openssl.git
18 years agoClarify request of client certificates. This is a FAQ.
Lutz Jänicke [Tue, 17 Apr 2001 13:18:56 +0000 (13:18 +0000)]
Clarify request of client certificates. This is a FAQ.

18 years agoFix warning.
Ben Laurie [Mon, 16 Apr 2001 03:00:57 +0000 (03:00 +0000)]
Fix warning.

18 years agoConstify (Jason Molenda <jason@molenda.com>)
Lutz Jänicke [Sat, 14 Apr 2001 14:50:02 +0000 (14:50 +0000)]
Constify (Jason Molenda <jason@molenda.com>)

18 years agoMissing link ("Greg Stark" <gstark@ethentica.com>)
Lutz Jänicke [Thu, 12 Apr 2001 21:11:31 +0000 (21:11 +0000)]
Missing link ("Greg Stark" <gstark@ethentica.com>)

18 years agoFix wrong information with respect to CAs listed to the client
Lutz Jänicke [Thu, 12 Apr 2001 16:02:34 +0000 (16:02 +0000)]
Fix wrong information with respect to CAs listed to the client
(follows from technical discussion with Amit Chopra <amitc@pspl.co.in>).

18 years agoupdate so that changes going into the 0.9.6 tree can be logged
Bodo Möller [Thu, 12 Apr 2001 12:42:20 +0000 (12:42 +0000)]
update so that changes going into the 0.9.6 tree can be logged

18 years agoundo previous change ...
Bodo Möller [Thu, 12 Apr 2001 12:03:41 +0000 (12:03 +0000)]
undo previous change ...

18 years agoupdate from 0.9.6a
Bodo Möller [Thu, 12 Apr 2001 12:01:47 +0000 (12:01 +0000)]
update from 0.9.6a

18 years agoTypo (Jun-ichiro itojun Hagino <itojun@iijlab.net>)
Lutz Jänicke [Thu, 12 Apr 2001 11:45:42 +0000 (11:45 +0000)]
Typo (Jun-ichiro itojun Hagino <itojun@iijlab.net>)

18 years agoCorrect typo.
Richard Levitte [Wed, 11 Apr 2001 14:14:54 +0000 (14:14 +0000)]
Correct typo.

18 years agoAdd -keyform.
Richard Levitte [Wed, 11 Apr 2001 14:11:55 +0000 (14:11 +0000)]
Add -keyform.

18 years agoShow an example of moving the emailAddress object from the subkect DN
Richard Levitte [Wed, 11 Apr 2001 13:04:20 +0000 (13:04 +0000)]
Show an example of moving the emailAddress object from the subkect DN
to subjectAltName when signing a certificate.

18 years agoMake it possible to move the emailAddress object to the subjectAltName
Richard Levitte [Wed, 11 Apr 2001 12:55:06 +0000 (12:55 +0000)]
Make it possible to move the emailAddress object to the subjectAltName
extension instead of just copying it.  That makes a certificate comply
even more with PKIX recommendations according to RFC 2459.

18 years agoAdd information on 0.9.6a (in a form such that the list can be
Bodo Möller [Wed, 11 Apr 2001 10:35:38 +0000 (10:35 +0000)]
Add information on 0.9.6a (in a form such that the list can be
verified by looking at 'diff -u ../openssl-0.9.6a/CHANGES CHANGES')

18 years agoNetBSD and OpenBSD use TOD as well
Richard Levitte [Wed, 11 Apr 2001 10:06:02 +0000 (10:06 +0000)]
NetBSD and OpenBSD use TOD as well

18 years agoMention automatically queried EGD sockets (OpenSSL 0.9.7).
Bodo Möller [Tue, 10 Apr 2001 07:59:43 +0000 (07:59 +0000)]
Mention automatically queried EGD sockets (OpenSSL 0.9.7).

0.9.5 is obsolete, so we don't have to discuss its 'openssl rsa'
seeding bug.

18 years agoSome clarifications about $RANDFILE usage.
Lutz Jänicke [Mon, 9 Apr 2001 16:01:38 +0000 (16:01 +0000)]
Some clarifications about $RANDFILE usage.

