a372f9b | cvs2svn | 08 December 2002, 09:31:42 UTC | This commit was manufactured by cvs2svn to create tag 'STATE_after_zlib'. | 08 December 2002, 09:31:42 UTC |
fdaea9e | Richard Levitte | 08 December 2002, 09:31:41 UTC | Since it's defined in draft-ietf-tls-compression-04.txt, let's make ZLIB a known compression method, with the identity 1. | 08 December 2002, 09:31:41 UTC |
5daec7e | Geoff Thorpe | 08 December 2002, 05:38:44 UTC | Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are being built with it defined - it is not a symbol to affect how openssl itself builds, but to alter the way openssl headers can be used from an API point of view. The "deprecated" function wrappers will always remain inside OpenSSL at least as long as they're still being used internally. :-) The exception is dsaparam which has been updated to the BN_GENCB-based functions to test the new functionality. If GENCB_TEST is defined, dsaparam will support a "-timebomb <n>" switch to cancel parameter-generation if it gets as far as 'n' seconds without completion. | 08 December 2002, 05:38:44 UTC |
e9224c7 | Geoff Thorpe | 08 December 2002, 05:24:31 UTC | This is a first-cut at improving the callback mechanisms used in key-generation and prime-checking functions. Rather than explicitly passing callback functions and caller-defined context data for the callbacks, a new structure BN_GENCB is defined that encapsulates this; a pointer to the structure is passed to all such functions instead. This wrapper structure allows the encapsulation of "old" and "new" style callbacks - "new" callbacks return a boolean result on the understanding that returning FALSE should terminate keygen/primality processing. The BN_GENCB abstraction will allow future callback modifications without needing to break binary compatibility nor change the API function prototypes. The new API functions have been given names ending in "_ex" and the old functions are implemented as wrappers to the new ones. The OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined, declaration of the older functions will be skipped. NB: Some openssl-internal code will stick with the older callbacks for now, so appropriate "#undef" logic will be put in place - this is in case the user is *building* openssl (rather than *including* its headers) with this symbol defined. There is another change in the new _ex functions; the key-generation functions do not return key structures but operate on structures passed by the caller, the return value is a boolean. This will allow for a smoother transition to having key-generation as "virtual function" in the various ***_METHOD tables. | 08 December 2002, 05:24:31 UTC |
e90e719 | Geoff Thorpe | 08 December 2002, 05:19:43 UTC | Fix a warning, and do some constification as a lucky side-effect :-) | 08 December 2002, 05:19:43 UTC |
7ba666f | Richard Levitte | 08 December 2002, 02:41:11 UTC | Since it's defined in draft-ietf-tls-compression-04.txt, let's make ZLIB a known compression method, with the identity 1. | 08 December 2002, 02:41:11 UTC |
86a62cf | Richard Levitte | 08 December 2002, 02:39:38 UTC | Implement a stateful variant if the ZLIB compression method. The old stateless variant is kept, but isn't used anywhere. | 08 December 2002, 02:39:38 UTC |
b114057 | Richard Levitte | 07 December 2002, 20:03:42 UTC | Forgot one. | 07 December 2002, 20:03:42 UTC |
