Dr. Stephen Henson
7daf0efad9
Fix warning.
2011-08-25 19:50:51 +00:00
Andy Polyakov
c608171d9c
Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
ab1ec69843
aesni TLS GCM support
2011-08-11 23:06:19 +00:00
Dr. Stephen Henson
28dd49faec
Expand range of ctrls for AES GCM to support retrieval and setting of
...
invocation field.
Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
2011-08-03 15:37:22 +00:00
Andy Polyakov
a355cf9bf5
evp.h: add flag to distinguish AEAD ciphers and pair of control codes...
2011-07-11 13:54:53 +00:00
Dr. Stephen Henson
9ebc37e667
add null cipher to FIPS module
2011-06-20 19:48:44 +00:00
Dr. Stephen Henson
bd6386f59c
make sure custom cipher flag doesn't use any mode bits
2011-06-13 23:06:43 +00:00
Dr. Stephen Henson
3096d53b46
Update dependencies for m_dss.c too.
2011-06-10 14:00:02 +00:00
Dr. Stephen Henson
068291cd44
Remove x509.h from SHA1 clone digests, update dependencies.
2011-06-10 13:52:44 +00:00
Andy Polyakov
17f121de9d
e_aes.c: move AES-NI run-time switch and implement the switch for remaining modes.
2011-06-06 11:40:03 +00:00
Dr. Stephen Henson
bce1af7762
Add DSA and ECDSA "clone digests" to module for compatibility with old
...
applications.
2011-06-01 14:07:32 +00:00
Andy Polyakov
62b6c5c404
e_aes.c: fix typo.
2011-05-30 10:13:42 +00:00
Andy Polyakov
e76cbcf686
e_aes.c: fix aes_cfb1_cipher.
2011-05-30 10:10:05 +00:00
Andy Polyakov
d1fff483d6
e_aes.c: integrate AESNI directly into EVP.
2011-05-30 09:16:01 +00:00
Dr. Stephen Henson
c2fd598994
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
...
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
e9093c9832
PR: 2499
...
Submitted by: "James 'J.C.' Jones" <james.jc.jones@gmail.com>
Typos.
2011-05-02 23:29:57 +00:00
Dr. Stephen Henson
b5dd178740
Fix EVP CCM decrypt. Add decrypt support to algorithm test program.
2011-04-18 22:48:40 +00:00
Dr. Stephen Henson
62dc7ed67c
Override flag for XTS length limit.
2011-04-18 17:31:28 +00:00
Dr. Stephen Henson
2391681082
Initial untested CCM support via EVP.
2011-04-18 14:25:11 +00:00
Dr. Stephen Henson
3b4a855778
Don't need separate tag buffer for GCM mode: use EVP_CIPHER_CTX buf
...
field which is not unused for custom ciphers.
2011-04-18 11:28:41 +00:00
Dr. Stephen Henson
45321c41e2
Add length limitation from SP800-38E.
2011-04-15 12:01:53 +00:00
Dr. Stephen Henson
06b7e5a0e4
Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation.
2011-04-15 02:49:30 +00:00
Dr. Stephen Henson
ac892b7aa6
Initial incomplete POST overhaul: add support for POST callback to
...
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
77394d7e8f
Remove duplicate flag.
2011-04-13 00:11:53 +00:00
Dr. Stephen Henson
32a2d8ddfe
Provisional AES XTS support.
2011-04-12 23:21:33 +00:00
Dr. Stephen Henson
05e24c87dd
Extensive reorganisation of PRNG handling in FIPS module: all calls
...
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Richard Levitte
c6dbe90895
make update
2011-03-24 22:59:02 +00:00
Richard Levitte
399aa6b5ff
Implement FIPS CMAC.
...
* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
an example.
* crypto/cmac/cmac.c: Enable the FIPS API. Change to use M_EVP macros
where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.
2011-03-24 22:55:02 +00:00
Richard Levitte
487b023f3d
make update (1.1.0-dev)
...
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable. However, since there's
been no release on this branch yet, it should be harmless.
2011-03-23 00:11:32 +00:00
Dr. Stephen Henson
4fc02f1229
Use a signed value to check return value of do_cipher().
2011-03-21 17:37:27 +00:00
Ben Laurie
edc032b5e3
Add SRP support.
2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
3e446ba347
Make "make links" work in fipscanisteronly builds.
2011-02-22 12:34:46 +00:00
Dr. Stephen Henson
b7056b6414
Update dependencies.
2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
37eae9909a
Remove unnecessary dependencies.
2011-02-21 17:35:53 +00:00
Dr. Stephen Henson
ab8a4e54db
Move gcm128_context definition to modes_lcl.h (along with some related
...
definitions) so we can use it in EVP GCM code avoiding need to allocate
it.
2011-02-19 22:16:52 +00:00
Dr. Stephen Henson
25c6542944
Add non-FIPS algorithm blocking and selftest checking.
2011-02-15 16:03:47 +00:00
Dr. Stephen Henson
14567b1451
Add FIPS flags to AES ciphers and SHA* digests.
2011-02-15 15:57:54 +00:00
Dr. Stephen Henson
b3d8022edd
Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest.
2011-02-09 16:21:43 +00:00
Dr. Stephen Henson
f4001a0d19
Link GCM into FIPS module. Check return value in EVP gcm.
2011-02-08 15:10:42 +00:00
Dr. Stephen Henson
bdaa54155c
Initial *very* experimental EVP support for AES-GCM. Note: probably very
...
broken and subject to change.
2011-02-07 18:16:33 +00:00
Dr. Stephen Henson
d45087c672
Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:
...
the NULL value for the input buffer is sufficient to notice this case.
2011-02-07 18:04:27 +00:00
Dr. Stephen Henson
3da0ca796c
New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying
...
cipher handles all cipher symantics itself.
2011-02-07 14:36:08 +00:00
Dr. Stephen Henson
83e9c36261
Use default ASN1 if flag set.
2011-02-07 12:47:16 +00:00
Dr. Stephen Henson
14ae26f2e4
Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files
...
that use it.
2011-02-03 17:00:24 +00:00
Bodo Möller
9d0397e977
make update
2011-02-03 10:17:53 +00:00
Bodo Möller
2440d8b1db
Fix error codes.
2011-02-03 10:03:23 +00:00
Dr. Stephen Henson
7edfe67456
Move all FIPSAPI renames into fips.h header file, include early in
...
crypto.h if needed.
Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
7c8ced94c3
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
...
to EVP any more.
Move locking #define into fips.h.
Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
7a4bd34a4f
FIPS mode EVP changes:
...
Set EVP_CIPH_FLAG_FIPS on approved ciphers.
Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.
Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.
Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.
2011-01-26 15:25:33 +00:00
Dr. Stephen Henson
09c1dc850c
PR: 2385
...
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve
Zero key->pkey.ptr after it is freed so the structure can be reused.
2010-11-30 19:37:21 +00:00
Dr. Stephen Henson
ae3fff5034
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
...
EVP_MD_CTX was much larger: it isn't needed anymore.
2010-11-27 17:37:03 +00:00
Dr. Stephen Henson
f830c68f4d
add "missing" functions to copy EVP_PKEY_METHOD and examine info
2010-11-24 16:08:20 +00:00
Dr. Stephen Henson
46fc96d4ba
constify EVP_PKEY_new_mac_key()
2010-11-24 13:13:49 +00:00
Dr. Stephen Henson
ad889de097
If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and
...
we should use its method instead of any generic one.
2010-11-16 12:11:46 +00:00
Dr. Stephen Henson
776654adff
PR: 2295
...
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:49:22 +00:00
Dr. Stephen Henson
2948fbab3a
Fix ctr mode properly this time....
2010-07-28 16:53:28 +00:00
Dr. Stephen Henson
081464fa14
Make ctr mode behaviour consistent with other modes.
2010-07-28 11:03:09 +00:00
Andy Polyakov
874a3757af
Rework framework for assembler support for AES counter mode and add
...
AES_ctr32_encrypt to aes-s390x.pl.
2010-07-09 12:21:52 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
cb877ccb35
PR: 2258
...
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Base64 BIO fixes:
Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.
2010-05-27 12:41:05 +00:00
Dr. Stephen Henson
efcf5f1c50
PR: 2244
...
Submitted By: "PMHager" <hager@dortmund.net>
Initialise pkey callback to 0.
2010-05-03 12:50:36 +00:00
Dr. Stephen Henson
08df41277a
PR: 1904
...
Submitted by: David Woodhouse <dwmw2@infradead.org>
Pass passphrase minimum length down to UI.
2010-03-27 19:31:55 +00:00
Dr. Stephen Henson
d6eebf6d8a
reserve a few more bits for future cipher modes
2010-03-08 23:48:21 +00:00
Dr. Stephen Henson
069d4cfea5
although AES is a variable length cipher, AES EVP methods have a fixed key length
2010-03-07 15:54:26 +00:00
Dr. Stephen Henson
49436b59b5
oops, make EVP ctr mode work again
2010-03-07 15:52:41 +00:00
Dr. Stephen Henson
1708456220
don't add digest alias if signature algorithm is undefined
2010-03-06 20:47:30 +00:00
Dr. Stephen Henson
8c4ce7bab2
Fix memory leak: free up ENGINE functional reference if digest is not
...
found in an ENGINE.
2010-03-05 13:33:21 +00:00
Dr. Stephen Henson
da3955256d
'typo'
2010-03-01 01:53:34 +00:00
Ben Laurie
19ec2f4194
Fix warnings (note that gcc 4.2 has a bug that makes one of its
...
warnings hard to fix without major surgery).
2010-02-28 14:22:56 +00:00
Dr. Stephen Henson
37c541faed
Revert CFB block length change. Despite what SP800-38a says the input to
...
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:58 +00:00
Dr. Stephen Henson
385a488c43
prevent warning
2010-02-24 15:24:19 +00:00
Andy Polyakov
d976f99294
Add AES counter mode to EVP.
2010-02-23 16:48:41 +00:00
Dr. Stephen Henson
1458b931eb
The "block length" for CFB mode was incorrectly coded as 1 all the time. It
...
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:16 +00:00
Dr. Stephen Henson
20eb7238cb
Correct ECB mode EVP_CIPHER definition: IV length is 0
2010-02-15 19:26:02 +00:00
Dr. Stephen Henson
79cfc3ac54
add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable
2010-02-15 19:20:13 +00:00
Dr. Stephen Henson
e3e31ff482
Use supplied ENGINE when initialising CMAC. Restore pctx setting.
2010-02-08 16:31:28 +00:00
Dr. Stephen Henson
c8ef656df2
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
089f02c577
oops, use new value for new flag
2010-02-07 13:50:36 +00:00
Dr. Stephen Henson
c2bf720842
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
...
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:39:39 +00:00
Dr. Stephen Henson
17ebc10ffa
PR: 2161
...
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.
Make no-dsa, no-ecdsa and no-rsa compile again.
2010-02-02 13:35:27 +00:00
Dr. Stephen Henson
e92f9f45e8
Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and
...
later.
2010-01-26 14:29:06 +00:00
Dr. Stephen Henson
031c78901b
make update
2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
7e765bf29a
Traditional Yuletide commit ;-)
...
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:13:11 +00:00
Dr. Stephen Henson
e50858c559
PR: 2127
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check for lookup failures in EVP_PBE_CipherInit().
2009-12-17 15:27:57 +00:00
Dr. Stephen Henson
338a61b94e
Add patch to crypto/evp which didn't apply from PR#2124
2009-12-09 15:01:39 +00:00
Dr. Stephen Henson
fdb2c6e4e5
PR: 2124
...
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>
Check for memory allocation failures.
2009-12-09 13:38:05 +00:00
Dr. Stephen Henson
3d63b3966f
Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat
...
and is a pre-requisite to adding password based CMS support.
2009-11-25 22:01:06 +00:00
Dr. Stephen Henson
773b63d6f9
set engine to NULL after releasing it
2009-11-12 19:25:37 +00:00
Dr. Stephen Henson
fecef70773
Yes it is a typo ;-)
2009-10-01 12:17:44 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
cd4f7cddc7
Add more return value checking attributes to evp.h and hmac.h
2009-09-23 23:40:13 +00:00
Dr. Stephen Henson
acf20c7dbd
Add attribute to check if return value of certain functions is incorrectly
...
ignored.
2009-09-23 16:27:10 +00:00
Dr. Stephen Henson
3ed3603b60
Update default dependency flags.
...
Make error name discrepancies a fatal error.
Fix error codes.
make update
2009-08-12 17:30:37 +00:00
Dr. Stephen Henson
0f1d77a870
Fix error code.
2009-08-06 16:39:34 +00:00
Dr. Stephen Henson
c55d27ac33
Make update.
2009-07-08 09:19:53 +00:00
Dr. Stephen Henson
4e9de7aa3a
Delete MD2 from algorithm tables as in 0.9.8-stable. However since this is
...
a new branch we can also disable it by default.