18 years agoOpenSSH 1.2.2p1 is dead and gone. Errors detecting the OpenSSL library
Lutz Jänicke [Mon, 9 Apr 2001 15:55:58 +0000 (15:55 +0000)]
OpenSSH 1.2.2p1 is dead and gone. Errors detecting the OpenSSL library
are however still common and are solved by checking config.log.

18 years agoCorrect info in the FAQ.
Richard Levitte [Mon, 9 Apr 2001 14:17:26 +0000 (14:17 +0000)]
Correct info in the FAQ.

18 years agoAdjust BN_mod_inverse algorithm selection according to experiments on
Bodo Möller [Mon, 9 Apr 2001 09:28:24 +0000 (09:28 +0000)]
Adjust BN_mod_inverse algorithm selection according to experiments on
Ultra-Sparcs (both 32-bit and 64-bit compilations)

18 years agoupdate (0.9.6a)
Bodo Möller [Mon, 9 Apr 2001 07:15:16 +0000 (07:15 +0000)]
update (0.9.6a)

18 years agocomment
Bodo Möller [Sun, 8 Apr 2001 18:47:23 +0000 (18:47 +0000)]
comment

18 years agocode documentation
Bodo Möller [Sun, 8 Apr 2001 18:41:35 +0000 (18:41 +0000)]
code documentation

18 years agobinary algorithm for modular inversion
Bodo Möller [Sun, 8 Apr 2001 18:23:44 +0000 (18:23 +0000)]
binary algorithm for modular inversion

18 years agoavoid '||' since Ultrix apparently doesn't understand it
Bodo Möller [Sun, 8 Apr 2001 18:22:53 +0000 (18:22 +0000)]
avoid '||' since Ultrix apparently doesn't understand it

18 years ago'||', '&&' and 'test -x' apparently don't work on Ultrix;
Bodo Möller [Sun, 8 Apr 2001 13:49:45 +0000 (13:49 +0000)]
'||', '&&' and 'test -x' apparently don't work on Ultrix;
also 'test' appears to be available as '[' only in 'if' conditions.

18 years agoAvoid assert() in the library.
Bodo Möller [Sun, 8 Apr 2001 13:47:51 +0000 (13:47 +0000)]
Avoid assert() in the library.

18 years agoAdd forgotten "-passin" option to smime.c usage help.
Lutz Jänicke [Sun, 8 Apr 2001 10:51:14 +0000 (10:51 +0000)]
Add forgotten "-passin" option to smime.c usage help.

18 years agoResize a local buffer to accomodate the size requirements of AES.
Richard Levitte [Sun, 8 Apr 2001 05:41:42 +0000 (05:41 +0000)]
Resize a local buffer to accomodate the size requirements of AES.
Protect against future mistakes with an assert().

18 years agoAdd the possibility to have AES removed in Windows as well.
Richard Levitte [Sun, 8 Apr 2001 04:35:58 +0000 (04:35 +0000)]
Add the possibility to have AES removed in Windows as well.
Spotted by Harald Koch <chk@pobox.com>

18 years agoDon't use 'tt' uninitialized when reporting an error
Bodo Möller [Thu, 5 Apr 2001 11:40:16 +0000 (11:40 +0000)]
Don't use 'tt' uninitialized when reporting an error
(we don't have an ASN1_TEMPLATE to complain about at this stage,
so  errtt == NULL  should be OK)

18 years agoFix couple of memory leaks in PKCS7_dataDecode().
Richard Levitte [Thu, 5 Apr 2001 10:19:12 +0000 (10:19 +0000)]
Fix couple of memory leaks in PKCS7_dataDecode().
(provided by Stephen)

18 years agoUnixware config.
Richard Levitte [Thu, 5 Apr 2001 10:09:53 +0000 (10:09 +0000)]
Unixware config.

18 years agodon't use shell functions
Bodo Möller [Wed, 4 Apr 2001 16:26:31 +0000 (16:26 +0000)]
don't use shell functions

18 years agoCorrect a typo. linux != linus.
Richard Levitte [Wed, 4 Apr 2001 16:03:00 +0000 (16:03 +0000)]
Correct a typo.  linux != linus.

