oweals/openssl.git
22 years agoI got some reports that some targets have weird dso_schemes.
Richard Levitte [Sun, 27 Jan 2002 15:52:37 +0000 (15:52 +0000)]
I got some reports that some targets have weird dso_schemes.
Therefore, I've added a sanity checker.

Note that it can be combined with almost any other argument (the other
arguments will be completely ignored), with "reconf" as the blatant
exception, since it also has the behavior of ignoring all following
command line arguments.  If --test-sanity and reconf are both used on
the command line, the first one wins.

22 years agoRemove blanks at begin of empty lines irritating epv_test.c
Lutz Jänicke [Sat, 26 Jan 2002 15:24:38 +0000 (15:24 +0000)]
Remove blanks at begin of empty lines irritating epv_test.c

22 years agoUpdate SCO5 targets.
Richard Levitte [Sat, 26 Jan 2002 05:24:05 +0000 (05:24 +0000)]
Update SCO5 targets.

22 years agoApply a small patch from Dan Lanz <lanz@zolera.com> to get shared
Richard Levitte [Sat, 26 Jan 2002 05:08:31 +0000 (05:08 +0000)]
Apply a small patch from Dan Lanz <lanz@zolera.com> to get shared
libraries with debug-linux-elf.

22 years agoApply a small patch from Oscar Jacobsson <oscar@jacobsson.org> that
Richard Levitte [Sat, 26 Jan 2002 04:50:41 +0000 (04:50 +0000)]
Apply a small patch from Oscar Jacobsson <oscar@jacobsson.org> that
makes things more compilable with VC++.

22 years agoIt looks like I didn't remove everything that has to do with the
Richard Levitte [Sat, 26 Jan 2002 04:45:37 +0000 (04:45 +0000)]
It looks like I didn't remove everything that has to do with the
non-existant aestest.c.

22 years agoApply a small patch from Diego R. Lopez <diego.lopez@rediris.es>,
Richard Levitte [Sat, 26 Jan 2002 04:25:16 +0000 (04:25 +0000)]
Apply a small patch from Diego R. Lopez <diego.lopez@rediris.es>,
making X509_check_issued() properly match an issuer that's found in a
Authority Key Identifier.

22 years agoGCC uses __i386__.
Richard Levitte [Sat, 26 Jan 2002 03:57:41 +0000 (03:57 +0000)]
GCC uses __i386__.

22 years agoAdd old patch from Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> to
Richard Levitte [Sat, 26 Jan 2002 03:17:27 +0000 (03:17 +0000)]
Add old patch from Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> to
make it possible to produce shared libraries on ReliantUNIX.

22 years agoI got a request to make the "old des" symbols more closely tied to
Richard Levitte [Sat, 26 Jan 2002 01:14:09 +0000 (01:14 +0000)]
I got a request to make the "old des" symbols more closely tied to
OpenSSL.  Adding '_ossl' in the name seems to be a good way to do
this.

22 years agoApply Neale Ferguson's patch to add a configuration target for linux-s390x
Richard Levitte [Fri, 25 Jan 2002 22:06:59 +0000 (22:06 +0000)]
Apply Neale Ferguson's patch to add a configuration target for linux-s390x

22 years agoApply the following changes by Toomas Kiisk <vix@cyber.ee>:
Richard Levitte [Fri, 25 Jan 2002 19:43:52 +0000 (19:43 +0000)]
Apply the following changes by Toomas Kiisk <vix@cyber.ee>:

* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
  and FORMAT_NETSCAPE-aware load_{,pub}key()

This completes the application of his changes.

22 years agoApply a change by Toomas Kiisk <vix@cyber.ee>:
Richard Levitte [Fri, 25 Jan 2002 17:45:30 +0000 (17:45 +0000)]
Apply a change by Toomas Kiisk <vix@cyber.ee>:

* Fix a crashbug and a logic bug in hwcrhk_load_pubkey()

22 years agoI must learn to compile before I commit...
Richard Levitte [Fri, 25 Jan 2002 17:35:19 +0000 (17:35 +0000)]
I must learn to compile before I commit...

