Dr. Stephen Henson [Sat, 5 Jan 2002 01:37:16 +0000 (01:37 +0000)]
Experimental configuration code.
Incomplete, largely untested and subject to change/deletion.
Bodo Möller [Fri, 4 Jan 2002 15:22:40 +0000 (15:22 +0000)]
add a sentence previously deleted by accident
Bodo Möller [Fri, 4 Jan 2002 15:17:09 +0000 (15:17 +0000)]
add documentation for SSLeay_version(SSLEAY_DIR) and
'openssl version -d'
use some descriptions from Lutz' redundant manual page
instead of the previous ones
Lutz Jänicke [Fri, 4 Jan 2002 15:05:51 +0000 (15:05 +0000)]
Tsss, SSLeay_version() was already documented, it just was not linked in.
Bodo Möller [Fri, 4 Jan 2002 15:03:25 +0000 (15:03 +0000)]
synchronize with engine-0.9.6 tree
Lutz Jänicke [Fri, 4 Jan 2002 14:55:38 +0000 (14:55 +0000)]
Add information as provided by Richard Levitte on openssl-users :-)
Dr. Stephen Henson [Fri, 4 Jan 2002 13:35:37 +0000 (13:35 +0000)]
Update PEM docs
Bodo Möller [Fri, 4 Jan 2002 13:30:05 +0000 (13:30 +0000)]
fix 'Configure TABLE' output
Bodo Möller [Fri, 4 Jan 2002 13:27:52 +0000 (13:27 +0000)]
Changes that break something should be included in CHANGES
to make it easier to fix things.
Bodo Möller [Fri, 4 Jan 2002 13:12:08 +0000 (13:12 +0000)]
add automatically generated ERR_load_... prototype
Bodo Möller [Fri, 4 Jan 2002 13:04:45 +0000 (13:04 +0000)]
fix EVP_CIPHER_mode macro
Submitted by: "Dan S. Camper" <dan@bti.net>
Geoff Thorpe [Fri, 4 Jan 2002 07:01:35 +0000 (07:01 +0000)]
Constify.
Richard Levitte [Thu, 3 Jan 2002 18:53:47 +0000 (18:53 +0000)]
Better clarification on perl
Richard Levitte [Wed, 2 Jan 2002 17:31:23 +0000 (17:31 +0000)]
make update
Richard Levitte [Wed, 2 Jan 2002 16:57:57 +0000 (16:57 +0000)]
Implement speed measurement for AES.
Submitted by Stephen Sprunk <stephen@sprunk.org> as part of his AES
integration patch.
Richard Levitte [Wed, 2 Jan 2002 16:55:35 +0000 (16:55 +0000)]
Because Rijndael is more known as AES, use crypto/aes instead of
crypto/rijndael. Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).
This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
Richard Levitte [Wed, 2 Jan 2002 16:51:17 +0000 (16:51 +0000)]
The block size may be something other than 8!
Richard Levitte [Wed, 2 Jan 2002 12:45:51 +0000 (12:45 +0000)]
When RSA or DSA are disabled, do not include the stuff that's specific
to them.
Richard Levitte [Wed, 2 Jan 2002 12:44:54 +0000 (12:44 +0000)]
make update
Richard Levitte [Wed, 2 Jan 2002 12:40:38 +0000 (12:40 +0000)]
RSA counter should only be defined of RSA is available.
Richard Levitte [Wed, 2 Jan 2002 11:54:38 +0000 (11:54 +0000)]
Allow verification of other types than DATA.
Submitted by Leonard Janke <leonard@votehere.net>
Richard Levitte [Wed, 2 Jan 2002 11:25:17 +0000 (11:25 +0000)]
Say that recent CygWin perl versions work as well.
Submitted by Eric Hanchrow <erich@votehere.net>
Richard Levitte [Wed, 2 Jan 2002 11:06:02 +0000 (11:06 +0000)]
Allow 8-bit characters. This is not really complete, it only marks
characters with the highest bit set as HIGHBIT. We need to expand
this to support the UTF-8 character set properly. However, this
solves the problem that the character 0x80 (which is common in UTF-8)
gets masked to 0x00.
Patch submitted by "Huang Yuzhen" <huangyuzhen@bj.tom.com>
Richard Levitte [Wed, 2 Jan 2002 10:30:07 +0000 (10:30 +0000)]
On Solaris64, cc needs the flag -xarch=v9 when linking shared
libraries. Make a general change to support shared library
linking flags in general.
Noted by Nick Briggs <briggs@parc.xerox.com>
Richard Levitte [Wed, 2 Jan 2002 10:00:22 +0000 (10:00 +0000)]
Add support for Linux on HP/PA.
