wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7254 commits 20 branches 302 tags 153 MiB
Commit graph

3656 commits

Author SHA1 Message Date
Dr. Stephen Henson
b4d2858f95 Add PSS prototype to rsa.h 2005-05-28 20:50:11 +00:00
Dr. Stephen Henson
dea446d995 Update from 0.9.7-stable branch. 2005-05-28 20:49:09 +00:00
cvs2svn
5cd94f9e9d This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_8-stable'.
 2005-05-28 20:44:38 +00:00
Dr. Stephen Henson
429168e7ee Add pss/x931 files. 2005-05-28 20:44:37 +00:00
Dr. Stephen Henson
499fca2db3 Update from 0.9.7-stable. Also repatch and rebuild error codes. 2005-05-28 20:44:02 +00:00
Bodo Möller
cad811fc41 Use BN_with_flags() in a cleaner way. 2005-05-27 15:39:24 +00:00
Bodo Möller
a28a5d9c62 Use BN_with_flags() in a cleaner way. 2005-05-27 15:38:53 +00:00
Dr. Stephen Henson
3f791ca818 Assing check_{cert,crl}_time to 'ok' variable so it returns errors on 
expiry.
 2005-05-27 13:19:25 +00:00
Bodo Möller
e4106a4e24 make sure DSA signing exponentiations really are constant-time 2005-05-26 04:40:57 +00:00
Bodo Möller
0ebfcc8f92 make sure DSA signing exponentiations really are constant-time 2005-05-26 04:40:52 +00:00
Bodo Möller
c61f571ce0 check BN_copy() return value 2005-05-26 04:30:49 +00:00
Bodo Möller
a506b8c7dd check BN_copy() return value 2005-05-26 04:30:48 +00:00
Andy Polyakov
e5cd536894 Some assemblers are too rudimentary to understand dynamic labels. 2005-05-25 21:37:18 +00:00
Richard Levitte
7d9e1321c7 Forgot to change the version number itself. 2005-05-24 03:57:12 +00:00
Richard Levitte
83af7422a0 Tagging is done, we continue on beta3, which is planned to be released 
on Sunday May 29th.
 2005-05-24 03:50:30 +00:00
Richard Levitte
ce8945f35c Time to release the next beta. 
The tag will be OpenSSL_0_9_8-beta2.
 2005-05-24 03:42:49 +00:00
Richard Levitte
af4ac437ab It seems like mkdef.pl couldn't quite understand that #ifdef OPENSSL_NO_SHA512 
was still active when it came down to the functions.  mkdef.pl should really
be corrected, but that'll be another day...
 2005-05-24 03:39:10 +00:00
Richard Levitte
85991994df It seems like mkdef.pl couldn't quite understand that #ifdef OPENSSL_NO_SHA512 
was still active when it came down to the functions.  mkdef.pl should really
be corrected, but that'll be another day...
 2005-05-24 03:39:08 +00:00
Richard Levitte
2f596aeef5 DEC C complains about bad subscript, but we know better, so let's shut it up. 2005-05-24 03:22:56 +00:00
Richard Levitte
b172dec864 DEC C complains about bad subscript, but we know better, so let's shut it up. 2005-05-24 03:22:53 +00:00
Andy Polyakov
61391e2314 Be more consistent with OPENSSL_NO_SHA256. 2005-05-22 10:27:59 +00:00
Andy Polyakov
36b29660ce Be more consistent with OPENSSL_NO_SHA256. 2005-05-22 10:26:47 +00:00
Andy Polyakov
4b23506594 OPENSSL_NO_SHA512 to mask even SHA512_CTX declaration. This is done to 
make no-sha512 more effective on platforms, which don't support 64-bit
integer type of *any* kind.
 2005-05-22 08:55:15 +00:00
Andy Polyakov
31e4ad25ba OPENSSL_NO_SHA512 to mask even SHA512_CTX declaration. This is done to 
make no-sha512 more effective on platforms, which don't support 64-bit
integer type of *any* kind.
 2005-05-22 08:52:12 +00:00
Andy Polyakov
225f4daf15 Still SEGV trouble in .init segment under Solaris x86... 2005-05-21 17:51:12 +00:00
Andy Polyakov
82d3dda8a1 Still SEGV trouble in .init segment under Solaris x86... 2005-05-21 17:49:10 +00:00
Richard Levitte
b9927cfa2d When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in 
http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html.

Notified by David Wolfe <dwolfe5272@yahoo.com>
 2005-05-21 17:39:53 +00:00
Richard Levitte
fe8bf9560d When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in 
http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html.

