Bodo Möller [Mon, 18 Mar 2002 13:05:20 +0000 (13:05 +0000)]
fix #include position
Submitted by: Nils Larsch
Dr. Stephen Henson [Sat, 16 Mar 2002 23:20:05 +0000 (23:20 +0000)]
Ensure EVP_CipherInit() uses the correct encode/decode parameter if
enc == -1
[Reported by Markus Friedl <markus@openbsd.org>]
Fix typo in dh_lib.c (use of DSAerr instead of DHerr).
Bodo Möller [Fri, 15 Mar 2002 16:46:41 +0000 (16:46 +0000)]
Rename 'cray-t90-cc' into 'cray-j90'.
Add to 'config'.
Bodo Möller [Fri, 15 Mar 2002 10:52:32 +0000 (10:52 +0000)]
fix ssl3_pending
Lutz Jänicke [Thu, 14 Mar 2002 18:53:15 +0000 (18:53 +0000)]
Add missing strength entries.
Dr. Stephen Henson [Thu, 14 Mar 2002 18:22:23 +0000 (18:22 +0000)]
Initialize cipher context in KRB5
("D. Russell" <russelld@aol.net>)
Allow HMAC functions to use an alternative ENGINE.
Bodo Möller [Thu, 14 Mar 2002 13:18:57 +0000 (13:18 +0000)]
add OIDs for WAP/TLS curves
Bodo Möller [Thu, 14 Mar 2002 09:52:03 +0000 (09:52 +0000)]
Fixes for 'no-hw' combined with 'no-SOME_CIPHER'.
Fix dsaparam usage output.
Submitted by: Nils Larsch
Bodo Möller [Thu, 14 Mar 2002 09:48:54 +0000 (09:48 +0000)]
use BIO_nwrite() more properly to demonstrate the general idea of
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)
Dr. Stephen Henson [Wed, 13 Mar 2002 13:59:38 +0000 (13:59 +0000)]
Undo previous patch: avoid warnings by #undef'ing
duplicate definitions.
Suggested by "Kenneth R. Robinette" <support@securenetterm.com>
Dr. Stephen Henson [Tue, 12 Mar 2002 19:37:18 +0000 (19:37 +0000)]
Fix Kerberos warnings with VC++.
Dr. Stephen Henson [Tue, 12 Mar 2002 13:32:35 +0000 (13:32 +0000)]
Fix ASN1 additions for KRB5
Dr. Stephen Henson [Tue, 12 Mar 2002 02:59:37 +0000 (02:59 +0000)]
Fix various warnings when compiling with KRB5 code.
Bodo Möller [Mon, 11 Mar 2002 09:36:04 +0000 (09:36 +0000)]
asm/mips3.o problems
Dr. Stephen Henson [Sat, 9 Mar 2002 18:58:05 +0000 (18:58 +0000)]
Make ciphers and digests obtain an ENGINE functional reference
if impl is explicitly supplied.
Dr. Stephen Henson [Sat, 9 Mar 2002 18:25:03 +0000 (18:25 +0000)]
Make {RSA,DSA,DH}_new_method obtain and release an ENGINE
functional reference in all cases.
Dr. Stephen Henson [Fri, 8 Mar 2002 19:11:15 +0000 (19:11 +0000)]
Fix the Win32_rename() function so it correctly
returns an error code. Use the same code in Win9X
and NT.
Fix some ca.c options so they work under Win32:
unlink/rename wont work under Win32 unless the file
is closed.
Bodo Möller [Fri, 8 Mar 2002 11:10:40 +0000 (11:10 +0000)]
EC curve stuff
Submitted by: Nils Larsch
Richard Levitte [Thu, 7 Mar 2002 19:38:59 +0000 (19:38 +0000)]
Synchronise the AEP engine in all branches. For 0.9.6-stable [engine], implement software fallback
Richard Levitte [Thu, 7 Mar 2002 17:13:30 +0000 (17:13 +0000)]
When closing, do not use close(). Also, if the closing call fails, do
not return immediately since that leaves a locked lock.