18 years agoIncorporate some changes that make OpenSSL compilable in CygWin.
Richard Levitte [Wed, 4 Apr 2001 15:50:30 +0000 (15:50 +0000)]
Incorporate some changes that make OpenSSL compilable in CygWin.

18 years agoSince vms.mar handles 32-bit integers, do not use it on Alpha, that's
Richard Levitte [Wed, 4 Apr 2001 13:52:56 +0000 (13:52 +0000)]
Since vms.mar handles 32-bit integers, do not use it on Alpha, that's
just a slowdown.

18 years agoOpenVMS/Alpha should use 64 bits. If nothing else, there's
Richard Levitte [Wed, 4 Apr 2001 13:51:35 +0000 (13:51 +0000)]
OpenVMS/Alpha should use 64 bits.  If nothing else, there's
performance to gain.

18 years agoMake do_bsd-gcc-shared depend on do_gnu-shared instead of the non-existent linux...
Richard Levitte [Wed, 4 Apr 2001 04:24:24 +0000 (04:24 +0000)]
Make do_bsd-gcc-shared depend on do_gnu-shared instead of the non-existent linux-shared

18 years agoFix warnings.
Bodo Möller [Tue, 3 Apr 2001 14:03:47 +0000 (14:03 +0000)]
Fix warnings.

18 years agoMake sure OPENSSL_SYS_... is defined when we need it.
Bodo Möller [Tue, 3 Apr 2001 14:03:19 +0000 (14:03 +0000)]
Make sure OPENSSL_SYS_... is defined when we need it.

18 years agoThis change should be suitable as a workaround for the Solaris x86
Bodo Möller [Tue, 3 Apr 2001 13:50:30 +0000 (13:50 +0000)]
This change should be suitable as a workaround for the Solaris x86
compiler bug reported in <01032110293775.22278@weba3.iname.net>
(the '++seq[i]' condition is evaluated as 256 rather than 0
when the previous value is 255).

18 years agoPlug a memory leak. Spotted by "Shijin" <shijin@comex.com>
Richard Levitte [Tue, 3 Apr 2001 09:42:36 +0000 (09:42 +0000)]
Plug a memory leak.  Spotted by "Shijin" <shijin@comex.com>

18 years agoReports on Windows, DG-UX and older OpenVMS.
Richard Levitte [Tue, 3 Apr 2001 09:02:07 +0000 (09:02 +0000)]
Reports on Windows, DG-UX and older OpenVMS.

18 years agolibfisdef.h and LIB do not exist on older VMS versions
Richard Levitte [Tue, 3 Apr 2001 08:31:39 +0000 (08:31 +0000)]
libfisdef.h and LIB do not exist on older VMS versions

18 years agoRemove a typo in dgux-R4-gcc.
Richard Levitte [Tue, 3 Apr 2001 08:05:03 +0000 (08:05 +0000)]
Remove a typo in dgux-R4-gcc.

18 years agoENGINE_load_[private|public]_key had error handling that could return
Geoff Thorpe [Mon, 2 Apr 2001 17:47:16 +0000 (17:47 +0000)]
ENGINE_load_[private|public]_key had error handling that could return
without releasing a lock. This is the same fix as applied to
OpenSSL-engine-0_9_6-stable, minus the ENGINE_ctrl() change - the HEAD
already had that fixed.

18 years agoActually there were two error cases that could return without releasing the
Geoff Thorpe [Mon, 2 Apr 2001 17:21:36 +0000 (17:21 +0000)]
Actually there were two error cases that could return without releasing the
lock - stupidly, my last change addressed only one of them.

18 years agoDon't return an error until the global lock is released.
Geoff Thorpe [Mon, 2 Apr 2001 17:06:36 +0000 (17:06 +0000)]
Don't return an error until the global lock is released.

18 years agoReports on VMS.
Richard Levitte [Mon, 2 Apr 2001 14:39:20 +0000 (14:39 +0000)]
Reports on VMS.

18 years agoRewrite CHOICE field setting code to properly handle
Dr. Stephen Henson [Mon, 2 Apr 2001 00:59:19 +0000 (00:59 +0000)]
Rewrite CHOICE field setting code to properly handle
combine in CHOICE options.