Notified by David Wolfe <dwolfe5272@yahoo.com>
 2005-05-21 17:39:43 +00:00
Ben Laurie
fe977f7512 Propagate BUILDENV into subdirectories. 2005-05-21 16:13:36 +00:00
Andy Polyakov
886ed3544b Move _WIN32_WINNT definition from command line to e_os.h [from HEAD]. 2005-05-21 13:19:46 +00:00
Andy Polyakov
e476f94212 Move _WIN32_WINNT definition from command line to e_os.h. The change is 
inspired by VC6 failure report. In addition abstain from taking screen
snapshots when running in NT service context.
 2005-05-21 13:19:27 +00:00
Nils Larsch
aff2922f9a fix typo, add prototype 2005-05-20 23:01:31 +00:00
Nils Larsch
bbbd67108f fix typo, add prototype 2005-05-20 22:55:10 +00:00
Nils Larsch
f32e0035a3 fix potential memory leak 
Submitted by: Goetz Babin-Ebell
 2005-05-19 22:11:22 +00:00
Nils Larsch
7f246621b5 fix potential memory leak 
Submitted by: Goetz Babin-Ebell
 2005-05-19 22:10:40 +00:00
Richard Levitte
032bb2a2c5 Tagging of 0.9.8-beta1 is done, time to update the version numbers to 
the next beta (beta2).
 2005-05-19 19:45:53 +00:00
Richard Levitte
fa96ed06d2 Update version information. 2005-05-19 19:42:04 +00:00
Richard Levitte
43133041c9 'make update' with a default configuration. 2005-05-19 19:31:53 +00:00
Nils Larsch
3f4657d131 fix "dereferencing type-punned pointer will break strict-aliasing rules" 
warning when using gcc 4.0
 2005-05-19 12:01:51 +00:00
Nils Larsch
f5634286a3 fix "dereferencing type-punned pointer will break strict-aliasing rules" 
warning when using gcc 4.0
 2005-05-19 11:59:35 +00:00
Andy Polyakov
3f516ce837 SysV make [or least some of them] don't propogate command line macros to 
recursively called make. So let's pass down BUILDENV as value too...
 2005-05-19 01:48:46 +00:00
Nils Larsch
67ffa18cce make the type parameter const when ID2_OF_const() is used 2005-05-18 22:30:38 +00:00
Nils Larsch
9f197f9da5 make the type parameter const when ID2_OF_const() is used 2005-05-18 22:29:17 +00:00
Andy Polyakov
ca3e683747 Don't emit SSE2 instructions unless were asked to [from HEAD]. 
PR: 1073
 2005-05-18 08:45:21 +00:00
Andy Polyakov
c50226594d Don't emit SSE2 instructions unless were asked to. 
PR: 1073
 2005-05-18 08:42:08 +00:00
Andy Polyakov
38a1757168 Engage Applink in mingw. [from HEAD] 2005-05-18 08:17:29 +00:00
Andy Polyakov
51ff6bde38 Engage Applink in mingw. Note that application-side module is not 
compiled into *our* aplpications. That's because mingw is always
consistent with itself. Having library-side code linked into .dll
makes it possible to deploy the .dll with user-code compiled with
another compiler [which is pretty much the whole point behind Applink].
 2005-05-18 08:16:46 +00:00
Richard Levitte
4104a57107 OpenSSL 0.9.8 has just entered beta status. Not quite releasing yet, 
since I need to write a NEWS entry.

This means we're in feature freeze.  HEAD is now 0.9.9-dev.
 2005-05-18 04:14:22 +00:00
Richard Levitte
c800a070b5 I just branched 0.9.8, so HEAD needs to be bumped to 0.9.9-dev. 
The 0.9.8 branch is called OpenSSL_0_9_8-stable.
 2005-05-18 03:58:34 +00:00
Andy Polyakov
53d8996764 Engage Applink for VC builds. 2005-05-17 16:50:46 +00:00
Nils Larsch
8712009778 simplify EC_KEY_dup 2005-05-17 12:23:16 +00:00
Bodo Möller
f468e3824a fix memory leak (BIO_free_all needs pointer to first BIO) 
PR: 1070
 2005-05-17 05:52:24 +00:00
Andy Polyakov
ea1b02db6a OPENSSL_Applink update. 2005-05-17 00:08:28 +00:00
Andy Polyakov
25a66ee3cb Move cryptlib.h prior bio.h. Actually it makes sense to include cryptlib.h 
first everywhere in crypto and skip stdio.h and string.h [because it
includes them].
 2005-05-17 00:01:48 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and 
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
 2005-05-16 16:55:47 +00:00
Andy Polyakov
7abbffc3fb Further BUILDENV clean-up, 'make depend' is operational again. 2005-05-16 14:24:45 +00:00
Nils Larsch
9dd8405341 ecc api cleanup; summary: 
- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
 2005-05-16 10:11:04 +00:00
Bodo Möller
46a643763d Implement fixed-window exponentiation to mitigate hyper-threading 
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2005-05-16 01:43:31 +00:00
Bodo Möller
10cde5010d make update 2005-05-16 00:27:37 +00:00
Andy Polyakov
734540f887 Consolidate BUILDENV [idea is to keep all variables in one place]. 2005-05-15 23:53:34 +00:00
Andy Polyakov
804515425a +20% performance improvement of P4-specific RC4_CHAR loop. 2005-05-15 22:43:00 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
b6995add5c Make -CSP option work again in pkcs12 utility by checking for 
attribute in EVP_PKEY structure.
