Ben Laurie [Tue, 12 Nov 2002 13:23:40 +0000 (13:23 +0000)]
Many security improvements (CHATS) and a warning fix.
Richard Levitte [Tue, 12 Nov 2002 11:25:33 +0000 (11:25 +0000)]
Make it possible to run individual tests even when linked with libcrypto.so and libssl.so
Richard Levitte [Tue, 12 Nov 2002 11:00:35 +0000 (11:00 +0000)]
Make the CBC mode od AES accept lengths that aren't multiples of 16.
PR: 330
Richard Levitte [Mon, 11 Nov 2002 21:35:00 +0000 (21:35 +0000)]
Variables on the stack must be initialized or we can't depend on any
initial value. For errline/errorline, we did depend on that, erroneously
Richard Levitte [Mon, 11 Nov 2002 20:51:06 +0000 (20:51 +0000)]
make update
Richard Levitte [Mon, 11 Nov 2002 20:49:01 +0000 (20:49 +0000)]
Make the programs link against the static library on MacOS X.
PR: 335
Lutz Jänicke [Mon, 11 Nov 2002 11:18:19 +0000 (11:18 +0000)]
Typo.
Submitted by: assar <assar@kth.se>
Reviewed by:
PR:
Lutz Jänicke [Mon, 11 Nov 2002 08:56:37 +0000 (08:56 +0000)]
Make sure permissions are friendly when building release tar file.
Submitted by:
Reviewed by:
PR: 171
Lutz Jänicke [Mon, 11 Nov 2002 08:32:37 +0000 (08:32 +0000)]
More information to the important issue of seeding the PRNG
Submitted by:
Reviewed by:
PR: 285
Richard Levitte [Sat, 9 Nov 2002 21:55:12 +0000 (21:55 +0000)]
X509_NAME_cmp() now compares PrintableString and emailAddress with a value of type
ia5String correctly.
PR: 244
Richard Levitte [Sat, 9 Nov 2002 21:53:56 +0000 (21:53 +0000)]
-CAserial does take a filename argument.
PR: 332
Dr. Stephen Henson [Sat, 9 Nov 2002 18:11:15 +0000 (18:11 +0000)]
Typo
Richard Levitte [Fri, 8 Nov 2002 21:51:33 +0000 (21:51 +0000)]
-CAcreateserial doesn't take a filename argument.
PR: 332
Richard Levitte [Thu, 7 Nov 2002 21:40:17 +0000 (21:40 +0000)]
Windows doesn't know sys/file.h
Dr. Stephen Henson [Thu, 7 Nov 2002 17:43:45 +0000 (17:43 +0000)]
Typo in OCSP ASN1 module
Richard Levitte [Wed, 6 Nov 2002 23:47:16 +0000 (23:47 +0000)]
Keep on using ${CC}, since gcc may act in disguise.
PR: 329
Richard Levitte [Wed, 6 Nov 2002 23:34:17 +0000 (23:34 +0000)]
Generate openssl.pc so pkg-config can return proper data.
PR: 163
Richard Levitte [Wed, 6 Nov 2002 06:03:07 +0000 (06:03 +0000)]
some people just can't read the instructions
Dr. Stephen Henson [Wed, 6 Nov 2002 01:27:16 +0000 (01:27 +0000)]
CRL revocation reason docs.
Dr. Stephen Henson [Tue, 5 Nov 2002 13:49:04 +0000 (13:49 +0000)]
Check for NULL ASN1_ITEM when initializeing
boolean option in ASN1_TYPE.
Bodo Möller [Tue, 5 Nov 2002 12:28:10 +0000 (12:28 +0000)]
avoid Purify warnings
Submitted by: Nils Larsch
Richard Levitte [Mon, 4 Nov 2002 16:33:59 +0000 (16:33 +0000)]
Return my normal debug targets to something not so extreme, and make
the extreme ones special (or 'extreme', if you will :-)).
Richard Levitte [Mon, 4 Nov 2002 11:30:38 +0000 (11:30 +0000)]
Off-by-one-error corrected.
