note that it can be combined with almost any other argument (the other
arguments will be completely ignored), with "reconf" as the blatant
exception, since it also has the behavior of ignoring all following
command line arguments. If --test-sanity and reconf are both used on
the command line, the first one wins.
Lutz Jänicke [Sat, 26 Jan 2002 15:24:38 +0000 (15:24 +0000)]
Remove blanks at begin of empty lines irritating epv_test.c
Richard Levitte [Sat, 26 Jan 2002 05:24:05 +0000 (05:24 +0000)]
Update SCO5 targets.
Richard Levitte [Sat, 26 Jan 2002 05:08:31 +0000 (05:08 +0000)]
Apply a small patch from Dan Lanz <lanz@zolera.com> to get shared
libraries with debug-linux-elf.
Richard Levitte [Sat, 26 Jan 2002 04:50:41 +0000 (04:50 +0000)]
Apply a small patch from Oscar Jacobsson <oscar@jacobsson.org> that
makes things more compilable with VC++.
Richard Levitte [Sat, 26 Jan 2002 04:45:37 +0000 (04:45 +0000)]
It looks like I didn't remove everything that has to do with the
non-existant aestest.c.
Richard Levitte [Sat, 26 Jan 2002 04:25:16 +0000 (04:25 +0000)]
Apply a small patch from Diego R. Lopez <diego.lopez@rediris.es>,
making X509_check_issued() properly match an issuer that's found in a
Authority Key Identifier.
Richard Levitte [Sat, 26 Jan 2002 03:57:41 +0000 (03:57 +0000)]
GCC uses __i386__.
Richard Levitte [Sat, 26 Jan 2002 03:17:27 +0000 (03:17 +0000)]
Add old patch from Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> to
make it possible to produce shared libraries on ReliantUNIX.
Richard Levitte [Sat, 26 Jan 2002 01:14:09 +0000 (01:14 +0000)]
I got a request to make the "old des" symbols more closely tied to
OpenSSL. Adding '_ossl' in the name seems to be a good way to do
this.
Richard Levitte [Fri, 25 Jan 2002 22:06:59 +0000 (22:06 +0000)]
Apply Neale Ferguson's patch to add a configuration target for linux-s390x
Richard Levitte [Fri, 25 Jan 2002 19:43:52 +0000 (19:43 +0000)]
Apply the following changes by Toomas Kiisk <vix@cyber.ee>:
* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
and FORMAT_NETSCAPE-aware load_{,pub}key()
This completes the application of his changes.
Richard Levitte [Fri, 25 Jan 2002 17:45:30 +0000 (17:45 +0000)]
Apply a change by Toomas Kiisk <vix@cyber.ee>:
* Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
Richard Levitte [Fri, 25 Jan 2002 17:35:19 +0000 (17:35 +0000)]
I must learn to compile before I commit...
Richard Levitte [Fri, 25 Jan 2002 17:00:56 +0000 (17:00 +0000)]
Document the change in rsautl.
Richard Levitte [Fri, 25 Jan 2002 16:51:46 +0000 (16:51 +0000)]
Add -keyform. Document -engine.
Richard Levitte [Fri, 25 Jan 2002 07:52:25 +0000 (07:52 +0000)]
There is no aestest currently. The EVP tester is used to check the
AES algorithm.
Geoff Thorpe [Fri, 25 Jan 2002 03:13:50 +0000 (03:13 +0000)]
The 'type' parameter, an EVP_MD pointer, represents the type of digest
required as well as a default implementation (when no ENGINE provides a
replacement implementation). This change makes sure the correct
implementation's "init()" handler is used rather than assuming 'type'.
Richard Levitte [Thu, 24 Jan 2002 18:09:50 +0000 (18:09 +0000)]
Keep the NIST AES vectors that were there previously.
Bodo Möller [Thu, 24 Jan 2002 17:17:33 +0000 (17:17 +0000)]
sort functions ...
Bodo Möller [Thu, 24 Jan 2002 16:20:42 +0000 (16:20 +0000)]
fix formatting of automatically generated error section
Bodo Möller [Thu, 24 Jan 2002 16:16:43 +0000 (16:16 +0000)]
New functions
ERR_peek_last_error
ERR_peek_last_error_line
ERR_peek_last_error_line_data
(supersedes ERR_peek_top_error).