 2005-05-15 00:54:45 +00:00
Dr. Stephen Henson
8ccd06c66c openssl_fcast should always be defined, not just with DEBUG_SAFESTACK 2005-05-14 12:58:20 +00:00
Dr. Stephen Henson
fe86616c72 Some C compilers produce warnings or compilation errors if an attempt 
is made to directly cast a function of one type to what it considers and
incompatible type. In particular gcc 3.4.2.

Add new openssl_fcast macro to place functions into a form where the compiler
will allow them to be cast.

The current version achives this by casting to: void function(void).
 2005-05-12 23:01:44 +00:00
Dr. Stephen Henson
ba2ba27008 Avoid warnings. 2005-05-12 22:40:19 +00:00
Dr. Stephen Henson
c596c795bf Typo. 2005-05-12 17:28:53 +00:00
Ben Laurie
4b26fe30de There must be an explicit way to build the .o! 2005-05-11 16:39:05 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes. 
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
 2005-05-11 03:45:39 +00:00
Nils Larsch
8b15c74018 give EC_GROUP_new_by_nid a more meanigful name: 
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
 2005-05-10 11:37:47 +00:00
Andy Polyakov
e19e549041 Comply with optimization manual (no data should share cache-line with code). 2005-05-09 21:48:01 +00:00
Andy Polyakov
d7561ac576 Allow for 64-bit cache-line alignments in code segment. 2005-05-09 21:27:40 +00:00
Bodo Möller
fbeaa3c47d Update util/ck_errf.pl script, and have it run automatically 
during "make errors" and thus during "make update".

Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
 2005-05-09 00:27:37 +00:00
Bodo Möller
b0ac0a8ef8 improve comment readability 2005-05-09 00:06:54 +00:00
Nils Larsch
7dc17a6cf0 give EC_GROUP_*_nid functions a more meaningful name 
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
	EC_GROUP_set_nid -> EC_GROUP_set_curve_name
 2005-05-08 22:09:12 +00:00
Andy Polyakov
b6223d2f70 Eliminate "statement with no effect" warning when OPENSSL_assert macro 
is used with constant assertion.
 2005-05-08 19:54:33 +00:00
Andy Polyakov
5d0d60e2f5 x86_64 assembler translator update. 2005-05-07 08:13:51 +00:00
Andy Polyakov
57ee007035 Fix constants. 
PR: 1059
 2005-05-07 08:11:50 +00:00
Richard Levitte
82e8cb403a Since BN_LLONG will only be defined for Alpha/VMS and not VAX/VMS, 
there's no need to undefine it here.  Then, let's get a bit paranoid
and not define BN_ULLONG on THIRTY_TWO_BIT machines when BN_LLONG
isn't defined.
 2005-05-06 13:34:35 +00:00
Nils Larsch
2c288b2a7e fix compiler warning; pow10 is also in math.h 2005-05-05 20:57:37 +00:00
Andy Polyakov
0ee883650d Commentary update motivating code update in 0.9.7. 2005-05-04 14:51:38 +00:00
Andy Polyakov
70cf309517 x86_64 assembler translator update. 2005-05-04 08:42:47 +00:00
Andy Polyakov
8b5bf52ac2 Cvs missed adapted module itself, here it goes... 2005-05-03 23:03:31 +00:00
Andy Polyakov
73a9485081 Engage md5-x86_64 assembler module. 2005-05-03 22:59:17 +00:00
Andy Polyakov
d37a65bc81 Throw in md5-x86_64 assembler. 2005-05-03 22:56:15 +00:00
Andy Polyakov
34c7ff6dc9 Cygwin doesn't expose Win32 [not "officially"]. 2005-05-03 21:20:17 +00:00
Andy Polyakov
647907918d Commentary update. 2005-05-03 21:16:42 +00:00
Andy Polyakov
cee73df3bd Cpuid modules updates. 2005-05-03 21:05:06 +00:00
Nils Larsch
f15c448a72 remove BN_ncopy, it was only used in bn_nist.c and wasn't particular 
useful anyway
 2005-05-03 20:27:00 +00:00
Nils Larsch
fcb41c0ee8 rewrite of bn_nist.c, disable support for some curves on 64 bit platforms 
for now (it was broken anyway)
 2005-05-03 20:23:33 +00:00
Andy Polyakov
5f1841cdca Rename amd64 modules to x86_64 and update RC4 implementation. 2005-05-03 15:42:05 +00:00
Andy Polyakov
4b45051902 x86_64 assembler translator update. 2005-05-03 15:35:14 +00:00
Dr. Stephen Henson