Richard Levitte [Thu, 7 Mar 2002 15:41:36 +0000 (15:41 +0000)]
Change des_old.c to use types prefixed with _ossl_old_des_.
Bodo Möller [Thu, 7 Mar 2002 12:21:31 +0000 (12:21 +0000)]
fix spacing
Bodo Möller [Thu, 7 Mar 2002 12:14:03 +0000 (12:14 +0000)]
Add more curves.
Submitted by: Nils Larsch
Remove unnecessary 'const'.
Dr. Stephen Henson [Wed, 6 Mar 2002 14:15:13 +0000 (14:15 +0000)]
ENGINE module additions.
Add "init" command to control ENGINE
initialization.
Call ENGINE_finish on initialized ENGINEs on exit.
Reorder shutdown in apps.c: modules should be shut
down first.
Add test private key loader to openssl ENGINE: this
just loads a private key in PEM format.
Fix print format for dh length parameter.
Bodo Möller [Wed, 6 Mar 2002 13:47:32 +0000 (13:47 +0000)]
add SECG OIDs
Submitted by: Nils Larsch
Bodo Möller [Wed, 6 Mar 2002 09:46:17 +0000 (09:46 +0000)]
reference counting for EC_GROUP structures is not needed (at the
moment at least), so remove it
Richard Levitte [Wed, 6 Mar 2002 06:25:31 +0000 (06:25 +0000)]
OpenSSL currently fails on certain pure 64-bit architectures. This is a showstopper
Bodo Möller [Tue, 5 Mar 2002 15:29:30 +0000 (15:29 +0000)]
Rephrase statement on the security of two-key 3DES.
[Chosen plaintext attack: R. Merkle, M. Hellman: "On the Security of
Multiple Encryption", CACM 24 (1981) pp. 465-467, p. 776.
Known plaintext angriff: P.C. van Oorschot, M. Wiener: "A
known-plaintext attack on two-key triple encryption", EUROCRYPT '90.]
Bodo Möller [Tue, 5 Mar 2002 15:17:17 +0000 (15:17 +0000)]
fix 'ecdsaparam -C'
Bodo Möller [Tue, 5 Mar 2002 15:05:00 +0000 (15:05 +0000)]
fix printf call
Bodo Möller [Tue, 5 Mar 2002 14:58:53 +0000 (14:58 +0000)]
typo
Bodo Möller [Tue, 5 Mar 2002 14:56:17 +0000 (14:56 +0000)]
fix 'ecdsaparam -C' output
Submitted by: Nils Larsch
Dr. Stephen Henson [Tue, 5 Mar 2002 13:48:51 +0000 (13:48 +0000)]
Make sure the type accessed by the LONG and ZLONG ASN1 type
is really a long, to avoid problems on platforms where
sizeof(int) != sizeof(long).
Bodo Möller [Tue, 5 Mar 2002 12:39:19 +0000 (12:39 +0000)]
more X9.62 OIDs
Submitted by: Nils Larsch <nla@trustcenter.de>
Bodo Möller [Tue, 5 Mar 2002 12:37:35 +0000 (12:37 +0000)]
disable '#ifdef DEBUG' code
Richard Levitte [Tue, 5 Mar 2002 11:26:03 +0000 (11:26 +0000)]
Provide a pre 0.9.7 compatibility mapping if
OPENSSL_DES_PRE_0_9_7_COMPATIBILITY is defined. NOT AT ALL TESTED YET!
Add a comment as to the libdes compatibility.
Richard Levitte [Tue, 5 Mar 2002 09:43:18 +0000 (09:43 +0000)]
New configuration targets for OpenBSD, handed to me by Bob Beck <beck@openbsd.org>
Bodo Möller [Tue, 5 Mar 2002 09:07:16 +0000 (09:07 +0000)]
'#if OPENSSL_VERSION_NUMBER >= ...' to document the recent change
Richard Levitte [Mon, 4 Mar 2002 18:07:59 +0000 (18:07 +0000)]
Typo. In DCL, the continuation character is a dash at the end of the
line, which I forgot when spliting one.