This was causing d2i_DSAPublicKey() to misbehave.

18 years agoA few more reports.
Richard Levitte [Sun, 1 Apr 2001 15:18:35 +0000 (15:18 +0000)]
A few more reports.

18 years agoNote reports.
Richard Levitte [Sat, 31 Mar 2001 14:03:09 +0000 (14:03 +0000)]
Note reports.

18 years agoavoid buffer overflow
Bodo Möller [Sat, 31 Mar 2001 07:48:07 +0000 (07:48 +0000)]
avoid buffer overflow

18 years agoNote the Alpha asm change
Ulf Möller [Sat, 31 Mar 2001 01:23:10 +0000 (01:23 +0000)]
Note the Alpha asm change

18 years agolinux-elf verified.
Richard Levitte [Fri, 30 Mar 2001 21:43:06 +0000 (21:43 +0000)]
linux-elf verified.

18 years agoBeta 3 has been released and announced.
Richard Levitte [Fri, 30 Mar 2001 20:54:12 +0000 (20:54 +0000)]
Beta 3 has been released and announced.

18 years agothis time *really* fix the /../ check ...
Bodo Möller [Fri, 30 Mar 2001 14:55:50 +0000 (14:55 +0000)]
this time *really* fix the /../ check ...

18 years agoFor -WWW, fix test for ".." directory references (and avoid warning for
Bodo Möller [Fri, 30 Mar 2001 10:47:21 +0000 (10:47 +0000)]
For -WWW, fix test for ".." directory references (and avoid warning for
index -1).

18 years agoNews for 0.9.6a.
Bodo Möller [Fri, 30 Mar 2001 10:46:15 +0000 (10:46 +0000)]
News for 0.9.6a.

18 years agoFix bctest, and add a workaround that should solve the problem with
Bodo Möller [Fri, 30 Mar 2001 09:19:18 +0000 (09:19 +0000)]
Fix bctest, and add a workaround that should solve the problem with
FreeBSD's /bin/sh.

18 years agoComplete the des_encrypt to des_encrypt1 rename in the main
Richard Levitte [Fri, 30 Mar 2001 07:26:54 +0000 (07:26 +0000)]
Complete the des_encrypt to des_encrypt1 rename in the main
development line as well.

18 years agoOne des_encrypt to des_encrypt1 I forgot to commit...
Richard Levitte [Thu, 29 Mar 2001 20:30:23 +0000 (20:30 +0000)]
One des_encrypt to des_encrypt1 I forgot to commit...

18 years agoStress the news about the name change.
Richard Levitte [Thu, 29 Mar 2001 15:15:10 +0000 (15:15 +0000)]
Stress the news about the name change.

18 years agoI forgot to rename des_encrypt to des_encrypt1 in libeay.num.
Richard Levitte [Thu, 29 Mar 2001 10:49:27 +0000 (10:49 +0000)]
I forgot to rename des_encrypt to des_encrypt1 in libeay.num.

18 years agoSince there has been reports of clashes between OpenSSL's
Richard Levitte [Thu, 29 Mar 2001 07:45:37 +0000 (07:45 +0000)]
Since there has been reports of clashes between OpenSSL's
des_encrypt() and des_encrypt() defined on some systems (Solaris and
Unixware and maybe others), we rename des_encrypt() to des_encrypt1().
This should have very little impact on external software unless
someone has written a mode of DES, since that's all des_encrypt() is
meant for.

18 years agoAdd news section for OpenSSL 0.9.6a. Please add what's missing
Richard Levitte [Wed, 28 Mar 2001 13:36:13 +0000 (13:36 +0000)]
Add news section for OpenSSL 0.9.6a.  Please add what's missing

18 years agocheck CRT
Ulf Möller [Wed, 28 Mar 2001 05:10:38 +0000 (05:10 +0000)]
check CRT

18 years agocheck CRT
Ulf Möller [Wed, 28 Mar 2001 04:56:58 +0000 (04:56 +0000)]
check CRT

18 years agomips
Ulf Möller [Wed, 28 Mar 2001 02:41:02 +0000 (02:41 +0000)]
mips

18 years agoRestore asm/mips3.s to be compiled and linked in, since the bug has
Richard Levitte [Tue, 27 Mar 2001 23:42:36 +0000 (23:42 +0000)]
Restore asm/mips3.s to be compiled and linked in, since the bug has
(at least hopefully :-)) been fixed.