Submitted by "Bryan W. Headley" <bheadley@interaccess.com>
Ulf Möller [Fri, 28 Dec 2001 17:14:35 +0000 (17:14 +0000)]
ssl3_read_bytes bug fix
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
Bodo Möller [Fri, 21 Dec 2001 12:29:52 +0000 (12:29 +0000)]
update FAQ and CHANGES file (0.9.6c has been released)
Richard Levitte [Fri, 21 Dec 2001 03:23:15 +0000 (03:23 +0000)]
Status update
Richard Levitte [Fri, 21 Dec 2001 01:12:29 +0000 (01:12 +0000)]
And just for the sake of completeness, let's add some standard macros...
Richard Levitte [Fri, 21 Dec 2001 01:08:40 +0000 (01:08 +0000)]
Better use the same number in all branches, to avoid confusion
Richard Levitte [Thu, 20 Dec 2001 22:12:10 +0000 (22:12 +0000)]
Do not forget to compile comp_err.c
Richard Levitte [Thu, 20 Dec 2001 16:58:26 +0000 (16:58 +0000)]
Synchronise with the 0.9.6 branch.
Ben Laurie [Thu, 20 Dec 2001 12:18:08 +0000 (12:18 +0000)]
Security fix.
Ulf Möller [Wed, 19 Dec 2001 19:37:31 +0000 (19:37 +0000)]
Cygwin patch. Submitted by Michael Kobar <mkobar@lymeware.com>
Bodo Möller [Mon, 17 Dec 2001 19:28:05 +0000 (19:28 +0000)]
formatting consistency
Bodo Möller [Mon, 17 Dec 2001 19:26:43 +0000 (19:26 +0000)]
oops
Bodo Möller [Mon, 17 Dec 2001 19:22:23 +0000 (19:22 +0000)]
remove redundant ERR_load_... declarations
Bodo Möller [Mon, 17 Dec 2001 19:11:03 +0000 (19:11 +0000)]
consistency with 0.9.6 stable "CHANGES"
Bodo Möller [Fri, 14 Dec 2001 10:09:29 +0000 (10:09 +0000)]
fix BN_rand_range
Richard Levitte [Wed, 12 Dec 2001 16:49:02 +0000 (16:49 +0000)]
Change pkcs12 so the certificates coming from -in do not get tossed if
-certfile is given as well.
Richard Levitte [Wed, 12 Dec 2001 12:53:13 +0000 (12:53 +0000)]
Implement failover for ubsec. Submitted by Subramanian Ramamoorthy
<sram@broadcom.com> with the following comment:
[...] We have implemented failover (ie, if for some reason that the
hardware fails, the implementation detects this failure and performs
this operation as if no hardware is present, ie, in software) for
sometime now and have tested it here with our hardware. [...]
This change was cc:ed to exports@crypto.com
Richard Levitte [Tue, 11 Dec 2001 10:57:13 +0000 (10:57 +0000)]
make update
Ulf Möller [Mon, 10 Dec 2001 18:52:06 +0000 (18:52 +0000)]
name confusion with HP library function prototype (?)
Ben Laurie [Sun, 9 Dec 2001 21:53:31 +0000 (21:53 +0000)]
Improve back compatibility.
Bodo Möller [Fri, 7 Dec 2001 17:02:01 +0000 (17:02 +0000)]
fix warnings (one of them was clearly justified)
Dr. Stephen Henson [Fri, 7 Dec 2001 00:36:32 +0000 (00:36 +0000)]
Don't overwrite signing time.
Lutz Jänicke [Thu, 6 Dec 2001 13:15:51 +0000 (13:15 +0000)]
HPUX 9.X on m68k with gcc
("Anton J. Gamel" <gamel@anna.anatomie.uni-freiburg.de>)
Richard Levitte [Tue, 4 Dec 2001 11:01:17 +0000 (11:01 +0000)]
UID was never a lable for uniqueIdentifier. However, LDAP and certain
RFCs concerning X.500 directories use UID as a shorter name for the
attribute type userId, which is defined by CCITT and available through
RFCs 1274 and 2247.
Unfortunately, if some applications have used the name "UID" for the
uniqueIdentifier attribute type, they will produce incorrect results.
However, I found it better to follow the standards that are out there
rather than having our own incompatible one.
Richard Levitte [Tue, 4 Dec 2001 07:38:17 +0000 (07:38 +0000)]
I was recently informed that some people wrongly use ssleay.txt as
main documentation, so let's warn them a little more, so the word
"OBSOLETE" really gets understood.
Bodo Möller [Mon, 3 Dec 2001 14:03:23 +0000 (14:03 +0000)]
crypto/objects stuff
Bodo Möller [Mon, 3 Dec 2001 13:47:22 +0000 (13:47 +0000)]
Fix: 2.5.29 is "id-ce", not "ld-ce" (sort of a typo in objects.h).