4c3a2b4 | Richard Levitte | 07 December 2002, 20:02:20 UTC | Add a few items I intend to work on for 0.9.8 and on. | 07 December 2002, 20:02:20 UTC |
bbf8198 | Andy Polyakov | 06 December 2002, 17:18:10 UTC | Workaround for GCC-ia64 compiler bug. Submitted by: <appro> Reviewed by: PR: | 06 December 2002, 17:18:10 UTC |
3dda0dd | Richard Levitte | 06 December 2002, 08:50:06 UTC | Some compilers are quite picky about non-void functions that don't return anything. | 06 December 2002, 08:50:06 UTC |
fa63a98 | Richard Levitte | 06 December 2002, 08:43:41 UTC | Apparently, bash is more forgiving than sh. To be backward compatible, don't use ==, use = instead... | 06 December 2002, 08:43:41 UTC |
1fc73fe | Richard Levitte | 06 December 2002, 00:39:03 UTC | Keep NEWS in HEAD up to date. | 06 December 2002, 00:39:03 UTC |
90543bd | Richard Levitte | 05 December 2002, 23:01:17 UTC | Keep STATUS in HEAD up to date. | 05 December 2002, 23:01:17 UTC |
43ecece | Richard Levitte | 05 December 2002, 21:50:13 UTC | Merge in relevant changes from the OpenSSL 0.9.6h release. | 05 December 2002, 21:50:13 UTC |
4ba8cab | Richard Levitte | 05 December 2002, 21:07:26 UTC | SSL_CERT_FILE should be used in place of the system default file, not as a first alternative to try | 05 December 2002, 21:07:26 UTC |
f68bb3c | Richard Levitte | 05 December 2002, 20:50:25 UTC | Corrected DJGPP patch | 05 December 2002, 20:50:25 UTC |
6d4ac67 | Andy Polyakov | 05 December 2002, 13:17:52 UTC | linux64-sparcv9 support finally debugged and tested. Submitted by: Reviewed by: PR: | 05 December 2002, 13:17:52 UTC |
b84d5b7 | Richard Levitte | 05 December 2002, 10:16:28 UTC | Make sure to implement the cryptodev engine only when /dev/crypto exists. | 05 December 2002, 10:16:28 UTC |
8cbcced | Richard Levitte | 05 December 2002, 01:55:48 UTC | make update | 05 December 2002, 01:55:48 UTC |
1c24347 | Richard Levitte | 05 December 2002, 01:42:14 UTC | Declare another general file. | 05 December 2002, 01:42:14 UTC |
9ef8881 | Richard Levitte | 05 December 2002, 01:35:04 UTC | Allow users to modify /MD to /MT. PR: 380 | 05 December 2002, 01:35:04 UTC |
4387f47 | Richard Levitte | 05 December 2002, 01:20:47 UTC | Make sure using SSL_CERT_FILE actually works, and has priority over system defaults. PR: 376 | 05 December 2002, 01:20:47 UTC |
38d6e4b | Richard Levitte | 05 December 2002, 00:56:58 UTC | If an application supports static locks, it MUST support dynamic locks as well to be able to use the CHIL engine. PR: 281 | 05 December 2002, 00:56:58 UTC |
ced621e | Richard Levitte | 05 December 2002, 00:05:48 UTC | PR: 381 | 05 December 2002, 00:05:48 UTC |
85940ea | Richard Levitte | 05 December 2002, 00:04:30 UTC | Only check for a result buffer if the allocated string is a prompt string. PR: 381 | 05 December 2002, 00:04:30 UTC |
439ae4d | Richard Levitte | 04 December 2002, 22:54:02 UTC | Do not implement RC4 stuff if RC4 is disabled. Concequently, apply the same rule for SHA stuff. PR: 381 | 04 December 2002, 22:54:02 UTC |
4fbe40c | Richard Levitte | 04 December 2002, 22:48:01 UTC | gethostname() is more a BSD feature than an XOPEN one. PR: 379 | 04 December 2002, 22:48:01 UTC |
578ca7e | Richard Levitte | 04 December 2002, 19:13:43 UTC | Correct a few typos that I introduced after applying DJGPP patches. | 04 December 2002, 19:13:43 UTC |