2009-07-08 08:49:17 +00:00
Dr. Stephen Henson
9a6d8ee5b5
Update from 1.0.0-stable
2009-07-01 11:40:19 +00:00
Dr. Stephen Henson
f0288f05b9
Submitted by: Artem Chuprina <ran@cryptocom.ru>
...
Reviewed by: steve@openssl.org
Various GOST ciphersuite and ENGINE fixes. Including...
Allow EVP_PKEY_set_derive_peerkey() in encryption operations.
New flag when certificate verify should be omitted in client key exchange.
2009-06-16 16:38:47 +00:00
Dr. Stephen Henson
43e12b6f1c
Add ignored FIPS options to evp.h change clashing flag value.
2009-05-29 18:57:31 +00:00
Dr. Stephen Henson
d4f0339c66
Update from 1.0.0-stable.
2009-04-26 22:18:22 +00:00
Dr. Stephen Henson
ef236ec3b2
Merge from 1.0.0-stable branch.
2009-04-23 16:32:42 +00:00
Dr. Stephen Henson
e5fa864f62
Updates from 1.0.0-stable.
2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
e4e949192b
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
...
Reviewed by: steve@openssl.org
Check return codes properly in md BIO and dgst command.
2009-03-18 18:53:08 +00:00
Ben Laurie
2121f15daf
Use the right length (reported by Quanhong Wang).
2009-03-03 15:12:56 +00:00
Dr. Stephen Henson
a63bf2c53c
Make no-engine work again.
2009-02-15 15:28:18 +00:00
Ben Laurie
b3f3407850
Use new common flags and fix resulting warnings.
2009-02-15 14:08:51 +00:00
Ben Laurie
0eab41fb78
If we're going to return errors (no matter how stupid), then we should
...
test for them!
2008-12-29 16:11:58 +00:00
Andy Polyakov
5cabcf96e7
Fix "possible loss of data" Win64 compiler warnings.
2008-12-29 12:35:49 +00:00
Bodo Möller
7a76219774
Implement Configure option pattern "experimental-foo"
...
(specifically, "experimental-jpake").
2008-12-02 01:21:39 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
7b808412c9
Make -DKSSL_DEBUG work again.
2008-11-10 19:08:37 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Ben Laurie
f80921b6a6
Formatting.
2008-11-04 12:06:09 +00:00
Dr. Stephen Henson
70d71f6185
Fix warnings: printf format mismatches on 64 bit platforms.
...
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
2008-11-02 15:41:30 +00:00
Dr. Stephen Henson
c76fd290be
Fix warnings about mismatched prototypes, undefined size_t and value computed
...
not used.
2008-11-02 12:50:48 +00:00
Ben Laurie
5e4430e70d
More size_tification.
2008-11-01 16:40:37 +00:00
Andy Polyakov
b444ac3e6f
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
...
underlying cipher to be size_t-fied, it allows for size_t, signed and
unsigned long. It maintains source and even binary compatibility.
2008-10-31 19:48:25 +00:00
Dr. Stephen Henson
e19106f5fb
Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
...
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.
This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Dr. Stephen Henson
606f6c477a
Fix a shed load or warnings:
...
Duplicate const.
Use of ; outside function.
2008-10-20 15:12:00 +00:00
Ben Laurie
babb379849
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
Bodo Möller
2e415778f2
Don't use assertions to check application-provided arguments;
...
and don't unnecessarily fail on input size 0.
2008-08-14 21:37:51 +00:00
Geoff Thorpe
4c3296960d
Remove the dual-callback scheme for numeric and pointer thread IDs,
...
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Dr. Stephen Henson
d4cdbab99b
Avoid warnings with -pedantic, specifically:
...
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00
Geoff Thorpe
5f834ab123
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
...
version some time soon.
2008-07-03 19:59:25 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Geoff Thorpe
f7ccba3edf
There was a need to support thread ID types that couldn't be reliably cast
...
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
fe591284be
Update dependencies.
2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
8931b30d84
And so it begins...
...
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
0e1dba934f
1. Changes for s_client.c to make it return non-zero exit code in case
...
of handshake failure
2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).
3. Changes to EVP
- adding of function EVP_PKEY_CTX_get0_peerkey
- Make function EVP_PKEY_derive_set_peerkey work for context with
ENCRYPT operation, because we use peerkey field in the context to
pass non-ephemeral secret key to GOST encrypt operation.
- added EVP_PKEY_CTRL_SET_IV control command. It is really
GOST-specific, but it is used in SSL code, so it has to go
in some header file, available during libssl compilation
4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data
5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
make debugging output which depends on constants defined there, work
and other KSSL_DEBUG output fixes
6. Declaration of real GOST ciphersuites, two authentication methods
SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST
7. Implementation of these methods.
8. Support for sending unsolicited serverhello extension if GOST
ciphersuite is selected. It is require for interoperability with
CryptoPro CSP 3.0 and 3.6 and controlled by
SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
This constant is added to SSL_OP_ALL, because it does nothing, if
non-GOST ciphersuite is selected, and all implementation of GOST
include compatibility with CryptoPro.
9. Support for CertificateVerify message without length field. It is
another CryptoPro bug, but support is made unconditional, because it
does no harm for draft-conforming implementation.
10. In tls1_mac extra copy of stream mac context is no more done.
When I've written currently commited code I haven't read
EVP_DigestSignFinal manual carefully enough and haven't noticed that
it does an internal digest ctx copying.
This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Andy Polyakov
ebc06fba67
Bunch of constifications.
2007-10-13 15:51:32 +00:00
Andy Polyakov
71f4ea44eb
EVP_*_cfb1 was broken.
...
PR: 1318
2007-07-08 19:14:02 +00:00
Dr. Stephen Henson
18096abb29
Handle NULL parameter in some EVP utility functions.
2007-05-31 12:39:21 +00:00
Dr. Stephen Henson
e77dbf325f
Prepend signature name in dgst output.
2007-05-17 16:19:17 +00:00
Dr. Stephen Henson
e69adea539
New function EVP_PKEY_asn1_copy(). Use default MD if type param is NULL.
2007-05-15 23:52:03 +00:00
Bodo Möller
96afc1cfd5
Add SEED encryption algorithm.
...
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
18327cd0e4
Copy update callback across when copying EVP_MD_CTX.
...
Remove unnecessary reference to EVP_MD_CTX in HMAC pkey method.
2007-04-12 13:02:31 +00:00
Dr. Stephen Henson
2022cfe07e
New -mac and -macopt options to dgst utility. Reimplement -hmac option in
...
terms of new API.
2007-04-11 17:20:40 +00:00
Dr. Stephen Henson
74633553a9
Experimental HMAC support via EVP_PKEY_METHOD.
2007-04-11 12:33:06 +00:00
Dr. Stephen Henson
baecb96e8a
Fix digest signing so digest type is set after init.
2007-04-08 16:53:50 +00:00
Dr. Stephen Henson
6181f5e404
Preliminary support for signctx/verifyctx callbacks.
2007-04-08 13:03:26 +00:00
Ben Laurie
ab2d91bd6b
Don't copy from a nonexistent next. Coverity ID 47.
2007-04-05 17:23:51 +00:00
Dr. Stephen Henson
6e7ca5e1eb
Update from stable branch.
2007-02-27 18:43:42 +00:00
Nils Larsch
0d5ac5a738
allow EVP_PKEY_CTX_free(NULL)
2007-02-26 18:32:53 +00:00
Dr. Stephen Henson
52cfa39716
Add -hmac option to dgst from 0.9.7 stable branch.
2007-02-08 19:07:43 +00:00
Dr. Stephen Henson
560b79cbff
Constify version strings and some structures.
2007-01-21 13:07:17 +00:00
Nils Larsch
b0ec114685
fix order
...
PR: 1442
2006-12-21 19:50:48 +00:00
Nils Larsch
06e2dd037e
add support for ecdsa-with-sha256 etc.
2006-12-20 08:58:54 +00:00
Nils Larsch
34f0a19309
remove trailing '\'
...
PR: 1438
2006-12-19 19:49:02 +00:00
Nils Larsch
7806f3dd4b
replace macros with functions
...
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:54:57 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Ben Laurie
84948b39df
Fix various warnings.
2006-11-08 09:45:12 +00:00
Dr. Stephen Henson
02c9b66a6c
Fix C++ style comments, change assert to OPENSSL_assert, stop warning with
...
pedantic mode.
2006-08-31 20:56:20 +00:00
Ben Laurie
777c47acbe
Make things static that should be. Declare stuff in headers that should be.
...
Fix warnings.
2006-08-28 17:01:04 +00:00
Dr. Stephen Henson
5c95c2ac23
Fix various error codes to match functions.
2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
29cf84c692
New docs for EVP_Digest{Sign,Verify}*() function. Update existing docs.
2006-07-12 12:31:30 +00:00
Dr. Stephen Henson
b7683e3a5d
Allow digests to supply S/MIME micalg values from a ctrl.
...
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Dr. Stephen Henson
0ee2166cc5
New functions to add and free up application defined signature OIDs.
2006-07-09 16:05:43 +00:00
Dr. Stephen Henson
5ba4bf35c5
New functions to enumerate digests and ciphers.
2006-07-09 00:53:45 +00:00
Andy Polyakov
975efcbaee
Typos(?) in HEAD/crypto/evp/p_lib.c.
2006-07-04 20:27:44 +00:00
Dr. Stephen Henson
86207c1960
Make return value from EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() consistent.
2006-07-02 21:12:40 +00:00
Dr. Stephen Henson
944f858021
Fix EVP_PKEY_CTX_dup() to return correct value and handle NULL keys in
...
the source.
2006-06-27 17:23:24 +00:00
Bodo Möller
dd030860c4
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-11 01:09:07 +00:00
Bodo Möller
f3dea9a595
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Dr. Stephen Henson
01b8b3c7d2
Complete EVP_PKEY_ASN1_METHOD ENGINE support.
2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
e18e3eba76
Make update.
2006-06-02 17:54:47 +00:00
Dr. Stephen Henson
1892c8bf97
Extend default method string to include public key methods.
...
Add missing prototypes.
Fix engine method lookup.
2006-06-02 13:09:59 +00:00
Dr. Stephen Henson
5e428e7d0d
Typo.
2006-06-02 12:37:02 +00:00
Dr. Stephen Henson
c9777d2659
Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
...
implementations and functional reference counting when a context
is allocated, free or copied.
2006-06-02 12:33:39 +00:00
Dr. Stephen Henson
e0c1ea9038
Fix error code. make update
2006-06-01 12:43:39 +00:00
Dr. Stephen Henson
b28dea4e10
New pkey functions for keygen callbacks and retrieving operation type.
2006-05-31 17:34:14 +00:00
Dr. Stephen Henson
3207e61222
Add prototypes, update Win32 ordinals.
2006-05-25 11:44:05 +00:00
Dr. Stephen Henson
3a828611e9
Update EVP_MD_CTX_copy_ex() to use EVP_PKEY_CTX_dup().
2006-05-25 00:55:00 +00:00
Dr. Stephen Henson
8bdcef40e4
New function to dup EVP_PKEY_CTX. This will be needed to make new signing
...
functions and EVP_MD_CTX_copy work properly.
2006-05-24 23:49:30 +00:00
Dr. Stephen Henson
91c9e62123
New functions for enchanced digest sign/verify.
2006-05-24 17:30:09 +00:00
Dr. Stephen Henson
0e3453536e
Fix warnings.
2006-05-24 13:29:32 +00:00
Dr. Stephen Henson
eaff5a1412
Use size_t for new crypto size parameters.
2006-05-24 12:33:46 +00:00
Dr. Stephen Henson
0965991600
Add ctrl to EVP_MD and EVP_PKEY_CTX to EVP_MD_CTX. These will be used
...
for enhanced sign/verify operations.
2006-05-22 13:01:01 +00:00
Dr. Stephen Henson
a620626a33
Code tidy.
2006-05-18 18:06:03 +00:00
Dr. Stephen Henson
3ef3e07a49
make update
2006-05-18 17:22:31 +00:00
Dr. Stephen Henson
1631d5f9b9
HMAC OIDs from RFC4231.
2006-05-17 12:27:45 +00:00
Dr. Stephen Henson
6d3a1eac3b
Add PRF preference ctrl to ciphers.
2006-05-15 18:35:13 +00:00
Dr. Stephen Henson
b8f702a0af
Change builting PBE to use static table. Add entries for HMAC and MD5, GOST.
2006-05-15 17:34:36 +00:00
Dr. Stephen Henson
856640b54f
Extend PBE code to support non default PKCS#5 v2.0 PRFs.
2006-05-14 18:40:53 +00:00
Dr. Stephen Henson
7f57b076a6
New functions to get key types without dereferncing EVP_PKEY.
