Geoff Thorpe [Thu, 13 Mar 2003 20:28:42 +0000 (20:28 +0000)]
Fix a bone-head bug. This warrants a CHANGES entry because it could affect
applications if they were passing a bogus 'flags' parameter yet having
things work as they wanted anyway.
Dr. Stephen Henson [Thu, 13 Mar 2003 14:13:53 +0000 (14:13 +0000)]
Return an error if gmtime returns NULL.
Dr. Stephen Henson [Wed, 12 Mar 2003 02:38:57 +0000 (02:38 +0000)]
Avoid warnings for no-engine and PEDANTIC
Dr. Stephen Henson [Wed, 12 Mar 2003 02:31:40 +0000 (02:31 +0000)]
Fixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE.
Geoff Thorpe [Tue, 11 Mar 2003 01:49:21 +0000 (01:49 +0000)]
The default implementation of DSA_METHOD has an interdependence on the
dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and
dsa_sign_setup(). When another DSA_METHOD implementation does not define
these lower-level handlers, it becomes impossible to do a fallback to
software on errors using a simple DSA_OpenSSL()->fn(key).
This change allows the default DSA_METHOD to function in such circumstances
by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist,
otherwise using BIGNUM implementations directly (which is what those
handlers did before this change). There should be no noticable difference
for the software case, or indeed any custom case that didn't already
segfault, except perhaps that there is now one less level of indirection in
all cases.
PR: 507
Bodo Möller [Fri, 28 Feb 2003 15:37:10 +0000 (15:37 +0000)]
- new ECDH_compute_key interface (KDF is no longer a fixed built-in)
- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary
Bodo Möller [Fri, 28 Feb 2003 15:17:45 +0000 (15:17 +0000)]
memset problem has been handled
PR: 343
Bodo Möller [Fri, 28 Feb 2003 15:07:10 +0000 (15:07 +0000)]
use tabs for indentation, not spaces
Dr. Stephen Henson [Thu, 27 Feb 2003 14:07:59 +0000 (14:07 +0000)]
Encryption BIOs misbehave when used with non blocking I/O.
Two fixes:
1. If BIO_write() fails inside enc_write() it should return the
total number of bytes successfully written.
2. If BIO_write() fails during BIO_flush() it should return immediately
with the error code: previously it would fall through to the final
encrypt, corrupting the buffer.
Dr. Stephen Henson [Thu, 27 Feb 2003 13:02:46 +0000 (13:02 +0000)]
Typo.
Bodo Möller [Thu, 27 Feb 2003 12:25:35 +0000 (12:25 +0000)]
add Certicom licensing e-mail address
Dr. Stephen Henson [Thu, 27 Feb 2003 01:54:11 +0000 (01:54 +0000)]
Support for dirName from config files in GeneralName extensions.
Dr. Stephen Henson [Tue, 25 Feb 2003 19:03:31 +0000 (19:03 +0000)]
Fix indefinite length encoding so EOC correctly updates
the buffer pointer.
Rename PKCS7_PARTSIGN to PKCS7_STREAM.
Guess what that's for :-)
Bodo Möller [Mon, 24 Feb 2003 17:18:01 +0000 (17:18 +0000)]
year 2003
Bodo Möller [Mon, 24 Feb 2003 17:15:28 +0000 (17:15 +0000)]
include OpenSSL license (in addition to EAY license)
Ulf Möller [Sat, 22 Feb 2003 23:03:42 +0000 (23:03 +0000)]
Add instructions for building the MinGW target in Cygwin, and
rearrange some of the other text for better readability.
Ulf Möller [Sat, 22 Feb 2003 22:19:48 +0000 (22:19 +0000)]
Copy rather than symlink the test data.
This is needed because Windows doesn't support symlinks.
The Cygwin/MinGW build now passes "make test".
Ulf Möller [Sat, 22 Feb 2003 22:15:31 +0000 (22:15 +0000)]
remove some more useless code. The mingw target can now be built
under cygwin.
Ulf Möller [Sat, 22 Feb 2003 18:00:14 +0000 (18:00 +0000)]
more mingw related cleanups.