PR: 235
Richard Levitte [Mon, 4 Nov 2002 06:26:27 +0000 (06:26 +0000)]
Cosmetic change
Richard Levitte [Thu, 31 Oct 2002 16:46:18 +0000 (16:46 +0000)]
Remove all referenses to RSAref, since that's been gone for more than
a year.
Richard Levitte [Wed, 30 Oct 2002 09:42:47 +0000 (09:42 +0000)]
Plug potential memory leak.
Identified by Goetz Babin-Ebell <babinebell@trustcenter.de>
Geoff Thorpe [Tue, 29 Oct 2002 18:06:09 +0000 (18:06 +0000)]
Add a HISTORY section to the man page to mention the new flags.
Geoff Thorpe [Tue, 29 Oct 2002 17:59:18 +0000 (17:59 +0000)]
The recent CHANGES note between 0.9.6g and 0.9.6h needs copying into the
other branches.
Geoff Thorpe [Tue, 29 Oct 2002 17:47:43 +0000 (17:47 +0000)]
Correct another inconsistency in my recent commits.
Geoff Thorpe [Tue, 29 Oct 2002 17:00:33 +0000 (17:00 +0000)]
Bodo spotted this keyslip in my patch to 0.9.7-stable.
Richard Levitte [Tue, 29 Oct 2002 04:34:13 +0000 (04:34 +0000)]
Revert, that was an incorrect change.
PR: 156
Richard Levitte [Tue, 29 Oct 2002 04:31:13 +0000 (04:31 +0000)]
A small detail: since 0.9.7, DH_new_method() and DSA_new_method()
don't take an ENGINE* as parameter any more.
PR: 156
Geoff Thorpe [Tue, 29 Oct 2002 00:31:14 +0000 (00:31 +0000)]
Correct and enhance the behaviour of "internal" session caching as it
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.
Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.
PR: 311
Bodo Möller [Mon, 28 Oct 2002 15:47:44 +0000 (15:47 +0000)]
increase permissible message length so that we can handle
CertificateVerify for 4096 bit RSA signatures
Richard Levitte [Fri, 25 Oct 2002 09:51:50 +0000 (09:51 +0000)]
Make sure toupper() is declared
Richard Levitte [Thu, 24 Oct 2002 17:02:42 +0000 (17:02 +0000)]
There's a name clash between OpenSSL and RSAref. Since this engine handles
RSAref data, pretend we don't care for OpenSSL's MD2 and MD5 structures or
implementation.
Remove all kinds of silly warning
Richard Levitte [Thu, 24 Oct 2002 09:41:45 +0000 (09:41 +0000)]
On certain platforms, we redefine certain symbols using macros in
apps.h. For those, it's better to include apps.h after the system
headers where those symbols may be defined, since there's otherwise a
chance that the C compiler will barf when it sees something that looks
like this after expansion:
int VMS_strcasecmp((str1),(str2))(const char *, const char *);
Richard Levitte [Wed, 23 Oct 2002 22:09:08 +0000 (22:09 +0000)]
An engine changed name.
Richard Levitte [Wed, 23 Oct 2002 15:07:18 +0000 (15:07 +0000)]
Signal an error if the entered output password didn't match itself.
PR: 314
Bodo Möller [Wed, 23 Oct 2002 13:14:10 +0000 (13:14 +0000)]
fix warnings, and harmonize indentation
Bodo Möller [Wed, 23 Oct 2002 13:09:11 +0000 (13:09 +0000)]
I don't like c-tab-always-indent ...
Dr. Stephen Henson [Mon, 21 Oct 2002 00:10:55 +0000 (00:10 +0000)]
Typo.
Dr. Stephen Henson [Sun, 20 Oct 2002 13:25:34 +0000 (13:25 +0000)]
Update docs.
cvs2svn [Sun, 20 Oct 2002 13:20:58 +0000 (13:20 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
Dr. Stephen Henson [Sun, 20 Oct 2002 13:20:57 +0000 (13:20 +0000)]
New docs.