...
More error checking for RSA pmeth.
2006-05-11 21:33:00 +00:00
Dr. Stephen Henson
399a6f0bd1
Update PKCS#7 enveloped data to new API.
2006-05-08 12:44:25 +00:00
Dr. Stephen Henson
03919683f9
Add support for default public key digest type ctrl.
2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
b46343583c
Update EVP_PKEY_cmp() and X509_check_private() to return sensible values and
...
handle unsupported key types.
2006-04-28 12:27:37 +00:00
Dr. Stephen Henson
a78568b7e9
Replace RSA specific PKCS7_RECIP_INFO set up with an public key algorithm
...
ctrl.
2006-04-27 18:20:34 +00:00
Dr. Stephen Henson
81cebb8b79
Add prototypes and pkey accessor function for EVP_PKEY_CTX.
2006-04-26 11:52:36 +00:00
Dr. Stephen Henson
cddaba8ede
Add 'flags' parameter to EVP_PKEY_asn1_meth_new() to set algorithm flags.
2006-04-21 17:38:58 +00:00
Nils Larsch
f8296228f1
as we encrypt every bit separately we need to loop through the number
...
of bits; thanks to Michael McDougall <mmcdouga@saul.cis.upenn.edu>
PR: 1318
2006-04-20 13:11:52 +00:00
Dr. Stephen Henson
ee1d9ec019
Remove link between digests and signature algorithms.
...
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
614b448a67
Remove comment from SSLeay days about EVP_PKEY_METHOD.
2006-04-19 12:16:58 +00:00
Dr. Stephen Henson
492a9e2415
Allow public key ASN1 methods to set PKCS#7 SignerInfo structures.
2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
c20276e4ae
Fix (most) WIN32 warnings and errors.
2006-04-17 12:08:22 +00:00
Dr. Stephen Henson
9ca7047d71
Provisional support for EC pkey method, supporting ECDH and ECDSA.
2006-04-16 16:15:59 +00:00
Dr. Stephen Henson
b010b7c434
Use more flexible method of determining output length, by setting &outlen
...
value of the passed output buffer is NULL.
The old method of using EVP_PKEY_size(pkey) isn't flexible enough to cover all
cases where the output length may depend on the operation or the parameters
associated with it.
2006-04-15 18:50:56 +00:00
Dr. Stephen Henson
9dc17a2536
Fix from 0.9.7-stable branch.
2006-04-15 17:43:43 +00:00
Dr. Stephen Henson
ba30bad57b
Add functions to allow setting and adding external EVP_PKEY_METHOD.
2006-04-14 12:41:35 +00:00
Dr. Stephen Henson
ffb1ac674c
Complete key derivation support.
2006-04-13 20:16:56 +00:00
Dr. Stephen Henson
3be34589e8
Update dependencies.
2006-04-13 13:00:45 +00:00
Dr. Stephen Henson
d87e615209
Add key derivation support.
2006-04-13 12:56:41 +00:00
Dr. Stephen Henson
3ba0885a3e
Extend DH ASN1 method, add DH EVP_PKEY_METHOD.
2006-04-12 23:51:24 +00:00
Dr. Stephen Henson
c927df3fa1
Initial DSA EVP_PKEY_METHOD. Fixup some error codes.
2006-04-12 10:20:47 +00:00
Dr. Stephen Henson
f5cda4cbb1
Initial keygen support.
2006-04-11 13:28:52 +00:00
Dr. Stephen Henson
29db322e8f
Beginnings of PSS support.
2006-04-10 11:48:35 +00:00
Dr. Stephen Henson
716630c0eb
Change operation values so they can be used as a mask.
...
Fix rsa_pkey_method.
2006-04-10 11:16:11 +00:00
Dr. Stephen Henson
75d44c0452
Store digests as EVP_MD instead of a NID.
...
Add digest size sanity checks.
2006-04-09 21:24:48 +00:00
Dr. Stephen Henson
a58a636838
Constification.
2006-04-09 20:53:19 +00:00
Dr. Stephen Henson
b2a97be7f4
Support for digest signing and X931 in rsa_pkey_meth.
2006-04-09 19:17:25 +00:00
Dr. Stephen Henson
4a3dc3c0e3
Add RSA ctrl for padding mode, add ctrl support in pkeyutl.
2006-04-09 12:42:09 +00:00
Dr. Stephen Henson
07e970c7e6
Initial functions for RSA EVP_PKEY_METHOD.
...
Update dependencies.
2006-04-08 00:15:07 +00:00
Dr. Stephen Henson
d1aa0d38c5
If <operatio>_init function is zero interpret as noop.
2006-04-07 23:11:49 +00:00
Dr. Stephen Henson
9e4d0f0be2
New utility 'pkeyutl' a general purpose version of 'rsautl'.
2006-04-07 19:33:28 +00:00
Dr. Stephen Henson
cd7638980a
Include EVP_PKEY argument in EVP_PKEY_CTX_new(). This avoids the
...
need for a separate EVP_PKEY parameter in the other operation
initialization routines.
2006-04-07 17:28:56 +00:00
Dr. Stephen Henson
f733a5ef0e
Initial functions for main EVP_PKEY_METHOD operations.
...
No method implementations yet.
2006-04-07 16:42:09 +00:00
Dr. Stephen Henson
5da98aa687
Updated to EVP_PKEY_METHOD code... still doesn't do much.
2006-04-06 17:32:43 +00:00
Dr. Stephen Henson
0b6f3c66cd
Initial definitions and a few functions for EVP_PKEY_METHOD: an extension
...
of the EVP routines to public key algorithms.
2006-04-06 13:02:06 +00:00
Dr. Stephen Henson
e46691a0bc
New function to add dynamic alias.
2006-04-05 13:24:19 +00:00
Dr. Stephen Henson
732a40e107
Last arg to EVP_PKEY_assign() should be void *.
2006-04-05 13:04:02 +00:00
Dr. Stephen Henson
0b33dac310
New function to retrieve ASN1 info on public key algorithms. New command
...
line option to print out info.
2006-04-04 18:16:03 +00:00
Dr. Stephen Henson
42eae426df
Add missing function declaration.
2006-03-29 12:18:26 +00:00
Dr. Stephen Henson
246e09319c
Fix bug where freed OIDs could be accessed in EVP_cleanup() by
...
defering freeing in OBJ_cleanup().
2006-03-28 17:23:48 +00:00
Dr. Stephen Henson
db98bbc114
Initial support for generalized public key parameters.
2006-03-24 13:46:58 +00:00
Dr. Stephen Henson
e42633140e
Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD.
2006-03-23 18:02:23 +00:00
Dr. Stephen Henson
d82e2718e2
Add information and pem strings. Update dependencies.
2006-03-23 11:54:51 +00:00
Dr. Stephen Henson
18e377b4ff
Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to
...
initialize it. Initial support for application added public key ASN1.
2006-03-22 17:59:49 +00:00
Dr. Stephen Henson
35208f368c
Gather printing routines into EVP_PKEY_ASN1_METHOD.
2006-03-22 13:09:35 +00:00
Richard Levitte
c788e59365
VMS doesn't support includes of paths very well.
2006-03-22 11:26:57 +00:00
Dr. Stephen Henson
6f81892e6b
Transfer parameter handling and key comparison to algorithm methods.
2006-03-20 17:56:05 +00:00
Dr. Stephen Henson
448be74335
Initial support for pluggable public key ASN1 support. Process most public
...
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
2006-03-20 12:22:24 +00:00
Nils Larsch
33af4421f2
remove unnecessary code
2006-03-18 14:22:20 +00:00
Dr. Stephen Henson
c1facbb681
Check EVP_DigestInit_ex() return value in EVP_BytesToKey().
2006-03-01 21:17:13 +00:00
Dr. Stephen Henson
15ac971681
Update filenames in makefiles.
2006-02-04 01:45:59 +00:00
Dr. Stephen Henson
b40228a61d
New functions to support opaque EVP_CIPHER_CTX handling.
2005-12-02 13:46:39 +00:00
Dr. Stephen Henson
200fc02848
Include EVP_whirlpool() prototype in evp.h
2005-12-02 13:25:52 +00:00
Andy Polyakov
8b9afce53a
Add Whirlpool to EVP.
2005-11-30 20:57:23 +00:00
Nils Larsch
8215e7a938
fix warnings when building openssl with the following compiler options:
...
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused
-Wno-unused-parameter -Wuninitialized
2005-08-28 22:49:57 +00:00
Nils Larsch
c755c5fd8b
improved error checking and some fixes
...
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 21:10:34 +00:00
Nils Larsch
b554eef43b
the final byte of a pkcs7 padded plaintext can never be 0
...
Submitted by: K S Sreeram <sreeram@tachyontech.net>
2005-07-20 22:03:36 +00:00
Nils Larsch
3eeaab4bed
make
...
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
2005-07-16 12:37:36 +00:00
Richard Levitte
0fc6b2c9e2
Do no try to pretend we're at the end of anything unless we're at the end
...
of a 4-character block.
2005-06-20 22:11:14 +00:00
Nils Larsch
63d740752f
changes from 0.9.8
2005-05-31 18:22:53 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341
ecc api cleanup; summary:
...
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
b6995add5c
Make -CSP option work again in pkcs12 utility by checking for
...
attribute in EVP_PKEY structure.
2005-05-15 00:54:45 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Nils Larsch
8b15c74018
give EC_GROUP_new_by_nid a more meanigful name:
...
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Nils Larsch
7dc17a6cf0
give EC_GROUP_*_nid functions a more meaningful name
...
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
EC_GROUP_set_nid -> EC_GROUP_set_curve_name
2005-05-08 22:09:12 +00:00
Andy Polyakov
405d9761a5
Allow for ./config no-sha0 [from stable].
2005-04-30 21:51:41 +00:00
Dr. Stephen Henson
a93b01be57
Increase offset for BIO_f_enc() to avoid problems with overlapping buffers
...
when decrypting data.
2005-04-28 00:21:29 +00:00
Bodo Möller
2e7245f5a3
Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
...
PR: 959
2005-04-25 23:09:00 +00:00
Ben Laurie
b5855b2f32
Add prototypes.
2005-04-22 23:57:46 +00:00
Richard Levitte
7c671508bd
Avoid compiler complaint about mismatched function signatures
...
(void * != RSA *)
2005-04-20 10:02:16 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Nils Larsch
70f34a5841
some const fixes and cleanup
2005-04-05 10:29:43 +00:00
Ben Laurie
73705abc34
If input is bad, we still need to clear the buffer.
2005-04-03 16:38:22 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Nils Larsch
41e455bfc4
test, remove unnecessary const cast
2005-03-22 17:55:18 +00:00
Bodo Möller
9f6715d4bb
"make depend". This takes into account the algorithms that are now
...
disabled by default (MDC2 and RC5), which until now were skipped
by "make links" and yet supposedly required by some of the Makefiles,
meaning that the recent snapshots failed to compile.
Problem reported by Nils Larsch.
2005-03-13 19:49:47 +00:00
Dr. Stephen Henson
a0e7c8eede
Add lots of checks for memory allocation failure, error codes to indicate
...
failure and freeing up memory if a failure occurs.
PR:620
2004-12-05 01:03:15 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Andy Polyakov
2b247cf81f
OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a
...
symbol, but a macro expanded as (*(OPENSSL_ia32cap_loc())). The latter
is the only one to be exported to application.
2004-08-29 16:36:05 +00:00
Andy Polyakov
746fc2526f
Fix compiler warnings in crypto/evp/bio_ok.c as pointed out by Geoff.
2004-08-29 16:19:27 +00:00
Dr. Stephen Henson
c128bb0fa2
Don't ignore return value of EVP_DigestInit_ex() in md BIOs and dgst utility.
2004-08-05 18:09:50 +00:00
Andy Polyakov
14e21f863a
Add framework for yet another assembler module dubbed "cpuid." Idea
...
is to have a placeholder to small routines, which can be written only
in assembler. In IA-32 case this includes processor capability
identification and access to Time-Stamp Counter. As discussed earlier
OPENSSL_ia32cap is introduced to control recently added SSE2 code
pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the
code is operational on ELF platforms only. I haven't checked it yet,
but I have all reasons to believe that Windows build should fail to
link too. I'll be looking into it shortly...
2004-07-26 20:18:55 +00:00
Andy Polyakov
0f71b77d5c
Make bio_ok.c Microsoft compiler savvy.
2004-07-25 20:13:30 +00:00
Andy Polyakov
3205db2bfe
Make bio_ok.c 64-bit savvy.
2004-07-25 19:37:41 +00:00
Richard Levitte
5906e8d5fe
I think it could be a good thing to know what went wrong with the tests...
2004-07-12 12:25:54 +00:00
Dr. Stephen Henson
c39c32dd65
PKCS#8 fixes from stable branch.
