oweals/openssl.git
20 years agoUnsigned vs. signed problem removed
Richard Levitte [Wed, 28 Jan 2004 08:48:15 +0000 (08:48 +0000)]
Unsigned vs. signed problem removed

20 years agoCFB DES sync-up with FIPS branch.
Andy Polyakov [Tue, 27 Jan 2004 21:46:19 +0000 (21:46 +0000)]
CFB DES sync-up with FIPS branch.

20 years agoAvoid signed vs. unsigned warnings (which are treated like errors on
Richard Levitte [Tue, 27 Jan 2004 01:16:09 +0000 (01:16 +0000)]
Avoid signed vs. unsigned warnings (which are treated like errors on
Windows).

20 years agoS_IFBLK and S_IFCHR may not exist in some places (like Windows), so
Richard Levitte [Mon, 26 Jan 2004 23:46:03 +0000 (23:46 +0000)]
S_IFBLK and S_IFCHR may not exist in some places (like Windows), so
let's check for those macros, and if they aren't defined, let's assume
there aren't Unixly devices on this platform.

20 years agoTypo...
Richard Levitte [Thu, 22 Jan 2004 22:36:48 +0000 (22:36 +0000)]
Typo...

20 years agoReplace expired certificate.
Dr. Stephen Henson [Wed, 21 Jan 2004 13:04:58 +0000 (13:04 +0000)]
Replace expired certificate.

20 years agoTABLE update for hpux64-paric2-gcc, addenum for HPUX64 gcc build update.
Andy Polyakov [Wed, 21 Jan 2004 10:07:23 +0000 (10:07 +0000)]
TABLE update for hpux64-paric2-gcc, addenum for HPUX64 gcc build update.

20 years agoProper support for HP-UX64 gcc build.
Andy Polyakov [Wed, 21 Jan 2004 09:58:18 +0000 (09:58 +0000)]
Proper support for HP-UX64 gcc build.
PR: 772

20 years agoSHA-1 assembler tune-up for Intel P4
Andy Polyakov [Wed, 21 Jan 2004 08:19:36 +0000 (08:19 +0000)]
SHA-1 assembler tune-up for Intel P4

20 years agoAdding a slash between the directoryt and the file is a problem with
Richard Levitte [Sat, 10 Jan 2004 18:04:36 +0000 (18:04 +0000)]
Adding a slash between the directoryt and the file is a problem with
VMS.  The C RTL can handle it well if the "directory" is a logical
name with no colon, therefore ending being 'logname/file'.  However,
if the given logical names actually has a colon, or if you use a full
VMS-syntax directory, you end up with 'logname:/file' or
'dev:[dir1.dir2]/file', and that isn't handled in any good way.

So, on VMS, we need to check if the directory string ends with a
separator (one of ':', ']' or '>' (< and > can be used instead [ and
])), and handle that by not inserting anything between the directory
spec and the file name.  In all other cases, it's assumed the
directory spec is a logical name, so we need to place a colon between
it and the file.

Notified by Kevin Greaney <kevin.greaney@hp.com>.

20 years agoCover all DSA setups when running tests
Lutz Jänicke [Thu, 8 Jan 2004 07:46:12 +0000 (07:46 +0000)]
Cover all DSA setups when running tests
PR: #748
Submitted by: Kirill Kochetkov <kochet@ixbt.com>

20 years agoUpdates to s_time manual page
Lutz Jänicke [Thu, 8 Jan 2004 07:39:33 +0000 (07:39 +0000)]
Updates to s_time manual page
PR: #570
Submitted by: Martin Witzel <MWITZEL@de.ibm.com>

20 years agoOne more change to merge from -dev.
Lutz Jänicke [Sun, 4 Jan 2004 19:03:51 +0000 (19:03 +0000)]
One more change to merge from -dev.

20 years agoAdd s_time manual page
Lutz Jänicke [Sun, 4 Jan 2004 19:00:17 +0000 (19:00 +0000)]
Add s_time manual page
Submitted by: "Martin Witzel" <MWITZEL@de.ibm.com>

PR: #570

20 years agoThis commit was manufactured by cvs2svn to create branch
cvs2svn [Sun, 4 Jan 2004 18:59:15 +0000 (18:59 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.