18 years agoThe IRIX fix. Asm recap and corresponding declation.
Andy Polyakov [Tue, 27 Mar 2001 22:30:46 +0000 (22:30 +0000)]
The IRIX fix. Asm recap and corresponding declation.

Submitted by:
Reviewed by:
PR:

18 years agoInclude bn.h so we get BN_LLONG properly defined. Otherwise, we can forget things...
Richard Levitte [Tue, 27 Mar 2001 18:34:04 +0000 (18:34 +0000)]
Include bn.h so we get BN_LLONG properly defined.  Otherwise, we can forget things like %lld

18 years agoReports seem to show that asm/mips3.s has faults. To be investigated, but let's...
Richard Levitte [Tue, 27 Mar 2001 09:13:03 +0000 (09:13 +0000)]
Reports seem to show that asm/mips3.s has faults.  To be investigated, but let's avoid using it in the mean time

18 years agoFor mips3 and alpha, put the assembler file directives in separate
Richard Levitte [Mon, 26 Mar 2001 16:16:12 +0000 (16:16 +0000)]
For mips3 and alpha, put the assembler file directives in separate
variables and disable the Alpha assembler for now, since it has been
shown to fail.

The Alpha failure can be shown by adding the following numbers:

FFFFFFFFFFFFFF0000FF2E00000000EBFFFFFF0000D1
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF46FFE0FFFF0000

The result is:

1FFFFFFFFFFFEFF0000FF2E0000000032FFE0FEFF00D1

The result should really be:

1FFFFFFFFFFFFFF0000FF2E0000000032FFE0FEFF00D1

18 years agomake update
Richard Levitte [Sat, 24 Mar 2001 12:39:59 +0000 (12:39 +0000)]
make update

18 years agoWhen using the native tools on Solaris, make damn sure the native ld
Richard Levitte [Sat, 24 Mar 2001 12:31:11 +0000 (12:31 +0000)]
When using the native tools on Solaris, make damn sure the native ld
is used, even if the user has GNU ld earlier in his $PATH.

18 years agogcc uses collect2, not ld, to link things. Therefore, when using gcc
Richard Levitte [Sat, 24 Mar 2001 12:29:21 +0000 (12:29 +0000)]
gcc uses collect2, not ld, to link things.  Therefore, when using gcc
there's no need fooling ourselves, it's the gnu-shared method that we
should use.  Do it for Solaris to begin with.

18 years agoln on Solaris expects -f to come before -s.
Richard Levitte [Sat, 24 Mar 2001 11:45:57 +0000 (11:45 +0000)]
ln on Solaris expects -f to come before -s.
The linux-shared method is actually gcc-specific, so call it
gnu-shared as well.

18 years agoSmall AIX problems solved.
Richard Levitte [Thu, 22 Mar 2001 22:13:16 +0000 (22:13 +0000)]
Small AIX problems solved.

18 years agoA lot of reports.
Richard Levitte [Thu, 22 Mar 2001 21:32:26 +0000 (21:32 +0000)]
A lot of reports.

18 years agoWe really have no need for PEX_LIBS, so empty it.
Richard Levitte [Thu, 22 Mar 2001 21:20:54 +0000 (21:20 +0000)]
We really have no need for PEX_LIBS, so empty it.

18 years agoAdd missing '#ifndef OPENSSL_NO_DSA'.
Bodo Möller [Thu, 22 Mar 2001 15:06:19 +0000 (15:06 +0000)]
Add missing '#ifndef OPENSSL_NO_DSA'.

18 years agoRemove redundant operations and update version info.
Richard Levitte [Thu, 22 Mar 2001 12:14:37 +0000 (12:14 +0000)]
Remove redundant operations and update version info.

18 years agoHarmonize CHANGES and STATUS files between the 0.9.6a branch and
Bodo Möller [Thu, 22 Mar 2001 10:59:41 +0000 (10:59 +0000)]
Harmonize CHANGES and STATUS files between the 0.9.6a branch and
the trunk to keep diffs small.