2004-07-04 16:44:52 +00:00
Andy Polyakov
31c2ac1cdc
EVP bindings to new SHA algorithms.
2004-05-31 13:14:08 +00:00
Geoff Thorpe
9c52d2cc75
After the latest round of header-hacking, regenerate the dependencies in
...
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
0f814687b9
Deprecate the recursive includes of bn.h from various API headers (asn1.h,
...
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Geoff Thorpe
7771b6c5b5
This file implements various functions that have since been redefined as
...
macros. I'm removing this from the NO_DEPRECATED build.
2004-05-15 18:26:15 +00:00
Andy Polyakov
9e0aad9fd6
size_t-fication of message digest APIs. We should size_t-fy more APIs...
2004-05-15 11:29:55 +00:00
Richard Levitte
1c7a0e2856
Reimplement old functions, so older software that link to libcrypto
...
don't crash and burn.
2004-05-14 17:56:30 +00:00
Geoff Thorpe
c57bc2dc51
make update
2004-04-19 18:33:41 +00:00
Geoff Thorpe
60a938c6bc
(oops) Apologies all, that last header-cleanup commit was from the wrong
...
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Geoff Thorpe
3a87a9b9db
Reduce header interdependencies, initially in engine.h (the rest of the
...
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
2004-04-19 17:46:04 +00:00
Richard Levitte
ab23d5ffda
Add symbol hacks for some long names.
...
make update
2004-03-29 08:13:49 +00:00
Dr. Stephen Henson
216659eb87
Enhance EVP code to generate random symmetric keys of the
...
appropriate form, for example correct DES parity.
Update S/MIME code and EVP_SealInit to use new functions.
PR: 700
2004-03-28 17:38:00 +00:00
Richard Levitte
875a644a90
Constify d2i, s2i, c2i and r2i functions and other associated
...
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Dr. Stephen Henson
d4575825f1
Add flag to avoid continuous
...
memory allocate when calling EVP_MD_CTX_copy_ex().
Without this HMAC is several times slower than
< 0.9.7.
2004-02-01 13:39:51 +00:00
Richard Levitte
8d1ebe0bd1
Add the missing parts for DES CFB1 and CFB8.
...
Add the corresponding AES parts while I'm at it.
make update
2004-01-28 19:05:35 +00:00
Andy Polyakov
8c6336b0aa
CFB DES sync-up with FIPS branch.
2004-01-27 21:47:35 +00:00
Richard Levitte
112341031b
Correct documentation typos.
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 15:04:54 +00:00
Richard Levitte
79b42e7654
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d
Use BUF_strlcpy() instead of strcpy().
...
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Richard Levitte
2fe9ab8e20
It was pointed out to me that if the requested size is 0, we shouldn't
...
ty to allocate anything at all. This will allow eNULL to still work.
PR: 751
Notified by: Lutz Jaenicke
2003-12-01 13:25:37 +00:00
Richard Levitte
1145e03870
Check that OPENSSL_malloc() really returned some memory.
...
PR: 751
Notified by: meder@mcs.anl.gov
Reviewed by: Lutz Jaenicke, Richard Levitte
2003-12-01 12:11:55 +00:00
Geoff Thorpe
2754597013
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
...
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Richard Levitte
5b6e7c8c65
Inclusion of openssl/engine.h should always be wrapped with a check that
...
OPENSSL_NO_ENGINE is not defined.
2003-08-04 10:12:36 +00:00
Bodo Möller
ada0e717fa
new function EC_GROUP_cmp() (used by EVP_PKEY_cmp())
...
Submitted by: Nils Larsch
2003-07-21 13:43:28 +00:00
Richard Levitte
eb3d68c454
Nils Larsch told me I could remove that variable entirely.
2003-06-26 11:52:23 +00:00
Richard Levitte
d55141ed7a
"Remove" unused variable
2003-06-26 10:23:00 +00:00
Bodo Möller
0fbffe7a71
implement PKCS #8 / SEC1 private key format for ECC
...
Submitted by: Nils Larsch
2003-06-25 21:35:05 +00:00
Richard Levitte
d1465bac90
make update
2003-05-01 04:10:32 +00:00
Richard Levitte
1a0c1f9052
make update
2003-04-10 20:11:09 +00:00
Richard Levitte
43eb3b0130
We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form
...
of unneeded includes of openssl/engine.h.
2003-04-08 06:00:05 +00:00
Richard Levitte
7b36590b17
What was I smoking? EVP_PKEY_cmp() should return with 0 if
...
EVP_PKEY_cmp_parameters() returned 0, otherwise it should
go on processing the public key component. Thia has nothing
to do with the proper handling of EC parameters or not.
2003-04-07 10:15:32 +00:00
Richard Levitte
a8b728445c
Correct a typo.
...
Have EVP_PKEY_cmp() call EVP_PKEY_cmp_parameters(), and make a note
about the lack of parameter comparison for EC.
2003-04-07 10:09:44 +00:00
Richard Levitte
af0f0f3e8f
Constify
2003-04-06 15:31:18 +00:00
Richard Levitte
8d570498a2
Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined.
...
PR: 564
2003-04-05 21:21:26 +00:00
Richard Levitte
e6526fbf4d
Add functionality to help making self-signed certificate.
2003-04-03 22:27:24 +00:00
Richard Levitte
be9bec9bc7
Make sure we get the definition of OPENSSL_NO_RSA.
2003-03-20 23:34:28 +00:00
Richard Levitte
9c35452842
Make sure we get the definition of OPENSSL_NO_HMAC and OPENSSL_NO_SHA.
2003-03-20 23:34:08 +00:00
Richard Levitte
69104cdf34
Make sure we get the definition of OPENSSL_NO_SHA.
2003-03-20 23:32:16 +00:00
Richard Levitte
dfefdb41f7
Make sure we get the definition of OPENSSL_NO_RIPEMD.
2003-03-20 23:31:56 +00:00
Richard Levitte
cd6ab56da0
Make sure we get the definition of OPENSSL_NO_MDC2.
2003-03-20 23:31:44 +00:00
Richard Levitte
c988c9b839
Make sure we get the definition of OPENSSL_NO_MD5.
2003-03-20 23:31:34 +00:00
Richard Levitte
bff8e1dddb
Make sure we get the definition of OPENSSL_NO_MD4.
2003-03-20 23:31:24 +00:00
Richard Levitte
641e6ef2cb
Make sure we get the definition of OPENSSL_NO_MD2.
2003-03-20 23:30:04 +00:00
Richard Levitte
9e9e8cb6a8
Make sure we get the definition of OPENSSL_NO_DES.
2003-03-20 23:29:38 +00:00
Richard Levitte
f118514501
Make sure we get the definition of OPENSSL_NO_RC5.
2003-03-20 23:29:26 +00:00
Richard Levitte
39c4b7092c
Make sure we get the definition of OPENSSL_NO_RC4.
2003-03-20 23:29:17 +00:00
Richard Levitte
c7e7fc3ee4
Make sure we get the definition of OPENSSL_NO_RC2.
2003-03-20 23:29:06 +00:00
Richard Levitte
786b0075d5
Make sure we get the definition of OPENSSL_NO_IDEA.
2003-03-20 23:28:55 +00:00
Richard Levitte
fb10590910
Make sure we get the definition of OPENSSL_NO_CAST.
2003-03-20 23:28:27 +00:00
Richard Levitte
abf21308d2
Make sure we get the definition of OPENSSL_NO_BF.
2003-03-20 23:28:16 +00:00
Richard Levitte
8c84b677e2
Make sure we get the definition of OPENSSL_NO_AES.
2003-03-20 23:28:03 +00:00
Dr. Stephen Henson
90e8a3102b
Fixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE.
2003-03-12 02:31:40 +00:00
Dr. Stephen Henson
b8dc9693a7
Encryption BIOs misbehave when used with non blocking I/O.
...
Two fixes:
1. If BIO_write() fails inside enc_write() it should return the
total number of bytes successfully written.
2. If BIO_write() fails during BIO_flush() it should return immediately
with the error code: previously it would fall through to the final
encrypt, corrupting the buffer.
2003-02-27 14:07:59 +00:00
Bodo Möller
5c9a9c9c33
include OpenSSL license (in addition to EAY license)
2003-02-24 17:15:28 +00:00
Ulf Möller
b4f43344d5
Copy rather than symlink the test data.
...
This is needed because Windows doesn't support symlinks.
The Cygwin/MinGW build now passes "make test".
2003-02-22 22:19:48 +00:00
Dr. Stephen Henson
5562cfaca4
Base64 bio fixes. The base64 bio was seriously broken
...
when reading from a non blocking BIO.
It would incorrectly interpret retries as EOF, incorrectly
buffer initial data and have no buffering at all after initial
data (data would be sent one byte at a time to EVP_DecodeUpdate).
2003-02-22 02:12:52 +00:00
Dr. Stephen Henson
5672e3a321
Fix bug in base64 bios during write an non blocking I/O:
...
if the write fails when flushing the buffer return the
value to the application so it can retry.
2003-02-20 13:37:48 +00:00
Bodo Möller
37c660ff9b
implement fast point multiplication with precomputation
...
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2003-02-06 19:25:12 +00:00
Ben Laurie
33cc07f79a
Fix warning.
2003-02-01 20:55:29 +00:00
Richard Levitte
5fe11c7533
The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That's
...
bad, so let's not check OPENSSL_NO_ENGINE in those places. Fortunately, all
the header files where the problem existed include ossl_typ.h, which makes
a 'forward declaration' of the ENGINE type.
2003-01-30 18:52:46 +00:00
Richard Levitte
0b13e9f055
Add the possibility to build without the ENGINE framework.
...
PR: 287
2003-01-30 17:39:26 +00:00
Dr. Stephen Henson
59ae8c9419
EVP_DecryptInit() should call EVP_CipherInit() not EVP_CipherInit_ex().
2003-01-17 00:48:47 +00:00
Richard Levitte
c00cee00fd
FreeBSD has /dev/crypto as well.
...
PR: 462
2003-01-16 18:29:30 +00:00
Richard Levitte
5e42f9ab46
make update
2002-12-29 01:38:15 +00:00
Richard Levitte
7acf00a633
Finally get rid of all the algorithm inclusions that were done from
...
evp.h.
Application authors BEWARE! If you have had the habit to count on
evp.h to provide all those lower-level algorithm functions, you need
to think again! Please change your programs NOW, or you will be sorry
when 0.9.8 gets release (it's quite some time away...).
2002-12-29 01:37:35 +00:00
Richard Levitte
3dda0dd2a2
Some compilers are quite picky about non-void functions that don't return
...
anything.
2002-12-06 08:50:06 +00:00
Richard Levitte
848f735ae4
EXIT() needs to be in a function that returns int.
2002-12-01 01:23:35 +00:00
Richard Levitte
43d601641f
A few more memset()s converted to OPENSSL_cleanse().
...
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
2002-11-29 11:30:45 +00:00
Richard Levitte
55f78baf32
Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
...
always give the expected result on some platforms.
2002-11-28 18:54:30 +00:00
Richard Levitte
4579924b7e
Cleanse memory using the new OPENSSL_cleanse() function.
...
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Bodo Möller
8ee4845b65
'broken' PKCS #8 format does not apply to ECDSA
...
Submitted by: Nils Larsch
2002-10-28 14:13:38 +00:00
Richard Levitte
001ab3abad
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Richard Levitte
293d5082c7
The OpenBSD project has replaced the first implementation of the /dev/crypto
...
engine with something they claim is better. I have nothing to compare to,
and I assume they know what they're talking about. The interesting part with
this one is that it's loaded by default on OpenBSD systems.
This change was originally introduced in OpenBSD's tracking of OpenSSL.
2002-10-02 00:19:33 +00:00
Bodo Möller
64376cd8ff
'EC' vs. 'ECDSA'
...
Submitted by: Nils Larsch
2002-08-16 11:19:07 +00:00
Dr. Stephen Henson
3f6db7f518
Fix block_size field for CFB and OFB modes: it should be 1.
2002-08-16 01:53:24 +00:00
Bodo Möller
5488bb6197
get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
...
Submitted by: Nils Larsch
2002-08-12 08:47:41 +00:00
Bodo Möller
74cc4903ef
make update
2002-08-09 12:16:15 +00:00
Bodo Möller
14a7cfb32a
use a generic EC_KEY structure (EC keys are not ECDSA specific)
...
Submitted by: Nils Larsch
2002-08-07 10:49:54 +00:00
Lutz Jänicke
3aecef7697
"make update"
2002-07-30 12:44:33 +00:00
Bodo Möller
5dbd3efce7
Replace 'ecdsaparam' commandline utility by 'ecparam'
...
