Bodo Möller [Fri, 9 Aug 2002 09:39:53 +0000 (09:39 +0000)]
use 0, not NULL
Submitted by: Nils Larsch
Bodo Möller [Fri, 9 Aug 2002 09:39:11 +0000 (09:39 +0000)]
ECDH engine support
Submitted by: Douglas Stebila
Bodo Möller [Fri, 9 Aug 2002 08:56:08 +0000 (08:56 +0000)]
ECC ciphersuite support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
Richard Levitte [Fri, 9 Aug 2002 08:50:30 +0000 (08:50 +0000)]
When we want to give a -f argument to $(MAKE), we'd better make sure the
variable doesn't already contain a -f argument.
PR: 203, part 4
Bodo Möller [Fri, 9 Aug 2002 08:43:04 +0000 (08:43 +0000)]
Add ECDH support.
Additional changes:
- use EC_GROUP_get_degree() in apps/req.c
- add ECDSA and ECDH to apps/speed.c
- adds support for EC curves over binary fields to ECDSA
- new function EC_KEY_up_ref() in crypto/ec/ec_key.c
- reorganize crypto/ecdsa/ecdsatest.c
- add engine support for ECDH
- fix a few bugs in ECDSA engine support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
Richard Levitte [Fri, 9 Aug 2002 07:32:24 +0000 (07:32 +0000)]
Parse version numbers prefixed with text (egcs does that, even with
-dumpversion).
PR: 203, part 1
Richard Levitte [Thu, 8 Aug 2002 22:55:28 +0000 (22:55 +0000)]
0.9.6f is released
Bodo Möller [Wed, 7 Aug 2002 10:49:54 +0000 (10:49 +0000)]
use a generic EC_KEY structure (EC keys are not ECDSA specific)
Submitted by: Nils Larsch
Bodo Möller [Wed, 7 Aug 2002 07:53:47 +0000 (07:53 +0000)]
avoid SIGSEGV
Submitted by: Nils Larsch, Douglas Stebila
Geoff Thorpe [Mon, 5 Aug 2002 16:27:01 +0000 (16:27 +0000)]
These are updates/fixes to DH/DSA/RAND docs based on the fixes to the RSA
docs. There were a couple of other places (including RSA) where the docs
were not quite synchronised with the API that are now fixed. One or two
still remain to be fixed though ...
Geoff Thorpe [Mon, 5 Aug 2002 02:54:57 +0000 (02:54 +0000)]
typo fix
Geoff Thorpe [Sun, 4 Aug 2002 21:08:36 +0000 (21:08 +0000)]
Various parts of the RSA documentation were inaccurate and out of date and
this fixes those that I'm currently aware of. In particular, the ENGINE
interference in the RSA API has hopefully been clarified. This still needs
to be done for other areas of the API ...
Geoff Thorpe [Sun, 4 Aug 2002 20:57:19 +0000 (20:57 +0000)]
A single monolithic man page for the ENGINE stuff. This is a rough
first-cut but provides better documentation than having nothing on the
ENGINE API.
Geoff Thorpe [Sun, 4 Aug 2002 20:40:23 +0000 (20:40 +0000)]
Fix "make install_docs" (and thus "make install").
Bodo Möller [Sat, 3 Aug 2002 18:49:39 +0000 (18:49 +0000)]
oops -- must use EVP_MD_size, not EVP_MD_block_size
Bodo Möller [Sat, 3 Aug 2002 18:28:34 +0000 (18:28 +0000)]
oops, undo previous change (was just for testing)
Bodo Möller [Sat, 3 Aug 2002 18:27:47 +0000 (18:27 +0000)]
fix bn_expand2
Bodo Möller [Sat, 3 Aug 2002 17:51:29 +0000 (17:51 +0000)]
use bn_wexpand instead of bn_expand2 (the latter is not needed here,
and it does not yet work correctly)
Submitted by: Douglas Stebila
Dr. Stephen Henson [Fri, 2 Aug 2002 18:58:33 +0000 (18:58 +0000)]
Fix typo
Dr. Stephen Henson [Fri, 2 Aug 2002 18:48:55 +0000 (18:48 +0000)]
Fix the ASN1 sanity check: correct header length
calculation and check overflow against LONG_MAX.