Richard Levitte [Sat, 22 Feb 2003 15:04:03 +0000 (15:04 +0000)]
Remove duplication and have clean depend on libclean
Richard Levitte [Sat, 22 Feb 2003 14:41:34 +0000 (14:41 +0000)]
Allow building applications against static libraries with Makefile.shared.
Dr. Stephen Henson [Sat, 22 Feb 2003 02:12:52 +0000 (02:12 +0000)]
Base64 bio fixes. The base64 bio was seriously broken
when reading from a non blocking BIO.
It would incorrectly interpret retries as EOF, incorrectly
buffer initial data and have no buffering at all after initial
data (data would be sent one byte at a time to EVP_DecodeUpdate).
Ulf Möller [Sat, 22 Feb 2003 01:20:55 +0000 (01:20 +0000)]
add test
Ulf Möller [Fri, 21 Feb 2003 23:19:50 +0000 (23:19 +0000)]
avoid duplicate definiton of bn_sub_part_words
Ulf Möller [Fri, 21 Feb 2003 22:59:20 +0000 (22:59 +0000)]
clean up MinGW build. MinGW make now supports the Windows path name
conventions.
Ulf Möller [Fri, 21 Feb 2003 22:09:52 +0000 (22:09 +0000)]
update mingw info
Bodo Möller [Fri, 21 Feb 2003 16:06:39 +0000 (16:06 +0000)]
treat 'out' like i2d functions do; cf. asn1_item_flags_i2d (crypto/asn/tasn_enc.c)
Bodo Möller [Fri, 21 Feb 2003 13:58:23 +0000 (13:58 +0000)]
ECPublicKey_set_octet_string and ECPublicKey_get_octet_string
behaviour was not quite consistent with the conventions
for d2i and i2d functions as far as handling of the 'out'
or 'in' pointer is concerned.
This patch changes this behaviour, and renames the functions to
o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the
external encoding is just a raw object string without any DER icing).
Submitted by: Nils Larsch
Dr. Stephen Henson [Thu, 20 Feb 2003 17:13:21 +0000 (17:13 +0000)]
Ooops forgot to recognise V_ASN1_GENERALSTRING.
Dr. Stephen Henson [Thu, 20 Feb 2003 13:39:30 +0000 (13:39 +0000)]
Re enable the read side non blocking test BIO code.
For some reason it was disabled...
Dr. Stephen Henson [Thu, 20 Feb 2003 13:37:48 +0000 (13:37 +0000)]
Fix bug in base64 bios during write an non blocking I/O:
if the write fails when flushing the buffer return the
value to the application so it can retry.
Bodo Möller [Wed, 19 Feb 2003 16:29:47 +0000 (16:29 +0000)]
typo
PR: 511
Submitted by: Eric Cronin
Richard Levitte [Wed, 19 Feb 2003 14:02:37 +0000 (14:02 +0000)]
Update release information
Richard Levitte [Wed, 19 Feb 2003 12:03:59 +0000 (12:03 +0000)]
Security fix: Vaudenay timing attack on CBC.
An advisory will be posted to the web. Expect a release within the hour.
Richard Levitte [Wed, 19 Feb 2003 11:54:42 +0000 (11:54 +0000)]
Make sure the memory allocation routines check for negative sizes
Richard Levitte [Wed, 19 Feb 2003 11:22:15 +0000 (11:22 +0000)]
Borland C++ Builder 5 complains about unreachable statements.
Dr. Stephen Henson [Wed, 19 Feb 2003 01:04:34 +0000 (01:04 +0000)]
Update debub-steve* entries.
Dr. Stephen Henson [Tue, 18 Feb 2003 12:46:47 +0000 (12:46 +0000)]
Typo.
Richard Levitte [Tue, 18 Feb 2003 12:14:57 +0000 (12:14 +0000)]
Make the no-err option work properly
Bodo Möller [Sun, 16 Feb 2003 20:10:23 +0000 (20:10 +0000)]
Remove "+Olibcalls" option from HPUX targets.
Reportedly this option is deprecated, and on some systems
"make test" fails if it is included.