7e8c30b | Bodo Möller | 04 December 2002, 17:43:01 UTC | In ECPKParameters_print, output the private key length correctly (length of the order of the group, not length of the actual key, which will be shorter in some cases). Submitted by: Nils Larsch | 04 December 2002, 17:43:01 UTC |
2b32b28 | Bodo Möller | 04 December 2002, 17:38:40 UTC | Don't compute timings here, we can do this elsewhere. Include X9.62 signature examples. Submitted by: Nils Larsch | 04 December 2002, 17:38:40 UTC |
532215f | Lutz Jänicke | 04 December 2002, 13:30:58 UTC | Missing ")" Submitted by: Christian Hohnstaedt <chohnstaedt@innominate.com> Reviewed by: PR: | 04 December 2002, 13:30:58 UTC |
5319be4 | Richard Levitte | 04 December 2002, 09:54:10 UTC | DJGPP patches. PR: 347 | 04 December 2002, 09:54:10 UTC |
f7a3e73 | Richard Levitte | 04 December 2002, 09:17:43 UTC | Add support for x86_64. PR: 348 | 04 December 2002, 09:17:43 UTC |
ff3345c | Richard Levitte | 04 December 2002, 08:24:18 UTC | A gcc 3.0 bug is triggered by our code. Add a section about it in PROBLEMS. PR: 375 | 04 December 2002, 08:24:18 UTC |
716b207 | Dr. Stephen Henson | 04 December 2002, 00:49:46 UTC | Make ASN1_TYPE_get() work for V_ASN1_NULL type. | 04 December 2002, 00:49:46 UTC |
e7b6228 | Dr. Stephen Henson | 04 December 2002, 00:16:00 UTC | Typo in X509v3_get_ext_by_critical | 04 December 2002, 00:16:00 UTC |
2053c43 | Dr. Stephen Henson | 03 December 2002, 23:50:59 UTC | In asn1_d2i_read_bio, don't assume BIO_read will return the requested number of bytes when reading content. | 03 December 2002, 23:50:59 UTC |
1c3e4a3 | Richard Levitte | 03 December 2002, 16:33:03 UTC | EXIT() may mean return(). That's confusing, so let's have it really mean exit() in whatever way works for the intended platform, and define OPENSSL_EXIT() to have the old meaning (the name is of course because it's only used in the openssl program) | 03 December 2002, 16:33:03 UTC |
4707991 | Richard Levitte | 03 December 2002, 16:06:40 UTC | Make CRYPTO_cleanse() independent of endianness. | 03 December 2002, 16:06:40 UTC |
7a1f92f | Richard Levitte | 03 December 2002, 14:20:44 UTC | Windows CE updates, contributed by Steven Reddie <smr@essemer.com.au> | 03 December 2002, 14:20:44 UTC |
e7a2856 | Richard Levitte | 02 December 2002, 22:49:02 UTC | define USE_SOCKETS so sys/param.h gets included (and thusly, MAXHOSTNAMELEN gets defined). PR: 371 | 02 December 2002, 22:49:02 UTC |
6ab285b | Richard Levitte | 02 December 2002, 21:31:45 UTC | I think I got it now. Apparently, the case of having to shift down the divisor was a bit more complex than I first saw. The lost bit can't just be discarded, as there are cases where it is important. For example, look at dividing 320000 with 80000 vs. 80001 (all decimals), the difference is crucial. The trick here is to check if that lost bit was 1, and in that case, do the following: 1. subtract the quotient from the remainder 2. as long as the remainder is negative, add the divisor (the whole divisor, not the shofted down copy) to it, and decrease the quotient by one. There's probably a nice mathematical proof for this already, but I won't bother with that, unless someone requests it from me. | 02 December 2002, 21:31:45 UTC |
1d3159b | Richard Levitte | 02 December 2002, 02:40:27 UTC | Make some names consistent. | 02 December 2002, 02:40:27 UTC |
