Richard Levitte [Wed, 23 Feb 2000 19:41:09 +0000 (19:41 +0000)]
Sync with Unix
Ulf Möller [Wed, 23 Feb 2000 19:26:59 +0000 (19:26 +0000)]
another faq.
Ulf Möller [Wed, 23 Feb 2000 18:10:42 +0000 (18:10 +0000)]
threads mapage.
Ulf Möller [Wed, 23 Feb 2000 17:09:50 +0000 (17:09 +0000)]
minor docs changes (added links is the openssl(1) text)
Ulf Möller [Wed, 23 Feb 2000 17:03:06 +0000 (17:03 +0000)]
Frequently asked questions.
Dr. Stephen Henson [Wed, 23 Feb 2000 14:27:47 +0000 (14:27 +0000)]
Add PBE algorithms with ciphers, not digests.
Dr. Stephen Henson [Wed, 23 Feb 2000 01:11:01 +0000 (01:11 +0000)]
Allow ADH to be used but not present in the default cipher
list.
Allow CERTIFICATE to be used in PEM headers for PKCS#7 structures:
some CAs do this.
Dr. Stephen Henson [Tue, 22 Feb 2000 18:45:11 +0000 (18:45 +0000)]
Make pkcs8 work again.
Make EVP_CIPHER_type() return NID_undef if the cipher has no
ASN1 OID, modify code to handle this.
Dr. Stephen Henson [Tue, 22 Feb 2000 14:16:23 +0000 (14:16 +0000)]
Update docs.
Ulf Möller [Tue, 22 Feb 2000 12:53:59 +0000 (12:53 +0000)]
warning.
Ulf Möller [Tue, 22 Feb 2000 12:01:50 +0000 (12:01 +0000)]
Don't list prototypes for internal functions.
Ulf Möller [Tue, 22 Feb 2000 11:34:01 +0000 (11:34 +0000)]
Check tlen size in all padding_check functions. As called within the rsa
library, the output buffer always is large enough, but if the tlen
parameter is there, it should be checked in the interest of clarity,
as proposed by David Sacerdote <das33@cornell.edu>.
Ulf Möller [Tue, 22 Feb 2000 11:16:41 +0000 (11:16 +0000)]
Correction to RSA_padding_check_xxx() docs (this time for real).
Ulf Möller [Tue, 22 Feb 2000 11:11:41 +0000 (11:11 +0000)]
Correction for RSA_padding_check_xxx() documentation.
Dr. Stephen Henson [Tue, 22 Feb 2000 02:59:26 +0000 (02:59 +0000)]
Change EVP_MD_CTX_type so it is more logical and add EVP_MD_CTX_md for
the old functionality.
Various warning fixes.
Initial EVP symmetric cipher docs.
Bodo Möller [Mon, 21 Feb 2000 17:46:20 +0000 (17:46 +0000)]
Workarounds to make broken programs happy (such as s_client and s_server).
Bodo Möller [Mon, 21 Feb 2000 17:09:54 +0000 (17:09 +0000)]
Fix some bugs and document others
Bodo Möller [Mon, 21 Feb 2000 11:14:40 +0000 (11:14 +0000)]
Move ssl3_do_write from s3_pkt.c to s3_both.c.
Bodo Möller [Mon, 21 Feb 2000 10:40:36 +0000 (10:40 +0000)]
More news.
Bodo Möller [Mon, 21 Feb 2000 10:16:30 +0000 (10:16 +0000)]
Move MAC computations for Finished from ssl3_read_bytes into
ssl3_get_message, which is more logical (and avoids a bug,
in addition to the one that I introduced yesterday :-)
and makes Microsoft "fast SGC" less special.
MS SGC should still work now without an extra state of its own
(it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state
for reading the body of a Client Hello message), however this should
be tested to make sure, and I don't have a MS SGC client.
Richard Levitte [Mon, 21 Feb 2000 03:01:23 +0000 (03:01 +0000)]
Blowfish docs.
Ulf Möller [Mon, 21 Feb 2000 00:55:45 +0000 (00:55 +0000)]
More compact Configure usage message.
Richard Levitte [Sun, 20 Feb 2000 23:43:02 +0000 (23:43 +0000)]
Move the registration of callback functions to special functions
designed for that. This removes the potential error to mix data and
function pointers.
Please note that I'm a little unsure how incorrect calls to the old
ctrl functions should be handled, in som cases. I currently return 0
and that's it, but it may be more correct to generate a genuine error
in those cases.
Bodo Möller [Sun, 20 Feb 2000 23:40:01 +0000 (23:40 +0000)]
Workaround for irrelevant problem.