22 years agoDocument the change in rsautl.
Richard Levitte [Fri, 25 Jan 2002 17:00:56 +0000 (17:00 +0000)]
Document the change in rsautl.

22 years agoAdd -keyform. Document -engine.
Richard Levitte [Fri, 25 Jan 2002 16:51:46 +0000 (16:51 +0000)]
Add -keyform.  Document -engine.

22 years agoThere is no aestest currently. The EVP tester is used to check the
Richard Levitte [Fri, 25 Jan 2002 07:52:25 +0000 (07:52 +0000)]
There is no aestest currently.  The EVP tester is used to check the
AES algorithm.

22 years agoThe 'type' parameter, an EVP_MD pointer, represents the type of digest
Geoff Thorpe [Fri, 25 Jan 2002 03:13:50 +0000 (03:13 +0000)]
The 'type' parameter, an EVP_MD pointer, represents the type of digest
required as well as a default implementation (when no ENGINE provides a
replacement implementation). This change makes sure the correct
implementation's "init()" handler is used rather than assuming 'type'.

22 years agoKeep the NIST AES vectors that were there previously.
Richard Levitte [Thu, 24 Jan 2002 18:09:50 +0000 (18:09 +0000)]
Keep the NIST AES vectors that were there previously.

22 years agosort functions ...
Bodo Möller [Thu, 24 Jan 2002 17:17:33 +0000 (17:17 +0000)]
sort functions ...

22 years agofix formatting of automatically generated error section
Bodo Möller [Thu, 24 Jan 2002 16:20:42 +0000 (16:20 +0000)]
fix formatting of automatically generated error section

22 years agoNew functions
Bodo Möller [Thu, 24 Jan 2002 16:16:43 +0000 (16:16 +0000)]
New functions
    ERR_peek_last_error
    ERR_peek_last_error_line
    ERR_peek_last_error_line_data
(supersedes ERR_peek_top_error).

Rename OPENSSL_NO_OLD_DES_SUPPORT into OPENSSL_DISABLE_OLD_DES_SUPPORT
because OPENSSL_NO_... indicates disabled algorithms (according to
mkdef.pl).

22 years agoReword CHANGES entry for _old_des_..., as it was a little complicated
Bodo Möller [Thu, 24 Jan 2002 14:05:55 +0000 (14:05 +0000)]
Reword CHANGES entry for _old_des_..., as it was a little complicated
syntactically.

22 years agomake update
Richard Levitte [Thu, 24 Jan 2002 12:31:54 +0000 (12:31 +0000)]
make update
libeay.num got tweaked so the old des symbols would retain their
positions.

22 years agoBecause of recent changes, there's no need to hack the des symbols any
Richard Levitte [Thu, 24 Jan 2002 12:30:15 +0000 (12:30 +0000)]
Because of recent changes, there's no need to hack the des symbols any
more.

22 years agoTo avoid all kinds of link-level clashes, rename all old des_*
Richard Levitte [Thu, 24 Jan 2002 12:26:50 +0000 (12:26 +0000)]
To avoid all kinds of link-level clashes, rename all old des_*
functions to _old_des_*.

22 years agoTo avoid all kinds of link-level clashes, rename all old des_*
Richard Levitte [Thu, 24 Jan 2002 12:19:13 +0000 (12:19 +0000)]
To avoid all kinds of link-level clashes, rename all old des_*
functions to _old_des_*.

22 years agoDocument the current behaviour of the DES interface.
Lutz Jänicke [Wed, 23 Jan 2002 10:12:45 +0000 (10:12 +0000)]
Document the current behaviour of the DES interface.

22 years agoSupport old DES APIs by default.
Ben Laurie [Tue, 22 Jan 2002 23:19:01 +0000 (23:19 +0000)]
Support old DES APIs by default.

22 years agoMake no config file not an error. Move /dev/crypto config to ctrl.
Ben Laurie [Tue, 22 Jan 2002 22:29:58 +0000 (22:29 +0000)]
Make no config file not an error. Move /dev/crypto config to ctrl.

22 years agoConstification.
Dr. Stephen Henson [Tue, 22 Jan 2002 02:06:33 +0000 (02:06 +0000)]
Constification.

