openssl.git
19 years agofix submitted by Andy Schneider <andy.schneider@bjss.co.uk>
Bodo Möller [Fri, 23 Nov 2001 20:58:40 +0000 (20:58 +0000)]
fix submitted by Andy Schneider <andy.schneider@bjss.co.uk>
(in main branch, hn_ncipher.c is already correct)

19 years agocheck OPENSSL_NO_... before including header files that might be
Bodo Möller [Thu, 22 Nov 2001 11:13:10 +0000 (11:13 +0000)]
check OPENSSL_NO_... before including header files that might be
disabled

19 years agoOS/390 support
Bodo Möller [Thu, 22 Nov 2001 11:09:42 +0000 (11:09 +0000)]
OS/390 support

Submitted by: Richard Shapiro <rshapiro@abinitio.com>

19 years agocomment
Bodo Möller [Thu, 22 Nov 2001 11:08:38 +0000 (11:08 +0000)]
comment

19 years agoCut "ENGINE_ID" to the more concise "ID".
Geoff Thorpe [Thu, 22 Nov 2001 10:08:49 +0000 (10:08 +0000)]
Cut "ENGINE_ID" to the more concise "ID".

19 years agoIn this particular error condition, the structural reference wasn't being
Geoff Thorpe [Thu, 22 Nov 2001 09:20:08 +0000 (09:20 +0000)]
In this particular error condition, the structural reference wasn't being
released.

19 years agoWhen the "dynamic" ENGINE loads another ENGINE from a shared-library, it
Geoff Thorpe [Thu, 22 Nov 2001 09:13:18 +0000 (09:13 +0000)]
When the "dynamic" ENGINE loads another ENGINE from a shared-library, it
essentially overwrites itself with the new ENGINE, with the exception of
reference counts, ex_data structures, and other 'admin' elements. However
if the new ENGINE doesn't populate certain elements, there's the risk of
the "dynamic" ENGINE's elements showing through - the "cmd_defns" were just
one of the possibilities. This implements a more comprehensive cleanup.

19 years agoThe "openssl" ENGINE is no longer used except as a testing/debugging
Geoff Thorpe [Thu, 22 Nov 2001 09:01:11 +0000 (09:01 +0000)]
The "openssl" ENGINE is no longer used except as a testing/debugging
device. This change enables it for building as a self-contained "dynamic"
ENGINE, to help testing such mechanisms.

19 years ago'flags' should only be set inside DSO_load() if constructing a new DSO
Geoff Thorpe [Thu, 22 Nov 2001 08:48:09 +0000 (08:48 +0000)]
'flags' should only be set inside DSO_load() if constructing a new DSO
object - otherwise we overwrite any flags that had been previously set in
the DSO before calling DSO_load().

19 years agoExtentions of the explanations to the linking problem on Win32. Provided by Andrew...
Richard Levitte [Mon, 19 Nov 2001 20:46:35 +0000 (20:46 +0000)]
Extentions of the explanations to the linking problem on Win32.  Provided by Andrew Gray <agray@iconsinc.com>

19 years agoClarify reference count handling/removal of session
Lutz Jänicke [Mon, 19 Nov 2001 11:11:23 +0000 (11:11 +0000)]
Clarify reference count handling/removal of session
(shinagawa@star.zko.dec.com).

19 years agoOn VMS, the norm is still that symbols are uppercased, so for now it's better
Richard Levitte [Fri, 16 Nov 2001 13:12:19 +0000 (13:12 +0000)]
On VMS, the norm is still that symbols are uppercased, so for now it's better
 to trust that norm.  I might implement a control for this later on

19 years agowNAFs use does not bring that much performance on Sparcs (where
Bodo Möller [Fri, 16 Nov 2001 12:02:01 +0000 (12:02 +0000)]
wNAFs use does not bring that much performance on Sparcs (where
elliptic curves are are relatively faster than on PCs anyway)

19 years agoavoid stupid compiler warning
Bodo Möller [Fri, 16 Nov 2001 11:37:36 +0000 (11:37 +0000)]
avoid stupid compiler warning

19 years agoBuild dynamic rsaref engine on VMS. Tested on VAX so far.
Richard Levitte [Fri, 16 Nov 2001 09:14:06 +0000 (09:14 +0000)]
Build dynamic rsaref engine on VMS.  Tested on VAX so far.