Bodo Möller [Sun, 20 Feb 2000 23:35:31 +0000 (23:35 +0000)]
ignore Client Hellos when we're in handshake anyway
Bodo Möller [Sun, 20 Feb 2000 23:04:06 +0000 (23:04 +0000)]
Tolerate fragmentation and interleaving in the SSL 3/TLS record layer.
Ulf Möller [Sun, 20 Feb 2000 21:00:22 +0000 (21:00 +0000)]
Document OPENSSL_VERSION_NUMBER
Ulf Möller [Sun, 20 Feb 2000 20:59:21 +0000 (20:59 +0000)]
Fix gcc warnings.
Dr. Stephen Henson [Sun, 20 Feb 2000 18:27:23 +0000 (18:27 +0000)]
Change the 'other' structure in certificate aux info.
Bodo Möller [Sat, 19 Feb 2000 15:22:53 +0000 (15:22 +0000)]
Allow for higher granularity of entropy estimates by using 'double'
instead of 'unsigned' counters.
Seed PRNG in MacOS/GetHTTPS.src/GetHTTPS.cpp.
Partially submitted by Yoram Meroz <yoram@mail.idrive.com>.
Dr. Stephen Henson [Sat, 19 Feb 2000 00:46:02 +0000 (00:46 +0000)]
Add -clrext option to 'x509'
Bodo Möller [Fri, 18 Feb 2000 21:08:37 +0000 (21:08 +0000)]
Keep variable names consistent with corresponding pre-processor
symbols.
Ulf Möller [Fri, 18 Feb 2000 19:01:55 +0000 (19:01 +0000)]
Make excluded cipher entry in opensslconf.h a bit more descriptive.
Bodo Möller [Fri, 18 Feb 2000 11:51:58 +0000 (11:51 +0000)]
Change the example to show apr1 with an 8-character salt.
Bodo Möller [Fri, 18 Feb 2000 11:35:10 +0000 (11:35 +0000)]
Stay compatible to older Perl5 releases (see diff -r1.11 -r1.12).
Bodo Möller [Fri, 18 Feb 2000 11:15:32 +0000 (11:15 +0000)]
Avoid potential conflicts between #defines in opensslconf.h and
defines when compiling applications, and allow applications to
select what #defines to enable -- OPENSSL_EXLUCDE_DEFINES
enables the "#define NO_whatever" stuff only, which avoids
potential severe confusion caused by "#define _REENTRANT" when
opensslconf.h is not the first header file #included.
Bodo Möller [Fri, 18 Feb 2000 10:39:40 +0000 (10:39 +0000)]
add missing 'static'
Richard Levitte [Fri, 18 Feb 2000 09:11:37 +0000 (09:11 +0000)]
Make Configure add the configuration options that it was copmiled
with.
Currently, those defines are protected with a OPENSSL_EXCLUDED. That
may not be the best strategy, but it will do for now.
Richard Levitte [Fri, 18 Feb 2000 09:06:55 +0000 (09:06 +0000)]
Cosmetic change. No, openssl.h.in is not autogenerated :-)
Dr. Stephen Henson [Fri, 18 Feb 2000 00:54:21 +0000 (00:54 +0000)]
New functions and option to use NEW in certificate requests.
Bodo Möller [Thu, 17 Feb 2000 21:04:40 +0000 (21:04 +0000)]
Make sure the return value of by_file_ctrl(..., X509_L_FILE_LOAD, ...)
aka X509_LOOKUP_load_file(...) is always 0 or 1, not the counter
returned from the recently introduced function X509_load_cert_crl_file.
X509_STORE_load_locations expects X509_LOOKUP_load_file to return 1 on
success, and possibly there's other software that relies on this too.
Bodo Möller [Thu, 17 Feb 2000 18:36:21 +0000 (18:36 +0000)]
Casts now unnecessary because of changed prototype.
Ben Laurie [Thu, 17 Feb 2000 09:39:22 +0000 (09:39 +0000)]
Get rid of evil cast.
Ben Laurie [Thu, 17 Feb 2000 09:39:01 +0000 (09:39 +0000)]
Reflect API changes.
Dr. Stephen Henson [Thu, 17 Feb 2000 00:41:43 +0000 (00:41 +0000)]
Add -pass argument to 'enc'.
Fix to make Win32 compile work again.
Dr. Stephen Henson [Wed, 16 Feb 2000 23:16:01 +0000 (23:16 +0000)]
Pass phrase reorganisation.
Ben Laurie [Wed, 16 Feb 2000 22:15:39 +0000 (22:15 +0000)]
Add support for Compaq Atalla crypto accelerator.
Andy Polyakov [Wed, 16 Feb 2000 13:24:06 +0000 (13:24 +0000)]
Move primes to read-only segment.