Bodo Möller [Fri, 2 Aug 2002 18:26:02 +0000 (18:26 +0000)]
disable Sun divison algorithm by default
Bodo Möller [Fri, 2 Aug 2002 18:23:55 +0000 (18:23 +0000)]
fix bn_expand2
Bodo Möller [Fri, 2 Aug 2002 17:25:05 +0000 (17:25 +0000)]
optical changes
Bodo Möller [Fri, 2 Aug 2002 15:28:31 +0000 (15:28 +0000)]
typo
Bodo Möller [Fri, 2 Aug 2002 15:13:10 +0000 (15:13 +0000)]
remove obsolete part of comment
Bodo Möller [Fri, 2 Aug 2002 15:07:08 +0000 (15:07 +0000)]
remove obsoleted disabled code
Bodo Möller [Fri, 2 Aug 2002 15:02:03 +0000 (15:02 +0000)]
Let BN_rand_range() abort with an error after 100 iterations
without success.
Bodo Möller [Fri, 2 Aug 2002 14:58:09 +0000 (14:58 +0000)]
update
Bodo Möller [Fri, 2 Aug 2002 14:57:53 +0000 (14:57 +0000)]
Change BN_mod_sqrt() so that it verifies that the input value is
really the square of the return value.
Bodo Möller [Fri, 2 Aug 2002 14:49:59 +0000 (14:49 +0000)]
move GF2m tests to the end
Bodo Möller [Fri, 2 Aug 2002 14:28:37 +0000 (14:28 +0000)]
Rename implementations of method functions so that they match
the new method names where _GF... suffixes have been removed.
Revert changes to ..._{get/set}_Jprojective_coordinates_...:
The current implementation for ECC over binary fields does not use
projective coordinates, and if it did, it would not use Jacobian
projective coordinates; so it's OK to use the ..._GFp prefix for all
this.
Add author attributions to some files so that it doesn't look
as if Sun wrote all of this :-)
Bodo Möller [Fri, 2 Aug 2002 13:52:19 +0000 (13:52 +0000)]
typos
Bodo Möller [Fri, 2 Aug 2002 13:50:12 +0000 (13:50 +0000)]
ec2_smpt.c must be listed in LIBSRC
Bodo Möller [Fri, 2 Aug 2002 13:43:26 +0000 (13:43 +0000)]
there is no alternative EC_METHOD for curves over GF(2^m) (yet)
Bodo Möller [Fri, 2 Aug 2002 13:42:24 +0000 (13:42 +0000)]
add support for elliptic curves over binary fields
Submitted by: Duglas Stebila <douglas.stebila@sun.com>,
Sheueling Chang <sheueling.chang@sun.com>
(CHANGES entries by Bodo Moeller)
Bodo Möller [Fri, 2 Aug 2002 13:06:17 +0000 (13:06 +0000)]
extend curve list (additional curves over binary fields)
Submitted by: Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)
Bodo Möller [Fri, 2 Aug 2002 13:03:55 +0000 (13:03 +0000)]
Binary field arithmetic contributed by Sun Microsystems.
The 'OPENSSL_NO_SUN_DIV' default is still subject to change,
so I didn't bother to finish the CHANGES entry yet.
Submitted by: Douglas Stebila <douglas.stebila@sun.com>, Sheueling Chang <sheueling.chang@sun.com>
(CHANGES entry by Bodo Moeller)
Bodo Möller [Fri, 2 Aug 2002 12:28:34 +0000 (12:28 +0000)]
Add more WAP/WTLS elliptic curve OIDs.