f60ceb5 | Richard Levitte | 02 December 2002, 02:28:27 UTC | Through some experimentation and thinking, I think I finally got the proper implementation of bn_div_words() for VAX. If the tests go through well, the next step will be to test on Alpha. | 02 December 2002, 02:28:27 UTC |
0f995b2 | Richard Levitte | 01 December 2002, 02:17:23 UTC | Small bugfix: even when r == d, we need to adjust r and q. PR: 366 | 01 December 2002, 02:17:23 UTC |
848f735 | Richard Levitte | 01 December 2002, 01:23:35 UTC | EXIT() needs to be in a function that returns int. | 01 December 2002, 01:23:35 UTC |
a678430 | Richard Levitte | 01 December 2002, 00:49:36 UTC | Redo the VAX assembler version of bn_div_words(). PR: 366 | 01 December 2002, 00:49:36 UTC |
e9b553d | Richard Levitte | 29 November 2002, 15:18:22 UTC | Remove incorrect assert. PR: 360 | 29 November 2002, 15:18:22 UTC |
db37589 | Richard Levitte | 29 November 2002, 15:00:58 UTC | Make it so all names mentioned in the NAME section of each manpage becomes a symlink to said manpage. PR: 242 | 29 November 2002, 15:00:58 UTC |
5e4a75e | Richard Levitte | 29 November 2002, 14:21:54 UTC | Correct some names. | 29 November 2002, 14:21:54 UTC |
43d6016 | Richard Levitte | 29 November 2002, 11:30:45 UTC | A few more memset()s converted to OPENSSL_cleanse(). I *think* I got them all covered by now, bu please, if you find any more, tell me and I'll correct it. PR: 343 | 29 November 2002, 11:30:45 UTC |
55f78ba | Richard Levitte | 28 November 2002, 18:54:30 UTC | Have all tests use EXIT() to exit rather than exit(), since the latter doesn't always give the expected result on some platforms. | 28 November 2002, 18:54:30 UTC |
6c35947 | Richard Levitte | 28 November 2002, 18:52:14 UTC | Make sure EXIT() can always be used as one statement. | 28 November 2002, 18:52:14 UTC |
4579924 | Richard Levitte | 28 November 2002, 08:04:36 UTC | Cleanse memory using the new OPENSSL_cleanse() function. I've covered all the memset()s I felt safe modifying, but may have missed some. | 28 November 2002, 08:04:36 UTC |
2047bda | Richard Levitte | 27 November 2002, 13:40:41 UTC | Unused variable removed. | 27 November 2002, 13:40:41 UTC |
406c6f6 | Richard Levitte | 27 November 2002, 13:40:11 UTC | Extra ; removed. | 27 November 2002, 13:40:11 UTC |
df29cc8 | Richard Levitte | 27 November 2002, 12:24:05 UTC | Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler and linker optimizations. PR: 343 | 27 November 2002, 12:24:05 UTC |
ec71641 | Richard Levitte | 26 November 2002, 15:27:05 UTC | I forgot that @ in strings must be escaped in Perl | 26 November 2002, 15:27:05 UTC |
ba8ad07 | Richard Levitte | 26 November 2002, 11:14:32 UTC | The logic in the main signing and verifying functions to check lengths was incorrect. Fortunately, there is a second check that's correct, when adding the pads. PR: 355 | 26 November 2002, 11:14:32 UTC |
17582cc | Richard Levitte | 26 November 2002, 10:11:58 UTC | Heimdal isn't really supported right now. Say so, and offer a possibility to force the use of Heimdal, and warn if that's used. PR: 346 | 26 November 2002, 10:11:58 UTC |
31be2da | Richard Levitte | 26 November 2002, 10:09:36 UTC | Small bugfixes to the KSSL implementation. PR: 349 | 26 November 2002, 10:09:36 UTC |
de868e0 | Richard Levitte | 26 November 2002, 09:19:17 UTC | Heimdal isn't really supported right now. Say so, and offer a possibility to force the use of Heimdal, and warn if that's used. PR: 346 | 26 November 2002, 09:19:17 UTC |
