oweals/openssl.git
22 years agoAllow 8-bit characters. This is not really complete, it only marks
Richard Levitte [Wed, 2 Jan 2002 11:06:02 +0000 (11:06 +0000)]
Allow 8-bit characters.  This is not really complete, it only marks
characters with the highest bit set as HIGHBIT.  We need to expand
this to support the UTF-8 character set properly.  However, this
solves the problem that the character 0x80 (which is common in UTF-8)
gets masked to 0x00.
Patch submitted by "Huang Yuzhen" <huangyuzhen@bj.tom.com>

22 years agoOn Solaris64, cc needs the flag -xarch=v9 when linking shared
Richard Levitte [Wed, 2 Jan 2002 10:30:07 +0000 (10:30 +0000)]
On Solaris64, cc needs the flag -xarch=v9 when linking shared
libraries.  Make a general change to support shared library
linking flags in general.
Noted by Nick Briggs <briggs@parc.xerox.com>

22 years agoAdd support for Linux on HP/PA.
Richard Levitte [Wed, 2 Jan 2002 10:00:22 +0000 (10:00 +0000)]
Add support for Linux on HP/PA.
Submitted by "Bryan W. Headley" <bheadley@interaccess.com>

22 years agossl3_read_bytes bug fix
Ulf Möller [Fri, 28 Dec 2001 17:14:35 +0000 (17:14 +0000)]
ssl3_read_bytes bug fix

Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo

22 years agoupdate FAQ and CHANGES file (0.9.6c has been released)
Bodo Möller [Fri, 21 Dec 2001 12:29:52 +0000 (12:29 +0000)]
update FAQ and CHANGES file (0.9.6c has been released)

22 years agoStatus update
Richard Levitte [Fri, 21 Dec 2001 03:23:15 +0000 (03:23 +0000)]
Status update

22 years agoAnd just for the sake of completeness, let's add some standard macros...
Richard Levitte [Fri, 21 Dec 2001 01:12:29 +0000 (01:12 +0000)]
And just for the sake of completeness, let's add some standard macros...

22 years agoBetter use the same number in all branches, to avoid confusion
Richard Levitte [Fri, 21 Dec 2001 01:08:40 +0000 (01:08 +0000)]
Better use the same number in all branches, to avoid confusion

22 years agoDo not forget to compile comp_err.c
Richard Levitte [Thu, 20 Dec 2001 22:12:10 +0000 (22:12 +0000)]
Do not forget to compile comp_err.c

22 years agoSynchronise with the 0.9.6 branch.
Richard Levitte [Thu, 20 Dec 2001 16:58:26 +0000 (16:58 +0000)]
Synchronise with the 0.9.6 branch.

22 years agoSecurity fix.
Ben Laurie [Thu, 20 Dec 2001 12:18:08 +0000 (12:18 +0000)]
Security fix.

22 years agoCygwin patch. Submitted by Michael Kobar <mkobar@lymeware.com>
Ulf Möller [Wed, 19 Dec 2001 19:37:31 +0000 (19:37 +0000)]
Cygwin patch. Submitted by Michael Kobar <mkobar@lymeware.com>

22 years agoformatting consistency
Bodo Möller [Mon, 17 Dec 2001 19:28:05 +0000 (19:28 +0000)]
formatting consistency

22 years agooops
Bodo Möller [Mon, 17 Dec 2001 19:26:43 +0000 (19:26 +0000)]
oops

22 years agoremove redundant ERR_load_... declarations
Bodo Möller [Mon, 17 Dec 2001 19:22:23 +0000 (19:22 +0000)]
remove redundant ERR_load_... declarations

22 years agoconsistency with 0.9.6 stable "CHANGES"
Bodo Möller [Mon, 17 Dec 2001 19:11:03 +0000 (19:11 +0000)]
consistency with 0.9.6 stable "CHANGES"

22 years agofix BN_rand_range
Bodo Möller [Fri, 14 Dec 2001 10:09:29 +0000 (10:09 +0000)]
fix BN_rand_range

22 years agoChange pkcs12 so the certificates coming from -in do not get tossed if
Richard Levitte [Wed, 12 Dec 2001 16:49:02 +0000 (16:49 +0000)]
Change pkcs12 so the certificates coming from -in do not get tossed if
-certfile is given as well.