Rename OPENSSL_NO_OLD_DES_SUPPORT into OPENSSL_DISABLE_OLD_DES_SUPPORT
because OPENSSL_NO_... indicates disabled algorithms (according to
mkdef.pl).
Bodo Möller [Thu, 24 Jan 2002 14:05:55 +0000 (14:05 +0000)]
Reword CHANGES entry for _old_des_..., as it was a little complicated
syntactically.
Richard Levitte [Thu, 24 Jan 2002 12:31:54 +0000 (12:31 +0000)]
make update
libeay.num got tweaked so the old des symbols would retain their
positions.
Richard Levitte [Thu, 24 Jan 2002 12:30:15 +0000 (12:30 +0000)]
Because of recent changes, there's no need to hack the des symbols any
more.
Richard Levitte [Thu, 24 Jan 2002 12:26:50 +0000 (12:26 +0000)]
To avoid all kinds of link-level clashes, rename all old des_*
functions to _old_des_*.
Richard Levitte [Thu, 24 Jan 2002 12:19:13 +0000 (12:19 +0000)]
To avoid all kinds of link-level clashes, rename all old des_*
functions to _old_des_*.
Lutz Jänicke [Wed, 23 Jan 2002 10:12:45 +0000 (10:12 +0000)]
Document the current behaviour of the DES interface.
Ben Laurie [Tue, 22 Jan 2002 23:19:01 +0000 (23:19 +0000)]
Support old DES APIs by default.
Ben Laurie [Tue, 22 Jan 2002 22:29:58 +0000 (22:29 +0000)]
Make no config file not an error. Move /dev/crypto config to ctrl.
Dr. Stephen Henson [Tue, 22 Jan 2002 02:06:33 +0000 (02:06 +0000)]
Constification.
Dr. Stephen Henson [Tue, 22 Jan 2002 01:40:18 +0000 (01:40 +0000)]
default_algorithms option in ENGINE config.
Lutz Jänicke [Mon, 21 Jan 2002 18:01:46 +0000 (18:01 +0000)]
Typos (jsyn <jsyn@openbsd.org>).
Lutz Jänicke [Mon, 21 Jan 2002 17:59:37 +0000 (17:59 +0000)]
Fix incorrect BIO_*_ctrl() macros (Shay Harding <sharding@ccbill.com>).
Richard Levitte [Mon, 21 Jan 2002 17:55:38 +0000 (17:55 +0000)]
Use FIPS-197 vectors for AES. The NIST vectors were constructed by
reencrypting or redecrypting the ciphertext 10000 times, which of
course gives higly different results.
Richard Levitte [Mon, 21 Jan 2002 16:09:45 +0000 (16:09 +0000)]
Add more of the NIST test vectors for AES.
For some reason, they give incorrect results with the OpenSSL
implementation. I wonder why...
Richard Levitte [Mon, 21 Jan 2002 15:37:53 +0000 (15:37 +0000)]
Bring VMS up to date with development.
Dr. Stephen Henson [Mon, 21 Jan 2002 03:02:36 +0000 (03:02 +0000)]
Initial ENGINE config module, docs to follow.
Fix buffer overrun errors in OPENSSL_conf().
Ben Laurie [Fri, 18 Jan 2002 16:51:05 +0000 (16:51 +0000)]
Constification, add config to /dev/crypto.
Bodo Möller [Fri, 18 Jan 2002 12:28:05 +0000 (12:28 +0000)]
disable broken code
Ben Laurie [Fri, 18 Jan 2002 12:19:24 +0000 (12:19 +0000)]
Other errors are possible.
Ben Laurie [Fri, 18 Jan 2002 11:46:39 +0000 (11:46 +0000)]
Stupid apps should die, not fail silently.
Ben Laurie [Fri, 18 Jan 2002 11:32:30 +0000 (11:32 +0000)]
Fix memory leak.
Ben Laurie [Fri, 18 Jan 2002 10:59:43 +0000 (10:59 +0000)]
Constification, missing declaration, update dependencies.
Geoff Thorpe [Thu, 17 Jan 2002 01:51:37 +0000 (01:51 +0000)]
Correct for the recent prototype changes.