Fix (?): Delete 'ip-pda 6' (id-pda-pseudonym) because it does not exist
in RFC 3039.
Also change Perl scripts to put auto-generation warning in the
first lines of the file.
Dr. Stephen Henson [Mon, 3 Dec 2001 03:07:37 +0000 (03:07 +0000)]
EVP_BytesToKey documentation.
Dr. Stephen Henson [Sat, 1 Dec 2001 23:09:38 +0000 (23:09 +0000)]
Make EVP_SealInit() return the correct value.
Dr. Stephen Henson [Sat, 1 Dec 2001 23:03:30 +0000 (23:03 +0000)]
Add -pubkey option to req command.
Dr. Stephen Henson [Sat, 1 Dec 2001 22:41:39 +0000 (22:41 +0000)]
NO_DSA, NO_RSA patches.
Lutz Jänicke [Fri, 30 Nov 2001 09:38:57 +0000 (09:38 +0000)]
Support for QNX (wrat@jump.net (the wharf rat)).
Richard Levitte [Tue, 27 Nov 2001 11:48:30 +0000 (11:48 +0000)]
Certain missing algorithms make some SSL versions or TLS impossible to
build.
Bodo Möller [Mon, 26 Nov 2001 12:13:50 +0000 (12:13 +0000)]
discuss -name and default_ca more correctly (I hope)
Geoff Thorpe [Sat, 24 Nov 2001 04:02:42 +0000 (04:02 +0000)]
This looks to have been a typo.
Bodo Möller [Fri, 23 Nov 2001 21:50:50 +0000 (21:50 +0000)]
For future portability reasons MIT is moving all macros to function
calls. This patch allows compilation either way.
Submitted by: Jeffrey Altman <jaltman@columbia.edu>
Bodo Möller [Fri, 23 Nov 2001 21:12:44 +0000 (21:12 +0000)]
info on 0.9.6 engine branch
Bodo Möller [Fri, 23 Nov 2001 20:58:40 +0000 (20:58 +0000)]
fix submitted by Andy Schneider <andy.schneider@bjss.co.uk>
(in main branch, hn_ncipher.c is already correct)
Bodo Möller [Thu, 22 Nov 2001 11:13:10 +0000 (11:13 +0000)]
check OPENSSL_NO_... before including header files that might be
disabled
Bodo Möller [Thu, 22 Nov 2001 11:09:42 +0000 (11:09 +0000)]
OS/390 support
Submitted by: Richard Shapiro <rshapiro@abinitio.com>
Bodo Möller [Thu, 22 Nov 2001 11:08:38 +0000 (11:08 +0000)]
comment
Geoff Thorpe [Thu, 22 Nov 2001 10:08:49 +0000 (10:08 +0000)]
Cut "ENGINE_ID" to the more concise "ID".
Geoff Thorpe [Thu, 22 Nov 2001 09:20:08 +0000 (09:20 +0000)]
In this particular error condition, the structural reference wasn't being
released.
Geoff Thorpe [Thu, 22 Nov 2001 09:13:18 +0000 (09:13 +0000)]
When the "dynamic" ENGINE loads another ENGINE from a shared-library, it
essentially overwrites itself with the new ENGINE, with the exception of
reference counts, ex_data structures, and other 'admin' elements. However
if the new ENGINE doesn't populate certain elements, there's the risk of
the "dynamic" ENGINE's elements showing through - the "cmd_defns" were just
one of the possibilities. This implements a more comprehensive cleanup.
Geoff Thorpe [Thu, 22 Nov 2001 09:01:11 +0000 (09:01 +0000)]
The "openssl" ENGINE is no longer used except as a testing/debugging
device. This change enables it for building as a self-contained "dynamic"
ENGINE, to help testing such mechanisms.
Geoff Thorpe [Thu, 22 Nov 2001 08:48:09 +0000 (08:48 +0000)]
'flags' should only be set inside DSO_load() if constructing a new DSO
object - otherwise we overwrite any flags that had been previously set in
the DSO before calling DSO_load().
Richard Levitte [Mon, 19 Nov 2001 20:46:35 +0000 (20:46 +0000)]
Extentions of the explanations to the linking problem on Win32. Provided by Andrew Gray <agray@iconsinc.com>
Lutz Jänicke [Mon, 19 Nov 2001 11:11:23 +0000 (11:11 +0000)]
Clarify reference count handling/removal of session
(shinagawa@star.zko.dec.com).