22 years agoImplement failover for ubsec. Submitted by Subramanian Ramamoorthy
Richard Levitte [Wed, 12 Dec 2001 12:53:13 +0000 (12:53 +0000)]
Implement failover for ubsec.  Submitted by Subramanian Ramamoorthy
<sram@broadcom.com> with the following comment:

[...] We have implemented failover (ie, if for some reason that the
hardware fails, the implementation detects this failure and performs
this operation as if no hardware is present, ie, in software) for
sometime now and have tested it here with our hardware. [...]

This change was cc:ed to exports@crypto.com

22 years agomake update
Richard Levitte [Tue, 11 Dec 2001 10:57:13 +0000 (10:57 +0000)]
make update

22 years agoname confusion with HP library function prototype (?)
Ulf Möller [Mon, 10 Dec 2001 18:52:06 +0000 (18:52 +0000)]
name confusion with HP library function prototype (?)

22 years agoImprove back compatibility.
Ben Laurie [Sun, 9 Dec 2001 21:53:31 +0000 (21:53 +0000)]
Improve back compatibility.

22 years agofix warnings (one of them was clearly justified)
Bodo Möller [Fri, 7 Dec 2001 17:02:01 +0000 (17:02 +0000)]
fix warnings (one of them was clearly justified)

22 years agoDon't overwrite signing time.
Dr. Stephen Henson [Fri, 7 Dec 2001 00:36:32 +0000 (00:36 +0000)]
Don't overwrite signing time.

22 years agoHPUX 9.X on m68k with gcc
Lutz Jänicke [Thu, 6 Dec 2001 13:15:51 +0000 (13:15 +0000)]
HPUX 9.X on m68k with gcc
("Anton J. Gamel" <gamel@anna.anatomie.uni-freiburg.de>)

22 years agoUID was never a lable for uniqueIdentifier. However, LDAP and certain
Richard Levitte [Tue, 4 Dec 2001 11:01:17 +0000 (11:01 +0000)]
UID was never a lable for uniqueIdentifier.  However, LDAP and certain
RFCs concerning X.500 directories use UID as a shorter name for the
attribute type userId, which is defined by CCITT and available through
RFCs 1274 and 2247.

Unfortunately, if some applications have used the name "UID" for the
uniqueIdentifier attribute type, they will produce incorrect results.
However, I found it better to follow the standards that are out there
rather than having our own incompatible one.

22 years agoI was recently informed that some people wrongly use ssleay.txt as
Richard Levitte [Tue, 4 Dec 2001 07:38:17 +0000 (07:38 +0000)]
I was recently informed that some people wrongly use ssleay.txt as
main documentation, so let's warn them a little more, so the word
"OBSOLETE" really gets understood.

22 years agocrypto/objects stuff
Bodo Möller [Mon, 3 Dec 2001 14:03:23 +0000 (14:03 +0000)]
crypto/objects stuff

22 years agoFix: 2.5.29 is "id-ce", not "ld-ce" (sort of a typo in objects.h).
Bodo Möller [Mon, 3 Dec 2001 13:47:22 +0000 (13:47 +0000)]
Fix: 2.5.29 is "id-ce", not "ld-ce" (sort of a typo in objects.h).

Fix (?): Delete 'ip-pda 6' (id-pda-pseudonym) because it does not exist
in RFC 3039.

Also change Perl scripts to put auto-generation warning in the
first lines of the file.

22 years agoEVP_BytesToKey documentation.
Dr. Stephen Henson [Mon, 3 Dec 2001 03:07:37 +0000 (03:07 +0000)]
EVP_BytesToKey documentation.

22 years agoMake EVP_SealInit() return the correct value.
Dr. Stephen Henson [Sat, 1 Dec 2001 23:09:38 +0000 (23:09 +0000)]
Make EVP_SealInit() return the correct value.

22 years agoAdd -pubkey option to req command.
Dr. Stephen Henson [Sat, 1 Dec 2001 23:03:30 +0000 (23:03 +0000)]
Add -pubkey option to req command.