20 years agoAdd s_time manual page
Lutz Jänicke [Sun, 4 Jan 2004 18:59:14 +0000 (18:59 +0000)]
Add s_time manual page
Submitted by: "Martin Witzel" <MWITZEL@de.ibm.com>

PR: #570

20 years agoUpdate URI
Lutz Jänicke [Sun, 4 Jan 2004 18:06:51 +0000 (18:06 +0000)]
Update URI
Submitted by: Gertjan van Oosten <gertjan@West.NL>

PR: #804

20 years agoUpdate URI
Lutz Jänicke [Sun, 4 Jan 2004 18:05:50 +0000 (18:05 +0000)]
Update URI
Submitted by: Gertjan van Oosten <gertjan@West.NL>

PR: #804

20 years agounintptr_t and <inttypes.h> are not strictly portable with respect to
Lutz Jänicke [Sun, 4 Jan 2004 17:54:02 +0000 (17:54 +0000)]
unintptr_t and <inttypes.h> are not strictly portable with respect to
ANSI C 89.
Undo change to maintain compatibility.

20 years agounintptr_t and <inttypes.h> are not strictly portable with respect to
Lutz Jänicke [Sun, 4 Jan 2004 17:53:21 +0000 (17:53 +0000)]
unintptr_t and <inttypes.h> are not strictly portable with respect to
ANSI C 89.
Undo change to maintain compatibility.

20 years agoFix Perl problems on sparc64.
Richard Levitte [Sat, 27 Dec 2003 16:13:18 +0000 (16:13 +0000)]
Fix Perl problems on sparc64.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoFix Perl problems on sparc64.
Richard Levitte [Sat, 27 Dec 2003 16:13:16 +0000 (16:13 +0000)]
Fix Perl problems on sparc64.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoAvoid including cryptlib.h, it's not really needed.
Richard Levitte [Sat, 27 Dec 2003 16:10:30 +0000 (16:10 +0000)]
Avoid including cryptlib.h, it's not really needed.
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoAvoid including cryptlib.h, it's not really needed.
Richard Levitte [Sat, 27 Dec 2003 16:09:59 +0000 (16:09 +0000)]
Avoid including cryptlib.h, it's not really needed.
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoOnly use environment variables if uid and gid are the same as euid and egid.
Richard Levitte [Sat, 27 Dec 2003 16:07:20 +0000 (16:07 +0000)]
Only use environment variables if uid and gid are the same as euid and egid.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoOnly use environment variables if uid and gid are the same as euid and egid.
Richard Levitte [Sat, 27 Dec 2003 16:07:18 +0000 (16:07 +0000)]
Only use environment variables if uid and gid are the same as euid and egid.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoCheck if a random "file" is really a device file, and treat it
Richard Levitte [Sat, 27 Dec 2003 16:02:22 +0000 (16:02 +0000)]
Check if a random "file" is really a device file, and treat it
specially if it is.
Add a few OpenBSD-specific cases.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoCheck if a random "file" is really a device file, and treat it
Richard Levitte [Sat, 27 Dec 2003 16:01:52 +0000 (16:01 +0000)]
Check if a random "file" is really a device file, and treat it
specially if it is.
Add a few OpenBSD-specific cases.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoCorrect documentation typos.
Richard Levitte [Sat, 27 Dec 2003 15:05:26 +0000 (15:05 +0000)]
Correct documentation typos.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoCorrect documentation typos.
Richard Levitte [Sat, 27 Dec 2003 15:04:54 +0000 (15:04 +0000)]
Correct documentation typos.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoOpenBSD-internal changes.
Richard Levitte [Sat, 27 Dec 2003 15:02:56 +0000 (15:02 +0000)]
OpenBSD-internal changes.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoOpenBSD-internal changes.
Richard Levitte [Sat, 27 Dec 2003 15:02:54 +0000 (15:02 +0000)]
OpenBSD-internal changes.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoUse sh explicitely to run point.sh
Richard Levitte [Sat, 27 Dec 2003 15:00:24 +0000 (15:00 +0000)]
Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoUse sh explicitely to run point.sh
Richard Levitte [Sat, 27 Dec 2003 14:59:07 +0000 (14:59 +0000)]
Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoInclude strings.h so strcasecmp() and strncasecmp() get properly declared.
Richard Levitte [Sat, 27 Dec 2003 14:54:48 +0000 (14:54 +0000)]
Include strings.h so strcasecmp() and strncasecmp() get properly declared.