15994b0 | Bodo Möller | 23 November 2002, 18:16:09 UTC | rename some functions to improve consistency Submitted by: Sheueling Chang | 23 November 2002, 18:16:09 UTC |
922fa76 | Bodo Möller | 22 November 2002, 09:25:35 UTC | add a comment | 22 November 2002, 09:25:35 UTC |
19aa370 | Richard Levitte | 22 November 2002, 08:45:20 UTC | Disable this module if OPENSSL_NO_SOCK is defined. | 22 November 2002, 08:45:20 UTC |
d020e70 | Richard Levitte | 22 November 2002, 08:40:34 UTC | Typo. OPENSSL_NO_ECDH, not NO_OPENSSL_ECDH | 22 November 2002, 08:40:34 UTC |
364ff36 | Richard Levitte | 21 November 2002, 22:39:08 UTC | Mention a current showstopper | 21 November 2002, 22:39:08 UTC |
8a09b38 | Bodo Möller | 20 November 2002, 10:55:27 UTC | avoid uninitialized memory read Submitted by: Nils Larsch | 20 November 2002, 10:55:27 UTC |
1374451 | Bodo Möller | 20 November 2002, 10:53:33 UTC | Make ec_GFp_simple_point_get_affine_coordinates() faster for Montgomery representations. Submitted by: Sheueling Chang, Bodo Moeller | 20 November 2002, 10:53:33 UTC |
6a8afe2 | Lutz Jänicke | 20 November 2002, 10:48:58 UTC | Fix bug introduced by the attempt to fix client side external session caching (#288): now internal caching failed (#351): Make sure, that cipher_id is set before comparing. Submitted by: Reviewed by: PR: 288 (and 351) | 20 November 2002, 10:48:58 UTC |
1e3a9b6 | Bodo Möller | 19 November 2002, 11:56:05 UTC | allocate bio_err before memory debugging is enabled to avoid memory leaks (we can't release it before the CRYPTO_mem_leaks() call!) Submitted by: Nils Larsch | 19 November 2002, 11:56:05 UTC |
229dc0e | Richard Levitte | 19 November 2002, 11:52:24 UTC | It works on my laptop :-). | 19 November 2002, 11:52:24 UTC |
fcc7646 | Richard Levitte | 19 November 2002, 11:40:14 UTC | make update | 19 November 2002, 11:40:14 UTC |
821385a | Richard Levitte | 19 November 2002, 11:28:28 UTC | Fix an unsigned/signed mismatch. | 19 November 2002, 11:28:28 UTC |
25ff76d | Richard Levitte | 19 November 2002, 09:34:34 UTC | Update STATUS | 19 November 2002, 09:34:34 UTC |
9801fb6 | Richard Levitte | 18 November 2002, 23:58:24 UTC | Add news items for 0.9.6h and expand on the 0.9.7 news as well. | 18 November 2002, 23:58:24 UTC |
20199ca | Richard Levitte | 18 November 2002, 23:56:15 UTC | Document the addition of certificate pairs. | 18 November 2002, 23:56:15 UTC |
711f1a3 | Richard Levitte | 18 November 2002, 23:54:27 UTC | Add the ASN.1 structures and functions for CertificatePair, which is defined as follows (according to X.509_4thEditionDraftV6.pdf): CertificatePair ::= SEQUENCE { forward [0] Certificate OPTIONAL, reverse [1] Certificate OPTIONAL, -- at least one of the pair shall be present -- } The only thing I'm not sure about is if it's implicit or explicit tags that I should count on. For now, I'm thinking explicit, but will gladly stand corrected. Also implement the PEM functions to read and write certificate pairs, and defined the PEM tag as "CERTIFICATE PAIR". This needed to be defined, mostly for the sake of the LDAP attribute crossCertificatePair, but may prove useful elsewhere as well. | 18 November 2002, 23:54:27 UTC |
a1d8530 | Richard Levitte | 18 November 2002, 23:06:36 UTC | Determine HZ exactly as in apps/speed.c. | 18 November 2002, 23:06:36 UTC |