19 years agoEnd assembler macro correctly.
Richard Levitte [Fri, 16 Nov 2001 09:09:15 +0000 (09:09 +0000)]
End assembler macro correctly.

On VAX, all global variables are accessed through functions, so skip
doing transfer entries for variables.

Forgot the looping gotos.

19 years agoOn systems that don't do too well including headers from a different
Richard Levitte [Fri, 16 Nov 2001 08:54:34 +0000 (08:54 +0000)]
On systems that don't do too well including headers from a different
directory, trust the building scripts to handle it properly.

19 years agoMake sure evp_locl.h can be included (hw_openbsd_dev_crypto.c needs that).
Richard Levitte [Fri, 16 Nov 2001 08:52:56 +0000 (08:52 +0000)]
Make sure evp_locl.h can be included (hw_openbsd_dev_crypto.c needs that).

19 years agocomment
Bodo Möller [Fri, 16 Nov 2001 06:22:21 +0000 (06:22 +0000)]
comment

19 years agouse a more interesting test case
Bodo Möller [Fri, 16 Nov 2001 06:22:05 +0000 (06:22 +0000)]
use a more interesting test case

19 years agocomments etc.
Bodo Möller [Thu, 15 Nov 2001 22:35:41 +0000 (22:35 +0000)]
comments etc.

19 years agoImprove EC efficiency.
Bodo Möller [Thu, 15 Nov 2001 22:32:11 +0000 (22:32 +0000)]
Improve EC efficiency.

19 years agoA missing comma added.
Richard Levitte [Thu, 15 Nov 2001 22:29:02 +0000 (22:29 +0000)]
A missing comma added.

19 years agomake update
Richard Levitte [Thu, 15 Nov 2001 20:24:00 +0000 (20:24 +0000)]
make update

19 years agoAdd MD digests.
Richard Levitte [Thu, 15 Nov 2001 20:23:29 +0000 (20:23 +0000)]
Add MD digests.

And this finishes this engine, it now offers all ciphers and digests
that RSAref 2.0 has.

19 years agoMake it possible to give digest names as -evp arguments.
Richard Levitte [Thu, 15 Nov 2001 20:19:40 +0000 (20:19 +0000)]
Make it possible to give digest names as -evp arguments.

19 years agoAdd DES functions.
Richard Levitte [Thu, 15 Nov 2001 18:52:28 +0000 (18:52 +0000)]
Add DES functions.
Restructure the code and comment it a bit.
Prepare for the presence of digests.

19 years agoIf an engine isn't built in, try loading it as a shareable library
Richard Levitte [Thu, 15 Nov 2001 18:48:42 +0000 (18:48 +0000)]
If an engine isn't built in, try loading it as a shareable library
instead.  This also makes it possible for users to simply give said
shareable library as argument for the -engine option.

19 years agoAt least for the two common Unixly DSO loading methods, include the
Richard Levitte [Thu, 15 Nov 2001 18:24:42 +0000 (18:24 +0000)]
At least for the two common Unixly DSO loading methods, include the
system error in the error text.

19 years agoUse the generated error code files.
Richard Levitte [Thu, 15 Nov 2001 16:57:36 +0000 (16:57 +0000)]
Use the generated error code files.

19 years ago'make update' + some touches.
Richard Levitte [Thu, 15 Nov 2001 16:57:00 +0000 (16:57 +0000)]
'make update' + some touches.

19 years agoAdd targets to update the error code files.
Richard Levitte [Thu, 15 Nov 2001 16:56:17 +0000 (16:56 +0000)]
Add targets to update the error code files.

19 years agoAdd a local error code configuration file for the rsaref dynamic
Richard Levitte [Thu, 15 Nov 2001 16:53:50 +0000 (16:53 +0000)]
Add a local error code configuration file for the rsaref dynamic
engine.