20 years agoUse BUF_strlcpy() instead of strcpy().
Richard Levitte [Sat, 27 Dec 2003 14:40:57 +0000 (14:40 +0000)]
Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoUse BUF_strlcpy() instead of strcpy().
Richard Levitte [Sat, 27 Dec 2003 14:40:17 +0000 (14:40 +0000)]
Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoAdd a newline at the end of the last line.
Richard Levitte [Sat, 27 Dec 2003 14:26:15 +0000 (14:26 +0000)]
Add a newline at the end of the last line.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoAdd a newline at the end of the last line.
Richard Levitte [Sat, 27 Dec 2003 14:26:14 +0000 (14:26 +0000)]
Add a newline at the end of the last line.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

20 years agoChange 'exp' to something else, as 'exp' is predefined by GNU C. This
Richard Levitte [Sat, 27 Dec 2003 14:24:20 +0000 (14:24 +0000)]
Change 'exp' to something else, as 'exp' is predefined by GNU C.  This
was already done in HEAD, but not in this branch (I wonder why...).

20 years agoTypos.
Dr. Stephen Henson [Sat, 20 Dec 2003 22:49:05 +0000 (22:49 +0000)]
Typos.

20 years agoTypos.
Dr. Stephen Henson [Sat, 20 Dec 2003 22:48:21 +0000 (22:48 +0000)]
Typos.

20 years agoTo figure out if we're going outside the buffer, use the size of the buffer,
Richard Levitte [Thu, 11 Dec 2003 18:01:06 +0000 (18:01 +0000)]
To figure out if we're going outside the buffer, use the size of the buffer,
not the size of the integer used to index in said buffer.

PR: 794
Notified by: Rhett Garber <rhett_garber@hp.com>

20 years agoTo figure out if we're going outside the buffer, use the size of the buffer,
Richard Levitte [Thu, 11 Dec 2003 18:01:03 +0000 (18:01 +0000)]
To figure out if we're going outside the buffer, use the size of the buffer,
not the size of the integer used to index in said buffer.

PR: 794
Notified by: Rhett Garber <rhett_garber@hp.com>

20 years agoDocument that you need to include x509.h (to get [i2d|d2i]_RSA_PUBKEY()).
Richard Levitte [Wed, 10 Dec 2003 14:31:57 +0000 (14:31 +0000)]
Document that you need to include x509.h (to get [i2d|d2i]_RSA_PUBKEY()).
Correct the typo PUKEY...

20 years agoDocument that you need to include x509.h (to get [i2d|d2i]_RSA_PUBKEY()).
Richard Levitte [Wed, 10 Dec 2003 14:31:55 +0000 (14:31 +0000)]
Document that you need to include x509.h (to get [i2d|d2i]_RSA_PUBKEY()).
Correct the typo PUKEY...

20 years agoDocument that you need to include x509.h (to get [i2d|d2i]_DSA_PUBKEY()).
Richard Levitte [Wed, 10 Dec 2003 13:57:52 +0000 (13:57 +0000)]
Document that you need to include x509.h (to get [i2d|d2i]_DSA_PUBKEY()).
Correct the typo PUKEY...

20 years agoDocument that you need to include x509.h (to get [i2d|d2i]_DSA_PUBKEY()).
Richard Levitte [Wed, 10 Dec 2003 13:57:51 +0000 (13:57 +0000)]
Document that you need to include x509.h (to get [i2d|d2i]_DSA_PUBKEY()).
Correct the typo PUKEY...

20 years agoAdd "dif" variable to clean up the loop implementations.
Ulf Möller [Sat, 6 Dec 2003 11:55:46 +0000 (11:55 +0000)]
Add "dif" variable to clean up the loop implementations.

Submitted by: Nils Larsch

20 years agoSkip a curve with generator of non-prime order.
Ulf Möller [Sat, 6 Dec 2003 11:41:22 +0000 (11:41 +0000)]
Skip a curve with generator of non-prime order.

Submitted by: Nils Larsch

20 years agoAvoid segfault if ret==0.
Ulf Möller [Sat, 6 Dec 2003 11:39:37 +0000 (11:39 +0000)]
Avoid segfault if ret==0.

