Commit graph

611 commits

Author SHA1 Message Date
Rich Salz
4b45c6e52b free cleanup almost the finale
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
        CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:57:32 -04:00
Rich Salz
b196e7d936 remove malloc casts
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 15:28:14 -04:00
Rich Salz
3e47caff48 ERR_ cleanup
Remove ERR_[gs]et_implementation as they were not undocumented and
useless (the data structure was opaque).

Halve the number of lock/unlock calls in almost all ERR_
functions by letting the caller of get_hash or int_thread_set
able to lock.  Very useful when looping, such as adding errors,
or when getting the hash and immediately doing a lookup on it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 10:50:54 -04:00
Richard Levitte
a80e33b991 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant
With no more symlinks, there's no need for those variables, or the links
target.  This also goes for all install: and uninstall: targets that do
nothing but copy $(EXHEADER) files, since that's now taken care of by the
top Makefile.

Also, removed METHTEST from test/Makefile.  It looks like an old test that's
forgotten...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
dee502be89 Stop symlinking, move files to intended directory
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Dr. Stephen Henson
86d20cb6fd make depend
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:05:05 +00:00
Dr. Stephen Henson
5fe736e5fc Move some ASN.1 internals to asn1_int.h
Move ASN.1 internals used across multiple directories into new internal
header file asn1_int.h remove crypto/Makefile hack which allowed other
directories to include "asn1_locl.h"

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:03:36 +00:00
Richard Levitte
2383a74be1 Use OPENSSL_malloc rather than malloc/calloc
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:21:12 +01:00
Richard Levitte
912d7c75d4 Fix eng_cryptodev to not depend on BN internals.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:21:12 +01:00
Rich Salz
10bf4fc2c3 Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
Suggested by John Foley <foleyj@cisco.com>.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-11 09:29:37 -04:00
Rich Salz
f16a64d11f Dead code cleanup; remove #if 0 from crypto/engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-02 11:40:36 -05:00
Ben Laurie
4de8385796 Build correctly for me on FreeBSD 10.
Reviewed-by: Rich Salz

Don't debug.
2015-01-30 22:23:17 +00:00
Rich Salz
474e469bbd OPENSSL_NO_xxx cleanup: SHA
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 12:34:45 -05:00
Rich Salz
c436e05bdc Remove unused eng_rsax and related asm file
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-24 16:27:03 -05:00
Kurt Roeckx
2747d73c14 Fix segfault with empty fields as last in the config.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-24 14:46:50 +01:00
Viktor Dkhovni
c963c421fb Replace exit() with error return.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-23 15:39:40 -05:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
76712e81e0 Fix indent issue with engine.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Matt Caswell
3a83462dfe Further comment amendments to preserve formatting prior to source reformat
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 15:45:25 +00:00
Tim Hudson
1d97c84351 mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Matt Caswell
53e95716f5 Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED
Introduce use of DECLARE_DEPRECATED