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Lutz Jänicke
7b63c0fa8c
Reorder inclusion of header files:
...
des_old.h redefines crypt:
#define crypt(b,s)\
DES_crypt((b),(s))
This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
2002-07-10 07:01:54 +00:00
Richard Levitte
17085b022c
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Richard Levitte
4942ef6f0e
A number of includes were removed from evp.h some time ago. The reason
...
was that they weren't really needed any more for EVP itself. However,
it seems like soma applications (I know about OpenSSH, but there may
be more) used evp.h as the 'load all' header file, which makes sense
since we try our best to promote the use of EVP instead of the lower
level crypto algorithms. Therefore, I put the inclusions back so
the application authors don't get too shocked by all the errors they
would otherwise get.
Thanks to Theo de Raadt for making us aware of this.
2002-06-27 05:03:00 +00:00
Lutz Jänicke
bdb6171334
OpenSSL_add_all_algorithms has been replaced by configuration dependent
...
functions and is redirected by macros. Switch it off now, possible removal
later.
2002-06-16 10:18:25 +00:00
Lutz Jänicke
65ee74fbc7
Some more prototype fixes.
...
Use DECLARE macros in asn1* instead of direct declaration.
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by:
PR: 89
2002-06-14 19:01:52 +00:00
Richard Levitte
6631a7e7f1
use sstrsep() to get the proper type to aoti().
...
Remove unneeded cast in ustrsep().
PR: 69
2002-06-03 15:27:46 +00:00
Richard Levitte
78055aa6a5
Add the AES test vectors from NIST document SP800-38A.
2002-05-31 13:13:43 +00:00
Richard Levitte
e6bd5e8a6d
Make it possible to give vectors only for decryption or encryption.
2002-05-31 13:12:49 +00:00
Richard Levitte
94f1b50c0f
For CFB and OFB modes, always create the encryption key.
2002-05-31 13:11:44 +00:00
Richard Levitte
bd54d55c1d
Declare the CFB and OFB modes for AES, and prepare for a declaration
...
of CTR mode.
2002-05-31 13:08:53 +00:00
Richard Levitte
9cdf87f194
Check the return values where memory allocation failures may happen.
...
PR: 49
2002-05-30 16:47:45 +00:00
Bodo Möller
46ffee4792
fix EVP_dsa_sha macro
...
Submitted by: Nils Larsch
2002-05-16 12:51:18 +00:00
Dr. Stephen Henson
544a2aea4b
Zero cipher_data in EVP_CIPHER_CTX_cleanup
...
Add cleanup calls to evp_test.c
Allow reuse of cipher contexts by removing
automatic cleanup in EVP_*Final().
2002-05-15 18:49:25 +00:00
Dr. Stephen Henson
e9ba69631b
EVP_SealFinal should return a value.
2002-05-11 17:37:08 +00:00
Lutz Jänicke
2940a1298e
Fix CRLF problem in BASE64 decode.
2002-04-15 09:55:40 +00:00
Bodo Möller
d0561b5c2d
fix ECDSA handling
...
Submitted by: Nils Larsch
2002-04-09 12:01:21 +00:00
Dr. Stephen Henson
3e268d2717
Ensure EVP_CipherInit() uses the correct encode/decode parameter if
...
enc == -1
[Reported by Markus Friedl <markus@openbsd.org>]
Fix typo in dh_lib.c (use of DSAerr instead of DHerr).
2002-03-16 23:20:05 +00:00
Dr. Stephen Henson
de941e289e
Initialize cipher context in KRB5
...
("D. Russell" <russelld@aol.net>)
Allow HMAC functions to use an alternative ENGINE.
2002-03-14 18:22:23 +00:00
Bodo Möller
690ecff795
Fixes for 'no-hw' combined with 'no-SOME_CIPHER'.
...
Fix dsaparam usage output.
Submitted by: Nils Larsch
2002-03-14 09:52:03 +00:00
Dr. Stephen Henson
bf6a9e66d6
Make ciphers and digests obtain an ENGINE functional reference
...
if impl is explicitly supplied.
2002-03-09 18:58:05 +00:00
Richard Levitte
87ebdd8a71
VMS addaptation, including a few more long names that needed hacking.
2002-02-28 13:17:40 +00:00
Richard Levitte
26414ee013
Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated
2002-02-28 12:42:19 +00:00
Richard Levitte
0d7b9b8b7e
make update, after moving around symbols in libeay.num to match
...
0.9.7-stable.
2002-02-26 14:41:29 +00:00
Dr. Stephen Henson
a3829cb720
Updates from stable branch.
2002-02-23 13:50:29 +00:00
Dr. Stephen Henson
e84be9b495
New OPENSSL_LOAD_CONF define to load openssl.cnf
...
when OpenSSL_add_all_algorithms() is called.
2002-02-23 01:00:44 +00:00
Richard Levitte
5b7848a345
Add comfy aliases for AES in CBC mode.
2002-02-20 17:59:49 +00:00
Richard Levitte
236be53269
gcc figures that the format specifier %2x means unsigned int, so let's
...
make n unsigned.
2002-02-20 13:50:36 +00:00
Richard Levitte
a6cd870784
The AES modes OFB and CFB are defined with 128 feedback bits. This
...
deviates from the "standard" 64 bits of feedback that all other
algorithms are using. Therefore, let's redo certain EVP macros to
accept different amounts of feedback bits for these modes.
Also, change e_aes.c to provide all usually available modes for AES.
CTR isn't included yet.
2002-02-16 12:39:07 +00:00
Bodo Möller
6cc3700314
don't call OPENSSL_config(), this does not make any sense during "make test"
2002-02-14 13:51:20 +00:00
Bodo Möller
4d94ae00d5
ECDSA support
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Richard Levitte
de2f6e4dae
'make update'
2002-02-05 17:34:58 +00:00
Lutz Jänicke
2a81428489
Remove blanks at begin of empty lines irritating epv_test.c
2002-01-26 15:24:38 +00:00
Geoff Thorpe
f1c2a9de45
The 'type' parameter, an EVP_MD pointer, represents the type of digest
...
required as well as a default implementation (when no ENGINE provides a
replacement implementation). This change makes sure the correct
implementation's "init()" handler is used rather than assuming 'type'.
2002-01-25 03:13:50 +00:00
Richard Levitte
52b66a622d
Keep the NIST AES vectors that were there previously.
2002-01-24 18:09:50 +00:00
Richard Levitte
fe19c448f0
make update
...
libeay.num got tweaked so the old des symbols would retain their
positions.
2002-01-24 12:31:54 +00:00
Richard Levitte
7389c848d4
Use FIPS-197 vectors for AES. The NIST vectors were constructed by
...
reencrypting or redecrypting the ciphertext 10000 times, which of
course gives higly different results.
2002-01-21 17:55:38 +00:00
Richard Levitte
4d393410f3
Add more of the NIST test vectors for AES.
...
For some reason, they give incorrect results with the OpenSSL
implementation. I wonder why...
2002-01-21 16:09:45 +00:00
Ben Laurie
9dd5ae6553
Constification, add config to /dev/crypto.
2002-01-18 16:51:05 +00:00
Bodo Möller
e5d6528a12
fix EVP_CIPHER_mode macro
...
Submitted by: "Dan S. Camper" <dan@bti.net>
2002-01-04 13:04:45 +00:00
Richard Levitte
6f9079fd50
Because Rijndael is more known as AES, use crypto/aes instead of
...
crypto/rijndael. Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).
This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
2002-01-02 16:55:35 +00:00
Richard Levitte
c938563a81
The block size may be something other than 8!
2002-01-02 16:51:17 +00:00
Richard Levitte
40928698bb
When RSA or DSA are disabled, do not include the stuff that's specific
...
to them.
2002-01-02 12:45:51 +00:00
Bodo Möller
4d7072f4b5
remove redundant ERR_load_... declarations
2001-12-17 19:22:23 +00:00
Ben Laurie
ff3fa48fc7
Improve back compatibility.
2001-12-09 21:53:31 +00:00
Dr. Stephen Henson
6a0dec9584
Make EVP_SealInit() return the correct value.
2001-12-01 23:09:38 +00:00
Dr. Stephen Henson
b83eddc578
Win32 fixes.
2001-11-06 13:40:27 +00:00
Richard Levitte
c2e4f17c1a
Due to an increasing number of clashes between modern OpenSSL and
...
libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_. Compatibility routines are provided and declared by including
openssl/des_old.h. Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.
The compatibility functions will be removed in some future release, at
the latest in version 1.0.
2001-10-24 21:21:12 +00:00
Dr. Stephen Henson
581f1c8494
Modify EVP cipher behaviour in a similar way
...
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Dr. Stephen Henson
20d2186c87
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
...
with existing code.
Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Richard Levitte
67d0738aba
In certain cases, no encoding has been set up for the b64 filter. In
...
such cases, a flush should *not* attempt to finalise the encoding, as
the EVP_ENCODE_CTX structure will only be filled with garbage. For
the same reason, do the same check when a wpending is performed.
2001-10-11 19:38:40 +00:00
Richard Levitte
dd5e774664
Add support for md4WithRSAEncryption.
2001-10-10 21:37:45 +00:00
Geoff Thorpe
cf98440178
evp_test.c and evptests.txt both need to be linked in the test/ directory
...
however for different reasons. This separation should prevent the win32
build from interpreting evptests.txt as source code.
2001-10-09 01:38:31 +00:00
Geoff Thorpe
c500d44735
Change some EVP prototypes to use "cipher" rather than "type" as a variable
...
name. The implementations already use this anyway.
2001-10-08 17:25:42 +00:00
Geoff Thorpe
18eda73234
EVP_EncryptInit_ex() and EVP_DecryptInit_ex() had been defined in evp.h but
...
not implemented. (Bug reported by Martin Szotkowski)
This also changes the non-"_ex" versions to defer directly to
EVP_CipherInit_ex() rather than EVP_CipherInit() to avoid an unecessary
level of indirection.
2001-10-08 17:24:10 +00:00
Richard Levitte
f8000b9345
'make update'
2001-10-04 07:49:09 +00:00
Richard Levitte
2aa9043ad3
Because there's chances we clash with the system's types.h, rename our
...
types.h to ossl_typ.h.
2001-10-04 07:32:46 +00:00
Dr. Stephen Henson
1a095560f7
Use the maximum block length for the extra size in the encrypt
...
BIO buffer instead of hard coding it as 8.
2001-10-03 12:47:03 +00:00
Dr. Stephen Henson
f329b8d73b
Make EVP_DecryptUpdate work again.
2001-10-02 16:19:49 +00:00
Dr. Stephen Henson
de822715b2
Constify EVP_SealInit, EVP_OpenInit
2001-09-28 01:47:36 +00:00
Ben Laurie
0fea7ed4a4
Don't clean up stuff twice.
2001-09-26 15:15:03 +00:00
Geoff Thorpe
11a57c7be5
This changes EVP's cipher and digest code to hook via the ENGINE support.
...
See crypto/engine/README for details.
- it also removes openbsd_hw.c from the build (that functionality is
going to be available in the openbsd ENGINE in a upcoming commit)
- evp_test has had the extra initialisation added so it will use (if
possible) any ENGINEs supporting the algorithms required.
2001-09-25 21:37:02 +00:00
Geoff Thorpe
cb78486d97
This commits changes to various parts of libcrypto required by the recent
...
ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE
pointers to manage their hooking with ENGINE. Previously their use of
"method" pointers was replaced by use of ENGINE references. See
crypto/engine/README for details.
Also, remove the ENGINE iterations from evp_test - even when the
cipher/digest code is committed in, this functionality would require a
different set of API calls.
2001-09-25 20:23:40 +00:00
Dr. Stephen Henson
591ccf586d
Fix AES CBC mode EVP_CIPHER structures: the IV length is always
...
16.
2001-09-25 13:49:58 +00:00
Geoff Thorpe
e059b19ddb
Add a SHA1 test to evptests.txt - only the MD5 hash algorithm was being
...
tested previously.
2001-09-14 18:21:36 +00:00
Geoff Thorpe
997a54c981
'evp_test' needs to initialise and cleanup EVP_CIPHER_CTX structures. Also,
...
fix a typo and add cleanup operations. This also switches on memory leak
checking (which is how the rest was found).
2001-09-14 18:20:44 +00:00
Bodo Möller
5a85385387
typo
2001-09-10 16:57:06 +00:00
Bodo Möller
5e54b4f364
Get rid of hazardous EVP_DigestInit_dbg/EVP_DigestInit case
...
distinction (which does not work well because if CRYPTO_MDEBUG is
defined at library compile time, it is not necessarily defined at
application compile time; and memory debugging now can be reconfigured
at run-time anyway). To get the intended semantics, we could just use
the EVP_DigestInit_dbg unconditionally (which uses the caller's
__FILE__ and __LINE__ for memory leak debugging), but this would make
memory debugging inconsistent. Instead, callers can use
CRYPTO_push_info() to track down memory leaks.
