disabled by default (MDC2 and RC5), which until now were skipped
by "make links" and yet supposedly required by some of the Makefiles,
meaning that the recent snapshots failed to compile.
Problem reported by Nils Larsch.
is to have a placeholder to small routines, which can be written only
in assembler. In IA-32 case this includes processor capability
identification and access to Time-Stamp Counter. As discussed earlier
OPENSSL_ia32cap is introduced to control recently added SSE2 code
pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the
code is operational on ELF platforms only. I haven't checked it yet,
but I have all reasons to believe that Windows build should fail to
link too. I'll be looking into it shortly...
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
EVP_PKEY_cmp_parameters() returned 0, otherwise it should
go on processing the public key component. Thia has nothing
to do with the proper handling of EC parameters or not.
Two fixes:
1. If BIO_write() fails inside enc_write() it should return the
total number of bytes successfully written.
2. If BIO_write() fails during BIO_flush() it should return immediately
with the error code: previously it would fall through to the final
encrypt, corrupting the buffer.
when reading from a non blocking BIO.
It would incorrectly interpret retries as EOF, incorrectly
buffer initial data and have no buffering at all after initial
data (data would be sent one byte at a time to EVP_DecodeUpdate).
bad, so let's not check OPENSSL_NO_ENGINE in those places. Fortunately, all
the header files where the problem existed include ossl_typ.h, which makes
a 'forward declaration' of the ENGINE type.
evp.h.
Application authors BEWARE! If you have had the habit to count on
evp.h to provide all those lower-level algorithm functions, you need
to think again! Please change your programs NOW, or you will be sorry
when 0.9.8 gets release (it's quite some time away...).
engine with something they claim is better. I have nothing to compare to,
and I assume they know what they're talking about. The interesting part with
this one is that it's loaded by default on OpenBSD systems.
This change was originally introduced in OpenBSD's tracking of OpenSSL.
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
des_old.h redefines crypt:
#define crypt(b,s)\
DES_crypt((b),(s))
This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
was that they weren't really needed any more for EVP itself. However,
it seems like soma applications (I know about OpenSSH, but there may
be more) used evp.h as the 'load all' header file, which makes sense
since we try our best to promote the use of EVP instead of the lower
level crypto algorithms. Therefore, I put the inclusions back so
the application authors don't get too shocked by all the errors they
would otherwise get.
Thanks to Theo de Raadt for making us aware of this.