Geoff Thorpe [Fri, 18 Oct 2002 22:05:19 +0000 (22:05 +0000)]
Make pod2man happier.
Geoff Thorpe [Fri, 18 Oct 2002 22:04:26 +0000 (22:04 +0000)]
Make pod2man happier.
Geoff Thorpe [Fri, 18 Oct 2002 20:45:38 +0000 (20:45 +0000)]
If dynamically-loadable ENGINEs are linked against a shared-library version
of libcrypto, then it is possible that when they are loaded they will share
the same static data as the loading application/library. This means it will
be too late to set memory/ERR/ex_data/[etc] callbacks, but entirely
unnecessary to try. This change puts a static variable in the core ENGINE
code (contained in libcrypto) and a function returning a pointer to it. If
the loaded ENGINE's return value from this function matches the loading
application/library's return value - they share static data. If they don't
match, the loaded ENGINE has its own copy of libcrypto's static data and so
the callbacks need to be set.
Also, although 0.9.7 hasn't been released yet, it's clear this will
introduce a binary incompatibility between dynamic ENGINEs built for 0.9.7
and 0.9.8 (though others probably exist already from EC_*** hooks and
what-not) - so the version control values are correspondingly bumped.
Geoff Thorpe [Fri, 18 Oct 2002 19:23:27 +0000 (19:23 +0000)]
Another ENGINE implementation dependant on string.h.
Geoff Thorpe [Fri, 18 Oct 2002 19:05:32 +0000 (19:05 +0000)]
We need to propogate SHARED_LIBS to sub-directories for "install" targets
now.
Geoff Thorpe [Fri, 18 Oct 2002 19:02:18 +0000 (19:02 +0000)]
The loop variable is 'l', not 'i'.
Lutz Jänicke [Fri, 18 Oct 2002 09:47:14 +0000 (09:47 +0000)]
Corrected exchanged parameters in example for EVP_EncryptInit_ex()
Submitted by: "Marcus Carey" <marcus.carey@verizon.net>
Reviewed by:
PR: 265
Lutz Jänicke [Fri, 18 Oct 2002 09:46:01 +0000 (09:46 +0000)]
Corrected exchanged parameters in example for EVP_EncryptInit_ex()
Submitted by: "Marcus Carey" <marcus.carey@verizon.net>
Reviewed by:
PR: 265
Bodo Möller [Thu, 17 Oct 2002 09:17:28 +0000 (09:17 +0000)]
change Emacs indentation style to make it easier to insert
tabs manually
Submitted by: Pierre Bacquet <pbacquet@delta.fr>
Bodo Möller [Thu, 17 Oct 2002 09:16:02 +0000 (09:16 +0000)]
change Emacs indentation style to make it easier to insert
tabs manually
Submitted by: Pierre Bacquet <pbacquet@delta.fr>
Richard Levitte [Wed, 16 Oct 2002 22:44:52 +0000 (22:44 +0000)]
Eh, -Wl,--whole-archive disappeared from the GNU targets. I've no
idea why, but that was definitely wrong...
Geoff Thorpe [Wed, 16 Oct 2002 21:50:28 +0000 (21:50 +0000)]
The ENGINE implementations in ./engines/ should be role models on how to
write external engines (and thus should require only installed openssl
headers and libs to compile without warnings). So this gets rid of recently
introduced compilation warnings (no longer including internal headers) by
including string.h directly.
Geoff Thorpe [Wed, 16 Oct 2002 01:32:46 +0000 (01:32 +0000)]
- Remo Inverardi noticed that ENGINEs don't have an "up_ref" function in the
normal 'structural' case (ENGINE_init() satisfies this in the less normal
'functional' case). This change provides such a function.
- Correct some "read" locks that should actually be "write" locks.
- make update.
Geoff Thorpe [Wed, 16 Oct 2002 01:29:37 +0000 (01:29 +0000)]
- Remo Inverardi noticed that ENGINEs don't have an "up_ref" function in the
normal 'structural' case (ENGINE_init() satisfies this in the less normal
'functional' case). This change provides such a function.
- Correct some "read" locks that should actually be "write" locks.