19 years agoMake it possible to build completely static, independent error C
Richard Levitte [Thu, 15 Nov 2001 16:52:10 +0000 (16:52 +0000)]
Make it possible to build completely static, independent error C
files.

19 years agomake update
Richard Levitte [Thu, 15 Nov 2001 12:25:14 +0000 (12:25 +0000)]
make update
perl util/mkerr.pl -recurse -write -rebuild

19 years agoMake use of RSAref's header files instead of EAY's crafted rsaref.h.
Richard Levitte [Wed, 14 Nov 2001 23:39:01 +0000 (23:39 +0000)]
Make use of RSAref's header files instead of EAY's crafted rsaref.h.

19 years agoIn a Debian Linux environment, it's not a good idea, apparently, to
Richard Levitte [Wed, 14 Nov 2001 23:25:46 +0000 (23:25 +0000)]
In a Debian Linux environment, it's not a good idea, apparently, to
manually declare the include directory /usr/include at the same time
as the macro PROTOTYPES is defined with the value 1.  Besides,
/usr/include is the standard include directory anyway, so there's no
need to specify it explicitely.

19 years agoAdd a demo that reimplements the RSAref glue in form of a dynamically
Richard Levitte [Wed, 14 Nov 2001 22:42:35 +0000 (22:42 +0000)]
Add a demo that reimplements the RSAref glue in form of a dynamically
loadable engine.

19 years agoAfter loading a dynamic engine, reset the command definitions to the
Richard Levitte [Wed, 14 Nov 2001 22:32:19 +0000 (22:32 +0000)]
After loading a dynamic engine, reset the command definitions to the
empty set.  This prevents engines that do not set the command
definitions themselves to inherit the ones from "dynamic", which would
otherwise be very confusing.

19 years agoChange the order of events so the capabilities of loaded engines can
Richard Levitte [Wed, 14 Nov 2001 22:30:17 +0000 (22:30 +0000)]
Change the order of events so the capabilities of loaded engines can
get listed as well.

19 years agoremove obsolete entry
Bodo Möller [Wed, 14 Nov 2001 21:21:47 +0000 (21:21 +0000)]
remove obsolete entry

19 years agocast to unsigned int, not to int to avoid the warning -- all these
Bodo Möller [Wed, 14 Nov 2001 21:18:35 +0000 (21:18 +0000)]
cast to unsigned int, not to int to avoid the warning -- all these
values really are unsigned

19 years agoconsistency between main branch and stable branch
Bodo Möller [Wed, 14 Nov 2001 21:17:39 +0000 (21:17 +0000)]
consistency between main branch and stable branch

19 years agoImplement STARTTLS for certain protocols, currently only supporting SMTP.
Richard Levitte [Wed, 14 Nov 2001 13:57:52 +0000 (13:57 +0000)]
Implement STARTTLS for certain protocols, currently only supporting SMTP.

19 years agoRemove temporary files
Richard Levitte [Wed, 14 Nov 2001 10:58:37 +0000 (10:58 +0000)]
Remove temporary files

19 years agounsigned int vs. int.
Richard Levitte [Wed, 14 Nov 2001 10:55:29 +0000 (10:55 +0000)]
unsigned int vs. int.

19 years agoExclude .out files
Richard Levitte [Wed, 14 Nov 2001 10:53:47 +0000 (10:53 +0000)]
Exclude .out files

19 years agosynchronise with 0.9.6 stable branch
Bodo Möller [Mon, 12 Nov 2001 23:22:29 +0000 (23:22 +0000)]
synchronise with 0.9.6 stable branch

19 years agoinformation on 0.9.6c-engine
Bodo Möller [Mon, 12 Nov 2001 22:10:15 +0000 (22:10 +0000)]
information on 0.9.6c-engine

19 years agoPhew, finished
Mark J. Cox [Mon, 12 Nov 2001 20:30:01 +0000 (20:30 +0000)]
Phew, finished
Submitted by:
Reviewed by:
PR:

19 years agoI've still got one left; the backport of the Broadcom UBSEC driver to
Mark J. Cox [Mon, 12 Nov 2001 15:32:11 +0000 (15:32 +0000)]
I've still got one left; the backport of the Broadcom UBSEC driver to
0.9.6 that we've got - just waiting for clearance on that one
Submitted by:
Reviewed by:
PR:

19 years agoAdd unixware-7-gcc as in 0.9.6 branch (except that we need a 'sys_id'
Bodo Möller [Mon, 12 Nov 2001 15:31:39 +0000 (15:31 +0000)]
Add unixware-7-gcc as in 0.9.6 branch (except that we need a 'sys_id'
field here, which is left empty).