Richard Levitte [Mon, 4 Mar 2002 16:08:13 +0000 (16:08 +0000)]
Rename des_SPtrans to DES_SPtrans to differentiate from libdes and avoid certain linkage clashes.
Richard Levitte [Mon, 4 Mar 2002 15:58:38 +0000 (15:58 +0000)]
Make it so one can select tests from within the test directory
Dr. Stephen Henson [Sun, 3 Mar 2002 17:08:20 +0000 (17:08 +0000)]
Fix warnings about signed/unsigned mismatch and global
shadowing (random, index) in hw_4758_cca.c
Richard Levitte [Sun, 3 Mar 2002 01:25:21 +0000 (01:25 +0000)]
This change was only made in 0.9.7-stable. Synchronise
Richard Levitte [Thu, 28 Feb 2002 22:07:50 +0000 (22:07 +0000)]
Remove the perl/ subdirectory. It hasn't been worked on for ages, is
very broken, and there are working modules in CPAN, which makes our
module even more moot.
Richard Levitte [Thu, 28 Feb 2002 20:29:20 +0000 (20:29 +0000)]
make update
Bodo Möller [Thu, 28 Feb 2002 14:07:37 +0000 (14:07 +0000)]
use ERR_peek_last_error() instead of ERR_peek_error()
Bodo Möller [Thu, 28 Feb 2002 14:05:13 +0000 (14:05 +0000)]
use ERR_peek_last_error() instead of ERR_peek_error() to ignore
any other errors that may be left in the error queue
Submitted by: Jeffrey Altman
Richard Levitte [Thu, 28 Feb 2002 13:17:40 +0000 (13:17 +0000)]
VMS addaptation, including a few more long names that needed hacking.
Richard Levitte [Thu, 28 Feb 2002 12:58:43 +0000 (12:58 +0000)]
Make sure aep_close_connection() is declared and has a prototype that's
consistent with the rest of the AEP functions
Richard Levitte [Thu, 28 Feb 2002 12:42:19 +0000 (12:42 +0000)]
Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated
Richard Levitte [Thu, 28 Feb 2002 11:36:38 +0000 (11:36 +0000)]
Updated AEP engine, submitted by Diarmuid O'Neill <Diarmuid.ONeill@aep.ie>
Richard Levitte [Thu, 28 Feb 2002 11:29:55 +0000 (11:29 +0000)]
Document the added modes for AES
Bodo Möller [Thu, 28 Feb 2002 10:52:56 +0000 (10:52 +0000)]
Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
Bodo Möller [Thu, 28 Feb 2002 10:51:56 +0000 (10:51 +0000)]
disable '#ifdef DEBUG' sections
Geoff Thorpe [Wed, 27 Feb 2002 22:55:28 +0000 (22:55 +0000)]
This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice
Gittens.
Lutz Jänicke [Wed, 27 Feb 2002 11:23:05 +0000 (11:23 +0000)]
Fix the fix (Yoram Zahavi)...
Lutz Jänicke [Wed, 27 Feb 2002 08:08:57 +0000 (08:08 +0000)]
SSL_clear != SSL_free/SSL_new
Lutz Jänicke [Tue, 26 Feb 2002 21:40:09 +0000 (21:40 +0000)]
Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi).
Dr. Stephen Henson [Tue, 26 Feb 2002 19:33:24 +0000 (19:33 +0000)]
Always init ctx_tmp in PKCS7_dataFinal since it is always cleaned up.
Richard Levitte [Tue, 26 Feb 2002 14:41:29 +0000 (14:41 +0000)]
make update, after moving around symbols in libeay.num to match
0.9.7-stable.