Submitted by: Nils Larsch

20 years agoRestructure make targets to allow parallel make.
Lutz Jänicke [Wed, 3 Dec 2003 16:29:41 +0000 (16:29 +0000)]
Restructure make targets to allow parallel make.
Submitted by: Witold Filipczyk <witekfl@poczta.gazeta.pl>

PR: #513

20 years agoRestructure make targets to allow parallel make.
Lutz Jänicke [Wed, 3 Dec 2003 16:29:16 +0000 (16:29 +0000)]
Restructure make targets to allow parallel make.
Submitted by: Witold Filipczyk <witekfl@poczta.gazeta.pl>

PR: #513

20 years agoIncremental cleanups to bn_lib.c.
Geoff Thorpe [Tue, 2 Dec 2003 20:01:30 +0000 (20:01 +0000)]
Incremental cleanups to bn_lib.c.
- Add missing bn_check_top() calls and relocate some others
- Use BN_is_zero() where appropriate
- Remove assert()s that bn_check_top() is already covering
- Simplify the code in places (esp. bn_expand2())
- Only keep ambiguous zero handling if BN_STRICT isn't defined
- Remove some white-space and make some other aesthetic tweaks

20 years agoUse the BN_is_odd() macro in place of code that (inconsistently) does much
Geoff Thorpe [Tue, 2 Dec 2003 03:28:24 +0000 (03:28 +0000)]
Use the BN_is_odd() macro in place of code that (inconsistently) does much
the same thing.

Also, I have some stuff on the back-burner related to some BN_CTX notes
from Peter Gutmann about his cryptlib hacks to the bignum code. The BN_CTX
comments are there to remind me of some relevant points in the code.

20 years agoBN_FLG_FREE is of extremely dubious usefulness, and is only referred to
Geoff Thorpe [Tue, 2 Dec 2003 03:16:56 +0000 (03:16 +0000)]
BN_FLG_FREE is of extremely dubious usefulness, and is only referred to
once in the source (where it is set for the benefit of no other code
whatsoever). I've deprecated the declaration in the header and likewise
made the use of the flag conditional in bn_lib.c. Note, this change also
NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated.

20 years agoDeclare the static BIGNUM "BN_value_one()" more carefully.
Geoff Thorpe [Mon, 1 Dec 2003 23:13:17 +0000 (23:13 +0000)]
Declare the static BIGNUM "BN_value_one()" more carefully.

20 years agoAdd missing bn_check_top()s to bn_kron.c, remove some miscellaneous
Geoff Thorpe [Mon, 1 Dec 2003 23:11:45 +0000 (23:11 +0000)]
Add missing bn_check_top()s to bn_kron.c, remove some miscellaneous
white-space, and include extra headers to satisfy debugging builds.

20 years agoAdd missing bn_check_top()s to bn_gf2m.c and remove some miscellaneous
Geoff Thorpe [Mon, 1 Dec 2003 23:10:21 +0000 (23:10 +0000)]
Add missing bn_check_top()s to bn_gf2m.c and remove some miscellaneous
white-space.

20 years agoThe bn_set_max() macro is only "used" by the bn_set_[low|high]() macros
Geoff Thorpe [Mon, 1 Dec 2003 22:11:08 +0000 (22:11 +0000)]
The bn_set_max() macro is only "used" by the bn_set_[low|high]() macros
which, in turn, are used nowhere at all. This is a good thing because
bn_set_max() would currently generate code that wouldn't compile (BIGNUM
has no 'max' element).

The only apparent use for bn_set_[low|high] would be for implementing
windowing algorithms, and all of openssl's seem to use bn_***_words()
helpers instead (including the BN_div() that Nils fixed recently, which had
been using independently-coded versions of what these unused macros are
intended for). I'm therefore consigning these macros to cvs oblivion in the
name of readability.

20 years agobn_fix_top() exists for compatibility's sake and is mapped to
Geoff Thorpe [Mon, 1 Dec 2003 21:59:40 +0000 (21:59 +0000)]
bn_fix_top() exists for compatibility's sake and is mapped to
bn_correct_top() or bn_check_top() depending on debug settings. For
internal source, all bn_fix_top()s should be converted one way or the other
depending on whether the use of bn_correct_top() is justified.

For BN_div_recp(), these cases should not require correction if the other
bignum functions are doing their jobs properly, so convert to
bn_check_top().

20 years agoIt was pointed out to me that if the requested size is 0, we shouldn't
Richard Levitte [Mon, 1 Dec 2003 13:25:39 +0000 (13:25 +0000)]
It was pointed out to me that if the requested size is 0, we shouldn't
ty to allocate anything at all.  This will allow eNULL to still work.