05338b58ce Support for smime-type MIME parameter. 2005-05-01 12:46:57 +00:00
Andy Polyakov
405d9761a5 Allow for ./config no-sha0 [from stable]. 2005-04-30 21:51:41 +00:00
Dr. Stephen Henson
98a2fd32a0 Typo. 2005-04-30 18:07:30 +00:00
Dr. Stephen Henson
7bdeeb64ac Don't attempt to parse nested ASN1 strings by default. 2005-04-30 18:02:54 +00:00
Dr. Stephen Henson
e1cc0671ac Use more efficient way to locate end of an ASN1 structure. 2005-04-30 13:06:45 +00:00
Nils Larsch
c1a8a5de13 don't let BN_CTX_free(NULL) segfault 2005-04-29 21:20:31 +00:00
Nils Larsch
6a50d0a422 hide the definition of ECDSA_METHOD and ECDSA_DATA (and mutatis mutandis 
for ecdh)
 2005-04-29 15:56:06 +00:00
Nils Larsch
1897c89302 avoid warnings when building on systems where sizeof(void *) > sizeof(int) 2005-04-29 14:26:59 +00:00
Andy Polyakov
3cc54008eb Pointer to BN_MONT_CTX could be used uninitialized. 2005-04-28 08:49:01 +00:00
Richard Levitte
ff8bcccdd4 Synchronise with Unix build system. 2005-04-28 04:55:28 +00:00
Dr. Stephen Henson
a93b01be57 Increase offset for BIO_f_enc() to avoid problems with overlapping buffers 
when decrypting data.
 2005-04-28 00:21:29 +00:00
Dr. Stephen Henson
6c61726b2a Lots of Win32 fixes for DTLS. 
1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.
 2005-04-27 16:27:14 +00:00
Nils Larsch
df9e0bf507 add missing parentheses 2005-04-27 07:57:50 +00:00
Dr. Stephen Henson
879b19801a Change method_mont_p from (char *) to (BN_MONT_CTX *) and remove several 
casts.
 2005-04-27 00:04:59 +00:00
Dr. Stephen Henson
6ec8e63af6 Port BN_MONT_CTX_set_locked() from stable branch. 
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
 2005-04-26 23:58:54 +00:00
Dr. Stephen Henson
465b9f6b26 Stop unused variable warning. 2005-04-26 23:45:49 +00:00
Dr. Stephen Henson
2deadf1672 Port from stable branch. 2005-04-26 23:21:49 +00:00
Nils Larsch
800e400de5 some updates for the blinding code; summary: 
- possibility of re-creation of the blinding parameters after a
  fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
  are present (see bug report #785)
- improve the performance when if one rsa structure is shared by
  more than a thread (see bug report #555)
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
 2005-04-26 22:31:48 +00:00
Dr. Stephen Henson
667aef4c6a Port from stable branch. 2005-04-26 22:07:17 +00:00
Bodo Möller
aa4ce7315f Fix various incorrect error function codes. 
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
 2005-04-26 18:53:22 +00:00
Bodo Möller
0d5ea7613e make update 2005-04-26 18:09:21 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Bodo Möller
2e7245f5a3 Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c 
PR: 959
 2005-04-25 23:09:00 +00:00
Andy Polyakov
3d5fd31280 Avoid L1 cache aliasing even between key and S-boxes. 2005-04-24 21:09:20 +00:00
Nils Larsch
9edf4e8157 make asn.1 field names const 2005-04-23 13:45:49 +00:00
Nils Larsch
965a1cb92e change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible 2005-04-23 10:11:16 +00:00
Ben Laurie
e9ad6665a5 Add debug target, remove cast, note possible bug. 2005-04-23 06:05:24 +00:00
Ben Laurie
b5855b2f32 Add prototypes. 2005-04-22 23:57:46 +00:00
Nils Larsch
a0bee97e55 more const 2005-04-22 21:57:36 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign 
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
 2005-04-22 20:02:44 +00:00
Andy Polyakov
04d0d0accf Avoid aliasing between stack frames and S-boxes. Compress prefetch code. 2005-04-22 11:49:32 +00:00
Richard Levitte
630e4a6e59 Provide a default OPENSSL_ia32cap_loc for non-Intel platforms where 
util/libeay.num is important when building shared libraries, like
VMS.
 2005-04-21 09:10:19 +00:00
Dr. Stephen Henson
2c45bf2bc9 Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts. 
Remove more bogus shadow warnings.