Dr. Stephen Henson [Tue, 26 Feb 2002 13:46:55 +0000 (13:46 +0000)]
Fix new -aes command argument handling
Dr. Stephen Henson [Sun, 24 Feb 2002 16:20:50 +0000 (16:20 +0000)]
Make the engine config module always add dynamic ENGINEs
to the list using dynamic_path. This stops ENGINEs which
don't supply any default algorithms being automatically
freed (because they have no references) and allows them
to be accessed by id.
Alternative dynamic loading behaviour can be achieved by
issuing the dynamic ENGINE ctrls separately in the config file.
Dr. Stephen Henson [Sat, 23 Feb 2002 13:50:29 +0000 (13:50 +0000)]
Updates from stable branch.
Dr. Stephen Henson [Sat, 23 Feb 2002 01:00:44 +0000 (01:00 +0000)]
New OPENSSL_LOAD_CONF define to load openssl.cnf
when OpenSSL_add_all_algorithms() is called.
Dr. Stephen Henson [Fri, 22 Feb 2002 21:26:25 +0000 (21:26 +0000)]
Fix for AIX.
Submitted by Dawn Whiteside <dwhitesi@tiercel.uwaterloo.ca>
Dr. Stephen Henson [Fri, 22 Feb 2002 21:21:18 +0000 (21:21 +0000)]
non-Monolith fixes.
Submitted by Andrew W. Gray <agray@iconsinc.com>
Dr. Stephen Henson [Fri, 22 Feb 2002 21:17:31 +0000 (21:17 +0000)]
make errors
Dr. Stephen Henson [Fri, 22 Feb 2002 14:07:35 +0000 (14:07 +0000)]
Update from stable branch.
Dr. Stephen Henson [Fri, 22 Feb 2002 14:01:21 +0000 (14:01 +0000)]
Config code updates.
CONF_modules_unload() now calls CONF_modules_finish()
automatically.
Default use of section openssl_conf moved to
CONF_modules_load()
Load config file in several openssl utilities.
Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.
In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
Richard Levitte [Thu, 21 Feb 2002 17:23:04 +0000 (17:23 +0000)]
We have AES support in openssl speed
Bodo Möller [Thu, 21 Feb 2002 13:07:44 +0000 (13:07 +0000)]
disable '#ifdef DEBUG' sections
Dr. Stephen Henson [Thu, 21 Feb 2002 00:54:54 +0000 (00:54 +0000)]
Config file updates from stable branch
Richard Levitte [Wed, 20 Feb 2002 18:03:07 +0000 (18:03 +0000)]
Add AES support in the applications that support -des and -des3.
Richard Levitte [Wed, 20 Feb 2002 17:59:49 +0000 (17:59 +0000)]
Add comfy aliases for AES in CBC mode.
Richard Levitte [Wed, 20 Feb 2002 17:55:08 +0000 (17:55 +0000)]
Stop assuming the IV is 8 bytes long, use the real size instead.
This is especially important for AES that has a 16 bytes IV.
Richard Levitte [Wed, 20 Feb 2002 14:07:07 +0000 (14:07 +0000)]
Including openssl/e_os.h in the OpenSSL 0.9.6 branch is legal, since
it's exported. Changing that is a BIG step, which has been done in
0.9.7-dev.
Richard Levitte [Wed, 20 Feb 2002 13:50:36 +0000 (13:50 +0000)]
gcc figures that the format specifier %2x means unsigned int, so let's
make n unsigned.
Richard Levitte [Wed, 20 Feb 2002 13:49:17 +0000 (13:49 +0000)]
Instead of casting a lvalue, let's constify meth.
Richard Levitte [Wed, 20 Feb 2002 13:19:59 +0000 (13:19 +0000)]
Update the status on 64-bit thingy.