22 years agodefault_algorithms option in ENGINE config.
Dr. Stephen Henson [Tue, 22 Jan 2002 01:40:18 +0000 (01:40 +0000)]
default_algorithms option in ENGINE config.

22 years agoTypos (jsyn <jsyn@openbsd.org>).
Lutz Jänicke [Mon, 21 Jan 2002 18:01:46 +0000 (18:01 +0000)]
Typos (jsyn <jsyn@openbsd.org>).

22 years agoFix incorrect BIO_*_ctrl() macros (Shay Harding <sharding@ccbill.com>).
Lutz Jänicke [Mon, 21 Jan 2002 17:59:37 +0000 (17:59 +0000)]
Fix incorrect BIO_*_ctrl() macros (Shay Harding <sharding@ccbill.com>).

22 years agoUse FIPS-197 vectors for AES. The NIST vectors were constructed by
Richard Levitte [Mon, 21 Jan 2002 17:55:38 +0000 (17:55 +0000)]
Use FIPS-197 vectors for AES.  The NIST vectors were constructed by
reencrypting or redecrypting the ciphertext 10000 times, which of
course gives higly different results.

22 years agoAdd more of the NIST test vectors for AES.
Richard Levitte [Mon, 21 Jan 2002 16:09:45 +0000 (16:09 +0000)]
Add more of the NIST test vectors for AES.

For some reason, they give incorrect results with the OpenSSL
implementation.  I wonder why...

22 years agoBring VMS up to date with development.
Richard Levitte [Mon, 21 Jan 2002 15:37:53 +0000 (15:37 +0000)]
Bring VMS up to date with development.

22 years agoInitial ENGINE config module, docs to follow.
Dr. Stephen Henson [Mon, 21 Jan 2002 03:02:36 +0000 (03:02 +0000)]
Initial ENGINE config module, docs to follow.

Fix buffer overrun errors in OPENSSL_conf().

22 years agoConstification, add config to /dev/crypto.
Ben Laurie [Fri, 18 Jan 2002 16:51:05 +0000 (16:51 +0000)]
Constification, add config to /dev/crypto.

22 years agodisable broken code
Bodo Möller [Fri, 18 Jan 2002 12:28:05 +0000 (12:28 +0000)]
disable broken code

22 years agoOther errors are possible.
Ben Laurie [Fri, 18 Jan 2002 12:19:24 +0000 (12:19 +0000)]
Other errors are possible.

22 years agoStupid apps should die, not fail silently.
Ben Laurie [Fri, 18 Jan 2002 11:46:39 +0000 (11:46 +0000)]
Stupid apps should die, not fail silently.

22 years agoFix memory leak.
Ben Laurie [Fri, 18 Jan 2002 11:32:30 +0000 (11:32 +0000)]
Fix memory leak.

22 years agoConstification, missing declaration, update dependencies.
Ben Laurie [Fri, 18 Jan 2002 10:59:43 +0000 (10:59 +0000)]
Constification, missing declaration, update dependencies.

22 years agoCorrect for the recent prototype changes.
Geoff Thorpe [Thu, 17 Jan 2002 01:51:37 +0000 (01:51 +0000)]
Correct for the recent prototype changes.

22 years ago*** empty log message ***
Ulf Möller [Wed, 16 Jan 2002 19:22:13 +0000 (19:22 +0000)]
*** empty log message ***

22 years agoProduce less confusing statistics when "-out_totals" is used.
Geoff Thorpe [Wed, 16 Jan 2002 05:31:02 +0000 (05:31 +0000)]
Produce less confusing statistics when "-out_totals" is used.

22 years agoThe sample certs had expired, so these are newer ones that should last
Geoff Thorpe [Wed, 16 Jan 2002 05:29:11 +0000 (05:29 +0000)]
The sample certs had expired, so these are newer ones that should last
quite a bit longer.

22 years agorun test_evp before test_ssl
Bodo Möller [Tue, 15 Jan 2002 11:43:51 +0000 (11:43 +0000)]
run test_evp before test_ssl

22 years agoBugfix: In ssl3_accept, don't use a local variable 'got_new_session'
Bodo Möller [Mon, 14 Jan 2002 23:40:26 +0000 (23:40 +0000)]
Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.