 2005-04-20 21:48:06 +00:00
Dr. Stephen Henson
836ec0c764 Stop compiler warnings about deprecated lvalue casts. 2005-04-20 21:39:13 +00:00
Dr. Stephen Henson
5e72fb063a Stop bogus shadowing warning. 2005-04-20 21:34:29 +00:00
Richard Levitte
a74286d636 Make sure id2_func is properly cast as well... 2005-04-20 13:17:42 +00:00
Richard Levitte
254cfe878e signed vs. unsigned. 2005-04-20 13:12:33 +00:00
Richard Levitte
ed824195a1 Avoid compiler complaint about mismatched function signatures 
(void * != char *)
 2005-04-20 13:09:46 +00:00
Richard Levitte
22c3600e4c Resolve signed vs. unsigned. 2005-04-20 12:55:15 +00:00
Richard Levitte
49f386578e Type mismatch detected by DEC C compiler. void* != void** 2005-04-20 12:53:50 +00:00
Richard Levitte
7c671508bd Avoid compiler complaint about mismatched function signatures 
(void * != RSA *)
 2005-04-20 10:02:16 +00:00
Dr. Stephen Henson
987bebaf8c New "algorithm define" OPENSSL_NO_GMP. Update mkdef.pl and Configure script 
to use it.
 2005-04-19 13:24:44 +00:00
Dr. Stephen Henson
f68854b4c3 Various Win32 and other fixes for warnings and compilation errors. 
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
 2005-04-19 00:12:36 +00:00
Andy Polyakov
1cfd258ed6 Throw in x86_64 AT&T to MASM assembler converter to facilitate development 
of dual-ABI Unix/Win64 modules.
 2005-04-17 21:05:57 +00:00
Richard Levitte
2906dc8601 Synchronise with ec/Makefile. 2005-04-17 09:07:37 +00:00
Andy Polyakov
c8d5c71af5 Mitigate cache-timing attack in CBC mode. This is done by implementing 
compressed tables (2x compression factor) and by pre-fetching them into
processor cache prior every CBC en-/decryption pass. One can argue why
just CBC? Well, it's commonly used mode in real-life applications and
API allows us to amortize the prefetch costs for larger data chunks...
 2005-04-16 15:23:21 +00:00
Dr. Stephen Henson
fbe6ba81e9 Check return values of <Digest>_Init functions in low level digest calls. 2005-04-14 22:58:44 +00:00
Andy Polyakov
2b85e23d2e Prototype mnemonics in padlock_verify_context for better portability 
[read support for Solaris assembler].
 2005-04-14 07:47:10 +00:00
Andy Polyakov
026bb0b96a Fix for bug emerged in openvpn conext. 2005-04-14 07:41:29 +00:00
Andy Polyakov
e62991a07c Zap OPENSSL_EXTERN on symbols, which are not meant to be local to DLL. 2005-04-13 20:51:42 +00:00
Andy Polyakov
1bf955920a Fix typos. 2005-04-13 15:41:11 +00:00
Andy Polyakov
51d28013db Introduce OPENSSL_NONPIC_relocated to denote relocated DLLs. 2005-04-13 08:46:35 +00:00
Andy Polyakov
9e88c82703 Minor cryptlib.c update: compiler warnings in OPENSSL_showfatal and 
OPENSSL_stderr stub.
 2005-04-13 06:55:42 +00:00
Dr. Stephen Henson
ad0db060b1 More overwritten stuff... 2005-04-12 16:36:36 +00:00
Dr. Stephen Henson
3547478fc8 Replace overwritten lines before error codes. 2005-04-12 16:17:53 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Dr. Stephen Henson
bc3cae7e7d Include error library value in C error source files instead of fixing up 
at runtime.
 2005-04-12 13:31:14 +00:00
Nils Larsch
37942fab51 include limits.h for UINT_MAX etc. 2005-04-11 20:59:58 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Dr. Stephen Henson
b392e52050 Move allow_proxy_certs declaration to start of function. 2005-04-10 23:41:09 +00:00
Richard Levitte
d9bfe4f97c Added restrictions on the use of proxy certificates, as they may pose 
a security threat on unexpecting applications.  Document and test.
 2005-04-09 16:07:12 +00:00
Nils Larsch
f763e0b5ae make sure error queue is totally emptied 
PR: 359
 2005-04-07 22:53:35 +00:00
Andy Polyakov
9f2027e56d Implement OPENSSL_showfatal and make it Win32 GUI and service aware 
[meaning that it will detect in which context application is running
and either write message to stderr, post a dialog or log an event].
 2005-04-07 18:39:45 +00:00
Andy Polyakov
e1d51de41f Harmonize cygwin/mingw and VC targets. 2005-04-07 15:51:55 +00:00
Andy Polyakov
81ee80ab88 +45% RC4 performance boost on Intel EM64T core. Unrolled loop providing 
further +35% will follow...

Submitted by: Zou Nanhai
 2005-04-06 09:45:42 +00:00
Nils Larsch
70f34a5841 some const fixes and cleanup 2005-04-05 10:29:43 +00:00
Nils Larsch
c2e40d0f9a remove unused recp method 2005-04-04 18:15:59 +00:00
Andy Polyakov
0abfd60604 Extend Solaris x86 support to amd64. 2005-04-04 17:10:53 +00:00
Andy Polyakov
e5dbccc182 Solaris x86 linker erroneously pads .init segment with zeros instead of 
nops, which causes SEGV at startup. So I don't align anymore.