- make update.
Richard Levitte [Tue, 15 Oct 2002 20:31:07 +0000 (20:31 +0000)]
Typos.
PR: 189
Richard Levitte [Tue, 15 Oct 2002 20:30:56 +0000 (20:30 +0000)]
Typos.
PR: 189
Richard Levitte [Tue, 15 Oct 2002 20:29:27 +0000 (20:29 +0000)]
Typos.
PR: 189
Richard Levitte [Tue, 15 Oct 2002 20:29:09 +0000 (20:29 +0000)]
Typos.
PR: 189
Richard Levitte [Tue, 15 Oct 2002 12:09:22 +0000 (12:09 +0000)]
A much better idea, of course, is not to do a submake at all...
Richard Levitte [Tue, 15 Oct 2002 11:58:44 +0000 (11:58 +0000)]
Makefile.shared needs to know how it can reach itself.
Richard Levitte [Mon, 14 Oct 2002 11:33:32 +0000 (11:33 +0000)]
When BN_add_word() reaches top, it shouldn't try to add the the corresponding
word, since that word may not be zero.
Richard Levitte [Mon, 14 Oct 2002 11:27:16 +0000 (11:27 +0000)]
When BN_add_word() reaches top, it shouldn't try to add the the corresponding
word, since that word may not be zero.
Richard Levitte [Mon, 14 Oct 2002 10:02:36 +0000 (10:02 +0000)]
makedepend complains when a header file is included more than once in
the same source file.
Richard Levitte [Mon, 14 Oct 2002 09:53:46 +0000 (09:53 +0000)]
makedepend complains when a header file is included more than once in
the same source file.
Richard Levitte [Mon, 14 Oct 2002 09:44:57 +0000 (09:44 +0000)]
Complete the VxWorks fix by implementing a NULL RAND_poll() for it.
PR: 253
Richard Levitte [Mon, 14 Oct 2002 09:44:51 +0000 (09:44 +0000)]
Complete the VxWorks fix by implementing a NULL RAND_poll() for it.
PR: 253
Richard Levitte [Mon, 14 Oct 2002 09:40:46 +0000 (09:40 +0000)]
make update
Richard Levitte [Mon, 14 Oct 2002 09:35:11 +0000 (09:35 +0000)]
libs is a timestamp that we don't really need to know about.
Richard Levitte [Mon, 14 Oct 2002 09:25:48 +0000 (09:25 +0000)]
Add needed libraries as per configuration to the list of libraries we
depend upon.
Richard Levitte [Mon, 14 Oct 2002 09:24:50 +0000 (09:24 +0000)]
Add missing quotes.
Make sure test doesn't barf because of missing spaces before the
closing ].
Add -lc to the list of libraries we depend upon. Not always
necessary, but never hurts.
Richard Levitte [Sun, 13 Oct 2002 22:57:51 +0000 (22:57 +0000)]
Targeting the solaris platform for specific tests. Something is going
wrong, and my test engine doesn't show it. The verbosity will be
temporary for about a day.
Richard Levitte [Sat, 12 Oct 2002 16:07:31 +0000 (16:07 +0000)]
Clarify where the engines are by default.
Richard Levitte [Sat, 12 Oct 2002 09:16:10 +0000 (09:16 +0000)]
Chase down the missing backslashes.
Richard Levitte [Fri, 11 Oct 2002 22:42:40 +0000 (22:42 +0000)]
Add more commentary. Check that *num is smaller than the block size.
Richard Levitte [Fri, 11 Oct 2002 22:42:34 +0000 (22:42 +0000)]
Add more commentary. Check that *num is smaller than the block size.
Richard Levitte [Fri, 11 Oct 2002 22:37:44 +0000 (22:37 +0000)]
The AES CTR API was buggy, we need to save the encrypted counter as well
between calls, or that will be lost if it returned with *num non-zero.
Richard Levitte [Fri, 11 Oct 2002 22:37:29 +0000 (22:37 +0000)]
The AES CTR API was buggy, we need to save the encrypted counter as well
between calls, or that will be lost if it returned with *num non-zero.