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
Bodo Möller [Fri, 2 Aug 2002 12:27:21 +0000 (12:27 +0000)]
New error code ERR_R_DISABLED
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
Bodo Möller [Fri, 2 Aug 2002 11:48:15 +0000 (11:48 +0000)]
get rid of OpenSSLDie
Richard Levitte [Fri, 2 Aug 2002 11:23:12 +0000 (11:23 +0000)]
make update
Richard Levitte [Fri, 2 Aug 2002 11:13:37 +0000 (11:13 +0000)]
Certain flag macros were tested with #if instead if #ifdef...
Richard Levitte [Thu, 1 Aug 2002 21:52:56 +0000 (21:52 +0000)]
We don't need to find out which pod2man to use more than once
Richard Levitte [Thu, 1 Aug 2002 21:34:24 +0000 (21:34 +0000)]
Don't try testing with parallell make, that will just fail.
PR: 175
Richard Levitte [Thu, 1 Aug 2002 20:28:16 +0000 (20:28 +0000)]
Add aix64-cc, and make sure that ar gets proper flags for 64-bit libraries
Richard Levitte [Thu, 1 Aug 2002 19:45:54 +0000 (19:45 +0000)]
make update
Richard Levitte [Thu, 1 Aug 2002 19:32:48 +0000 (19:32 +0000)]
Add the CBC flag for cbc ciphers
Richard Levitte [Thu, 1 Aug 2002 19:30:58 +0000 (19:30 +0000)]
Avoid yet another name clash with libdes, and make the declaration consistent
with the definition.
Richard Levitte [Thu, 1 Aug 2002 16:28:40 +0000 (16:28 +0000)]
Make it possible to load keys from stdin, and restore that
functionality in the programs that had that before.
Part fo PR 164
Richard Levitte [Thu, 1 Aug 2002 14:18:52 +0000 (14:18 +0000)]
OCSP and KRB5 Makefil.ssl should be consistent with all the others
Richard Levitte [Thu, 1 Aug 2002 13:50:08 +0000 (13:50 +0000)]
Linux on s390 really knows about loading dynamically.
PR: 183
Richard Levitte [Thu, 1 Aug 2002 13:39:39 +0000 (13:39 +0000)]
Cut'n'paste error with other reposnder certificates cleared.
PR: 190
Richard Levitte [Thu, 1 Aug 2002 10:08:37 +0000 (10:08 +0000)]
If CRYPTO_realloc() is called with a NULL pointer, have it call
OPENSSL_malloc().
PR: 187
Richard Levitte [Wed, 31 Jul 2002 14:05:57 +0000 (14:05 +0000)]
If the email address is moved from the subject to the subject alternate name,
the subject in the certificate would differ from the subject in the index file,
which has quite bad concequences.
PR: 180
Richard Levitte [Wed, 31 Jul 2002 13:49:06 +0000 (13:49 +0000)]
Make sure to use $(MAKE) everywhere instead of make.
Part of PR 181
Richard Levitte [Wed, 31 Jul 2002 13:38:32 +0000 (13:38 +0000)]
ln -f -s doesn't always work, so do a rm -f followed by a ln -s.
Part of PR 181
Richard Levitte [Wed, 31 Jul 2002 13:24:26 +0000 (13:24 +0000)]
The version of the shared library should, for now, reflect the version
of OpenSSL.
Part of PR 181.
Lutz Jänicke [Tue, 30 Jul 2002 13:36:31 +0000 (13:36 +0000)]
Typo.
Submitted by: Jeffrey Altman <jaltman@columbia.edu>
Reviewed by:
PR: 169
Lutz Jänicke [Tue, 30 Jul 2002 13:04:04 +0000 (13:04 +0000)]
OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
Lutz Jänicke [Tue, 30 Jul 2002 12:44:33 +0000 (12:44 +0000)]
"make update"
Lutz Jänicke [Tue, 30 Jul 2002 11:32:47 +0000 (11:32 +0000)]
0.9.6e and 0.9.7-beta3 are out.
Lutz Jänicke [Mon, 29 Jul 2002 13:31:44 +0000 (13:31 +0000)]
Only use DSA-functions if available.