 2005-04-04 17:07:16 +00:00
Andy Polyakov
f8fa22d826 Some non-GNU compilers (such as Sun C) define __i386. 2005-04-04 17:05:06 +00:00
Andy Polyakov
60fd574cdf Make bn/asm/x86_64-gcc.c gcc4 savvy. +r is likely to be initially 
introduced for a reason [like bug in initial gcc port], but proposed
=&r is treated correctly by senior 3.2, so we can assume it's safe now.
PR: 1031
 2005-04-03 18:53:29 +00:00
Ben Laurie
73705abc34 If input is bad, we still need to clear the buffer. 2005-04-03 16:38:22 +00:00
Dr. Stephen Henson
7bdf8eed69 Typo 2005-04-01 21:56:15 +00:00
Ben Laurie
8bb826ee53 Consistency. 2005-03-31 13:57:54 +00:00
Ben Laurie
45d10efc35 Simplicate and add lightness. 2005-03-31 10:55:55 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Nils Larsch
fea4280a8b fix header 2005-03-30 21:38:29 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Ben Laurie
0821bcd4de Constification. 2005-03-30 10:26:02 +00:00
Nils Larsch
c01d2b974e when building with OPENSSL_NO_DEPRECATED defined BN_zero is a macro 
which cannot be evaluated in an if statement
 2005-03-28 15:06:29 +00:00
Ulf Möller
7a8c728860 undo Cygwin change 2005-03-24 00:14:59 +00:00
Nils Larsch
41e455bfc4 test, remove unnecessary const cast 2005-03-22 17:55:18 +00:00
Ulf Möller
130db968b8 Use Windows randomness code on Cygwin 2005-03-19 11:39:17 +00:00
Ulf Möller
8d274837e5 fix breakage for Perl versions that do boolean operations on long words 2005-03-19 11:13:30 +00:00
Bodo Möller
9f6715d4bb "make depend". This takes into account the algorithms that are now 
disabled by default (MDC2 and RC5), which until now were skipped
by "make links" and yet supposedly required by some of the Makefiles,
meaning that the recent snapshots failed to compile.

Problem reported by Nils Larsch.
 2005-03-13 19:49:47 +00:00
Andy Polyakov
1642000707 Cygwin to use DSO_FLFCN and mingw to use DSO_WIN32. 2005-03-12 11:28:41 +00:00
Andy Polyakov
f7f2125522 Avoid re-build avalanches with HP-UX make. 2005-03-12 09:12:44 +00:00
Bodo Möller
2b61034b0b fix potential memory leak when allocation fails 
PR: 801
Submitted by: Nils Larsch
 2005-03-11 09:01:24 +00:00
Bodo Möller
80c808b90b Fix typo 
PR: 1017
Submitted by: ciresh@yahoo.com
Reviewed by: Nils Larsch
 2005-03-09 19:08:02 +00:00
Lutz Jänicke
f69a8aebab Fix hang in EGD/PRNGD query when communication socket is closed 
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
 2005-02-19 10:19:07 +00:00
Dr. Stephen Henson
9d10b15ef9 Fix possible memory leak. 2005-02-14 21:53:24 +00:00
Andy Polyakov
da30c74a27 Remove unused assembler modules. 2005-02-06 13:43:02 +00:00
Andy Polyakov
67ea999d4a This patch was "ignited" by OpenBSD 3>=4 support. They've switched to ELF 
and GNU binutils, but kept BSD make... And I took the opportunity to
unify other targets to this common least denominator...
 2005-02-06 13:23:34 +00:00
Richard Levitte
8c3c570134 The first argument to load_iv should really be a char ** instead of an 
unsigned char **, since it points at text.

Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out
the inelegance of our code :-)
 2005-01-27 11:42:28 +00:00
Richard Levitte
bf746f0f46 Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might 
cause a segfault...  This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
 2005-01-27 01:49:25 +00:00
Richard Levitte
a229e3038e Get rid if the annoying warning 2005-01-27 01:47:31 +00:00
Andy Polyakov
fbdce13e5a Please BSD make... 2005-01-25 22:09:11 +00:00
Andy Polyakov
e532a6c449 FreeBSD 5 refuses to #include <malloc.h>. Fix compiler warning after 
http://cvs.openssl.org/chngview?cn=12843.
 2005-01-25 22:07:22 +00:00
Andy Polyakov
8359421d90 Default to AES u32 being unsinged int and not long. This improves cache 
locality on 64-bit platforms (and fixes IA64 assembler-empowered build:-).
The choice is guarded by newly introduced AES_LONG macro, which needs
to be defined only on 16-bit platforms which we don't support (not that
I know of). Meaning that one could as well skip long option altogether.