22 years agoNO_DSA, NO_RSA patches.
Dr. Stephen Henson [Sat, 1 Dec 2001 22:41:39 +0000 (22:41 +0000)]
NO_DSA, NO_RSA patches.

22 years agoSupport for QNX (wrat@jump.net (the wharf rat)).
Lutz Jänicke [Fri, 30 Nov 2001 09:38:57 +0000 (09:38 +0000)]
Support for QNX (wrat@jump.net (the wharf rat)).

23 years agoCertain missing algorithms make some SSL versions or TLS impossible to
Richard Levitte [Tue, 27 Nov 2001 11:48:30 +0000 (11:48 +0000)]
Certain missing algorithms make some SSL versions or TLS impossible to
build.

23 years agodiscuss -name and default_ca more correctly (I hope)
Bodo Möller [Mon, 26 Nov 2001 12:13:50 +0000 (12:13 +0000)]
discuss -name and default_ca more correctly (I hope)

23 years agoThis looks to have been a typo.
Geoff Thorpe [Sat, 24 Nov 2001 04:02:42 +0000 (04:02 +0000)]
This looks to have been a typo.

23 years agoFor future portability reasons MIT is moving all macros to function
Bodo Möller [Fri, 23 Nov 2001 21:50:50 +0000 (21:50 +0000)]
For future portability reasons MIT is moving all macros to function
calls.  This patch allows compilation either way.

Submitted by: Jeffrey Altman <jaltman@columbia.edu>

23 years agoinfo on 0.9.6 engine branch
Bodo Möller [Fri, 23 Nov 2001 21:12:44 +0000 (21:12 +0000)]
info on 0.9.6 engine branch

23 years agofix submitted by Andy Schneider <andy.schneider@bjss.co.uk>
Bodo Möller [Fri, 23 Nov 2001 20:58:40 +0000 (20:58 +0000)]
fix submitted by Andy Schneider <andy.schneider@bjss.co.uk>
(in main branch, hn_ncipher.c is already correct)

23 years agocheck OPENSSL_NO_... before including header files that might be
Bodo Möller [Thu, 22 Nov 2001 11:13:10 +0000 (11:13 +0000)]
check OPENSSL_NO_... before including header files that might be
disabled

23 years agoOS/390 support
Bodo Möller [Thu, 22 Nov 2001 11:09:42 +0000 (11:09 +0000)]
OS/390 support

Submitted by: Richard Shapiro <rshapiro@abinitio.com>

23 years agocomment
Bodo Möller [Thu, 22 Nov 2001 11:08:38 +0000 (11:08 +0000)]
comment

23 years agoCut "ENGINE_ID" to the more concise "ID".
Geoff Thorpe [Thu, 22 Nov 2001 10:08:49 +0000 (10:08 +0000)]
Cut "ENGINE_ID" to the more concise "ID".

23 years agoIn this particular error condition, the structural reference wasn't being
Geoff Thorpe [Thu, 22 Nov 2001 09:20:08 +0000 (09:20 +0000)]
In this particular error condition, the structural reference wasn't being
released.

23 years agoWhen the "dynamic" ENGINE loads another ENGINE from a shared-library, it
Geoff Thorpe [Thu, 22 Nov 2001 09:13:18 +0000 (09:13 +0000)]
When the "dynamic" ENGINE loads another ENGINE from a shared-library, it
essentially overwrites itself with the new ENGINE, with the exception of
reference counts, ex_data structures, and other 'admin' elements. However
if the new ENGINE doesn't populate certain elements, there's the risk of
the "dynamic" ENGINE's elements showing through - the "cmd_defns" were just
one of the possibilities. This implements a more comprehensive cleanup.

23 years agoThe "openssl" ENGINE is no longer used except as a testing/debugging
Geoff Thorpe [Thu, 22 Nov 2001 09:01:11 +0000 (09:01 +0000)]
The "openssl" ENGINE is no longer used except as a testing/debugging
device. This change enables it for building as a self-contained "dynamic"
ENGINE, to help testing such mechanisms.

23 years ago'flags' should only be set inside DSO_load() if constructing a new DSO
Geoff Thorpe [Thu, 22 Nov 2001 08:48:09 +0000 (08:48 +0000)]
'flags' should only be set inside DSO_load() if constructing a new DSO
object - otherwise we overwrite any flags that had been previously set in
the DSO before calling DSO_load().