PR: 751
Notified by: Lutz Jaenicke

20 years agoIt was pointed out to me that if the requested size is 0, we shouldn't
Richard Levitte [Mon, 1 Dec 2003 13:25:37 +0000 (13:25 +0000)]
It was pointed out to me that if the requested size is 0, we shouldn't
ty to allocate anything at all.  This will allow eNULL to still work.

PR: 751
Notified by: Lutz Jaenicke

20 years agoCheck that OPENSSL_malloc() really returned some memory.
Richard Levitte [Mon, 1 Dec 2003 12:11:57 +0000 (12:11 +0000)]
Check that OPENSSL_malloc() really returned some memory.

PR: 751
Notified by: meder@mcs.anl.gov
Reviewed by: Lutz Jaenicke, Richard Levitte

20 years agoCheck that OPENSSL_malloc() really returned some memory.
Richard Levitte [Mon, 1 Dec 2003 12:11:55 +0000 (12:11 +0000)]
Check that OPENSSL_malloc() really returned some memory.

PR: 751
Notified by: meder@mcs.anl.gov
Reviewed by: Lutz Jaenicke, Richard Levitte

20 years agoCRYPTO_malloc(), CRYPTO_realloc() and variants of them should return NULL
Richard Levitte [Mon, 1 Dec 2003 12:06:19 +0000 (12:06 +0000)]
CRYPTO_malloc(), CRYPTO_realloc() and variants of them should return NULL
if the give size is 0.

This is a thought that came up in PR 751.

20 years agoCRYPTO_malloc(), CRYPTO_realloc() and variants of them should return NULL
Richard Levitte [Mon, 1 Dec 2003 12:06:15 +0000 (12:06 +0000)]
CRYPTO_malloc(), CRYPTO_realloc() and variants of them should return NULL
if the give size is 0.

This is a thought that came up in PR 751.

20 years agoSome more ASFLAGS settings required
Lutz Jänicke [Mon, 1 Dec 2003 08:12:47 +0000 (08:12 +0000)]
Some more ASFLAGS settings required
PR: #735
Submitted by: Tim Rice <tim@multitalents.net>

20 years agoSome more ASFLAGS settings required
Lutz Jänicke [Mon, 1 Dec 2003 08:12:01 +0000 (08:12 +0000)]
Some more ASFLAGS settings required
PR: #735
Submitted by: Tim Rice <tim@multitalents.net>

20 years agoAdd more debugging to my Configure target, and "make update" to incorporate
Geoff Thorpe [Sun, 30 Nov 2003 23:29:27 +0000 (23:29 +0000)]
Add more debugging to my Configure target, and "make update" to incorporate
this and a few other changes.

20 years agoIf BN_STRICT is defined, don't accept an ambiguous representation of zero
Geoff Thorpe [Sun, 30 Nov 2003 22:23:12 +0000 (22:23 +0000)]
If BN_STRICT is defined, don't accept an ambiguous representation of zero
(ie. where top may be zero, or it may be one if the corresponding word is
set to zero). Note, this only affects the macros in bn.h, there are probably
similar corrections required in some c files.

Also, clarify the audit-related macros at the top of the header. Mental
note: I must not forget to clean all this out before 0.9.8 is released ...

20 years agoImprove a couple of the bignum macros. Note, this doesn't eliminate
Geoff Thorpe [Sun, 30 Nov 2003 22:02:10 +0000 (22:02 +0000)]
Improve a couple of the bignum macros. Note, this doesn't eliminate
tolerance of ambiguous zero-representation, it just improves
BN_abs_is_word() and simplifies other macros that depend on it.

20 years agoMake BN_DEBUG_RAND less painfully slow by only consuming one byte of
Geoff Thorpe [Sun, 30 Nov 2003 21:21:30 +0000 (21:21 +0000)]
Make BN_DEBUG_RAND less painfully slow by only consuming one byte of
pseudo-random data for each bn_pollute().

21 years agoThis improves the placement of check_top() macros in a couple of bn_lib
Geoff Thorpe [Sat, 29 Nov 2003 20:34:07 +0000 (20:34 +0000)]
This improves the placement of check_top() macros in a couple of bn_lib
functions.

21 years agoMake sure the documentation matches reality.
Richard Levitte [Sat, 29 Nov 2003 10:33:28 +0000 (10:33 +0000)]
Make sure the documentation matches reality.