22 years agoReturn -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
Bodo Möller [Mon, 14 Jan 2002 12:37:59 +0000 (12:37 +0000)]
Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
the SSL_R_LENGTH_MISMATCH error is detected.

22 years agoPrototype info function.
Ben Laurie [Sat, 12 Jan 2002 15:56:13 +0000 (15:56 +0000)]
Prototype info function.

22 years agoAdd client_cert_cb prototype.
Ben Laurie [Sat, 12 Jan 2002 13:15:40 +0000 (13:15 +0000)]
Add client_cert_cb prototype.

22 years agoReturn value could be undefined.
Ben Laurie [Sat, 12 Jan 2002 13:13:22 +0000 (13:13 +0000)]
Return value could be undefined.

22 years ago- Network errors could pollute the buffers because -1 isn't noticed in an
Geoff Thorpe [Thu, 10 Jan 2002 06:03:12 +0000 (06:03 +0000)]
- Network errors could pollute the buffers because -1 isn't noticed in an
  "unsigned int".
- Remove redundant processing with machine->ssl is NULL.
- Remove compiler warnings about uninitialised 'ctx' (it's not used
  uninitialised, but gcc can't see that).

22 years agoPatches to make OpenSSL compilable on MacOS/X.
Richard Levitte [Tue, 8 Jan 2002 09:19:31 +0000 (09:19 +0000)]
Patches to make OpenSSL compilable on MacOS/X.
Submitted by Pier Fumagalli <pier@betaversion.org>

22 years ago- libtool finally annoyed me too much, so I'm nuking it,
Geoff Thorpe [Tue, 8 Jan 2002 02:58:55 +0000 (02:58 +0000)]
- libtool finally annoyed me too much, so I'm nuking it,
- tidy up some output,
- print a warning when running an SSL server with no cert,
- only log each connect/disconnect if the new "-out_conns" switch is used.

22 years ago- Add the same header stuff to aes_locl.h as is in des_locl.h to avoid
Geoff Thorpe [Sat, 5 Jan 2002 12:55:08 +0000 (12:55 +0000)]
- Add the same header stuff to aes_locl.h as is in des_locl.h to avoid
  undefined functions (memset, etc).
- Put a .cvsignore in the aes directory too.

22 years agoExperimental configuration code.
Dr. Stephen Henson [Sat, 5 Jan 2002 01:37:16 +0000 (01:37 +0000)]
Experimental configuration code.

Incomplete, largely untested and subject to change/deletion.

22 years agoadd a sentence previously deleted by accident
Bodo Möller [Fri, 4 Jan 2002 15:22:40 +0000 (15:22 +0000)]
add a sentence previously deleted by accident

22 years agoadd documentation for SSLeay_version(SSLEAY_DIR) and
Bodo Möller [Fri, 4 Jan 2002 15:17:09 +0000 (15:17 +0000)]
add documentation for SSLeay_version(SSLEAY_DIR) and
'openssl version -d'

use some descriptions from Lutz' redundant manual page
instead of the previous ones

22 years agoTsss, SSLeay_version() was already documented, it just was not linked in.
Lutz Jänicke [Fri, 4 Jan 2002 15:05:51 +0000 (15:05 +0000)]
Tsss, SSLeay_version() was already documented, it just was not linked in.

22 years agosynchronize with engine-0.9.6 tree
Bodo Möller [Fri, 4 Jan 2002 15:03:25 +0000 (15:03 +0000)]
synchronize with engine-0.9.6 tree

22 years agoAdd information as provided by Richard Levitte on openssl-users :-)
Lutz Jänicke [Fri, 4 Jan 2002 14:55:38 +0000 (14:55 +0000)]
Add information as provided by Richard Levitte on openssl-users :-)

22 years agoUpdate PEM docs
Dr. Stephen Henson [Fri, 4 Jan 2002 13:35:37 +0000 (13:35 +0000)]
Update PEM docs

22 years agofix 'Configure TABLE' output
Bodo Möller [Fri, 4 Jan 2002 13:30:05 +0000 (13:30 +0000)]
fix 'Configure TABLE' output

22 years agoChanges that break something should be included in CHANGES
Bodo Möller [Fri, 4 Jan 2002 13:27:52 +0000 (13:27 +0000)]
Changes that break something should be included in CHANGES
to make it easier to fix things.