18 years agoUse stdlib.h to get size_t.
Richard Levitte [Wed, 21 Mar 2001 18:43:12 +0000 (18:43 +0000)]
Use stdlib.h to get size_t.

18 years agoUpdate docs.
Bodo Möller [Wed, 21 Mar 2001 15:25:56 +0000 (15:25 +0000)]
Update docs.

18 years agoSince they aren't implemented yet, EC_GFp_{recp,nist}_method() need to
Richard Levitte [Wed, 21 Mar 2001 12:34:34 +0000 (12:34 +0000)]
Since they aren't implemented yet, EC_GFp_{recp,nist}_method() need to
be "#if 0"'d, or they will (re)appear as existing functions in
util/libeay.num.

18 years agoTag EC_GFp_{nist,recp}_method as "NOEXIST" because they have
Bodo Möller [Wed, 21 Mar 2001 09:58:57 +0000 (09:58 +0000)]
Tag EC_GFp_{nist,recp}_method as "NOEXIST" because they have
not yet been implemented.

18 years agoavoid linking problems when OpenSSL is built with no-dsa. Spotted by Hellan,Kim...
Richard Levitte [Tue, 20 Mar 2001 15:36:59 +0000 (15:36 +0000)]
avoid linking problems when OpenSSL is built with no-dsa.  Spotted by Hellan,Kim KHE <khe@kmd.dk>

18 years agoIncrease boundaries in EC_window_bits_for_scalar_size table.
Bodo Möller [Tue, 20 Mar 2001 11:16:12 +0000 (11:16 +0000)]
Increase boundaries in EC_window_bits_for_scalar_size table.

18 years agoTable for window sizes.
Bodo Möller [Mon, 19 Mar 2001 22:38:24 +0000 (22:38 +0000)]
Table for window sizes.

18 years agoUpdate.
Bodo Möller [Mon, 19 Mar 2001 22:38:01 +0000 (22:38 +0000)]
Update.

18 years agoNew cofiguration for Unixwre and SCO,with slightly better granularity. Contributed...
Richard Levitte [Sun, 18 Mar 2001 14:25:01 +0000 (14:25 +0000)]
New cofiguration for Unixwre and SCO,with slightly better granularity.  Contributed by Tim Rice <tim@multitalents.net>

18 years agoFix PKCS#12 key generation bug.
Dr. Stephen Henson [Sun, 18 Mar 2001 02:11:42 +0000 (02:11 +0000)]
Fix PKCS#12 key generation bug.

18 years agoExplicitly ignore the exit code of ./bctest. Usually the shell
Bodo Möller [Sat, 17 Mar 2001 09:51:25 +0000 (09:51 +0000)]
Explicitly ignore the exit code of ./bctest.  Usually the shell
ignores it anyway in command substitution, but Ultrix reportedly
aborted the test when bctest returned 1.

18 years agoCorrect a typo which might have lead to a dump.
Richard Levitte [Fri, 16 Mar 2001 10:30:10 +0000 (10:30 +0000)]
Correct a typo which might have lead to a dump.
Noted by Martin Kraemer <Martin.Kraemer@Fujitsu-Siemens.com>

18 years agoAn enhanced bctest submitted by Tim Rice <tim@multitalents.net>.
Richard Levitte [Fri, 16 Mar 2001 09:13:11 +0000 (09:13 +0000)]
An enhanced bctest submitted by Tim Rice <tim@multitalents.net>.
It now looks along $PATH for a working bc and returns the absolute
path to one that does work.

18 years agoAdd copy_extensions option to 'ca' utility.
Dr. Stephen Henson [Fri, 16 Mar 2001 02:04:17 +0000 (02:04 +0000)]
Add copy_extensions option to 'ca' utility.

18 years agoAdd 'align' option to nameopt.
Dr. Stephen Henson [Thu, 15 Mar 2001 22:45:20 +0000 (22:45 +0000)]
Add 'align' option to nameopt.

Add default values for display by the 'ca' utility
to openssl.cnf

Update docs.