Ulf Möller [Wed, 16 Jan 2002 19:22:13 +0000 (19:22 +0000)]
*** empty log message ***
Geoff Thorpe [Wed, 16 Jan 2002 05:31:02 +0000 (05:31 +0000)]
Produce less confusing statistics when "-out_totals" is used.
Geoff Thorpe [Wed, 16 Jan 2002 05:29:11 +0000 (05:29 +0000)]
The sample certs had expired, so these are newer ones that should last
quite a bit longer.
Bodo Möller [Tue, 15 Jan 2002 11:43:51 +0000 (11:43 +0000)]
run test_evp before test_ssl
Bodo Möller [Mon, 14 Jan 2002 23:40:26 +0000 (23:40 +0000)]
Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
Bodo Möller [Mon, 14 Jan 2002 12:37:59 +0000 (12:37 +0000)]
Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
the SSL_R_LENGTH_MISMATCH error is detected.
Ben Laurie [Sat, 12 Jan 2002 15:56:13 +0000 (15:56 +0000)]
Prototype info function.
Ben Laurie [Sat, 12 Jan 2002 13:15:40 +0000 (13:15 +0000)]
Add client_cert_cb prototype.
Ben Laurie [Sat, 12 Jan 2002 13:13:22 +0000 (13:13 +0000)]
Return value could be undefined.
Geoff Thorpe [Thu, 10 Jan 2002 06:03:12 +0000 (06:03 +0000)]
- Network errors could pollute the buffers because -1 isn't noticed in an
"unsigned int".
- Remove redundant processing with machine->ssl is NULL.
- Remove compiler warnings about uninitialised 'ctx' (it's not used
uninitialised, but gcc can't see that).
Richard Levitte [Tue, 8 Jan 2002 09:19:31 +0000 (09:19 +0000)]
Patches to make OpenSSL compilable on MacOS/X.
Submitted by Pier Fumagalli <pier@betaversion.org>
Geoff Thorpe [Tue, 8 Jan 2002 02:58:55 +0000 (02:58 +0000)]
- libtool finally annoyed me too much, so I'm nuking it,
- tidy up some output,
- print a warning when running an SSL server with no cert,
- only log each connect/disconnect if the new "-out_conns" switch is used.
Geoff Thorpe [Sat, 5 Jan 2002 12:55:08 +0000 (12:55 +0000)]
- Add the same header stuff to aes_locl.h as is in des_locl.h to avoid
undefined functions (memset, etc).
- Put a .cvsignore in the aes directory too.
Dr. Stephen Henson [Sat, 5 Jan 2002 01:37:16 +0000 (01:37 +0000)]
Experimental configuration code.
Incomplete, largely untested and subject to change/deletion.
Bodo Möller [Fri, 4 Jan 2002 15:22:40 +0000 (15:22 +0000)]
add a sentence previously deleted by accident
Bodo Möller [Fri, 4 Jan 2002 15:17:09 +0000 (15:17 +0000)]
add documentation for SSLeay_version(SSLEAY_DIR) and
'openssl version -d'
use some descriptions from Lutz' redundant manual page
instead of the previous ones
Lutz Jänicke [Fri, 4 Jan 2002 15:05:51 +0000 (15:05 +0000)]
Tsss, SSLeay_version() was already documented, it just was not linked in.
Bodo Möller [Fri, 4 Jan 2002 15:03:25 +0000 (15:03 +0000)]
synchronize with engine-0.9.6 tree
Lutz Jänicke [Fri, 4 Jan 2002 14:55:38 +0000 (14:55 +0000)]
Add information as provided by Richard Levitte on openssl-users :-)
Dr. Stephen Henson [Fri, 4 Jan 2002 13:35:37 +0000 (13:35 +0000)]
Update PEM docs
Bodo Möller [Fri, 4 Jan 2002 13:30:05 +0000 (13:30 +0000)]
fix 'Configure TABLE' output
Bodo Möller [Fri, 4 Jan 2002 13:27:52 +0000 (13:27 +0000)]
Changes that break something should be included in CHANGES
to make it easier to fix things.