Richard Levitte [Fri, 11 Oct 2002 22:06:44 +0000 (22:06 +0000)]
Step 14 of move of engines: Final step, document the change.
Richard Levitte [Fri, 11 Oct 2002 20:45:56 +0000 (20:45 +0000)]
make update.
Richard Levitte [Fri, 11 Oct 2002 20:35:45 +0000 (20:35 +0000)]
Merge string protection from main trunk
Richard Levitte [Fri, 11 Oct 2002 20:31:27 +0000 (20:31 +0000)]
And if the path has a space, we definitely need to protect $openssl.
Richard Levitte [Fri, 11 Oct 2002 20:28:23 +0000 (20:28 +0000)]
Oh, there were *two* places where we needed to protect the file
name...
Richard Levitte [Fri, 11 Oct 2002 19:56:57 +0000 (19:56 +0000)]
For the platforms where version info is inserted separately into the
shared library, set those flags conditionally.
Richard Levitte [Fri, 11 Oct 2002 18:52:42 +0000 (18:52 +0000)]
Step 13 of move of engines: Remove old files.
Richard Levitte [Fri, 11 Oct 2002 18:51:29 +0000 (18:51 +0000)]
Step 12 of move of engines: Time to make the changes to support
automatic load of dynamic engines. Make the changes in the main
Makefile so the engines are built, but now in the engines/ directory.
Note: The changes in step 12 have all been made by Geoff Thorpe.
Credit where credit is due.
Richard Levitte [Fri, 11 Oct 2002 18:49:55 +0000 (18:49 +0000)]
Step 11c of move of engines: Time to make the changes to support
automatic load of dynamic engines. Change the iterator to try to load
the requested engine dynamically. The environment variable
OPENSSL_ENGINES can be used to override the internal default directory
where one can expect to find dynamically loadable engines.
Note: The changes in step 11 have all been made by Geoff Thorpe.
Credit where credit is due.
Richard Levitte [Fri, 11 Oct 2002 18:47:51 +0000 (18:47 +0000)]
Step 11b of move of engines: Time to make the changes to support
automatic load of dynamic engines. Add functionality to the dynamic
engine to handle engine directories and loading from those. This
is currently NOT compatible with the use of LD_LIBRARY_PATH and
similar environment variables.
Note: The changes in step 11 have all been made by Geoff Thorpe.
Credit where credit is due.
Richard Levitte [Fri, 11 Oct 2002 18:42:54 +0000 (18:42 +0000)]
Step 11a of move of engines: Time to make the changes to support
automatic load of dynamic engines. Unless we don't have shared
library support, do not try to load any "built-in" engines except for
cryptodev.
Richard Levitte [Fri, 11 Oct 2002 18:40:47 +0000 (18:40 +0000)]
Step 10 of move of engines: Change crypto/engine/Makefile.ssl so we
don't build any "built-in" engines in that directory any more, except
fo the cryptodev one.
Richard Levitte [Fri, 11 Oct 2002 18:38:26 +0000 (18:38 +0000)]
Step 9 of move of engines: rename crypto/engine/hw_cryptodev.c to
eng_cryptodev.c. This is an engine that (at least currently) has
to be built in.
Richard Levitte [Fri, 11 Oct 2002 18:32:32 +0000 (18:32 +0000)]
Typo
Richard Levitte [Fri, 11 Oct 2002 18:21:40 +0000 (18:21 +0000)]
Step 8 of move of engines: Remove the last little quirks.
DECIMAL_SIZE is copied from crypto/cryptlib.h.
Richard Levitte [Fri, 11 Oct 2002 18:20:06 +0000 (18:20 +0000)]
We didn't copy the cryptodev engine here, darn it!
Richard Levitte [Fri, 11 Oct 2002 18:17:16 +0000 (18:17 +0000)]
Step 7 of move of engines: Engines should not depend on private
OpenSSL header files.
Richard Levitte [Fri, 11 Oct 2002 18:10:14 +0000 (18:10 +0000)]
Typo.