PR: 495
Geoff Thorpe [Sat, 15 Feb 2003 20:38:57 +0000 (20:38 +0000)]
Session cache implementations shouldn't have to access SSL_SESSION
elements directly, so this missing functionality is required.
PR: 276
Geoff Thorpe [Sat, 15 Feb 2003 20:32:13 +0000 (20:32 +0000)]
Declare prototypes for function pointer types, even if they are likely to
be cast later on.
Dr. Stephen Henson [Sat, 15 Feb 2003 01:09:55 +0000 (01:09 +0000)]
Update docs.
Dr. Stephen Henson [Sat, 15 Feb 2003 00:50:55 +0000 (00:50 +0000)]
Single pass processing to cleartext S/MIME signing.
Geoff Thorpe [Sat, 15 Feb 2003 00:18:38 +0000 (00:18 +0000)]
We cache a montgomery form for 'n' if the PUBLIC flag is set, not PRIVATE.
Also, I've added handling for other mod_exp calls that were not using any
cached montgomery forms. These cases matter only for special RSA keys (eg.
ones that are missing information) so are unlikely to be used in normal
circumstances.
Geoff Thorpe [Fri, 14 Feb 2003 23:21:19 +0000 (23:21 +0000)]
David Brumley <dbrumley@stanford.edu> noted and corrected a case in the
verification step of CRT private key operations in the RSA code -
previously no montgomery form was checked or used for 'n', and so it would
be generated on the fly each time. As a result, private key operations are
now a percent or two faster.
Rather than adding this as another repetition of the nearly-identical
montgomery "check for first-use" initialisation code blocks, I've taken
this chance to create a helper function and macro-wrapper to replace them.
PR: 475
Bodo Möller [Fri, 14 Feb 2003 14:21:58 +0000 (14:21 +0000)]
make update
Richard Levitte [Fri, 14 Feb 2003 13:30:35 +0000 (13:30 +0000)]
Add support for IA64.
PR: 454
Richard Levitte [Fri, 14 Feb 2003 13:12:00 +0000 (13:12 +0000)]
Handle krb5 libraries separately and make sure only libssl.so depends
on it.
Richard Levitte [Fri, 14 Feb 2003 08:56:21 +0000 (08:56 +0000)]
Update linux-mips and linux-mipsel to support threads and shared libraries.
I also updated the bn_ops field with values taken from OpenBSD-mips.
PR: 498
Richard Levitte [Fri, 14 Feb 2003 05:24:22 +0000 (05:24 +0000)]
Pay attention to disabled SSL versions.
PR: 500
Richard Levitte [Fri, 14 Feb 2003 05:20:25 +0000 (05:20 +0000)]
Change no_rmd160 to no_ripemd for consistency.
PR: 500
Richard Levitte [Fri, 14 Feb 2003 01:02:58 +0000 (01:02 +0000)]
Make it possible to disable OCSP, the speed application, and the use of sockets.
PR: 358
Richard Levitte [Thu, 13 Feb 2003 23:52:54 +0000 (23:52 +0000)]
Add full support for -rpath/-R, both in shared libraries and
applications, at least on the platforms where it's known how
to do it.
Note: this has only been tested on GNU-based platforms (Linux), and
needs to be tested on all others. Additionally, it's not yet
supported on the following platforms, for lack of information:
Darwin (MacOS X)
Cygwin
OSF1/Alpha
SVR3
ReliantUNIX
Please help out with testing and the platforms we don't yet know well
enough.
Richard Levitte [Thu, 13 Feb 2003 13:21:13 +0000 (13:21 +0000)]
Another long name to deal with
Richard Levitte [Thu, 13 Feb 2003 08:53:40 +0000 (08:53 +0000)]
Oh, the destest program did look at the return value...
Bodo Möller [Wed, 12 Feb 2003 22:01:12 +0000 (22:01 +0000)]
new lock for EC_PRE_COMP structures
Submitted by: Nils Larsch
Bodo Möller [Wed, 12 Feb 2003 18:30:16 +0000 (18:30 +0000)]
Allow EC_GROUP objects to share precomputation for improved memory
efficiency (EC_PRE_COMP objects are now constant once completed).