Bodo Möller [Wed, 20 Feb 2002 13:08:17 +0000 (13:08 +0000)]
simplifications
Submitted by: Nils Larsch
Bodo Möller [Wed, 20 Feb 2002 12:38:00 +0000 (12:38 +0000)]
typo
Richard Levitte [Wed, 20 Feb 2002 12:31:23 +0000 (12:31 +0000)]
Add reports on checked 64-bit platforms and make space to add platforms that need to be checked
Richard Levitte [Wed, 20 Feb 2002 12:16:17 +0000 (12:16 +0000)]
With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all
Richard Levitte [Wed, 20 Feb 2002 12:01:24 +0000 (12:01 +0000)]
Instead of just checking for OpenVMS, check if DEC C is used, since it's as
picky on all platforms
Bodo Möller [Wed, 20 Feb 2002 11:59:42 +0000 (11:59 +0000)]
bugfix: allocate sufficiently large buffer
Submitted by: Nils Larsch
Richard Levitte [Wed, 20 Feb 2002 11:57:33 +0000 (11:57 +0000)]
Comparing a pointer (data) with 0 using > is incorrect. The changed
comparison doesn't look right, but at least it compiles. It would be nice
if the one who knows what this is supposed to do changed it to do it correctly
Richard Levitte [Wed, 20 Feb 2002 11:43:40 +0000 (11:43 +0000)]
With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all
Richard Levitte [Wed, 20 Feb 2002 11:42:42 +0000 (11:42 +0000)]
Don't shadow already defined variables
Geoff Thorpe [Wed, 20 Feb 2002 08:33:55 +0000 (08:33 +0000)]
make update
Geoff Thorpe [Wed, 20 Feb 2002 05:12:45 +0000 (05:12 +0000)]
A rough little self-test for tunala. This runs through all cipher-suite /
SSL/TLS version combinations looking for mishaps.
Geoff Thorpe [Wed, 20 Feb 2002 05:09:22 +0000 (05:09 +0000)]
Make the "ungunk" logic a little more robust.
Geoff Thorpe [Wed, 20 Feb 2002 05:02:50 +0000 (05:02 +0000)]
- Add support for cipher suites that require a temporary RSA key for
key-agreement.
- Tolerate signal interruptions of select().
Richard Levitte [Sat, 16 Feb 2002 22:31:16 +0000 (22:31 +0000)]
Oh, and since config figures out that we run Cygwin and what versions,
let's recommend running config instead of a manual Configure.
Richard Levitte [Sat, 16 Feb 2002 22:28:31 +0000 (22:28 +0000)]
Since Cygwin is the proper spelling, let's change to that everywhere.
Also, with the change in Configure, it now knows on it's own if
threads are supported or not.
Ulf Möller [Sat, 16 Feb 2002 16:53:25 +0000 (16:53 +0000)]
Cygwin target name has been changed!
Richard Levitte [Sat, 16 Feb 2002 12:39:07 +0000 (12:39 +0000)]
The AES modes OFB and CFB are defined with 128 feedback bits. This
deviates from the "standard" 64 bits of feedback that all other
algorithms are using. Therefore, let's redo certain EVP macros to
accept different amounts of feedback bits for these modes.
Also, change e_aes.c to provide all usually available modes for AES.
CTR isn't included yet.
Richard Levitte [Sat, 16 Feb 2002 12:20:34 +0000 (12:20 +0000)]
Add the modes OFB128, CFB128 and CTR128 to AES.
Submitted by Stephen Sprunk <stephen@sprunk.org>
Richard Levitte [Sat, 16 Feb 2002 12:15:30 +0000 (12:15 +0000)]
Adjust the NID names for the AES modes OFB and CFB to contain the number
of feedback bits
Richard Levitte [Sat, 16 Feb 2002 12:03:25 +0000 (12:03 +0000)]
The macro IMPLEMENT_ASN1_FUNCTIONS_const already contains an ending ;,
so do not add one after the expansion, since ANSI C doesn't allow ;;
at this level (or at least, so tells me gcc).
Richard Levitte [Sat, 16 Feb 2002 12:01:13 +0000 (12:01 +0000)]
Local `time' shadows the global function `time()'. Rename the local
variable to `tim' (and, as a matter of consequence, `time_d' to `tim_d').