23 years agoExtentions of the explanations to the linking problem on Win32. Provided by Andrew...
Richard Levitte [Mon, 19 Nov 2001 20:46:35 +0000 (20:46 +0000)]
Extentions of the explanations to the linking problem on Win32.  Provided by Andrew Gray <agray@iconsinc.com>

23 years agoClarify reference count handling/removal of session
Lutz Jänicke [Mon, 19 Nov 2001 11:11:23 +0000 (11:11 +0000)]
Clarify reference count handling/removal of session
(shinagawa@star.zko.dec.com).

23 years agoOn VMS, the norm is still that symbols are uppercased, so for now it's better
Richard Levitte [Fri, 16 Nov 2001 13:12:19 +0000 (13:12 +0000)]
On VMS, the norm is still that symbols are uppercased, so for now it's better
 to trust that norm.  I might implement a control for this later on

23 years agowNAFs use does not bring that much performance on Sparcs (where
Bodo Möller [Fri, 16 Nov 2001 12:02:01 +0000 (12:02 +0000)]
wNAFs use does not bring that much performance on Sparcs (where
elliptic curves are are relatively faster than on PCs anyway)

23 years agoavoid stupid compiler warning
Bodo Möller [Fri, 16 Nov 2001 11:37:36 +0000 (11:37 +0000)]
avoid stupid compiler warning

23 years agoBuild dynamic rsaref engine on VMS. Tested on VAX so far.
Richard Levitte [Fri, 16 Nov 2001 09:14:06 +0000 (09:14 +0000)]
Build dynamic rsaref engine on VMS.  Tested on VAX so far.

23 years agoEnd assembler macro correctly.
Richard Levitte [Fri, 16 Nov 2001 09:09:15 +0000 (09:09 +0000)]
End assembler macro correctly.

On VAX, all global variables are accessed through functions, so skip
doing transfer entries for variables.

Forgot the looping gotos.

23 years agoOn systems that don't do too well including headers from a different
Richard Levitte [Fri, 16 Nov 2001 08:54:34 +0000 (08:54 +0000)]
On systems that don't do too well including headers from a different
directory, trust the building scripts to handle it properly.

23 years agoMake sure evp_locl.h can be included (hw_openbsd_dev_crypto.c needs that).
Richard Levitte [Fri, 16 Nov 2001 08:52:56 +0000 (08:52 +0000)]
Make sure evp_locl.h can be included (hw_openbsd_dev_crypto.c needs that).

23 years agocomment
Bodo Möller [Fri, 16 Nov 2001 06:22:21 +0000 (06:22 +0000)]
comment

23 years agouse a more interesting test case
Bodo Möller [Fri, 16 Nov 2001 06:22:05 +0000 (06:22 +0000)]
use a more interesting test case

23 years agocomments etc.
Bodo Möller [Thu, 15 Nov 2001 22:35:41 +0000 (22:35 +0000)]
comments etc.

23 years agoImprove EC efficiency.
Bodo Möller [Thu, 15 Nov 2001 22:32:11 +0000 (22:32 +0000)]
Improve EC efficiency.

23 years agoA missing comma added.
Richard Levitte [Thu, 15 Nov 2001 22:29:02 +0000 (22:29 +0000)]
A missing comma added.

23 years agomake update
Richard Levitte [Thu, 15 Nov 2001 20:24:00 +0000 (20:24 +0000)]
make update

23 years agoAdd MD digests.
Richard Levitte [Thu, 15 Nov 2001 20:23:29 +0000 (20:23 +0000)]
Add MD digests.

And this finishes this engine, it now offers all ciphers and digests
that RSAref 2.0 has.

23 years agoMake it possible to give digest names as -evp arguments.
Richard Levitte [Thu, 15 Nov 2001 20:19:40 +0000 (20:19 +0000)]
Make it possible to give digest names as -evp arguments.

23 years agoAdd DES functions.
Richard Levitte [Thu, 15 Nov 2001 18:52:28 +0000 (18:52 +0000)]
Add DES functions.
Restructure the code and comment it a bit.
Prepare for the presence of digests.