Extend 'extra_data' API to support arbitrarily many slots (although we
need only one at the moment).
Modify EC internal 'extra_data' API: EC_GROUP_[clear_]free_extra_data
now frees only a single slot (the previous functions are available as
EC_GROUP_[clear_]free_all_extra_data).
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
Richard Levitte [Wed, 12 Feb 2003 17:20:39 +0000 (17:20 +0000)]
Adjust DES_cbc_cksum() so the returned value is the same as MIT's
mit_des_cbc_cksum(). The difference was first observed, then verified by
looking at the MIT source.
Dr. Stephen Henson [Wed, 12 Feb 2003 17:06:02 +0000 (17:06 +0000)]
Option to disable SSL auto chain build
Bodo Möller [Wed, 12 Feb 2003 14:17:41 +0000 (14:17 +0000)]
comments
Bodo Möller [Tue, 11 Feb 2003 16:42:30 +0000 (16:42 +0000)]
first section is now "Changes between 0.9.7a and 0.9.8", not "... 0.9.7 and 0.9.8"
Dr. Stephen Henson [Tue, 11 Feb 2003 14:06:27 +0000 (14:06 +0000)]
GeneralString support in mini-ASN1 compiler
Dr. Stephen Henson [Mon, 10 Feb 2003 17:52:10 +0000 (17:52 +0000)]
Typo.
Richard Levitte [Mon, 10 Feb 2003 11:14:35 +0000 (11:14 +0000)]
Make sure memcpy() is properly declared by including string.h.
Bodo Möller [Sat, 8 Feb 2003 19:51:37 +0000 (19:51 +0000)]
fix EC_GROUP_copy for EC_GFp_nist_method()
Submitted by: Nils Larsch
Bodo Möller [Sat, 8 Feb 2003 19:49:16 +0000 (19:49 +0000)]
avoid coredump
Submitted by: Nils Larsch
Bodo Möller [Sat, 8 Feb 2003 15:56:05 +0000 (15:56 +0000)]
remove debugging leftovers
Bodo Möller [Fri, 7 Feb 2003 11:54:57 +0000 (11:54 +0000)]
comment
Bodo Möller [Thu, 6 Feb 2003 19:32:06 +0000 (19:32 +0000)]
typo
Richard Levitte [Thu, 6 Feb 2003 19:30:06 +0000 (19:30 +0000)]
PKCS#1 has a new RFC, which we do implement
Bodo Möller [Thu, 6 Feb 2003 19:25:12 +0000 (19:25 +0000)]
implement fast point multiplication with precomputation
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
Bodo Möller [Wed, 5 Feb 2003 16:54:10 +0000 (16:54 +0000)]
typo in WIN16 section
Submitted by: Toni Andjelkovic <toni@soth.at>
Bodo Möller [Wed, 5 Feb 2003 16:40:29 +0000 (16:40 +0000)]
SSL_add_dir_cert_subjects_to_stack now exists for WIN32
Dr. Stephen Henson [Wed, 5 Feb 2003 00:34:31 +0000 (00:34 +0000)]
IPv6 display and input support for extensions usingh GeneralName.
Bodo Möller [Tue, 4 Feb 2003 12:57:34 +0000 (12:57 +0000)]
typo
Bodo Möller [Tue, 4 Feb 2003 12:28:11 +0000 (12:28 +0000)]
Update PRNG entry:
- OpenSSL version differences
- Sun /dev/urandom patch information
Ben Laurie [Sat, 1 Feb 2003 20:58:59 +0000 (20:58 +0000)]
Old-style callbacks can be NULL!
Ben Laurie [Sat, 1 Feb 2003 20:55:29 +0000 (20:55 +0000)]
Fix warning.
Richard Levitte [Fri, 31 Jan 2003 12:20:35 +0000 (12:20 +0000)]
We can't say in advance what the argument to BIO_socket_ioctl() should be, so
let's make that a void *. Also, BIO_socket_nbio() should send it an int
argument, not a long.