Bodo Möller [Fri, 4 Jan 2002 13:12:08 +0000 (13:12 +0000)]
add automatically generated ERR_load_... prototype
Bodo Möller [Fri, 4 Jan 2002 13:04:45 +0000 (13:04 +0000)]
fix EVP_CIPHER_mode macro
Submitted by: "Dan S. Camper" <dan@bti.net>
Geoff Thorpe [Fri, 4 Jan 2002 07:01:35 +0000 (07:01 +0000)]
Constify.
Richard Levitte [Thu, 3 Jan 2002 18:53:47 +0000 (18:53 +0000)]
Better clarification on perl
Richard Levitte [Wed, 2 Jan 2002 17:31:23 +0000 (17:31 +0000)]
make update
Richard Levitte [Wed, 2 Jan 2002 16:57:57 +0000 (16:57 +0000)]
Implement speed measurement for AES.
Submitted by Stephen Sprunk <stephen@sprunk.org> as part of his AES
integration patch.
Richard Levitte [Wed, 2 Jan 2002 16:55:35 +0000 (16:55 +0000)]
Because Rijndael is more known as AES, use crypto/aes instead of
crypto/rijndael. Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).
This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
Richard Levitte [Wed, 2 Jan 2002 16:51:17 +0000 (16:51 +0000)]
The block size may be something other than 8!
Richard Levitte [Wed, 2 Jan 2002 12:45:51 +0000 (12:45 +0000)]
When RSA or DSA are disabled, do not include the stuff that's specific
to them.
Richard Levitte [Wed, 2 Jan 2002 12:44:54 +0000 (12:44 +0000)]
make update
Richard Levitte [Wed, 2 Jan 2002 12:40:38 +0000 (12:40 +0000)]
RSA counter should only be defined of RSA is available.
Richard Levitte [Wed, 2 Jan 2002 11:54:38 +0000 (11:54 +0000)]
Allow verification of other types than DATA.
Submitted by Leonard Janke <leonard@votehere.net>
Richard Levitte [Wed, 2 Jan 2002 11:25:17 +0000 (11:25 +0000)]
Say that recent CygWin perl versions work as well.
Submitted by Eric Hanchrow <erich@votehere.net>
Richard Levitte [Wed, 2 Jan 2002 11:06:02 +0000 (11:06 +0000)]
Allow 8-bit characters. This is not really complete, it only marks
characters with the highest bit set as HIGHBIT. We need to expand
this to support the UTF-8 character set properly. However, this
solves the problem that the character 0x80 (which is common in UTF-8)
gets masked to 0x00.
Patch submitted by "Huang Yuzhen" <huangyuzhen@bj.tom.com>
Richard Levitte [Wed, 2 Jan 2002 10:30:07 +0000 (10:30 +0000)]
On Solaris64, cc needs the flag -xarch=v9 when linking shared
libraries. Make a general change to support shared library
linking flags in general.
Noted by Nick Briggs <briggs@parc.xerox.com>
Richard Levitte [Wed, 2 Jan 2002 10:00:22 +0000 (10:00 +0000)]
Add support for Linux on HP/PA.
Submitted by "Bryan W. Headley" <bheadley@interaccess.com>
Ulf Möller [Fri, 28 Dec 2001 17:14:35 +0000 (17:14 +0000)]
ssl3_read_bytes bug fix
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
Bodo Möller [Fri, 21 Dec 2001 12:29:52 +0000 (12:29 +0000)]
update FAQ and CHANGES file (0.9.6c has been released)
Richard Levitte [Fri, 21 Dec 2001 03:23:15 +0000 (03:23 +0000)]
Status update
Richard Levitte [Fri, 21 Dec 2001 01:12:29 +0000 (01:12 +0000)]
And just for the sake of completeness, let's add some standard macros...
Richard Levitte [Fri, 21 Dec 2001 01:08:40 +0000 (01:08 +0000)]
Better use the same number in all branches, to avoid confusion
Richard Levitte [Thu, 20 Dec 2001 22:12:10 +0000 (22:12 +0000)]
Do not forget to compile comp_err.c
Richard Levitte [Thu, 20 Dec 2001 16:58:26 +0000 (16:58 +0000)]
Synchronise with the 0.9.6 branch.
Ben Laurie [Thu, 20 Dec 2001 12:18:08 +0000 (12:18 +0000)]
Security fix.