2001-09-10 15:00:30 +00:00
Bodo Möller
5ba372b17c
Get rid of hazardous EVP_DigestInit_dbg/EVP_DigestInit case
...
distinction (which does not work well because if CRYPTO_MDEBUG is
defined at library compile time, it is not necessarily defined at
application compile time; and memory debugging now can be reconfigured
at run-time anyway). To get the intended semantics, we could just use
the EVP_DigestInit_dbg unconditionally (which uses the caller's
__FILE__ and __LINE__ for memory leak debugging), but this would make
memory debugging inconsistent. Instead, callers can use
CRYPTO_push_info() to track down memory leaks.
Also fix indentation, and add OpenSSL copyright.
2001-09-10 14:59:17 +00:00
Ben Laurie
e8330cf5ac
Add a cleanup function for MDs.
2001-09-07 12:03:24 +00:00
Geoff Thorpe
e815d3015e
Change DH_up() -> DH_up_ref()
2001-09-05 17:02:35 +00:00
Ulf Möller
5b46eee0f5
strsep implementation to allow the file to compile on non-BSD systems
...
Submitted by: "Brian Havard" <brianh@kheldar.apana.org.au>
2001-09-04 22:19:06 +00:00
Bodo Möller
6ac4e8bd6e
Rename recently introduced functions for improved code clarity:
...
[DR]SA_up => [DR]SA_up_ref
2001-09-03 13:40:07 +00:00
Bodo Möller
931a23a5a5
rearrange #includes because trying to include <crypto/cryptodev.h>
...
is a bad idea if OPENSSL_OPENBSD_DEV_CRYPTO is not defined
2001-09-03 12:37:13 +00:00
Ben Laurie
2618893114
Make MD functions take EVP_MD_CTX * instead of void *, add copy() function.
2001-09-02 20:05:27 +00:00
Geoff Thorpe
e19ea55783
Only OPENSSL_free() non-NULL pointers.
2001-09-01 18:37:17 +00:00
Ulf Möller
8716dbea40
undo, didn't work
2001-09-01 05:59:27 +00:00
Ulf Möller
e9bc66c84f
*** empty log message ***
2001-09-01 05:30:45 +00:00
Ulf Möller
c078798c60
strsep implementation to allow the file to compile on non-BSD systems
...
Submitted by: "Brian Havard" <brianh@kheldar.apana.org.au>
2001-09-01 05:05:32 +00:00
Ben Laurie
1f3b65801b
Fix SSL memory leak.
2001-08-28 13:45:41 +00:00
Ben Laurie
4897dc4056
Test digests.
2001-08-26 17:09:31 +00:00
Ben Laurie
35e33f0e52
Add digests.
2001-08-26 17:09:00 +00:00
Geoff Thorpe
78435364ec
Changes crypto/evp/ and ssl/ code from directly incrementing reference
...
counts in DH, DSA, and RSA structures. Instead they use the new "***_up()"
functions that handle this.
2001-08-25 17:28:23 +00:00
Ben Laurie
c41ab9ade5
More tests.
2001-08-22 16:09:57 +00:00
Ben Laurie
82b2230527
Add RC4 support to OpenBSD.
2001-08-18 16:04:36 +00:00
Ben Laurie
a8a004987c
Add AES tests.
2001-08-18 16:02:52 +00:00
Ben Laurie
0e36019977
Add EVP test program.
2001-08-18 13:53:01 +00:00
Ben Laurie
354c3ace73
Add first cut symmetric crypto support.
2001-08-18 10:22:54 +00:00
Ben Laurie
f0446ca8d7
Move CIPHER_CTX cleanups to _Final routines instead of _Init, which avoids
...
problems with leaks and uninitialised structures.
2001-08-11 11:32:54 +00:00
Bodo Möller
e51d1321fc
More typedef'd struct names as search targets
2001-08-06 11:57:08 +00:00
Bodo Möller
b9fdb3eb99
Reinsert typedef'ed names for structs to help those trying to read the
...
sourcecode (including fgrep)
2001-08-06 11:49:31 +00:00
Ben Laurie
d66ace9da5
Start to reduce some of the header bloat.
2001-08-05 18:02:16 +00:00
Ben Laurie
db75357110
Fix memory leak.
2001-08-05 16:13:49 +00:00
Ben Laurie
0713f8abe6
Parameter correction for CIOFSESSION.
2001-08-04 12:16:56 +00:00
Ben Laurie
93d9121a77
Remove extra whitespace. Sorry.
2001-08-03 21:09:21 +00:00
Ben Laurie
92dad6cc84
Reinstate accidentally deleted code.
2001-08-03 19:00:43 +00:00
Ben Laurie
61454a9f8c
Get rid of the stuff we, err, got rid of.
2001-08-03 18:52:50 +00:00
Ben Laurie
bb2297a41d
Header bloat reduction for EVP_PKEY.
2001-08-03 18:48:35 +00:00
Ben Laurie
1ba01caaa3
Make /dev/crypto work with new EVP structures.
2001-08-03 11:54:37 +00:00
Richard Levitte
710e5d5639
make update
2001-07-31 17:07:24 +00:00
Richard Levitte
dbfc0f8c2b
Vade retro C++ comments!
...
(Latin for "comments", anyone?)
2001-07-31 09:15:52 +00:00
Ben Laurie
05bbf78afd
Remove //.
2001-07-31 06:47:23 +00:00
Ben Laurie
dbad169019
Really add the EVP and all of the DES changes.
2001-07-30 23:57:25 +00:00
Ben Laurie
0e06354402
ANSIfication.
2001-07-30 15:33:46 +00:00
Dr. Stephen Henson
dc706cd35f
Make sure *outl is always initialized in EVP_EncryptUpdate().
2001-07-27 02:24:47 +00:00
Richard Levitte
47c3448a97
Not all platforms have the OpenBSD crypto device.
2001-07-21 11:54:24 +00:00
Ben Laurie
c518ade1fd
Clean up EVP macros, rename DES EDE3 modes correctly, temporary support for
...
OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery
is available).
2001-07-21 10:24:07 +00:00
Ben Laurie
c148d70978
A better compromise between encrypt and decrypt (but why isn't it as fast
...
for encrypt?).
2001-07-09 21:00:36 +00:00
Ben Laurie
7b6055d1af
Handle the common case first (where input size is a multiple of block size).
...
Worth around 5% for encrypt. Slows down decrypt slightly, but I expect to
regain that later.
2001-07-08 19:42:10 +00:00
Ben Laurie
f31b12503e
Use & instead of % - worth about 4% for 8 byte blocks.
2001-07-08 17:27:32 +00:00
Dr. Stephen Henson
323f289c48
Change all calls to low level digest routines in the library and
...
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().
Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Ben Laurie
09a2615fb2
Delete a redundant line.
2001-06-16 21:51:26 +00:00
Dr. Stephen Henson
76c919c1a3
Add missing variable length cipher flag for Blowfish.
...
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
2001-05-24 22:58:35 +00:00
Richard Levitte
9a310a5d4e
make update
2001-05-06 23:51:37 +00:00
Richard Levitte
a63d5eaab2
Add a general user interface API. This is designed to replace things
...
like des_read_password and friends (backward compatibility functions
using this new API are provided). The purpose is to remove prompting
functions from the DES code section as well as provide for prompting
through dialog boxes in a window system and the like.
2001-05-06 23:19:37 +00:00
Lutz Jänicke
854e076df8
Constify (Jason Molenda <jason@molenda.com>)
2001-04-14 14:50:02 +00:00
Richard Levitte
77dd9c1850
Add the possibility to have AES removed in Windows as well.
...
Spotted by Harald Koch <chk@pobox.com>
2001-04-08 04:35:58 +00:00
Bodo Möller
4e20b1a656
Instead of telling both 'make' and the user that ranlib
...
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Dr. Stephen Henson
1358835050
Change the EVP_somecipher() and EVP_somedigest()
...
functions to return constant EVP_MD and EVP_CIPHER
pointers.
Update docs.
2001-03-09 02:51:02 +00:00
Dr. Stephen Henson
2dc769a1c1
Make EVP_Digest*() routines return a value.
...
TODO: update docs, and make soe other routines
which use EVP_Digest*() check return codes.
2001-03-08 14:04:22 +00:00
Richard Levitte
d88a26c489
make update
...
Note that all *_it variables are suddenly non-existant according to
libeay.num. This is a bug that will be corrected. Please be patient.
2001-02-26 10:54:08 +00:00
Richard Levitte
41d2a336ee
e_os.h does not belong with the exported headers. Do not put it there
...
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
cf1b7d9664
Make all configuration macros available for application by making
...
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
f2e5ca84d4
Option to disable standard block padding with EVP API.
...
Add -nopad option to enc command.
Update docs.
2001-02-14 02:11:52 +00:00
Dr. Stephen Henson
deb2c1a1c5
Fix AES code.
...
Update Rijndael source to v3.0
Add AES OIDs.
Change most references of Rijndael to AES.
Add new draft AES ciphersuites.
2001-02-07 18:15:18 +00:00
Ben Laurie
259810e05b
Rijdael CBC mode and partial undebugged SSL support.
2001-02-06 14:09:13 +00:00
Ben Laurie
4978361212
Make depend.
2001-02-04 21:06:55 +00:00
Dr. Stephen Henson
88ce56f8c1
Various function for commmon operations.
2001-02-02 00:45:54 +00:00
Richard Levitte
f9b3bff6f7
First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>
2000-11-30 22:53:34 +00:00
Ulf Möller
6a8ba34f9d
in some new file names the first 8 characters were not unique
2000-11-12 22:32:18 +00:00
Ben Laurie
757e392d4e
Make Rijndael work! Those long flights have some good points.
2000-11-12 02:13:38 +00:00
Richard Levitte
a4aba800d9
Constify DSA-related code.
2000-11-07 13:54:39 +00:00
Richard Levitte
0413ba429c
Constify the RSA library.
2000-11-06 22:49:05 +00:00
Richard Levitte
bc8a9f1f0f
mode used too early in EVP_PKEY_save_parameters.
...
Spotted by Ken Lalonde <ken@torus.ca>
2000-11-06 21:12:21 +00:00
Dr. Stephen Henson
627ec355d8
Fix for bug (?) in assembly language routines for SHA1. This
...
causes MASM to complain and not produce valid debug info.
Hopefully this wont break anything else...
Also fix typo in e_rd.c
2000-10-20 00:36:45 +00:00
Richard Levitte
3ab5651112
The experimental Rijndael code moved to the main trunk.
...
make update done.
2000-10-14 20:09:54 +00:00
Richard Levitte
4e20a4e688
'ranlib' doesn't always run on some systems. That's actually
...
acceptable, since all that happens if it fails is a library with
an index, which makes linking slower, but still working correctly.
2000-09-25 08:53:15 +00:00
Richard Levitte
9ef9e78520
Make the algorithm implementations depend on the corresponding
...
selection macros.
2000-09-25 08:49:13 +00:00
Richard Levitte
62ab514e98
'make update'
2000-09-07 08:46:51 +00:00
Richard Levitte
97a377b973
NULL is not an integer...
2000-08-18 09:30:31 +00:00
Richard Levitte
3009458e2f
MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test
2000-08-14 14:05:53 +00:00
Richard Levitte
35140f3354
Abdelilah Essiari <aes@george.lbl.gov> reports that for very small
...
records, EVP_EncodeUpdate() may misbehave. This happens when there's
a record boundary between the two ending b64 equal signs, which makes
EVP_EncodeUpdate think there has been more than one EOF, and therefore
add an extra NUL at the end of the output buffer. This fix corrects
that problem.
2000-08-11 08:36:25 +00:00
Richard Levitte
2dbef509e2
When data are written out in very small blocks (less than 3 bytes in
...
size) through the base64 filter, b64_write() messes up it's parameters
in such a way that instead of writing correct base64 output, the first
4 characters of that output is repeated over and over. This fix
corrects that problem.
2000-07-26 16:53:58 +00:00
Richard Levitte
c2bbf9cf6c
I got sick and tired of having to keep track of NIDs when such a thing
...
could be done automagically, much like the numbering in libeay.num and
ssleay.num. The solution works as follows:
- New object identifiers are inserted in objects.txt, following the
syntax given in objects.README.
- objects.pl is used to process obj_mac.num and create a new
obj_mac.h.
- obj_dat.pl is used to create a new obj_dat.h, using the data in
obj_mac.h.
This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended. The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!). Additions are OK, as well as consistent name changes.
2000-07-05 02:45:36 +00:00
Dr. Stephen Henson
130832150c
Fixes for Win32 build.
...
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).
Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.
The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.
Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
2000-06-21 02:25:30 +00:00
Bodo Möller
f03aa651c0
typo
2000-06-16 14:35:05 +00:00
Bodo Möller
5d07c20d8e
In EVP_BytesToKey, replace explicit "8" by "PKCS5_SALT_LEN".