Submitted by: "Hellan,Kim KHE" <KHE@kmd.dk>
Reviewed by:
PR: 167
Bodo Möller [Mon, 29 Jul 2002 12:35:19 +0000 (12:35 +0000)]
mention SSL_do_handshake()
Bodo Möller [Fri, 26 Jul 2002 08:41:04 +0000 (08:41 +0000)]
Use SEC1 format for EC private keys.
This is not ECDSA specific, so it's now PEM_STRING_ECPRIVATEKEY etc.
Submitted by: Nils Larsch <nlarsch@compuserve.de>
Bodo Möller [Thu, 25 Jul 2002 12:12:39 +0000 (12:12 +0000)]
Move zeroing from bn_expand_internal() to bn_expand2() so that it
happens reliably, even if the BIGNUM is already sufficiently large.
[Note that the bn_expand()/bn_wexpand() macros call bn_expand2() only
if the BIGNUM actually has to grow, so this change does not add any
new overhead as currently bn_expand2() is never called directly.]
Bodo Möller [Thu, 25 Jul 2002 11:19:58 +0000 (11:19 +0000)]
more detailed instructions for export from US
Richard Levitte [Wed, 24 Jul 2002 14:43:00 +0000 (14:43 +0000)]
Don't clobber loop variable.
PR: 159
Richard Levitte [Tue, 23 Jul 2002 13:45:38 +0000 (13:45 +0000)]
Document the recent DJGPP-related changes
Richard Levitte [Tue, 23 Jul 2002 13:31:04 +0000 (13:31 +0000)]
Make dummy tests to make it easier to physically remove unwanted algorithms.
This should complete PR 75
Bodo Möller [Tue, 23 Jul 2002 09:51:57 +0000 (09:51 +0000)]
harmonize options with those for 'ecparam',
remove redudant option '-pub'
Submitted by: Nils Larsch
Richard Levitte [Mon, 22 Jul 2002 14:18:11 +0000 (14:18 +0000)]
If DH is disabled, don't define the DH functions.
Notified by Kim Hellan <KHE@kmd.dk>
Bodo Möller [Mon, 22 Jul 2002 09:04:36 +0000 (09:04 +0000)]
fix a typo and clarify
Bodo Möller [Mon, 22 Jul 2002 08:39:44 +0000 (08:39 +0000)]
add an explanation and fix a typo
Lutz Jänicke [Fri, 19 Jul 2002 19:55:34 +0000 (19:55 +0000)]
New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
Submitted by:
Reviewed by:
PR: 127
Lutz Jänicke [Fri, 19 Jul 2002 16:32:40 +0000 (16:32 +0000)]
HP-UX shared libraries must be +x and should be -w. It doesn't hurt on
other platforms.
Submitted by:
Reviewed by:
PR: 134
Bodo Möller [Fri, 19 Jul 2002 12:32:42 +0000 (12:32 +0000)]
update
Richard Levitte [Fri, 19 Jul 2002 11:57:17 +0000 (11:57 +0000)]
The first compile of the new merger method for VMS *almost* got
through. That's not enough, is it? :-)
Richard Levitte [Fri, 19 Jul 2002 11:56:02 +0000 (11:56 +0000)]
Two more names that are a little too long for the standard VMS linker.
Lutz Jänicke [Fri, 19 Jul 2002 11:53:54 +0000 (11:53 +0000)]
The behaviour is undefined when calling SSL_write() with num=0.
Submitted by:
Reviewed by:
PR: 141
Lutz Jänicke [Fri, 19 Jul 2002 11:05:50 +0000 (11:05 +0000)]
Manual page for SSL_do_handshake().
Submitted by: Martin Sjögren <martin@strakt.com>
PR: 137
Geoff Thorpe [Thu, 18 Jul 2002 20:59:22 +0000 (20:59 +0000)]
This documentation change was being written at the same time as Richard's
changes. So I'm committing this version to overwrite his changes for now,
and he can always take his turn to overwrite my words if he wants :-)
PR: 86
Richard Levitte [Thu, 18 Jul 2002 19:10:57 +0000 (19:10 +0000)]
Explain why RSA_check_key() doesn't work with hard keys.