Ben Laurie [Wed, 16 Feb 2000 12:09:17 +0000 (12:09 +0000)]
Fix signed/unsigned warnings.
Ulf Möller [Tue, 15 Feb 2000 18:34:46 +0000 (18:34 +0000)]
Install manpages below OPENSSLDIR (I think it was meant to be this way?).
New variable for man directory.
Ulf Möller [Tue, 15 Feb 2000 18:21:33 +0000 (18:21 +0000)]
Create the man directories where the manpages will be put.
Andy Polyakov [Tue, 15 Feb 2000 17:43:12 +0000 (17:43 +0000)]
Move initial key to read-only segment.
Andy Polyakov [Tue, 15 Feb 2000 17:37:44 +0000 (17:37 +0000)]
Move CAST_S_tables to read-only segment.
Andy Polyakov [Tue, 15 Feb 2000 17:31:12 +0000 (17:31 +0000)]
Avoid GNU C assembler templates under Solaris x86.
Andy Polyakov [Tue, 15 Feb 2000 17:20:52 +0000 (17:20 +0000)]
New NO_INLINE_ASM macro. Primary target for the moment is Solaris x86
which can't stand GNU C assembler templates.
Dr. Stephen Henson [Tue, 15 Feb 2000 14:19:44 +0000 (14:19 +0000)]
Fix for Netscape "hang" bug.
Andy Polyakov [Tue, 15 Feb 2000 13:50:02 +0000 (13:50 +0000)]
test_mont was exercising 100-bit multiplication modulus X*I-bit, where
X is 5120 on 32-bit and 151552 on 64-bit architectures and I varies
from 0 to 4. As result the test was *unreasonably* slow and virtually
impossible to complete on 64-bit architectures (e.g. IRIX bc couldn't
even swallow such long lines).
Richard Levitte [Tue, 15 Feb 2000 09:44:54 +0000 (09:44 +0000)]
Remove the access() call altogether for VMS, since it doesn't quite
work for directory specifications (this will be reported as a bug to
DEC^H^H^HCompaq). It could as well be removed for all others as well,
since stat() and open() will return appropriate errors as well, but I
leave that to someone else to decide.
Richard Levitte [Mon, 14 Feb 2000 16:58:40 +0000 (16:58 +0000)]
Time ran away...
Richard Levitte [Mon, 14 Feb 2000 16:55:23 +0000 (16:55 +0000)]
Add a couple of forgotten $(PERL), and make the code to run pod2html a
tad more readable.
Dr. Stephen Henson [Sun, 13 Feb 2000 00:28:26 +0000 (00:28 +0000)]
Modernise 'selfsign.c' to use new X509_NAME code
and add example of extension aliasing. Also fix
the extension aliasing because it didn't work :-)
Andy Polyakov [Sat, 12 Feb 2000 23:33:01 +0000 (23:33 +0000)]
HP-UX tune-up: new unified configs, HP C compiler bug workaround.
Dr. Stephen Henson [Sat, 12 Feb 2000 03:03:04 +0000 (03:03 +0000)]
Make pkcs12 and smime applications seed random number
generator (otherwise they don't work) and add -rand
option. Update docs.
Richard Levitte [Fri, 11 Feb 2000 18:12:47 +0000 (18:12 +0000)]
A hack to make sure access() will give us the correct answer about the
accessability of an "empty" directory. Thsi *is* weird, and a better
solution will be provided in apps/ca.c, when I get time to hack at it.
Bodo Möller [Fri, 11 Feb 2000 17:18:50 +0000 (17:18 +0000)]
Corrections.
Bodo Möller [Fri, 11 Feb 2000 16:31:04 +0000 (16:31 +0000)]
Update.
Bodo Möller [Fri, 11 Feb 2000 16:25:44 +0000 (16:25 +0000)]
Implement MD5-based "apr1" password hash.
Ben Laurie [Fri, 11 Feb 2000 16:08:40 +0000 (16:08 +0000)]
Correct time in seconds instead of minutes.
Ben Laurie [Fri, 11 Feb 2000 13:11:18 +0000 (13:11 +0000)]
Fix shadow.
Richard Levitte [Fri, 11 Feb 2000 11:21:50 +0000 (11:21 +0000)]
Add compilation of the new passwd utility.
Richard Levitte [Fri, 11 Feb 2000 11:21:01 +0000 (11:21 +0000)]
Add references to the new passwd utility.
Ralf S. Engelschall [Fri, 11 Feb 2000 09:47:18 +0000 (09:47 +0000)]
Make gcc 2.95.2 happy again, even under ``-Wall -Wshadow -Wpointer-arith -Wcast-align
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.