PR: 755
Notified by: Jakub Bogusz <qboosh@pld-linux.org>

21 years agoMake sure the documentation matches reality.
Richard Levitte [Sat, 29 Nov 2003 10:33:25 +0000 (10:33 +0000)]
Make sure the documentation matches reality.

PR: 755
Notified by: Jakub Bogusz <qboosh@pld-linux.org>

21 years agoWe're getting a clash with C++ because it has a type called 'list'.
Richard Levitte [Sat, 29 Nov 2003 10:25:42 +0000 (10:25 +0000)]
We're getting a clash with C++ because it has a type called 'list'.
Therefore, change all instances of the symbol 'list' to something else.

PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>

21 years agoWe're getting a clash with C++ because it has a type called 'list'.
Richard Levitte [Sat, 29 Nov 2003 10:25:37 +0000 (10:25 +0000)]
We're getting a clash with C++ because it has a type called 'list'.
Therefore, change all instances of the symbol 'list' to something else.

PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>

21 years agoAdd IPSec/IKE/Oakley curves.
Richard Levitte [Sat, 29 Nov 2003 09:25:59 +0000 (09:25 +0000)]
Add IPSec/IKE/Oakley curves.

PR: 768
Submitted by: Vadim Fedukovich <vf@unity.net>

21 years agoDamnit, I'm sick of having to do something special every time a module
Richard Levitte [Sat, 29 Nov 2003 09:19:12 +0000 (09:19 +0000)]
Damnit, I'm sick of having to do something special every time a module
that gets built before objects barfs all over the place because it
uses a new NID that hasn't had a chance of getting defined yet (in
this case, it was about a couple of new EC curves, and therefore a
couple of new corresponding NIDs).

I'm placing objects first in SDIRS!  There.

21 years agoRSA_size() and DH_size() return the amount of bytes in a key, and we
Richard Levitte [Fri, 28 Nov 2003 23:03:19 +0000 (23:03 +0000)]
RSA_size() and DH_size() return the amount of bytes in a key, and we
compared it to the amount of bits required...
PR: 770
Submitted by: c zhang <czhang2005@hotmail.com>

21 years agoRSA_size() and DH_size() return the amount of bytes in a key, and we
Richard Levitte [Fri, 28 Nov 2003 23:03:14 +0000 (23:03 +0000)]
RSA_size() and DH_size() return the amount of bytes in a key, and we
compared it to the amount of bits required...
PR: 770
Submitted by: c zhang <czhang2005@hotmail.com>

21 years ago1024 is the export key bits limit according to current regulations, not 512.
Richard Levitte [Fri, 28 Nov 2003 22:39:23 +0000 (22:39 +0000)]
1024 is the export key bits limit according to current regulations, not 512.
PR: 771
Submitted by: c zhang <czhang2005@hotmail.com>

21 years ago1024 is the export key bits limit according to current regulations, not 512.
Richard Levitte [Fri, 28 Nov 2003 22:39:19 +0000 (22:39 +0000)]
1024 is the export key bits limit according to current regulations, not 512.
PR: 771
Submitted by: c zhang <czhang2005@hotmail.com>

21 years agoGet rid of some signed/unsigned comparison warnings.
Geoff Thorpe [Fri, 28 Nov 2003 16:39:16 +0000 (16:39 +0000)]
Get rid of some signed/unsigned comparison warnings.

21 years agoMake a number of changes to the OS/2 build. Submitter's comment below.
Richard Levitte [Fri, 28 Nov 2003 14:51:30 +0000 (14:51 +0000)]
Make a number of changes to the OS/2 build.  Submitter's comment below.

PR: 732
Submitted by: Ilya Zakharevich <nospam-abuse@ilyaz.org>

Submitter's comment:

This patch:

a) Introduces a new file os2/backwardify.pl.

b) Introduces a new mk1mf.pl variable $preamble.  As you can see, it may
   be used also to move some OS-specific code to VC-CE too (the the
   first chunk of the patch);

c) The DESCRIPTION specifier of the .def file is made more informative:
   now it contains the version number too.  On OS/2 it is made conformant
   to OS/2 conventions; in particular, when one runs the standard command
BLDLEVEL this.DLL
   one can see:

   Vendor:      www.openssl.org/
   Revision:    0.9.7c
   Description: OpenSSL: implementation of Secure Socket Layer; DLL for library crypto.  Build for EMX -Zmtd