Various configurations are *only* in the 0.9.6 branch at the moment:
  OpenUNIX
  OpenUNIX-8-gcc-shared
  OpenUNIX-8-shared
Either Configure or CHANGES must be changed to rectify the situation.

19 years agothe PRNG race conditions were mostly a theoretical issue, remove from NEWS
Bodo Möller [Mon, 12 Nov 2001 11:33:38 +0000 (11:33 +0000)]
the PRNG race conditions were mostly a theoretical issue, remove from NEWS

19 years agoadd changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c
Bodo Möller [Mon, 12 Nov 2001 11:28:15 +0000 (11:28 +0000)]
add changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c

19 years agoAdd an FAQ.
Dr. Stephen Henson [Mon, 12 Nov 2001 01:58:50 +0000 (01:58 +0000)]
Add an FAQ.

19 years agoOrder chronologically: move entry for recent s2_clnt.c/s2_srvr.c fixes
Bodo Möller [Sat, 10 Nov 2001 15:14:00 +0000 (15:14 +0000)]
Order chronologically: move entry for recent s2_clnt.c/s2_srvr.c fixes
(nearly) to the top.

Move msg_callback entry to the top as the implementation for SSL 2.0
is based on the s2_clnt.c/s2_srvr.c changes.

19 years agomake code a little more similar to what it looked like before the fixes,
Bodo Möller [Sat, 10 Nov 2001 10:44:15 +0000 (10:44 +0000)]
make code a little more similar to what it looked like before the fixes,
call ssl2_part_read again to parse error message

19 years agoremove incorrect 'callback' prototype
Bodo Möller [Sat, 10 Nov 2001 02:12:56 +0000 (02:12 +0000)]
remove incorrect 'callback' prototype

19 years agomsg_callback documentation
Bodo Möller [Sat, 10 Nov 2001 02:12:09 +0000 (02:12 +0000)]
msg_callback documentation

19 years agomore output for SSL 2.0 in our msg_callback
Bodo Möller [Sat, 10 Nov 2001 01:17:02 +0000 (01:17 +0000)]
more output for SSL 2.0 in our msg_callback

19 years agoImplement msg_callback for SSL 2.0.
Bodo Möller [Sat, 10 Nov 2001 01:16:28 +0000 (01:16 +0000)]
Implement msg_callback for SSL 2.0.

Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).

19 years ago2001, not 2000
Bodo Möller [Fri, 9 Nov 2001 13:15:05 +0000 (13:15 +0000)]
2001, not 2000

19 years agoadjust to OpenSSL_0_9_6-stable version
Bodo Möller [Fri, 9 Nov 2001 13:09:11 +0000 (13:09 +0000)]
adjust to OpenSSL_0_9_6-stable version

19 years agocast to 'unsigned long' before using ~ if we need an unsigned long result
Bodo Möller [Fri, 9 Nov 2001 12:58:05 +0000 (12:58 +0000)]
cast to 'unsigned long' before using ~ if we need an unsigned long result

Submitted by: "Stefan Marxen" <stefan.marxen@gmx.net>

19 years agoclarify
Bodo Möller [Thu, 8 Nov 2001 14:54:21 +0000 (14:54 +0000)]
clarify

19 years agoDon't define _REENTRANT here in e_os.h. On systems where we need
Bodo Möller [Thu, 8 Nov 2001 14:32:06 +0000 (14:32 +0000)]
Don't define _REENTRANT here in e_os.h.  On systems where we need
_REENTRANT if threads support is enabled, the ./Configure entry must
define it so that it ends up in CFLAG.