22 years agoadd automatically generated ERR_load_... prototype
Bodo Möller [Fri, 4 Jan 2002 13:12:08 +0000 (13:12 +0000)]
add automatically generated ERR_load_... prototype

22 years agofix EVP_CIPHER_mode macro
Bodo Möller [Fri, 4 Jan 2002 13:04:45 +0000 (13:04 +0000)]
fix EVP_CIPHER_mode macro

Submitted by: "Dan S. Camper" <dan@bti.net>

22 years agoConstify.
Geoff Thorpe [Fri, 4 Jan 2002 07:01:35 +0000 (07:01 +0000)]
Constify.

22 years agoBetter clarification on perl
Richard Levitte [Thu, 3 Jan 2002 18:53:47 +0000 (18:53 +0000)]
Better clarification on perl

22 years agomake update
Richard Levitte [Wed, 2 Jan 2002 17:31:23 +0000 (17:31 +0000)]
make update

22 years agoImplement speed measurement for AES.
Richard Levitte [Wed, 2 Jan 2002 16:57:57 +0000 (16:57 +0000)]
Implement speed measurement for AES.
Submitted by Stephen Sprunk <stephen@sprunk.org> as part of his AES
integration patch.

22 years agoBecause Rijndael is more known as AES, use crypto/aes instead of
Richard Levitte [Wed, 2 Jan 2002 16:55:35 +0000 (16:55 +0000)]
Because Rijndael is more known as AES, use crypto/aes instead of
crypto/rijndael.  Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).

This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.

22 years agoThe block size may be something other than 8!
Richard Levitte [Wed, 2 Jan 2002 16:51:17 +0000 (16:51 +0000)]
The block size may be something other than 8!

22 years agoWhen RSA or DSA are disabled, do not include the stuff that's specific
Richard Levitte [Wed, 2 Jan 2002 12:45:51 +0000 (12:45 +0000)]
When RSA or DSA are disabled, do not include the stuff that's specific
to them.

22 years agomake update
Richard Levitte [Wed, 2 Jan 2002 12:44:54 +0000 (12:44 +0000)]
make update

22 years agoRSA counter should only be defined of RSA is available.
Richard Levitte [Wed, 2 Jan 2002 12:40:38 +0000 (12:40 +0000)]
RSA counter should only be defined of RSA is available.

22 years agoAllow verification of other types than DATA.
Richard Levitte [Wed, 2 Jan 2002 11:54:38 +0000 (11:54 +0000)]
Allow verification of other types than DATA.
Submitted by Leonard Janke <leonard@votehere.net>

22 years agoSay that recent CygWin perl versions work as well.
Richard Levitte [Wed, 2 Jan 2002 11:25:17 +0000 (11:25 +0000)]
Say that recent CygWin perl versions work as well.
Submitted by Eric Hanchrow <erich@votehere.net>

22 years agoAllow 8-bit characters. This is not really complete, it only marks
Richard Levitte [Wed, 2 Jan 2002 11:06:02 +0000 (11:06 +0000)]
Allow 8-bit characters.  This is not really complete, it only marks
characters with the highest bit set as HIGHBIT.  We need to expand
this to support the UTF-8 character set properly.  However, this
solves the problem that the character 0x80 (which is common in UTF-8)
gets masked to 0x00.
Patch submitted by "Huang Yuzhen" <huangyuzhen@bj.tom.com>

22 years agoOn Solaris64, cc needs the flag -xarch=v9 when linking shared
Richard Levitte [Wed, 2 Jan 2002 10:30:07 +0000 (10:30 +0000)]
On Solaris64, cc needs the flag -xarch=v9 when linking shared
libraries.  Make a general change to support shared library
linking flags in general.
Noted by Nick Briggs <briggs@parc.xerox.com>