23 years agoIf an engine isn't built in, try loading it as a shareable library
Richard Levitte [Thu, 15 Nov 2001 18:48:42 +0000 (18:48 +0000)]
If an engine isn't built in, try loading it as a shareable library
instead.  This also makes it possible for users to simply give said
shareable library as argument for the -engine option.

23 years agoAt least for the two common Unixly DSO loading methods, include the
Richard Levitte [Thu, 15 Nov 2001 18:24:42 +0000 (18:24 +0000)]
At least for the two common Unixly DSO loading methods, include the
system error in the error text.

23 years agoUse the generated error code files.
Richard Levitte [Thu, 15 Nov 2001 16:57:36 +0000 (16:57 +0000)]
Use the generated error code files.

23 years ago'make update' + some touches.
Richard Levitte [Thu, 15 Nov 2001 16:57:00 +0000 (16:57 +0000)]
'make update' + some touches.

23 years agoAdd targets to update the error code files.
Richard Levitte [Thu, 15 Nov 2001 16:56:17 +0000 (16:56 +0000)]
Add targets to update the error code files.

23 years agoAdd a local error code configuration file for the rsaref dynamic
Richard Levitte [Thu, 15 Nov 2001 16:53:50 +0000 (16:53 +0000)]
Add a local error code configuration file for the rsaref dynamic
engine.

23 years agoMake it possible to build completely static, independent error C
Richard Levitte [Thu, 15 Nov 2001 16:52:10 +0000 (16:52 +0000)]
Make it possible to build completely static, independent error C
files.

23 years agomake update
Richard Levitte [Thu, 15 Nov 2001 12:25:14 +0000 (12:25 +0000)]
make update
perl util/mkerr.pl -recurse -write -rebuild

23 years agoMake use of RSAref's header files instead of EAY's crafted rsaref.h.
Richard Levitte [Wed, 14 Nov 2001 23:39:01 +0000 (23:39 +0000)]
Make use of RSAref's header files instead of EAY's crafted rsaref.h.

23 years agoIn a Debian Linux environment, it's not a good idea, apparently, to
Richard Levitte [Wed, 14 Nov 2001 23:25:46 +0000 (23:25 +0000)]
In a Debian Linux environment, it's not a good idea, apparently, to
manually declare the include directory /usr/include at the same time
as the macro PROTOTYPES is defined with the value 1.  Besides,
/usr/include is the standard include directory anyway, so there's no
need to specify it explicitely.

23 years agoAdd a demo that reimplements the RSAref glue in form of a dynamically
Richard Levitte [Wed, 14 Nov 2001 22:42:35 +0000 (22:42 +0000)]
Add a demo that reimplements the RSAref glue in form of a dynamically
loadable engine.

23 years agoAfter loading a dynamic engine, reset the command definitions to the
Richard Levitte [Wed, 14 Nov 2001 22:32:19 +0000 (22:32 +0000)]
After loading a dynamic engine, reset the command definitions to the
empty set.  This prevents engines that do not set the command
definitions themselves to inherit the ones from "dynamic", which would
otherwise be very confusing.

23 years agoChange the order of events so the capabilities of loaded engines can
Richard Levitte [Wed, 14 Nov 2001 22:30:17 +0000 (22:30 +0000)]
Change the order of events so the capabilities of loaded engines can
get listed as well.

23 years agoremove obsolete entry
Bodo Möller [Wed, 14 Nov 2001 21:21:47 +0000 (21:21 +0000)]
remove obsolete entry

23 years agocast to unsigned int, not to int to avoid the warning -- all these
Bodo Möller [Wed, 14 Nov 2001 21:18:35 +0000 (21:18 +0000)]
cast to unsigned int, not to int to avoid the warning -- all these
values really are unsigned

23 years agoconsistency between main branch and stable branch
Bodo Möller [Wed, 14 Nov 2001 21:17:39 +0000 (21:17 +0000)]
consistency between main branch and stable branch

23 years agoImplement STARTTLS for certain protocols, currently only supporting SMTP.
Richard Levitte [Wed, 14 Nov 2001 13:57:52 +0000 (13:57 +0000)]
Implement STARTTLS for certain protocols, currently only supporting SMTP.