2000-06-16 14:29:51 +00:00
Geoff Thorpe
1c4f90a05d
Enable DSO support on alpha (OSF1), cc and gcc.
...
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
2000-06-13 12:59:38 +00:00
Dr. Stephen Henson
e366f2b876
Fix evp_locl.h macros.
...
Documentation correction.
2000-06-11 15:43:17 +00:00
Dr. Stephen Henson
fd75eb50c0
Make EVP_SealInit() and EVP_OpenInit() check EVP_EncryptInit() and
...
EVP_DecryptInit() return values.
Update docs.
2000-06-11 12:27:58 +00:00
Dr. Stephen Henson
a91dedca48
Document EVP routines. Change EVP_SealInit() and EVP_OpenInit()
...
to support multiple calls.
New function to retrieve email address from certificates and
requests.
2000-06-11 12:18:15 +00:00
Richard Levitte
ef33b97050
Using checks of the existence of HEADER_{foo}_H in other header files
...
was a really bad idea. For example, the following:
#include <x509.h>
#include <bio.h>
#include <asn1.h>
would make sure that things like ASN1_UTCTIME_print() wasn't defined
unless you moved the inclusion of bio.h to above the inclusion of
x509.h. The reason is that x509.h includes asn1.h, and the
declaration of ASN1_UTCTIME_print() depended on the definition of
HEADER_BIO_H. That's what I call an obscure bug.
Instead, this change makes sure that whatever header files are needed
for the correct process of one header file are included automagically,
and that the definitions of, for example, BIO-related things are
dependent on the absence of the NO_{foo} macros. This is also
consistent with the way parts of OpenSSL can be excluded at will.
2000-06-09 10:41:35 +00:00
Ben Laurie
1921eaad64
EVP constification.
2000-06-03 14:13:58 +00:00
Richard Levitte
26a3a48d65
There have been a number of complaints from a number of sources that names
...
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Dr. Stephen Henson
49528751b8
More EVP cipher revision.
...
Change EVP_SealInit() and EVP_OpenInit() to
handle cipher parameters.
Make it possible to set RC2 and RC5 params.
Make RC2 ASN1 code use the effective key bits
and not the key length.
TODO: document how new API works.
2000-05-30 18:26:22 +00:00
Dr. Stephen Henson
5da2f69f41
Fourth phase EVP revision.
...
Declare ciphers in terms of macros. This reduces
the amount of code and places each block cipher EVP
definition in a single file instead of being spread
over 4 files.
2000-05-30 02:21:15 +00:00
Dr. Stephen Henson
57ae2e2428
Fourth phase EVP revision.
...
Declare ciphers in terms of macros. This reduces
the amount of code and places each block cipher EVP
definition in a single file instead of being spread
over 4 files.
2000-05-30 02:10:57 +00:00
Dr. Stephen Henson
360370d953
Third phase of EVP cipher overhaul.
...
Remove duplicated code in EVP.
2000-05-28 12:44:46 +00:00
Dr. Stephen Henson
be06a9348d
Second phase of EVP cipher overhaul.
...
Change functions like EVP_EncryptUpdate() so they now return a
value. These normally have software only implementations
which cannot fail so this was acceptable. However ciphers
can be implemented in hardware and these could return errors.
2000-05-27 12:38:43 +00:00
Dr. Stephen Henson
7f0606016c
Beginnings of EVP cipher overhaul. This should eventually
...
enhance and tidy up the EVP interface.
This patch adds initial support for variable length ciphers
and changes S/MIME code to use this.
Some other library functions need modifying to support use
of modified cipher parameters.
Also need to change all the cipher functions that should
return error codes, but currenly don't.
And of course it needs extensive testing...
2000-05-26 23:51:35 +00:00
Ben Laurie
4d29312ce1
Yet more typesafety.
2000-05-21 15:21:55 +00:00
Ben Laurie
371acb22e6
Typesafe Thought Police part 4.
2000-05-16 23:01:19 +00:00
Ulf Möller
0e1c06128a
Get rid of more non-ANSI declarations.
2000-05-15 22:54:43 +00:00
Ulf Möller
911ea946cb
Make sure that NO-RSA applications etc can include evp.h
2000-05-15 19:24:23 +00:00
Dr. Stephen Henson
a331a305e9
Make PKCS#12 code handle missing passwords.
...
Add a couple of FAQs.
2000-05-04 00:08:35 +00:00
Richard Levitte
82271cee5b
In Message-ID: <003201bfb332$14a07520$0801a8c0@janm.transactionsite.com>,
...
"Jan Mikkelsen" <janm@transactionsite.com> correctly states that the
OpenSSL header files have #include's and extern "C"'s in an incorrect
order. Thusly fixed.
2000-05-02 12:16:01 +00:00
Richard Levitte
ee7f80c580
Make sure to complete the cleanup of names.
2000-03-17 23:49:15 +00:00
Dr. Stephen Henson
48fe0eec67
Fix the PKCS#8 DSA code so it works again. All the
...
broken formats worked but the valid didn't :-(
2000-03-07 01:03:33 +00:00
Bodo Möller
59fc2b0fc2
Preserve reason strings in automatically build tables.
2000-03-05 00:19:36 +00:00
Dr. Stephen Henson
0202197dbf
Make ASN1 types real typedefs.
...
Rebuild error files.
2000-02-26 19:25:31 +00:00
Dr. Stephen Henson
c7cb16a8ff
Rename functions for new convention.
2000-02-26 01:55:33 +00:00
Dr. Stephen Henson
41e68ef25f
Add PBE algorithms with ciphers, not digests.
2000-02-23 14:27:47 +00:00
Dr. Stephen Henson
4b42658082
Make pkcs8 work again.
...
Make EVP_CIPHER_type() return NID_undef if the cipher has no
ASN1 OID, modify code to handle this.
2000-02-22 18:45:11 +00:00
Dr. Stephen Henson
72b60351f1
Change EVP_MD_CTX_type so it is more logical and add EVP_MD_CTX_md for
...
the old functionality.
Various warning fixes.
Initial EVP symmetric cipher docs.
2000-02-22 02:59:26 +00:00
Richard Levitte
d3442bc780
Move the registration of callback functions to special functions
...
designed for that. This removes the potential error to mix data and
function pointers.
Please note that I'm a little unsure how incorrect calls to the old
ctrl functions should be handled, in som cases. I currently return 0
and that's it, but it may be more correct to generate a genuine error
in those cases.
2000-02-20 23:43:02 +00:00
Dr. Stephen Henson
66430207a4
Add support for some broken PKCS#8 formats.
2000-02-05 21:07:56 +00:00
Bodo Möller
37e48b88ad
Generate just one error code if iterated SSL_CTX_get() fails.
...
Avoid enabled 'assert()' in production library.
2000-02-05 19:29:00 +00:00
Dr. Stephen Henson
af57d84312
Rename SSLeay_add_all_algorithms() et al to
...
OpenSSL_add_all_algorithms(). Move these into
separate files so they work properly.
2000-02-04 14:01:38 +00:00
Ulf Möller
657e60fa00
ispell (and minor modifications)
2000-02-03 23:23:24 +00:00
Ulf Möller
51ca375e7e
Seek out and destroy another evil cast.
2000-01-30 23:33:40 +00:00
Ulf Möller
9d1a01be8f
Source code cleanups: Use void * rather than char * in lhash,
...
eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
2000-01-30 22:20:28 +00:00
Ulf Möller
e7f97e2d22
Check RAND_bytes() return value or use RAND_pseudo_bytes().
2000-01-21 01:15:56 +00:00
Bodo Möller
691401fc53
RAND_bytes's return values is 0 for an error, not -1.
2000-01-15 20:24:12 +00:00
Bodo Möller
7f5b6f0f19
In EVP_PKEY_assign[_...], return 0 for an error when they
...
"key" is NULL.
2000-01-14 18:41:28 +00:00
Ulf Möller
eb952088f0
Precautions against using the PRNG uninitialized: RAND_bytes() now
...
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
2000-01-13 20:59:17 +00:00
Ben Laurie
752d706aaf
Make NO_RSA compile with pedantic.
2000-01-08 21:06:24 +00:00
Bodo Möller
63da21c01b
make no-des and no-rc2 work.
2000-01-07 12:15:54 +00:00
Dr. Stephen Henson
20432eae41
Fix some of the command line password stuff. New function
...
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
2000-01-01 16:42:49 +00:00
Dr. Stephen Henson
12aefe78f0
Fixes so NO_RSA works again.
1999-12-24 17:26:33 +00:00
Bodo Möller
23fb9bc0eb
Use des_set_key_unchecked, not des_set_key.
1999-12-03 20:26:20 +00:00
Bodo Möller
cddfe788fb
Add functions des_set_key_checked, des_set_key_unchecked.
...
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
1999-12-03 20:24:21 +00:00
Dr. Stephen Henson
6d3724d3b0
Support for authority information access extension.
...
Fix so EVP_PKEY_rset_*() check return codes.
1999-11-23 18:50:28 +00:00
Dr. Stephen Henson
52664f5081
Transparent support for PKCS#8 private keys in RSA/DSA.
...
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
1999-11-21 22:28:31 +00:00
Dr. Stephen Henson
f769ce3ea4
More multibyte character support.
...
Functions to get keys from EVP_PKEY structures.
1999-10-25 02:00:09 +00:00
Dr. Stephen Henson
08e9c1af6c
Replace the macros in asn1.h with function equivalents. Also make UTF8Strings
...
tolerated in certificates.
1999-10-20 01:50:23 +00:00
Dr. Stephen Henson
4579dd5dc6
Fix for base64 BIO decoding bug
1999-10-02 13:33:06 +00:00
Ben Laurie
092ec334f0
Fix warnings.
1999-09-06 11:06:54 +00:00
Dr. Stephen Henson
7b65c3298f
Fix for a bug which meant encrypting BIOs sometimes wouldn't read the final
...
block.
1999-08-24 13:21:35 +00:00
Bodo Möller
6e4a3b5529
Really undo the base64 change so that make test survives
1999-08-18 16:42:27 +00:00
Ulf Möller
364836ca1c
Undo base64 decoding change (was not a bug fix).
1999-08-14 20:49:37 +00:00
Ulf Möller
2b7af70139
Fix faulty base64 decoding of data that was 46 or 47 bytes long.
...
Submitted by: Ivan Nejgebauer <ian@uns.ns.ac.yu>
1999-08-13 19:42:33 +00:00
Ulf Möller
9a3bbbce91
NO_HMAC.
1999-07-15 23:44:04 +00:00
Dr. Stephen Henson
f598cd13a3
Various changes to stop VC++ choking under Win32.
1999-07-11 17:09:04 +00:00
Dr. Stephen Henson
f513939ebb
Add a debugging option to PKCS#5 v2.0 key generation function.
1999-07-11 12:40:46 +00:00
Ulf Möller
5271ebd9a3
More no-xxx option tweaks.
1999-06-30 00:42:56 +00:00
Ulf Möller
5676d8cb76
Fix no-hmac and no-ripemd.
1999-06-29 23:52:08 +00:00
Dr. Stephen Henson
b7d135b353
Two new functions to write out PKCS#8 private keys. Also fixes for some of
...
the the PBE code and a new constant PKCS5_DEFAULT_ITER for the default
iteration count if it is passed as zero.
1999-06-10 17:32:52 +00:00
Bodo Möller
7740a1c6ef
"make update" (added to top Makefile, and applied).
1999-06-09 16:18:53 +00:00
Ben Laurie
72fbe87dc6
Survive pedanticism.
1999-06-08 18:37:43 +00:00
Ulf Möller
93fd0fd61f
Don't #define _, and eliminate casts.
1999-06-08 15:52:47 +00:00
Dr. Stephen Henson
8eb57af5fe
Complete support for PKCS#5 v2.0. Still needs extensive testing.
1999-06-08 00:09:51 +00:00
Dr. Stephen Henson
97e4a93245
This is the main PKCS#5 v2.0 key generation function, it parses the ASN1
...
structure and decides what key to generate (if any). Not currently added to
the PBE algorithm list because it is largely untested.
1999-06-07 21:00:19 +00:00
Bodo Möller
b1c4fe3625
Don't mix real tabs with tabs expanded as 8 spaces -- that's
...
a pain to read when using 4-space tabs.
1999-06-07 20:26:51 +00:00
Bodo Möller
9e06f6f601
Introduce "BIO pairs", which (when finished) will relay data
...
so that the SSL library can be used for applications that
have to handle all the actual I/O themselves.
1999-06-07 16:04:45 +00:00
Dr. Stephen Henson
8e21c14607
More PKCS#5 v2.0 development. Add a function to setup a PKCS#5 v2.0
...
AlgorithmIdentifier and make various ASN1 fixes.