PR: 86
Richard Levitte [Thu, 18 Jul 2002 18:54:46 +0000 (18:54 +0000)]
Add history for documented new functions.
PR: 59
Richard Levitte [Thu, 18 Jul 2002 17:59:21 +0000 (17:59 +0000)]
Allow subjects with more than 255 characters to be properly printed.
PR: 147
Richard Levitte [Thu, 18 Jul 2002 12:37:59 +0000 (12:37 +0000)]
Further enhance assembler support on Cygwin and DJGPP.
Make pod2mantest useable on DOS-based systems.
Part of PR 75, the rest is still under investigation.
Bodo Möller [Thu, 18 Jul 2002 11:23:50 +0000 (11:23 +0000)]
Fix bug introduced with revision 1.95 when this filed was modified to
use the new X509_CRL_set_issuer_name() function:
The CRL issuer should be X509_get_subject_name(x509), not
X509_get_issuer_name(x509).
Submitted by: Juergen Lesny <lesnyj@informatik.tu-muenchen.de>
typo
Richard Levitte [Thu, 18 Jul 2002 10:39:20 +0000 (10:39 +0000)]
Reverse the change with the following log, it needs further investigation:
Make S/MIME output conform with the mail and MIME standards.
PR: 151
Richard Levitte [Thu, 18 Jul 2002 08:47:33 +0000 (08:47 +0000)]
Make S/MIME output conform with the mail and MIME standards.
PR: 151
Richard Levitte [Thu, 18 Jul 2002 07:47:30 +0000 (07:47 +0000)]
Unixware doesn't have strings.h, so we need to declare strcasecmp()
differently.
Unixware 2 needs to link with libresolv.
PR: 148
Richard Levitte [Thu, 18 Jul 2002 06:34:34 +0000 (06:34 +0000)]
OPENSSL_SYS_WIN32 is important so util/mkdef.pl can detect it
Richard Levitte [Wed, 17 Jul 2002 13:33:02 +0000 (13:33 +0000)]
Make mkdir failsafe in case the directories are already present
Richard Levitte [Wed, 17 Jul 2002 13:27:43 +0000 (13:27 +0000)]
Add support for shared libraries with OS/2.
PR: 124
Richard Levitte [Wed, 17 Jul 2002 11:29:15 +0000 (11:29 +0000)]
Add a few FAQ entries for the various ways building OpenSSL on MacOS X
can fail, and point at the text in the PROBLEMS file
Richard Levitte [Wed, 17 Jul 2002 11:16:22 +0000 (11:16 +0000)]
If OpenSSL is built with shared library support on MacOS X,
everything works fine. Note: this is only true for 0.9.7 and on
Richard Levitte [Wed, 17 Jul 2002 11:09:44 +0000 (11:09 +0000)]
On MacOS X, the shared library editor uses DYLD_LIBRARY_PATH
Richard Levitte [Wed, 17 Jul 2002 08:20:27 +0000 (08:20 +0000)]
On MacOS X, you're not allowed to have common objects in shared libraries
Richard Levitte [Wed, 17 Jul 2002 07:48:39 +0000 (07:48 +0000)]
Add the usually recommended solution to the linking problem entry for MacOS X
Richard Levitte [Tue, 16 Jul 2002 11:07:42 +0000 (11:07 +0000)]
We had some experimental options in the Darwin entries. They are no longer needed
Richard Levitte [Tue, 16 Jul 2002 10:46:00 +0000 (10:46 +0000)]
The default C compiler on MacOS X doesn't like empty object files
Richard Levitte [Tue, 16 Jul 2002 10:20:06 +0000 (10:20 +0000)]
Actually, the "bug" is really documented in the man-page for ld, so
it's really a misfeature according to the jargon file (4.0.0)
definition:
":misfeature: /mis-fee'chr/ or /mis'fee`chr/ /n./ A feature
that eventually causes lossage, possibly because it is not adequate
for a new situation that has evolved. Since it results from a
deliberate and properly implemented feature, a misfeature is not a
bug."