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:14 +00:00
Emilia Kasper
b597aab84e Build fixes
Various build fixes, mostly uncovered by clang's unused-const-variable
and unused-function errors.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 0e1c318ece)
2014-12-17 14:31:05 +01:00
Matt Caswell
29e7a56d54 Disable engines that will fail to build when bn is made opaque
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:12 +00:00
Dr. Stephen Henson
f072785eb4 Remove fipscanister build functionality from makefiles.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec Remove all .cvsignore files
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Justin Blanchard
f756fb430e RT1815: More const'ness improvements
Add a dozen more const declarations where appropriate.
These are from Justin; while adding his patch, I noticed
ASN1_BIT_STRING_check could be fixed, too.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-18 11:49:16 -04:00
Jonas Maebe
d6f69ae547 cryptodev_digest_copy: return error if allocating dstate->mac_data fails
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:38:51 +02:00
Jonas Maebe
349e6b2b0a cryptodev_digest_update: don't leak original state->mac_data if realloc fails
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:38:36 +02:00
Emilia Kasper
f0ca9ccaef make depend
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-14 15:24:58 +02:00
Dr. Stephen Henson
03c075e572 Windows build fixes.
Add cmac.h to mkdef.pl
Remove ENGINE_load_rsax from engine.h: no longer built.
Update ordinals
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-19 22:57:37 +01:00
Andy Polyakov
d11c70b2c2 Please Clang's sanitizer, addendum. 2014-07-08 23:06:59 +02:00
Ben Laurie
e3ba6a5f83 Make depend. 2014-06-30 16:03:29 +01:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
6ecbc2bb62 Don't use CRYPTO_AES_CTR if it isn't defined. 2014-02-18 22:20:30 +00:00
Klaus-Peter Junghanns
be2c4d9bd9 Add support for aes-128/192/256-ctr to the cryptodev engine.
This can be used to speed up SRTP with libsrtp, e.g. on TI omap/sitara based devices.
2014-02-15 00:01:40 +00:00
Dr. Stephen Henson
e933f91f50 Add loaded dynamic ENGINEs to list.
Always add a dynamically loaded ENGINE to list. Otherwise it can cause
problems when multiply loaded, especially if it adds new public key methods.
For all current engines we only want a single implementation anyway.
2014-01-28 13:51:58 +00:00
Dr. Stephen Henson
8a1956f3ea Don't use rdrand engine as default unless explicitly requested.
(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
2013-12-13 15:39:55 +00:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Andy Polyakov
f5b132d652 Remove RSAX engine, superseded by RSAZ module. 2013-07-05 22:11:28 +02:00
Ben Laurie
ea5003bd1e Include correctly. 2013-03-04 14:31:18 +00:00
Ben Laurie
975dfb1c6c make depend. 2013-02-21 18:17:38 +00:00
Dr. Stephen Henson
98a7edf9f0 make depend 2012-11-19 13:18:09 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Andy Polyakov
884c580e05 eng_all.c: revert previous "disable Padlock" commit, which was unjustified. 2012-03-19 20:20:41 +00:00
Dr. Stephen Henson
d441e6d8db PR: 2735
Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
2012-02-27 16:33:34 +00:00
Ben Laurie
b9ef708e40 Padlock engine doesn't build (the asm parts are not built for some reason),
so remove for now.
2011-12-13 15:56:40 +00:00
Andy Polyakov
af9b610cef Remove eng_aesni.c as AES-NI support is integrated directly at EVP. 2011-10-13 19:46:44 +00:00
Bodo Möller
bf6d2f986d Make CTR mode behaviour consistent with other modes:
- clear ctx->num in EVP_CipherInit_ex
- adapt e_eas.c changes from http://cvs.openssl.org/chngview?cn=19816
  for eng_aesni.c