Bodo Möller [Thu, 10 Feb 2000 21:50:52 +0000 (21:50 +0000)]
'passwd' tool.
Bodo Möller [Thu, 10 Feb 2000 21:47:06 +0000 (21:47 +0000)]
16 * 8 = 128.
Richard Levitte [Tue, 8 Feb 2000 23:40:20 +0000 (23:40 +0000)]
Move down the attributions
Bodo Möller [Tue, 8 Feb 2000 21:50:52 +0000 (21:50 +0000)]
Note about des_ncbc_encrypt.
Richard Levitte [Tue, 8 Feb 2000 14:19:14 +0000 (14:19 +0000)]
Constify
Dr. Stephen Henson [Tue, 8 Feb 2000 13:37:08 +0000 (13:37 +0000)]
Update docs.
Dr. Stephen Henson [Tue, 8 Feb 2000 01:34:59 +0000 (01:34 +0000)]
Add command line password options to the reamining utilities,
amend docs.
Richard Levitte [Mon, 7 Feb 2000 18:25:26 +0000 (18:25 +0000)]
des_modes is a section 7 manual, so let's make sure that's where it ends up
Richard Levitte [Mon, 7 Feb 2000 18:15:06 +0000 (18:15 +0000)]
First try at documenting the DES (and other algorithms) modes
Dr. Stephen Henson [Mon, 7 Feb 2000 01:17:22 +0000 (01:17 +0000)]
Rename the X509V3_*_d2i functions to X509_get_ext_d2i() etc.
This better reflects their behaviour.
Ulf Möller [Sun, 6 Feb 2000 23:33:06 +0000 (23:33 +0000)]
"print" is GNU bc specific.
Ulf Möller [Sun, 6 Feb 2000 23:26:31 +0000 (23:26 +0000)]
Refer to EVP_DigestInit() in the hash function descriptions.
Richard Levitte [Sun, 6 Feb 2000 22:01:10 +0000 (22:01 +0000)]
A proposed freeze and release time has come up.
Dr. Stephen Henson [Sun, 6 Feb 2000 17:44:54 +0000 (17:44 +0000)]
Document EVP digest operations.
Ulf Möller [Sun, 6 Feb 2000 16:35:59 +0000 (16:35 +0000)]
BN bug fixes
Ulf Möller [Sun, 6 Feb 2000 16:35:28 +0000 (16:35 +0000)]
put missing line back in.
Ulf Möller [Sun, 6 Feb 2000 15:56:59 +0000 (15:56 +0000)]
Improve bntest slightly, and fix another bug in the BN library.
Andy Polyakov [Sun, 6 Feb 2000 11:15:20 +0000 (11:15 +0000)]
Support for MacOS X (Rhapsody) is added. Also get rid of volatile
qualifier in asm definitions as it prevents compiler from moving
the instruction(s) during optimization pass.
Richard Levitte [Sun, 6 Feb 2000 10:07:32 +0000 (10:07 +0000)]
Typo corrected...
Bodo Möller [Sun, 6 Feb 2000 02:48:53 +0000 (02:48 +0000)]
Memory leak.
Ulf Möller [Sun, 6 Feb 2000 00:25:39 +0000 (00:25 +0000)]
BN_div bugfix. The q-- loop should not be entered in the n0==d0 case.
Bodo Möller [Sat, 5 Feb 2000 21:39:20 +0000 (21:39 +0000)]
Correction: openssl.c must get the long version of the apps_startup()
macro
Bodo Möller [Sat, 5 Feb 2000 21:28:09 +0000 (21:28 +0000)]
Cosmetic changes.
Dr. Stephen Henson [Sat, 5 Feb 2000 21:07:56 +0000 (21:07 +0000)]
Add support for some broken PKCS#8 formats.
Bodo Möller [Sat, 5 Feb 2000 20:39:26 +0000 (20:39 +0000)]
Commit patch to bn.h that CVS decided to throw away during 'cvs update',
and initialize too_many because memset(..., 0, ...) is not used here.
Bodo Möller [Sat, 5 Feb 2000 19:29:00 +0000 (19:29 +0000)]
Generate just one error code if iterated SSL_CTX_get() fails.
Avoid enabled 'assert()' in production library.
Ulf Möller [Sat, 5 Feb 2000 18:23:05 +0000 (18:23 +0000)]
Use MONT_WORD macro to control if the word-based or the bignum
algorithm is used.
Ulf Möller [Sat, 5 Feb 2000 14:17:32 +0000 (14:17 +0000)]
New functions BN_CTX_start(), BN_CTX_get(), BN_CTX_end() to access
temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but
the BN_CTX implementation could now easily be changed.