Andy Polyakov [Sun, 3 Apr 2005 18:53:29 +0000 (18:53 +0000)]
Make bn/asm/x86_64-gcc.c gcc4 savvy. +r is likely to be initially
introduced for a reason [like bug in initial gcc port], but proposed
=&r is treated correctly by senior 3.2, so we can assume it's safe now.
PR: 1031
Richard Levitte [Thu, 31 Mar 2005 11:51:47 +0000 (11:51 +0000)]
Add a file with fingerprints that have recently been used to sign
OpenSSL distributions, or are about to. This has been requested a
little now and then by users, for years :-/...
Bodo Möller [Sun, 13 Mar 2005 19:49:47 +0000 (19:49 +0000)]
"make depend". This takes into account the algorithms that are now
disabled by default (MDC2 and RC5), which until now were skipped
by "make links" and yet supposedly required by some of the Makefiles,
meaning that the recent snapshots failed to compile.
Bodo Möller [Sun, 13 Mar 2005 19:46:58 +0000 (19:46 +0000)]
It seems that Configure revision 1.404 broke "make depend" by hiding
from it which algorithms were disabled. With these new changes,
"make depend" will properly take into account algorithms that are skipped.
Andy Polyakov [Sun, 6 Feb 2005 13:23:34 +0000 (13:23 +0000)]
This patch was "ignited" by OpenBSD 3>=4 support. They've switched to ELF
and GNU binutils, but kept BSD make... And I took the opportunity to
unify other targets to this common least denominator...
Andy Polyakov [Thu, 3 Feb 2005 22:40:40 +0000 (22:40 +0000)]
Drop redundant -lc from a number of rules in Makefile.shared. It's
perfectly safe [compiler driver adds it] and in some situation even
perfectly appropriate [mixing -pthread and -lc on FreeBSD can have
lethal effect on apps/openssl]. I'd say we should get rid of more,
but I remove those I can test myself...
Richard Levitte [Thu, 27 Jan 2005 01:49:25 +0000 (01:49 +0000)]
Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
cause a segfault... This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
Richard Levitte [Wed, 26 Jan 2005 23:51:20 +0000 (23:51 +0000)]
The mix of CFLAGS and LDFLAGS is a bit confusing in my opinion, and
Makefile.shared was a bit overcomplicated.
Make the shell variables LDFLAGS and SHAREDFLAGS in Makefile.shared
get the values of $(CFLAGS) or $(LDFLAGS) as appropriate depending on
the value the shell variables LDCMD and SHAREDCMD get. That leaves
much less chance of confusion, since those pairs of shell variables
always are defined together.
Andy Polyakov [Mon, 24 Jan 2005 14:38:14 +0000 (14:38 +0000)]
Fold a bunch of linux and *BSD targets into [linux|BSD]-generic[32|64].
Idea is to provide unified "fall-down" case for all rare platforms out
there. ./config is free to enable some optimizations, such as endianness
specification, specific -mcpu flags...
Andy Polyakov [Mon, 24 Jan 2005 14:22:05 +0000 (14:22 +0000)]
Default to AES u32 being unsinged int and not long. This improves cache
locality on 64-bit platforms (and fixes IA64 assembler-empowered build:-).
The choice is guarded by newly introduced AES_LONG macro, which needs
to be defined only on 16-bit platforms which we don't support (not that
I know of). Meaning that one could as well skip long option altogether.
Richard Levitte [Wed, 19 Jan 2005 17:03:07 +0000 (17:03 +0000)]
Apparently, at least with my VMS C environment, defining _XOPEN_SOURCE
gets _POSIX_C_SOURC and _ANSI_C_SOURCE defined, which stops u_int from
being defined, and that breaks havock into the rest of the standard
headers... *sigh*
- Enforce that there should be no policy settings when the language
is one of id-ppl-independent or id-ppl-inheritAll.
- Add functionality to ssltest.c so that it can process proxy rights
and check that they are set correctly. Rights consist of ASCII
letters, and the condition is a boolean expression that includes
letters, parenthesis, &, | and ^.
- Change the proxy certificate configurations so they get proxy
rights that are understood by ssltest.c.
- Add a script that tests proxy certificates with SSL operations.
Other changes:
- Change the copyright end year in mkerr.pl.
- make update.
PKCS7_verify() performance optimization. When the content is large and a
memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots
of slow memory copies from the memory BIO by saving the content in a
temporary read only memory BIO.
Andy Polyakov [Sun, 9 Jan 2005 20:42:33 +0000 (20:42 +0000)]
FAQ update to mention no-sha0 as possible workaround for Tru64 compiler bug.
Well, no-options seem to be busted in HEAD currently, which should/will be
fixed one way or another (see PR#989 for a possible alternative).