450cee5 | Richard Levitte | 18 November 2002, 23:05:39 UTC | Make sure sysconf exists (it doesn't in the VMS C RTL lesser than version 7). | 18 November 2002, 23:05:39 UTC |
a2dbcf3 | Bodo Möller | 18 November 2002, 14:37:35 UTC | remove redundant functions | 18 November 2002, 14:37:35 UTC |
4663355 | Bodo Möller | 18 November 2002, 14:33:39 UTC | use consistent order of function definitions | 18 November 2002, 14:33:39 UTC |
9dc6104 | Bodo Möller | 18 November 2002, 14:00:42 UTC | fix memory leak in memory debuggin code ... Submitted by: Nils Larsch | 18 November 2002, 14:00:42 UTC |
055076c | Bodo Möller | 18 November 2002, 13:37:40 UTC | allocate bio_err before memory debugging is enabled to avoid memory leaks (we can't release it before the CRYPTO_mem_leaks() call!) Submitted by: Nils Larsch | 18 November 2002, 13:37:40 UTC |
527497a | Richard Levitte | 18 November 2002, 13:04:08 UTC | A variable of type time_t is supposed to be a time measurement starting at Epoch. offset isn't such a measurement, so let's stop pretend it is. | 18 November 2002, 13:04:08 UTC |
32d21c1 | Lutz Jänicke | 18 November 2002, 08:15:45 UTC | Better workaround to the "=head1 NAME OPTIONS" pod2latex problem: NAME OPTIONS are a subset of OPTIONS, so just make it =head2! Submitted by: Reviewed by: PR: 333 | 18 November 2002, 08:15:45 UTC |
629b58b | Richard Levitte | 17 November 2002, 19:48:19 UTC | Make it possible to build for more than one CPU. Clarify what the CE tests do. | 17 November 2002, 19:48:19 UTC |
7fa2a81 | Richard Levitte | 17 November 2002, 08:07:08 UTC | Ignore openssl.pc. This way, there's no risk that I'll add it again :-). | 17 November 2002, 08:07:08 UTC |
7f66ab4 | Richard Levitte | 17 November 2002, 08:05:38 UTC | Adding openssl.pc to the repository was a mistake, since it's generated. | 17 November 2002, 08:05:38 UTC |
9518938 | Richard Levitte | 17 November 2002, 08:03:24 UTC | Add the file openssl.pc that I forgot a while ago. | 17 November 2002, 08:03:24 UTC |
b4b82ab | Richard Levitte | 16 November 2002, 10:10:39 UTC | I forgot this is compiled in test/, not crypto/ec/... | 16 November 2002, 10:10:39 UTC |
89618e7 | Richard Levitte | 16 November 2002, 09:42:04 UTC | We don't want TARGETCPU expanded here. | 16 November 2002, 09:42:04 UTC |
b87e257 | Richard Levitte | 15 November 2002, 22:54:13 UTC | Mention ActiveState Perl much earlier in INSTALL.WCE. | 15 November 2002, 22:54:13 UTC |
0bf23d9 | Richard Levitte | 15 November 2002, 22:37:18 UTC | WinCE patches | 15 November 2002, 22:37:18 UTC |
813f256 | Lutz Jänicke | 15 November 2002, 21:26:42 UTC | Fix buggy #! magic and update ssleay->openssl Submitted by: Reviewed by: PR: 305 | 15 November 2002, 21:26:42 UTC |
bfa96bc | Richard Levitte | 15 November 2002, 16:56:36 UTC | Add the INHIBIT_SYMLINKS flag variable to help Cygwin. Add missing semicolons. Add a comment explaining a bunch of targets without any action lines. | 15 November 2002, 16:56:36 UTC |
6f17f16 | Richard Levitte | 15 November 2002, 16:48:38 UTC | Changes to make shared library building and use work better with Cygwin | 15 November 2002, 16:48:38 UTC |
84034f7 | Richard Levitte | 15 November 2002, 13:58:11 UTC | Document the change to remove the 'done' flag variable in the OpenSSL_add_all_*() routines | 15 November 2002, 13:58:11 UTC |
acce40c | Bodo Möller | 15 November 2002, 12:43:15 UTC | this method does not need field_data1 | 15 November 2002, 12:43:15 UTC |