Submitted by: Emilia Kasper
2011-10-13 13:41:34 +00:00
Dr. Stephen Henson
a59163f6b6 def_rsa_finish not used any more. 2011-10-10 20:35:09 +00:00
Dr. Stephen Henson
fe4394cf1d remove some debugging code 2011-10-10 19:09:01 +00:00
Dr. Stephen Henson
84a75ba38c fix leak properly this time... 2011-10-10 14:08:55 +00:00
Dr. Stephen Henson
42753a4f67 fix memory leaks 2011-10-09 23:08:15 +00:00
Bodo Möller
ae53b299fa make update 2011-09-05 09:46:15 +00:00
Andy Polyakov
c2d4c2867b eng_rsax.c: improve portability. 2011-08-22 19:01:16 +00:00
Andy Polyakov
f744bcfd73 eng_rdrand.c: make it link in './config 386' case. 2011-08-14 08:30:56 +00:00
Dr. Stephen Henson
19ad345739 prevent compilation errors and warnings 2011-08-11 21:12:17 +00:00
Andy Polyakov
37f010e248 Add provisory support for RDRAND instruction. 2011-08-10 18:52:42 +00:00
Dr. Stephen Henson
8a8cc84f74 fix memory leak 2011-08-03 16:39:58 +00:00
Dr. Stephen Henson
4f275f248e stop warnings 2011-07-21 13:45:06 +00:00
Andy Polyakov
be9a8cc2af Add RSAX builtin engine. It optimizes RSA1024 sign benchmark. 2011-07-20 21:49:46 +00:00
Andy Polyakov
fe9a5107be Various mingw64 fixes. 2011-05-29 13:51:14 +00:00
Dr. Stephen Henson
b9b0a177f8 new flag to stop ENGINE methods being registered 2011-05-15 15:56:49 +00:00
Richard Levitte
487b023f3d make update (1.1.0-dev)
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable.  However, since there's
been no release on this branch yet, it should be harmless.
2011-03-23 00:11:32 +00:00
Ben Laurie
edc032b5e3 Add SRP support. 2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
a3654f0586 Include openssl/crypto.h first in several other files so FIPS renaming
is picked up.
2011-02-16 17:25:01 +00:00
Bodo Möller
9d0397e977 make update 2011-02-03 10:17:53 +00:00
Dr. Stephen Henson
eb164d0b12 stop warnings about no previous prototype when compiling shared engines 2011-01-30 01:30:48 +00:00
Dr. Stephen Henson
df6de39fe7 Change AR to ARX to allow exclusion of fips object modules 2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
fa71cc7bce fix typo in HMAC redirection, add HMAC INIT tracing 2010-11-24 19:14:59 +00:00
Dr. Stephen Henson
e77906b9fa VERY EXPERIMENTAL HMAC redirection example in OpenSSL ENGINE. Untested at this
stage and probably wont work properly.
2010-11-24 18:32:06 +00:00
Dr. Stephen Henson
0c7246ed4b fix warnings 2010-10-04 13:45:15 +00:00
Andy Polyakov
3d85668ba2 eng_aesni.c: switch to CRYPTO_ctr128_encrypt_ctr32. 2010-07-26 21:50:39 +00:00
Dr. Stephen Henson
7bbd0de88d Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-07-21 16:14:48 +00:00
Dr. Stephen Henson
9f08866940 Stop compiler complaining in pedantic mode: may be a better way to do this... 2010-05-22 00:20:42 +00:00
Andy Polyakov
6c83629bd9 AESNI engine: add counter mode. 2010-04-10 13:56:59 +00:00
Dr. Stephen Henson
ac495542a6 PR: 1813
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>

Fix memory leak when engine name cannot be loaded.
2010-03-27 18:28:02 +00:00
Dr. Stephen Henson
2c772c8700 don't mix definitions and code 2010-03-03 15:30:42 +00:00
Dr. Stephen Henson
f84c85b0e3 PR: 2178
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>

Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
2010-03-01 23:54:47 +00:00
Dr. Stephen Henson
ff2fdbf2f8 oops, reinstate correct prototype 2010-03-01 03:01:27 +00:00
Dr. Stephen Henson
5e28ccb798 make USE_CRYPTODEV_DIGESTS work 2010-03-01 01:19:18 +00:00
Dr. Stephen Henson
a6575572c6 load cryptodev if HAVE_CRYPTODEV is set too 2010-03-01 00:40:10 +00:00
Dr. Stephen Henson
c3951d8973 update cryptodev to match 1.0.0 stable branch version 2010-03-01 00:37:58 +00:00
Dr. Stephen Henson
29e722f031 Fix memory leak in ENGINE autoconfig code. Improve error logging. 2010-02-09 14:17:14 +00:00
Dr. Stephen Henson
92714455af In engine_table_select() don't clear out entire error queue: just clear
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:49:25 +00:00
Dr. Stephen Henson
891d3c7a60 revert previous change 2010-01-28 14:17:39 +00:00
Dr. Stephen Henson
9fb6fd34f8 reword RI description 2010-01-27 18:53:33 +00:00
Dr. Stephen Henson
f8e1ab79f5 ENGINE_load_capi() now exists on all platforms (but no op on non-WIN32) 2010-01-06 13:21:08 +00:00
Dr. Stephen Henson
a25f33d28a Submitted by: Julia Lawall <julia@diku.dk>
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
0f1d77a870 Fix error code. 2009-08-06 16:39:34 +00:00
Dr. Stephen Henson
c869da8839 Update from 1.0.0-stable 2009-07-27 21:10:00 +00:00
Ben Laurie
d80866041e Fix warnings. 2009-07-26 12:09:21 +00:00
Dr. Stephen Henson
1e8569398c PR: 1624
Submitted by: "Simon L. Nielsen" <simon@FreeBSD.org>
Obtained from: steve@openssl.org