 2005-01-24 14:22:05 +00:00
Andy Polyakov
efde5230f1 Improve ECB performance (48+14*rounds -> 18+13*rounds) and reserve for 
hand-coded zero-copy AES_cbc_encrypt.
 2005-01-24 14:14:53 +00:00
Andy Polyakov
bac252a5e3 Bug-fix in CBC encrypt tail processing and commentary section update. 2005-01-20 10:33:37 +00:00
Andy Polyakov
addb6e16a8 Throw in AES CBC assembler, up to +40% on aes-128-cbc benchmark. 2005-01-18 01:04:41 +00:00
Andy Polyakov
ed65fab910 Reserve for AES CBC assembler implementation... 2005-01-18 00:43:32 +00:00
Andy Polyakov
90cc40911b Don't zap AES CBC IV, when decrypting truncated content in place. 2005-01-18 00:26:52 +00:00
Richard Levitte
a7201e9a1b Changes concering RFC 3820 (proxy certificates) integration: 
- Enforce that there should be no policy settings when the language
   is one of id-ppl-independent or id-ppl-inheritAll.
 - Add functionality to ssltest.c so that it can process proxy rights
   and check that they are set correctly.  Rights consist of ASCII
   letters, and the condition is a boolean expression that includes
   letters, parenthesis, &, | and ^.
 - Change the proxy certificate configurations so they get proxy
   rights that are understood by ssltest.c.
 - Add a script that tests proxy certificates with SSL operations.

Other changes:

 - Change the copyright end year in mkerr.pl.
 - make update.
 2005-01-17 17:06:58 +00:00
Dr. Stephen Henson
fcd5cca418 PKCS7_verify() performance optimization. When the content is large and a 
memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots
of slow memory copies from the memory BIO by saving the content in a
temporary read only memory BIO.
 2005-01-14 17:52:24 +00:00
Andy Polyakov
e6d27baf52 Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX 
environments.
 2005-01-13 15:46:09 +00:00
Andy Polyakov
e7e1150706 "Monolithic" x86 assembler replacement for aes_core.c. Up to +15% better 
performance on recent microarchitectures.
 2005-01-13 15:35:44 +00:00
Andy Polyakov
5d727078ac Fix an "oops" typo! Well, it was a debugging left-over... 2005-01-13 15:25:30 +00:00
Andy Polyakov
108159ffcc O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris. 
PR: 998
 2005-01-13 15:20:42 +00:00
Richard Levitte
b15a93a9c5 Correct a faulty address assignment, and add a length check (not 
really needed now, but may be needed in the future, who knows?).
 2005-01-12 09:53:20 +00:00
Andy Polyakov
7de4b5b060 Permit "monolithic" AES assembler implementations, i.e. such which would 
replace *whole* aes_core.c, not only AES_[de|en]crypt routines.
 2005-01-09 16:01:58 +00:00
Andy Polyakov
02a00bb054 DJGPP update. 
PR: 989
Submitted by: Doug Kaufman
 2005-01-04 10:28:38 +00:00
Andy Polyakov
3b4de6e4cc Borrow #include <string[s].h> from e_os.h. 2004-12-31 00:00:05 +00:00
Andy Polyakov
bdbc9b4d1a Make whiny compilers stop complaining about missing prototype. 2004-12-30 23:40:31 +00:00
Andy Polyakov
25866e3982 Commentary update for AES IA-64 assembler module. 2004-12-30 10:55:02 +00:00
Andy Polyakov
3b3df98ca6 Minor AES x86 assembler tune-up. 2004-12-30 10:46:03 +00:00
Andy Polyakov
2e4a99f38b AES-CFB[18] 2x optimization. Well, I bet nobody cares about AES-CFB1 
performance, but anyway...
 2004-12-30 10:43:33 +00:00
Andy Polyakov
f1ce306f30 Oops-kind typos in aes-ia64.S... 2004-12-28 17:10:42 +00:00
Richard Levitte
37b11ca78e iv needs to be const because it sometimes takes it's value from a 
const.
 2004-12-28 10:35:13 +00:00
Richard Levitte
a17af9e277 Forgot to synchronise the VMS build scripts. 2004-12-28 10:22:00 +00:00
Richard Levitte
6951c23afd Add functionality needed to process proxy certificates. 2004-12-28 00:21:35 +00:00
Andy Polyakov
de421076a5 Minor cygwin update. 
PR: 949
 2004-12-27 21:27:46 +00:00
Andy Polyakov
9850f7f6b2 Remove yet another redundant memcpy. Not at least performance critical, 
essentially cosmetic modification...
 2004-12-26 13:05:40 +00:00
Andy Polyakov
131e064e4a Eliminate redundant memcpy of IV material. Performance improvement varies 
from platform to platform and can be as large as 20%.