19 years agoPKCS#12 code fixes: initialize and cleanup digests and ciphers
Dr. Stephen Henson [Tue, 6 Nov 2001 13:54:48 +0000 (13:54 +0000)]
PKCS#12 code fixes: initialize and cleanup digests and ciphers
properly.

19 years agoWin32 fixes.
Dr. Stephen Henson [Tue, 6 Nov 2001 13:40:27 +0000 (13:40 +0000)]
Win32 fixes.

19 years agodes_old.h doesn't really need to include des.h, so don't. That will
Richard Levitte [Tue, 6 Nov 2001 11:37:14 +0000 (11:37 +0000)]
des_old.h doesn't really need to include des.h, so don't.  That will
avoid clashes with other code that have their own DES_ functions but
really only use OpenSSL's old des_ functions.

19 years agoFix email address delete code.
Dr. Stephen Henson [Tue, 6 Nov 2001 01:44:21 +0000 (01:44 +0000)]
Fix email address delete code.

19 years agoPlace the OpenSSL-specific headers back so they always get included,
Richard Levitte [Mon, 5 Nov 2001 18:18:12 +0000 (18:18 +0000)]
Place the OpenSSL-specific headers back so they always get included,
or we get a dependency war in Makefile.ssl

19 years agoNo need to include anything on systems that do not have /dev/crypt
Richard Levitte [Mon, 5 Nov 2001 12:44:14 +0000 (12:44 +0000)]
No need to include anything on systems that do not have /dev/crypt

19 years agoDOS and Windows do not like unistd.h
Richard Levitte [Mon, 5 Nov 2001 12:43:17 +0000 (12:43 +0000)]
DOS and Windows do not like unistd.h

19 years agoIf verify fails, say why.
Ben Laurie [Fri, 2 Nov 2001 13:29:14 +0000 (13:29 +0000)]
If verify fails, say why.

19 years agoChange the shared library support so the shared libraries get built
Richard Levitte [Tue, 30 Oct 2001 08:00:59 +0000 (08:00 +0000)]
Change the shared library support so the shared libraries get built
sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.

19 years agoAddapt VMS scripts to the newer disk layout system ODS-5, which allows more than...
Richard Levitte [Mon, 29 Oct 2001 13:05:28 +0000 (13:05 +0000)]
Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names

19 years agoAnother noemailDN fix.
Dr. Stephen Henson [Sat, 27 Oct 2001 17:53:06 +0000 (17:53 +0000)]
Another noemailDN fix.

19 years agoAllow ca to certify requests containing BMPStrings and UTF8Strings.
Dr. Stephen Henson [Sat, 27 Oct 2001 17:04:47 +0000 (17:04 +0000)]
Allow ca to certify requests containing BMPStrings and UTF8Strings.

19 years agoBugfixes for noemailDN option. Make it use the
Dr. Stephen Henson [Sat, 27 Oct 2001 17:03:20 +0000 (17:03 +0000)]
Bugfixes for noemailDN option. Make it use the
correct name (instead of NULL) if nomailDN is
not set, fix memory leaks and retain DN structure
when deleting emailAddress.

19 years agoStop compiler warnings.
Dr. Stephen Henson [Sat, 27 Oct 2001 00:18:04 +0000 (00:18 +0000)]
Stop compiler warnings.

19 years agoAdd support for Subject Info Acess extension.
Dr. Stephen Henson [Sat, 27 Oct 2001 00:16:53 +0000 (00:16 +0000)]
Add support for Subject Info Acess extension.

19 years agoNote BUF_MEM_grow() consistency fix.
Bodo Möller [Fri, 26 Oct 2001 14:06:33 +0000 (14:06 +0000)]
Note BUF_MEM_grow() consistency fix.

19 years agoConsistency fix in BUF_MEM_grow: Initialise to zero when new memory
Bodo Möller [Fri, 26 Oct 2001 13:12:25 +0000 (13:12 +0000)]
Consistency fix in BUF_MEM_grow: Initialise to zero when new memory
had to be allocated, not just when reusing the existing buffer.