22 years agoAdd support for Linux on HP/PA.
Richard Levitte [Wed, 2 Jan 2002 10:00:22 +0000 (10:00 +0000)]
Add support for Linux on HP/PA.
Submitted by "Bryan W. Headley" <bheadley@interaccess.com>

22 years agossl3_read_bytes bug fix
Ulf Möller [Fri, 28 Dec 2001 17:14:35 +0000 (17:14 +0000)]
ssl3_read_bytes bug fix

Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo

22 years agoupdate FAQ and CHANGES file (0.9.6c has been released)
Bodo Möller [Fri, 21 Dec 2001 12:29:52 +0000 (12:29 +0000)]
update FAQ and CHANGES file (0.9.6c has been released)

22 years agoStatus update
Richard Levitte [Fri, 21 Dec 2001 03:23:15 +0000 (03:23 +0000)]
Status update

22 years agoAnd just for the sake of completeness, let's add some standard macros...
Richard Levitte [Fri, 21 Dec 2001 01:12:29 +0000 (01:12 +0000)]
And just for the sake of completeness, let's add some standard macros...

22 years agoBetter use the same number in all branches, to avoid confusion
Richard Levitte [Fri, 21 Dec 2001 01:08:40 +0000 (01:08 +0000)]
Better use the same number in all branches, to avoid confusion

22 years agoDo not forget to compile comp_err.c
Richard Levitte [Thu, 20 Dec 2001 22:12:10 +0000 (22:12 +0000)]
Do not forget to compile comp_err.c

22 years agoSynchronise with the 0.9.6 branch.
Richard Levitte [Thu, 20 Dec 2001 16:58:26 +0000 (16:58 +0000)]
Synchronise with the 0.9.6 branch.

22 years agoSecurity fix.
Ben Laurie [Thu, 20 Dec 2001 12:18:08 +0000 (12:18 +0000)]
Security fix.

22 years agoCygwin patch. Submitted by Michael Kobar <mkobar@lymeware.com>
Ulf Möller [Wed, 19 Dec 2001 19:37:31 +0000 (19:37 +0000)]
Cygwin patch. Submitted by Michael Kobar <mkobar@lymeware.com>

22 years agoformatting consistency
Bodo Möller [Mon, 17 Dec 2001 19:28:05 +0000 (19:28 +0000)]
formatting consistency

22 years agooops
Bodo Möller [Mon, 17 Dec 2001 19:26:43 +0000 (19:26 +0000)]
oops

22 years agoremove redundant ERR_load_... declarations
Bodo Möller [Mon, 17 Dec 2001 19:22:23 +0000 (19:22 +0000)]
remove redundant ERR_load_... declarations

22 years agoconsistency with 0.9.6 stable "CHANGES"
Bodo Möller [Mon, 17 Dec 2001 19:11:03 +0000 (19:11 +0000)]
consistency with 0.9.6 stable "CHANGES"

22 years agofix BN_rand_range
Bodo Möller [Fri, 14 Dec 2001 10:09:29 +0000 (10:09 +0000)]
fix BN_rand_range

22 years agoChange pkcs12 so the certificates coming from -in do not get tossed if
Richard Levitte [Wed, 12 Dec 2001 16:49:02 +0000 (16:49 +0000)]
Change pkcs12 so the certificates coming from -in do not get tossed if
-certfile is given as well.

22 years agoImplement failover for ubsec. Submitted by Subramanian Ramamoorthy
Richard Levitte [Wed, 12 Dec 2001 12:53:13 +0000 (12:53 +0000)]
Implement failover for ubsec.  Submitted by Subramanian Ramamoorthy
<sram@broadcom.com> with the following comment:

[...] We have implemented failover (ie, if for some reason that the
hardware fails, the implementation detects this failure and performs
this operation as if no hardware is present, ie, in software) for
sometime now and have tested it here with our hardware. [...]

This change was cc:ed to exports@crypto.com

22 years agomake update
Richard Levitte [Tue, 11 Dec 2001 10:57:13 +0000 (10:57 +0000)]
make update