23 years agoRemove temporary files
Richard Levitte [Wed, 14 Nov 2001 10:58:37 +0000 (10:58 +0000)]
Remove temporary files

23 years agounsigned int vs. int.
Richard Levitte [Wed, 14 Nov 2001 10:55:29 +0000 (10:55 +0000)]
unsigned int vs. int.

23 years agoExclude .out files
Richard Levitte [Wed, 14 Nov 2001 10:53:47 +0000 (10:53 +0000)]
Exclude .out files

23 years agosynchronise with 0.9.6 stable branch
Bodo Möller [Mon, 12 Nov 2001 23:22:29 +0000 (23:22 +0000)]
synchronise with 0.9.6 stable branch

23 years agoinformation on 0.9.6c-engine
Bodo Möller [Mon, 12 Nov 2001 22:10:15 +0000 (22:10 +0000)]
information on 0.9.6c-engine

23 years agoPhew, finished
Mark J. Cox [Mon, 12 Nov 2001 20:30:01 +0000 (20:30 +0000)]
Phew, finished
Submitted by:
Reviewed by:
PR:

23 years agoI've still got one left; the backport of the Broadcom UBSEC driver to
Mark J. Cox [Mon, 12 Nov 2001 15:32:11 +0000 (15:32 +0000)]
I've still got one left; the backport of the Broadcom UBSEC driver to
0.9.6 that we've got - just waiting for clearance on that one
Submitted by:
Reviewed by:
PR:

23 years agoAdd unixware-7-gcc as in 0.9.6 branch (except that we need a 'sys_id'
Bodo Möller [Mon, 12 Nov 2001 15:31:39 +0000 (15:31 +0000)]
Add unixware-7-gcc as in 0.9.6 branch (except that we need a 'sys_id'
field here, which is left empty).

Various configurations are *only* in the 0.9.6 branch at the moment:
  OpenUNIX
  OpenUNIX-8-gcc-shared
  OpenUNIX-8-shared
Either Configure or CHANGES must be changed to rectify the situation.

23 years agothe PRNG race conditions were mostly a theoretical issue, remove from NEWS
Bodo Möller [Mon, 12 Nov 2001 11:33:38 +0000 (11:33 +0000)]
the PRNG race conditions were mostly a theoretical issue, remove from NEWS

23 years agoadd changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c
Bodo Möller [Mon, 12 Nov 2001 11:28:15 +0000 (11:28 +0000)]
add changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c

23 years agoAdd an FAQ.
Dr. Stephen Henson [Mon, 12 Nov 2001 01:58:50 +0000 (01:58 +0000)]
Add an FAQ.

23 years agoOrder chronologically: move entry for recent s2_clnt.c/s2_srvr.c fixes
Bodo Möller [Sat, 10 Nov 2001 15:14:00 +0000 (15:14 +0000)]
Order chronologically: move entry for recent s2_clnt.c/s2_srvr.c fixes
(nearly) to the top.

Move msg_callback entry to the top as the implementation for SSL 2.0
is based on the s2_clnt.c/s2_srvr.c changes.

23 years agomake code a little more similar to what it looked like before the fixes,
Bodo Möller [Sat, 10 Nov 2001 10:44:15 +0000 (10:44 +0000)]
make code a little more similar to what it looked like before the fixes,
call ssl2_part_read again to parse error message

23 years agoremove incorrect 'callback' prototype
Bodo Möller [Sat, 10 Nov 2001 02:12:56 +0000 (02:12 +0000)]
remove incorrect 'callback' prototype

23 years agomsg_callback documentation
Bodo Möller [Sat, 10 Nov 2001 02:12:09 +0000 (02:12 +0000)]
msg_callback documentation

23 years agomore output for SSL 2.0 in our msg_callback
Bodo Möller [Sat, 10 Nov 2001 01:17:02 +0000 (01:17 +0000)]
more output for SSL 2.0 in our msg_callback

23 years agoImplement msg_callback for SSL 2.0.
Bodo Möller [Sat, 10 Nov 2001 01:16:28 +0000 (01:16 +0000)]
Implement msg_callback for SSL 2.0.

Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).