19 years agodisable caching in BIO_gethostbyname
Bodo Möller [Fri, 26 Oct 2001 13:04:23 +0000 (13:04 +0000)]
disable caching in BIO_gethostbyname

19 years agoNew options to allow req to accept UTF8 strings as input.
Dr. Stephen Henson [Fri, 26 Oct 2001 12:40:38 +0000 (12:40 +0000)]
New options to allow req to accept UTF8 strings as input.

19 years agoremove compatibility notes that no longer apply
Ulf Möller [Thu, 25 Oct 2001 17:45:25 +0000 (17:45 +0000)]
remove compatibility notes that no longer apply

19 years agoCorrect some links...
Richard Levitte [Thu, 25 Oct 2001 16:56:06 +0000 (16:56 +0000)]
Correct some links...

19 years agoChange the DES documentation to reflect the current status. Note that
Richard Levitte [Thu, 25 Oct 2001 16:55:17 +0000 (16:55 +0000)]
Change the DES documentation to reflect the current status.  Note that
some password reading functions are really part of the UI
compatibility library...

19 years agoMake sure openssl speed is compilable on systems where fork() doesn't
Richard Levitte [Thu, 25 Oct 2001 16:08:17 +0000 (16:08 +0000)]
Make sure openssl speed is compilable on systems where fork() doesn't
exist.  For now, that's all the ones we "support" except Unix.

19 years agoAdd paralellism to speed - note that this currently causes a weird memory leak.
Ben Laurie [Thu, 25 Oct 2001 14:27:17 +0000 (14:27 +0000)]
Add paralellism to speed - note that this currently causes a weird memory leak.

19 years agoFix warning.
Ben Laurie [Thu, 25 Oct 2001 14:24:59 +0000 (14:24 +0000)]
Fix warning.

19 years agoLike MD_Init, MD now must include a NULL engine pointer in its definition.
Bodo Möller [Thu, 25 Oct 2001 08:53:54 +0000 (08:53 +0000)]
Like MD_Init, MD now must include a NULL engine pointer in its definition.

19 years agoremove redundant definitions that are also in des.h
Bodo Möller [Thu, 25 Oct 2001 08:46:10 +0000 (08:46 +0000)]
remove redundant definitions that are also in des.h

19 years agomention des_old.h
Bodo Möller [Thu, 25 Oct 2001 08:44:10 +0000 (08:44 +0000)]
mention des_old.h

19 years agoAdd '-noemailDN' option to 'openssl ca'. This prevents inclusion of
Bodo Möller [Thu, 25 Oct 2001 08:25:19 +0000 (08:25 +0000)]
Add '-noemailDN' option to 'openssl ca'.  This prevents inclusion of
the e-mail address in the DN (i.e., it will go into a certificate
extension only).  The new configuration file option 'email_in_dn = no'
has the same effect.

Submitted by: Massimiliano Pala madwolf@openca.org

19 years agofilenames are des_old.[ch], not des.comp*
Bodo Möller [Thu, 25 Oct 2001 08:23:13 +0000 (08:23 +0000)]
filenames are des_old.[ch], not des.comp*

19 years agoConsistency with s2_... and s23_... variants (no real functional
Bodo Möller [Thu, 25 Oct 2001 08:17:53 +0000 (08:17 +0000)]
Consistency with s2_... and s23_... variants (no real functional
change)

19 years agoRemove DES_random_seed() but retain des_random_seed() for now. Change
Richard Levitte [Thu, 25 Oct 2001 06:46:22 +0000 (06:46 +0000)]
Remove DES_random_seed() but retain des_random_seed() for now.  Change
the docs to reflect this change and correct libeay.num.

19 years agoAssume TLS 1.0 when ClientHello fragment is too short.
Bodo Möller [Thu, 25 Oct 2001 06:09:51 +0000 (06:09 +0000)]
Assume TLS 1.0 when ClientHello fragment is too short.

19 years agoHave the removal warnings very high up in the source.
Richard Levitte [Thu, 25 Oct 2001 05:37:10 +0000 (05:37 +0000)]
Have the removal warnings very high up in the source.