1999-06-06 23:34:44 +00:00
Dr. Stephen Henson
2bd83ca1c9
Change PBE handling a bit more: now the key and iv generator does calls
...
EVP_CipherInit() this because the IV wont be easily available when doing
PKCS#5 v2.0
1999-06-06 18:41:52 +00:00
Dr. Stephen Henson
69cbf46811
Rewrite PBE handling read to support PKCS#5 v2.0 and update the function
...
list for Win32.
1999-06-06 13:07:13 +00:00
Ben Laurie
8d8a8041ec
const/type fixes.
1999-06-05 12:16:33 +00:00
Dr. Stephen Henson
600dec1586
Add a 'pkcs8' application for initial PKCS#8 support. Still needs lots more
...
options to handle encrypted and unencrypted forms and DER format input and
output.
1999-06-05 00:32:16 +00:00
Dr. Stephen Henson
b0c6fb8064
The rest of the PKCS#5, PKCS#8 patch I forgot before :-)
1999-06-04 23:33:48 +00:00
Dr. Stephen Henson
ef8335d900
Add PKCS#5 v1.5 compatible algorithms and initial PKCS#8 support. PKCS#8 needs
...
more work: need an application and make the private key routines automatically
handle PKCS#8.
1999-06-04 23:32:14 +00:00
Ulf Möller
a53955d8ab
Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
...
Submitted by: Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>
1999-06-04 21:35:58 +00:00
Bodo Möller
7e70181723
It was a very bad idea to use #include "../e_os.h" -- when this occurs
...
in cryptlib.h (which is often included as "../cryptlib.h"), then the
question remains relative to which directory this is to be interpreted.
gcc went one further directory up, as intended; but makedepend thinks
differently, and so probably do some C compilers. So the ../ must go away;
thus e_os.h goes back into include/openssl (but I now use
#include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) --
and we have another huge bunch of dependency changes. Argh.
1999-05-21 11:16:48 +00:00
Bodo Möller
17e3dd1c62
Don't install e_os.h in include/openssl, use it only as a local
...
include file.
1999-05-20 21:59:20 +00:00
Dr. Stephen Henson
1b266dabf5
Fix various less obvious bugs in PKCS#7 handling: such as not zeroing
...
the secret key before we've encrypted it and using the right NID for RC2-64.
Add various arguments to the experimental programs 'dec' and 'enc' to make
testing less painful.
This stuff has now been tested against Netscape Messenger and it can encrypt
and decrypt S/MIME messages with RC2 (128, 64 and 40 bit) DES and triple DES.
Its still experimental though...
1999-05-16 17:32:32 +00:00
Bodo Möller
edf0bfb52b
Change type of various DES function arguments from des_cblock
...
(meaning pointer to char) to des_cblock * (meaning pointer to
array with 8 char elements), which allows the compiler to
do more typechecking. (The changed argument types were of type
des_cblock * back in SSLeay, and a lot of ugly casts were
used then to turn them into pointers to elements; but it can be
done without those casts.)
Introduce new type const_des_cblock -- before, the pointers rather
than the elements pointed to were declared const, and for
some reason gcc did not complain about this (but some other
compilers did).
1999-05-16 12:26:16 +00:00
Dr. Stephen Henson
84fa704c6f
Fix some obvious bugs in the PKCS#7 library handling. It didn't try to
...
find the right RecipientInfo based on the recipient certificate (so would
fail a lot of the time) and fixup cipher structures to correctly (maybe)
modify the AlgorithmIdentifiers. Largely untested at present... this will be
fixed in due course. Well the stuff was broken to begin with so if its broken
now then you haven't lost anything :-)
1999-05-16 00:25:36 +00:00
Bodo Möller
127640b449
Update dependencies.
1999-05-15 13:38:48 +00:00
Ben Laurie
2adca9cdc6
Update dependencies.
1999-05-13 17:33:27 +00:00
Dr. Stephen Henson
8bc1431edd
Several of the EVP_CIPHER structures had the get and set asn1 parameter
...
functions transposed.
1999-05-12 23:11:08 +00:00
Dr. Stephen Henson
884e8ec615
Various PKCS#7 fixes to properly (maybe!) handle PKCS#7 enveloped data.
...
Containts elements of code by Sebastian Akerman <sak@parallelconsulting.com>
and made a bit less "naughty" by Steve.
1999-05-10 00:47:42 +00:00
Ben Laurie
5b1b044606
Update dependencies.
1999-05-01 22:36:10 +00:00
Bodo Möller
e5f3045fbf
Support INSTALL_PREFIX for packagers.
...
Submitted by:
Reviewed by:
PR:
1999-04-29 21:52:08 +00:00
Ulf Möller
d575d2924c
Ignore Makefile.save
...
Submitted by: Anonymous
1999-04-29 16:04:54 +00:00
Bodo Möller
1314c344ac
Obey $(PERL) when running util/mklink.pl.
...
Submitted by:
Reviewed by:
PR:
1999-04-29 12:46:59 +00:00
Bodo Möller
6e6acfd4b9
Use util/mklink.pl instead of util/mklink.sh.
...
Submitted by:
Reviewed by:
PR:
1999-04-28 22:33:54 +00:00
Ulf Möller
b5929507e3
Update NO_* macros.
1999-04-27 11:56:15 +00:00
Ulf Möller
d02f751ce1
Message digest stuff.
1999-04-27 04:18:53 +00:00
Ulf Möller
f5d7a031a3
New Configure option no-<cipher> (rsa, idea, rc5, ...).
1999-04-27 01:14:46 +00:00
Dr. Stephen Henson
b64f825671
Add PKCS#12 documentation and new option in x509 to add certificate extensions.
1999-04-27 00:36:20 +00:00
Ulf Möller
a9be3af5ad
Remove NOPROTO definitions and error code comments.
1999-04-26 16:43:10 +00:00
Dr. Stephen Henson
7393480047
Change the command line options of mkerr.pl so -static is now default and
...
a -write option is needed to actually change anything. Second attempt at
getting rid of ERR, ERRC definitions: it might even work this time :-)
1999-04-24 17:28:43 +00:00
Bodo Möller
c76b0f751f
Restore ERRC definitions that are needed to compile the library.
...
Submitted by:
Reviewed by:
PR:
Submitted by:
Reviewed by:
PR:
1999-04-24 15:57:02 +00:00
Dr. Stephen Henson
6e781e8e07
Delete the unnecessary ERR and ERRC lines in makefiles, add some functionality
...
to error code script: it can now find untranslatable function codes (usually
because the function is static and not defined in a header: occasionally because
of a typo...) and unreferenced function and reason codes. To see this try:
perl util/mkerr.pl -recurse -debug
Also fixed some typos in crypto/pkcs12 that this found :-)
Also tidy up some error calls that had to be all on one line: the old error
script couldn't find codes unless the call was all on one line.
1999-04-24 13:28:57 +00:00
Dr. Stephen Henson
6d31193858
Complete rewrite of the error code generation script. It now runs as a single
...
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
1999-04-24 00:15:18 +00:00
Bodo Möller
bf57da0717
"make depend"
...
Submitted by:
Reviewed by:
PR:
1999-04-23 22:50:50 +00:00
Bodo Möller
ec577822f9
Change #include filenames from <foo.h> to <openssl.h>.
...
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ulf Möller
e27cc13f8e
Undo evil cast! <g>
1999-04-23 18:37:21 +00:00
Ben Laurie
61f5b6f338
Work with -pedantic!
1999-04-23 15:01:15 +00:00
Ulf Möller
95dc05bc6d
Fix lots of warnings.
...
Submitted by: Richard Levitte <levitte@stacken.kth.se>
1999-04-20 22:50:42 +00:00
Ulf Möller
6b691a5c85
Change functions to ANSI C.
1999-04-19 21:31:43 +00:00
Ulf Möller
0ae645db10
Clean up prototypes (prepare for removing NOPROTO).
1999-04-19 16:30:06 +00:00
Ulf Möller
df82f5c85c
Fix typos in error codes.
1999-04-19 14:45:02 +00:00
Ben Laurie
e778802f53
Massive constification.
1999-04-17 21:25:43 +00:00
Ben Laurie
cfdcfede9c
Another STACK bites the dust.
1999-04-17 10:28:46 +00:00
Ben Laurie
c5db363e1b
Fix some warnings. Contributed by Anonymous.
1999-04-16 18:13:27 +00:00
Ben Laurie
f73e07cf42
Add type-safe STACKs and SETs.
1999-04-12 17:23:57 +00:00
Ben Laurie
e709e485d7
Update dependencies.
1999-04-01 15:51:21 +00:00
Ulf Möller
99aab1619f
New Makefile variables $(RANLIB) and $(PERL).
1999-04-01 12:34:33 +00:00
Dr. Stephen Henson
ee0508d411
Include pkcs12 program as part of openssl. This completes most of the PKCS#12
...
integration.
1999-03-29 17:50:26 +00:00
Dr. Stephen Henson
8d8c7266d4
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add
...
them to the build environment.
1999-03-28 23:17:34 +00:00
Dr. Stephen Henson
cfcefcbe2a
Further PKCS#12 integration, PBE, PKCS#8 additions.
1999-03-28 17:46:10 +00:00
Ben Laurie
b4cadc6e13
Fix security hole.
1999-03-22 12:22:14 +00:00
Dr. Stephen Henson
381380206b
Fix couple of ANSI declarations and prototypes
1999-03-10 18:30:48 +00:00
Dr. Stephen Henson
0cc395796b
Add missing funtions from non ANSI section of header files and add missing
...
ordinals to libeay.num.
1999-03-08 22:46:56 +00:00
Ben Laurie
6242bb9c63
Put the dependencies back.
1999-03-06 14:32:48 +00:00
Ralf S. Engelschall
bb8f3c5879
General source tree makefile cleanups: Made `making xxx in yyy...' display
...
consistent in the source tree and replaced `/bin/rm' by `rm'. Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.
1999-03-06 12:32:06 +00:00
Dr. Stephen Henson
06c6849124
Fix the Win32 compile environment and add various changes so it will now compile
...
under Win32 (9X and NT) again. Note: some signed/unsigned changes recently
checked in were killing the Win32 compile.
1999-03-03 02:01:26 +00:00
Ben Laurie
1efa9c33c0
Update dependencies.
1999-02-27 18:41:04 +00:00
Ben Laurie
1745a3fb9f
Code for reliable BIO.
1999-02-23 21:45:23 +00:00
Ben Laurie
55ab3bf7f9
Add reliable BIO.
1999-02-23 21:44:34 +00:00
Ben Laurie
08853ba82d
Finally(?) fix DES stuff.
1999-02-13 21:49:34 +00:00
Ben Laurie
4e31df2cd7
Fix ghastly DES declarations, and all consequential warnings.
1999-02-13 18:52:38 +00:00
Ralf S. Engelschall
c91531d9fe
Remove three more bogus files (2x temp file, 1x trash)
1999-02-10 12:37:59 +00:00
Mark J. Cox
351d899878
Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
...
Submitted by: Eric A Young - from changes to C2Net SSLeay
Reviewed by: Mark Cox
PR:
1999-01-31 12:14:39 +00:00
Ben Laurie
6f93539970
This time, get it right.
1999-01-19 23:25:22 +00:00
Ben Laurie
8039257dbc
Finally lay dependencies to rest (I hope!).
1999-01-19 21:36:31 +00:00
Dr. Stephen Henson
6c8abdd744
New err_code.pl script to retain old error codes. This should allow the use
...
of 'make errors' without causing huge re-organisations of files when a new
code is added.
1999-01-18 22:18:38 +00:00
Ralf S. Engelschall
9cb0969f65
Fix version stuff:
...
1. The already released version was 0.9.1c and not 0.9.1b
2. The next release should be 0.9.2 and not 0.9.1d, because
first the changes are already too large, second we should avoid any more
0.9.1x confusions and third, the Apache version semantics of
VERSION.REVISION.PATCHLEVEL for the version string is reasonable (and here
.2 is already just a patchlevel and not major change).
tVS: ----------------------------------------------------------------------
1998-12-31 09:36:40 +00:00
Ralf S. Engelschall
320a14cb5b
*** empty log message ***
1998-12-23 12:09:47 +00:00
Ralf S. Engelschall
5f32680329
Switch version string to SSLeay/OpenSSL
1998-12-23 07:53:55 +00:00
Ralf S. Engelschall
13e91dd365
Incorporation of RSEs assembled patches
1998-12-22 15:59:57 +00:00
Ralf S. Engelschall
651d0aff98
Various cleanups and fixed by Marc and Ralf to start the OpenTLS project
1998-12-22 15:04:48 +00:00
Ralf S. Engelschall
dfeab0689f
Import of old SSLeay release: SSLeay 0.9.1b (unreleased)
1998-12-21 11:00:56 +00:00
Ralf S. Engelschall
58964a4922
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 10:52:47 +00:00