 2004-12-26 12:31:37 +00:00
Andy Polyakov
556b8f3f77 Engage AES x86 assembler module for COFF and a.out targets. 2004-12-26 10:58:39 +00:00
Andy Polyakov
045d3285e2 Engage AES x86 assembler module on ELF platforms. 2004-12-23 21:44:28 +00:00
Andy Polyakov
d1df5b4339 x86 perlasm update to accomodate aes-586.pl. 2004-12-23 21:43:25 +00:00
Andy Polyakov
25558bf743 Eliminate copies of TeN and TdN, use those found in assembler module. 2004-12-23 21:40:23 +00:00
Andy Polyakov
713147109c AES x86 assembler implementation. 2004-12-23 21:32:34 +00:00
Andy Polyakov
76ef6ac956 Refine PowerPC platform support. 2004-12-20 13:44:34 +00:00
Dr. Stephen Henson
a842df6659 Remove unused buffer 'buf'. 2004-12-20 00:49:36 +00:00
Richard Levitte
fbf218b8c3 make update (oops, missed this file) 2004-12-13 22:57:39 +00:00
Richard Levitte
3c97bd833b Change libeay.num so it's synchronised with additions in 0.9.7-stable. 
make update
 2004-12-13 22:57:08 +00:00
Dr. Stephen Henson
5e8904f289 Remove duplicate lines. 2004-12-12 13:15:49 +00:00
Andy Polyakov
0c0788ba0a Solaris x86 perlasm update. 2004-12-10 11:24:42 +00:00
Andy Polyakov
905fd45b36 Engage SHA1 IA64 assembler on IA64 platforms. 2004-12-09 15:39:55 +00:00
Dr. Stephen Henson
c162b132eb Automatically mark the CRL cached encoding as invalid when some operations 
are performed.
 2004-12-09 13:35:06 +00:00
Andy Polyakov
b4e0ce5165 SHA1 assembler for IA-64. 2004-12-09 11:57:38 +00:00
Andy Polyakov
17f0e916db Extend RC4 test. 2004-12-07 11:55:56 +00:00
Dr. Stephen Henson
41c70d47d7 Remaing bits of PR:620 relevant to 0.9.8. 2004-12-05 01:50:56 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate 
failure and freeing up memory if a failure occurs.

PR:620
 2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
3e66ee9f01 In by_file.c check last error for no start line, not first error. 2004-12-04 21:25:51 +00:00
Dr. Stephen Henson
8f284faaec V1 certificates that aren't self signed can't be accepted as CAs. 2004-12-03 00:10:34 +00:00
Andy Polyakov
f774accdbf Fix rc4-ia64.S to pass more exhaustive regression tests. 2004-12-02 10:07:55 +00:00
Dr. Stephen Henson
8544a80776 Add couple of OIDs. Resync NIDs for consistency with 0.9.7. 2004-12-01 18:09:53 +00:00
Andy Polyakov
7c69478064 I've introduced a bug to i386 RC4 assembler, which would emerge with 
certain mix of calls to RC4 routine not covered by rc4test.c.
It's fixed now. In addition this patch inadvertently fixes minor
performance problem: in 0.9.7 context P4 was performing 12% slower
than the original implementation...
 2004-12-01 15:28:18 +00:00
Dr. Stephen Henson
1862dae862 Perform partial comparison of different character types in X509_NAME_cmp(). 2004-12-01 01:45:30 +00:00
Andy Polyakov
b7b46c9a87 Add 0.9.7 specific comments to RC4 assembler modules. 2004-11-30 15:46:46 +00:00
Richard Levitte
5073ff0346 Split X509_check_ca() into a small self and an internal function 
check_ca(), to resolve constness issue.  check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().
 2004-11-30 12:18:55 +00:00
Andy Polyakov
fc7fc5678f sha1_block_asm_data_order can't hash if message crosses 2GB boundary. 2004-11-29 21:19:56 +00:00
Andy Polyakov
7a3240e319 Final touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core. 2004-11-29 21:12:58 +00:00
Richard Levitte
30b415b076 Make an explicit check during certificate validation to see that the 
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)
 2004-11-29 11:28:08 +00:00
Andy Polyakov
914c2a28c0 perlasm/x86[ms|nasm] update to accomodate updated RC4 assembler module. 2004-11-27 15:14:58 +00:00
Andy Polyakov
bc3e7fabe7 Engage RC4 IA-64 assembler module. 2004-11-26 15:12:17 +00:00
Andy Polyakov
d675c74d14 RC4 IA-64 assembler implementation. 2004-11-26 15:07:50 +00:00
Dr. Stephen Henson
9d2996b82f Check return code of EVP_CipherInit() in PKCS#12 code. 2004-11-24 01:21:03 +00:00
Andy Polyakov
959f9b1158 linux-x86_64 didn't link after EM64T RC4 tune-up... 2004-11-23 09:06:12 +00:00