Richard Levitte [Fri, 16 Nov 2001 13:12:19 +0000 (13:12 +0000)]
On VMS, the norm is still that symbols are uppercased, so for now it's better
to trust that norm. I might implement a control for this later on
Bodo Möller [Fri, 16 Nov 2001 12:02:01 +0000 (12:02 +0000)]
wNAFs use does not bring that much performance on Sparcs (where
elliptic curves are are relatively faster than on PCs anyway)
Bodo Möller [Fri, 16 Nov 2001 11:37:36 +0000 (11:37 +0000)]
avoid stupid compiler warning
Richard Levitte [Fri, 16 Nov 2001 09:14:06 +0000 (09:14 +0000)]
Build dynamic rsaref engine on VMS. Tested on VAX so far.
Richard Levitte [Fri, 16 Nov 2001 09:09:15 +0000 (09:09 +0000)]
End assembler macro correctly.
On VAX, all global variables are accessed through functions, so skip
doing transfer entries for variables.
Forgot the looping gotos.
Richard Levitte [Fri, 16 Nov 2001 08:54:34 +0000 (08:54 +0000)]
On systems that don't do too well including headers from a different
directory, trust the building scripts to handle it properly.
Richard Levitte [Fri, 16 Nov 2001 08:52:56 +0000 (08:52 +0000)]
Make sure evp_locl.h can be included (hw_openbsd_dev_crypto.c needs that).
Bodo Möller [Fri, 16 Nov 2001 06:22:21 +0000 (06:22 +0000)]
comment
Bodo Möller [Fri, 16 Nov 2001 06:22:05 +0000 (06:22 +0000)]
use a more interesting test case
Bodo Möller [Thu, 15 Nov 2001 22:35:41 +0000 (22:35 +0000)]
comments etc.
Bodo Möller [Thu, 15 Nov 2001 22:32:11 +0000 (22:32 +0000)]
Improve EC efficiency.
Richard Levitte [Thu, 15 Nov 2001 22:29:02 +0000 (22:29 +0000)]
A missing comma added.
Richard Levitte [Thu, 15 Nov 2001 20:24:00 +0000 (20:24 +0000)]
make update
Richard Levitte [Thu, 15 Nov 2001 20:23:29 +0000 (20:23 +0000)]
Add MD digests.
And this finishes this engine, it now offers all ciphers and digests
that RSAref 2.0 has.
Richard Levitte [Thu, 15 Nov 2001 20:19:40 +0000 (20:19 +0000)]
Make it possible to give digest names as -evp arguments.
Richard Levitte [Thu, 15 Nov 2001 18:52:28 +0000 (18:52 +0000)]
Add DES functions.
Restructure the code and comment it a bit.
Prepare for the presence of digests.
Richard Levitte [Thu, 15 Nov 2001 18:48:42 +0000 (18:48 +0000)]
If an engine isn't built in, try loading it as a shareable library
instead. This also makes it possible for users to simply give said
shareable library as argument for the -engine option.
Richard Levitte [Thu, 15 Nov 2001 18:24:42 +0000 (18:24 +0000)]
At least for the two common Unixly DSO loading methods, include the
system error in the error text.
Richard Levitte [Thu, 15 Nov 2001 16:57:36 +0000 (16:57 +0000)]
Use the generated error code files.
Richard Levitte [Thu, 15 Nov 2001 16:57:00 +0000 (16:57 +0000)]
'make update' + some touches.
Richard Levitte [Thu, 15 Nov 2001 16:56:17 +0000 (16:56 +0000)]
Add targets to update the error code files.
Richard Levitte [Thu, 15 Nov 2001 16:53:50 +0000 (16:53 +0000)]
Add a local error code configuration file for the rsaref dynamic
engine.
Richard Levitte [Thu, 15 Nov 2001 16:52:10 +0000 (16:52 +0000)]
Make it possible to build completely static, independent error C
files.
Richard Levitte [Thu, 15 Nov 2001 12:25:14 +0000 (12:25 +0000)]
make update
perl util/mkerr.pl -recurse -write -rebuild
Richard Levitte [Wed, 14 Nov 2001 23:39:01 +0000 (23:39 +0000)]
Make use of RSAref's header files instead of EAY's crafted rsaref.h.
Richard Levitte [Wed, 14 Nov 2001 23:25:46 +0000 (23:25 +0000)]
In a Debian Linux environment, it's not a good idea, apparently, to
manually declare the include directory /usr/include at the same time
as the macro PROTOTYPES is defined with the value 1. Besides,
/usr/include is the standard include directory anyway, so there's no
need to specify it explicitely.
Richard Levitte [Wed, 14 Nov 2001 22:42:35 +0000 (22:42 +0000)]
Add a demo that reimplements the RSAref glue in form of a dynamically
loadable engine.
Richard Levitte [Wed, 14 Nov 2001 22:32:19 +0000 (22:32 +0000)]
After loading a dynamic engine, reset the command definitions to the
empty set. This prevents engines that do not set the command
definitions themselves to inherit the ones from "dynamic", which would
otherwise be very confusing.