   [I did not make Win32 descriptions as informative as this - I'm afraid to
    break something.  Be welcome to fix this.]

d) On OS/2 the generated DLL was hardly usable (it had a shared initialized
   data segment).

e) On OS/2 the generated DLLs had names like ssl.dll.  However, DLL names on
   OS/2 are "global data".  It is hard to have several DLLs with the same
   name on the system.  Thus this precluded coexistence of OpenSSL with DLLs
   for other SLL implementations - or other name clashes.  I transparently
   changed the names of the DLLs to open_ssl.dll and cryptssl.dll.

f) The file added in (a) is used to create "forwarder" DLLs, so the
   applications expecting the "old" DLL names may use the new DLLs
   transparently.  (A presence of these DLLs on the system nullifies (e),
   but makes old applications work.  This is a stopgap measure until the
   old applications are relinked.  Systems with no old applications do not
   need these DLLs, so may enjoy all the benefits of (e).)

   The new DLLs are placed in os2/ and os2/noname subdirectories.

g) The makefiles created with os2/OS2-EMX.cmd did not work (some mysterious
   meaningless failures).  The change to util/pl/OS2-EMX.pl uses the
   variable introduced in (b) to switch the Makefiles to SHELL=sh syntax.
   All these backslashes are removed, and the generated Makefiles started to
   work.

h) Running os2/OS2-EMX.cmd now prints out what to do next.

21 years agoMake a number of changes to the OS/2 build. Submitter's comment below.
Richard Levitte [Fri, 28 Nov 2003 14:51:17 +0000 (14:51 +0000)]
Make a number of changes to the OS/2 build.  Submitter's comment below.

PR: 732
Submitted by: Ilya Zakharevich <nospam-abuse@ilyaz.org>

Submitter's comment:

This patch:

a) Introduces a new file os2/backwardify.pl.

b) Introduces a new mk1mf.pl variable $preamble.  As you can see, it may
   be used also to move some OS-specific code to VC-CE too (the the
   first chunk of the patch);

c) The DESCRIPTION specifier of the .def file is made more informative:
   now it contains the version number too.  On OS/2 it is made conformant
   to OS/2 conventions; in particular, when one runs the standard command
BLDLEVEL this.DLL
   one can see:

   Vendor:      www.openssl.org/
   Revision:    0.9.7c
   Description: OpenSSL: implementation of Secure Socket Layer; DLL for library crypto.  Build for EMX -Zmtd

   [I did not make Win32 descriptions as informative as this - I'm afraid to
    break something.  Be welcome to fix this.]

d) On OS/2 the generated DLL was hardly usable (it had a shared initialized
   data segment).

e) On OS/2 the generated DLLs had names like ssl.dll.  However, DLL names on
   OS/2 are "global data".  It is hard to have several DLLs with the same
   name on the system.  Thus this precluded coexistence of OpenSSL with DLLs
   for other SLL implementations - or other name clashes.  I transparently
   changed the names of the DLLs to open_ssl.dll and cryptssl.dll.

f) The file added in (a) is used to create "forwarder" DLLs, so the
   applications expecting the "old" DLL names may use the new DLLs
   transparently.  (A presence of these DLLs on the system nullifies (e),
   but makes old applications work.  This is a stopgap measure until the
   old applications are relinked.  Systems with no old applications do not
   need these DLLs, so may enjoy all the benefits of (e).)

   The new DLLs are placed in os2/ and os2/noname subdirectories.

g) The makefiles created with os2/OS2-EMX.cmd did not work (some mysterious
   meaningless failures).  The change to util/pl/OS2-EMX.pl uses the
   variable introduced in (b) to switch the Makefiles to SHELL=sh syntax.
   All these backslashes are removed, and the generated Makefiles started to
   work.

h) Running os2/OS2-EMX.cmd now prints out what to do next.

21 years agoMove another common functionality (reproduced so far with cut'n'paste)
Richard Levitte [Fri, 28 Nov 2003 14:45:09 +0000 (14:45 +0000)]
Move another common functionality (reproduced so far with cut'n'paste)
to apps.c, and give it the hopefully descriptive name parse_yesno().