PR: 457
Richard Levitte [Thu, 30 Jan 2003 22:02:27 +0000 (22:02 +0000)]
Document -engine where missing.
PR: 424
Richard Levitte [Thu, 30 Jan 2003 21:49:12 +0000 (21:49 +0000)]
A few small bugs with BIO popping.
PR: 364
Richard Levitte [Thu, 30 Jan 2003 20:03:45 +0000 (20:03 +0000)]
The util scripts need to handled no-hw.
PR: 327
Richard Levitte [Thu, 30 Jan 2003 19:05:25 +0000 (19:05 +0000)]
The MASM situation is more difficult than described so far. It is part of VC++ 7.
PR: 327
Richard Levitte [Thu, 30 Jan 2003 19:01:56 +0000 (19:01 +0000)]
For VC++7 and up, the file is VSVARS32.BAT.
PR: 327
Richard Levitte [Thu, 30 Jan 2003 18:52:46 +0000 (18:52 +0000)]
The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That's
bad, so let's not check OPENSSL_NO_ENGINE in those places. Fortunately, all
the header files where the problem existed include ossl_typ.h, which makes
a 'forward declaration' of the ENGINE type.
Richard Levitte [Thu, 30 Jan 2003 17:53:02 +0000 (17:53 +0000)]
make update
Richard Levitte [Thu, 30 Jan 2003 17:39:26 +0000 (17:39 +0000)]
Add the possibility to build without the ENGINE framework.
PR: 287
Geoff Thorpe [Thu, 30 Jan 2003 15:52:40 +0000 (15:52 +0000)]
Summarise the last couple of commits.
Geoff Thorpe [Thu, 30 Jan 2003 15:49:03 +0000 (15:49 +0000)]
This glues the GMP wrapper ENGINE into OpenSSL if it is being built (ie. if
the OPENSSL_USE_GMP symbol is defined). Also, I've re-ordered the listing
of other builtin ENGINEs to be alphabetical (though "dynamic" will still
come first).
Geoff Thorpe [Thu, 30 Jan 2003 15:43:07 +0000 (15:43 +0000)]
Commit a slightly modified version of an old experiment to do RSA private
key operations using the GMP library. The default is not to build (or use)
this code unless OPENSSL_USE_GMP is defined (because it will impose header
and linker dependencies that might need specifying too).
Geoff Thorpe [Thu, 30 Jan 2003 14:58:44 +0000 (14:58 +0000)]
"openssl engine" will not display ENGINE/DSO load failure errors when
testing availability of engines with "-t" - the old behaviour of is
produced by increasing the feature's verbosity with "-tt".
Richard Levitte [Thu, 30 Jan 2003 11:08:44 +0000 (11:08 +0000)]
Small typo, OENSSL should really be spelled OPENSSL.
PR: 476
Richard Levitte [Thu, 30 Jan 2003 11:00:34 +0000 (11:00 +0000)]
Fix a memory leak in SSL.
PR: 477
Richard Levitte [Thu, 30 Jan 2003 10:27:43 +0000 (10:27 +0000)]
cert_sk isn't always allocated, so freeing it may cause a crash.
PR: 481
Richard Levitte [Wed, 29 Jan 2003 15:06:35 +0000 (15:06 +0000)]
DVCS (see RFC 3029) was missing among the possible purposes.
Notified privately to me by Peter Sylvester <Peter.Sylvester@EdelWeb.fr>,
one of the authors of said RFC
Bodo Möller [Tue, 28 Jan 2003 13:08:21 +0000 (13:08 +0000)]
simplify
Submitted by: Nils Larsch
Dr. Stephen Henson [Sun, 26 Jan 2003 13:38:56 +0000 (13:38 +0000)]
Correct EVP_SealInit() documentation, iv is an output
parameter.
Bodo Möller [Sat, 25 Jan 2003 15:28:49 +0000 (15:28 +0000)]
cofactor is optional in parameter encodings
Submitted by: Nils Larsch
Bodo Möller [Fri, 24 Jan 2003 22:28:32 +0000 (22:28 +0000)]
consistency