21 years agoLet's use text/plain in the example instead of crapy HTML.
Richard Levitte [Fri, 28 Nov 2003 14:32:35 +0000 (14:32 +0000)]
Let's use text/plain in the example instead of crapy HTML.
PR: 777
Submitted by: Michael Shields <mshields@sunblocksystems.com>

21 years agoLet's use text/plain in the example instead of crapy HTML.
Richard Levitte [Fri, 28 Nov 2003 14:32:31 +0000 (14:32 +0000)]
Let's use text/plain in the example instead of crapy HTML.
PR: 777
Submitted by: Michael Shields <mshields@sunblocksystems.com>

21 years agoForgot to change the declaration of do_subject() to one of parse_name()...
Richard Levitte [Fri, 28 Nov 2003 14:18:05 +0000 (14:18 +0000)]
Forgot to change the declaration of do_subject() to one of parse_name()...

21 years agoMove do_subject() to apps.c and rename it to parse_name(). The
Richard Levitte [Fri, 28 Nov 2003 14:07:14 +0000 (14:07 +0000)]
Move do_subject() to apps.c and rename it to parse_name().  The
rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.

21 years agoAllow multi-valued rdns in subjects. This adds the -multivalue-rdn option
Richard Levitte [Fri, 28 Nov 2003 14:04:09 +0000 (14:04 +0000)]
Allow multi-valued rdns in subjects.  This adds the -multivalue-rdn option
to 'openssl req' and 'openssl ca'.

PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte

(there will be some follow-up changes)

21 years agoNetware-specific changes,
Richard Levitte [Fri, 28 Nov 2003 13:10:58 +0000 (13:10 +0000)]
Netware-specific changes,

PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte

21 years agoChange my debugging entries to do fierce BIGNUM debugging.
Richard Levitte [Fri, 28 Nov 2003 12:54:11 +0000 (12:54 +0000)]
Change my debugging entries to do fierce BIGNUM debugging.

21 years agoIf dynamically-loadable ENGINEs are linked against a shared-library version
Richard Levitte [Thu, 27 Nov 2003 16:41:26 +0000 (16:41 +0000)]
If dynamically-loadable ENGINEs are linked against a shared-library version
of libcrypto, then it is possible that when they are loaded they will share
the same static data as the loading application/library. This means it will
be too late to set memory/ERR/ex_data/[etc] callbacks, but entirely
unnecessary to try.

This change (and a great part of this comment) was implemented in
0.9.8-dev a long time ago, but slightly differently.  In 0.9.8-dev, a
specific function that just returns a pointer to some static object is
used. For 0.9.7x, we couldn't do that, since the way we handle feature
freezes is, among other, to not add any more non-static functions.
Instead, we use the function ERR_get_implementation() and compare the
returned value with fns->err_fns, a member of fns that already is
there, and which therefore can safely be used in this manner.

What happens is that if the loaded ENGINE's return value from this
function matches the loading application/library's return value - they
share static data. If they don't match, the loaded ENGINE has its own
copy of libcrypto's static data and so the callbacks need to be set.

21 years agoDue to recent debugging bursts, openssl should be more or less solid
Geoff Thorpe [Tue, 25 Nov 2003 21:07:59 +0000 (21:07 +0000)]
Due to recent debugging bursts, openssl should be more or less solid
against inconsistent BIGNUMs coming out of any of its API functions. So
this change no longer "fixes" the bn_print.c functions, but it makes for
cleaner code. This patch was a part of ticket 697.

PR: 697
Submitted by: Otto Moerbeek
Reviewed by: Geoff Thorpe

21 years agoFix some handling in bn_word. This also resolves the issues observed in
Geoff Thorpe [Tue, 25 Nov 2003 20:39:19 +0000 (20:39 +0000)]
Fix some handling in bn_word. This also resolves the issues observed in
ticket 697 (though uses a different solution than the proposed one). This
problem was initially raised by Otto Moerbeek.

PR: 697
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe

21 years agoSome changes for bn_gf2m.c: better error checking plus some minor
Geoff Thorpe [Tue, 25 Nov 2003 03:41:20 +0000 (03:41 +0000)]
Some changes for bn_gf2m.c: better error checking plus some minor
optimizations.

Submitted by: Nils Larsch

21 years agoFree "engine" resource in case of failure to prevent memory leak
Lutz Jänicke [Mon, 24 Nov 2003 16:48:52 +0000 (16:48 +0000)]
Free "engine" resource in case of failure to prevent memory leak
PR: #778
Submitted by: George Mitchell <george@m5p.com>