Correct FreeBSD check.
2009-07-11 22:28:45 +00:00
Dr. Stephen Henson
c55d27ac33 Make update. 2009-07-08 09:19:53 +00:00
Dr. Stephen Henson
6c495bdb5d Upadte from 1.0.0-stable 2009-07-01 15:47:04 +00:00
Dr. Stephen Henson
8b96875052 Update from 1.0.0-stable. 2009-07-01 15:43:04 +00:00
Dr. Stephen Henson
b53e076988 Update from 1.0.0-stable 2009-07-01 15:37:17 +00:00
Dr. Stephen Henson
0e698584a0 Update from 1.0.0-stable 2009-07-01 15:26:00 +00:00
Dr. Stephen Henson
9a6d8ee5b5 Update from 1.0.0-stable 2009-07-01 11:40:19 +00:00
Dr. Stephen Henson
e5b2b0f91f Updates from 1.0.0-stable 2009-06-30 15:28:16 +00:00
Andy Polyakov
03e13ca3f1 eng_aesni.c: win32 fix. 2009-05-03 13:48:54 +00:00
Andy Polyakov
0fe4621e19 eng_aesni.c: fix assembler declarations. 2009-05-02 11:00:07 +00:00
Andy Polyakov
d608b4d662 AES-NI engine jumbo update. 2009-05-02 09:04:17 +00:00
Andy Polyakov
d64a7232d4 Intel AES-NI engine.
Submitted by: Huang Ying
2009-04-27 05:55:13 +00:00
Dr. Stephen Henson
ef236ec3b2 Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
Dr. Stephen Henson
70531c147c Make no-engine work again. 2008-12-20 17:04:40 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Andy Polyakov
09a60c9833 Fix warnings after commit#17578. 2008-10-31 20:20:54 +00:00
Bodo Möller
1a489c9af1 From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
Also, fix CHANGES (consistency with stable branch).
2008-09-15 20:41:24 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs,
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Dr. Stephen Henson
d4cdbab99b Avoid warnings with -pedantic, specifically:
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
version some time soon.
2008-07-03 19:59:25 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
59d2d48f64 Add support for client cert engine setting in s_client app.
Add appropriate #ifdefs round client cert functions in headers.
2008-06-03 11:26:27 +00:00
Dr. Stephen Henson
3fc59c8406 Allow ENGINE client cert callback to specify a set of other certs, for
the rest of the certificate chain. Currently unused.
2008-06-01 22:45:08 +00:00
Dr. Stephen Henson
eafd6e5110 Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.h 2008-06-01 21:18:47 +00:00
Dr. Stephen Henson
05935c47b2 Add support for ENGINE supplied SSL client auth. 2008-06-01 21:10:30 +00:00
Dr. Stephen Henson
a4792168ec Update VC-32.pl and load CryptoAPI engine in the right place. 2008-05-31 23:21:40 +00:00
Dr. Stephen Henson
90b96776cd More CryptoAPI engine code from stable branch. 2008-05-31 22:53:16 +00:00
Dr. Stephen Henson
595852f3b5 Avoid "duplicate const" warnings. 2008-05-27 11:44:03 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Geoff Thorpe
e7b097f558 Fix auto-discovery of ENGINEs. See the CHANGES entry for details (and/or
ticket #1668).

PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
2008-04-28 21:39:09 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism,
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
2f0550c4c1 Lookup public key ASN1 methods by string by iterating through all
implementations instead of all added ENGINEs to cover case where an
ENGINE is not added.
2007-11-21 17:25:58 +00:00
Dr. Stephen Henson
a6fbcb4220 Change safestack reimplementation to match 0.9.8.
Fix additional gcc 4.2 value not used warnings.
2007-09-07 13:25:15 +00:00
Andy Polyakov
bb11c28246 Minor clean-up in crypto/engine. 2006-12-29 10:55:43 +00:00
Andy Polyakov
00b4e083fd Move eng_padlock.c to ./engines.
Submitted by: Michal Ludvig <michal@logix.cz>
2006-12-29 10:42:24 +00:00
Nils Larsch
69d4646f4e register the engine as default engine in ENGINE_set_default()
PR: 1431
2006-11-24 18:37:43 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Andy Polyakov
a6efc2d1b8 Fix mingw warnings. 2006-10-23 07:41:05 +00:00
Andy Polyakov
08a638237d Allow for mingw cross-compile configuration. 2006-10-23 07:30:19 +00:00
Andy Polyakov
3634d7e97a Gcc over-optimizes PadLock AES CFB codepath, tell it not to. 2006-10-19 20:55:05 +00:00
Dr. Stephen Henson
44181ea836 Add missing prototype. Fix various warnings (C++ comments, ; outside function). 2006-09-21 13:24:46 +00:00
Dr. Stephen Henson
ffa5ebf3f4 Compile in gost engine. 2006-09-21 13:07:57 +00:00
Ben Laurie
777c47acbe Make things static that should be. Declare stuff in headers that should be.
Fix warnings.
2006-08-28 17:01:04 +00:00
Bodo Möller
f3dea9a595 Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Dr. Stephen Henson
41eacc84a0 Clarify comment and add #ifdef. 2006-06-05 12:38:22 +00:00
Dr. Stephen Henson
01b8b3c7d2 Complete EVP_PKEY_ASN1_METHOD ENGINE support. 2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
e18e3eba76 Make update. 2006-06-02 17:54:47 +00:00
Dr. Stephen Henson
de9fcfe348 Initial public key ASN1 method engine support. Not integrated yet. 2006-06-02 17:52:27 +00:00
Dr. Stephen Henson
7e5b06813d Automatically free up dynamically allocated public key methods when
and ENGINE is destroyed.
2006-06-02 17:09:17 +00:00
Dr. Stephen Henson
1892c8bf97 Extend default method string to include public key methods.
Add missing prototypes.

Fix engine method lookup.
2006-06-02 13:09:59 +00:00
Dr. Stephen Henson
c9777d2659 Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
implementations and functional reference counting when a context
is allocated, free or copied.
2006-06-02 12:33:39 +00:00
Dr. Stephen Henson
e0c1ea9038 Fix error code. make update 2006-06-01 12:43:39 +00:00
Dr. Stephen Henson
6f88c6a634 Add missing prototype. Extend engine utility to print public key algorithms. 2006-06-01 12:38:22 +00:00
Dr. Stephen Henson
58aa573ac2 Add engine table for EVP_PKEY_METHOD. Doesn't do much yet. 2006-06-01 11:38:50 +00:00
Dr. Stephen Henson
1a5a1a93f6 Stop compiler warnings. 2006-03-20 11:44:34 +00:00
Andy Polyakov
34b537ee66 Fix CFB and OFB modes in eng_padlock.c. Engine was consistent with itself,
but not interoperable with the rest of the world. test_padlock script is
added mostly for reference.
2005-12-28 16:16:56 +00:00
Andy Polyakov
6c06918ede Lower PADLOCK_CHUNK till value, which doesn't affect the benchmark results.
Well, it's even contrary, 512 was observed to *improve* performance by 5%.
Excuse ourselves from treating C7 specially.
2005-12-27 21:21:56 +00:00
Dr. Stephen Henson
fbf002bb88 Update from stable branch. 2005-11-06 17:58:26 +00:00
Nils Larsch
4b08da5538 bugfix: register engine as default engine in ENGINE_set_default_DSA
Submitted by: Jonathon Green
2005-09-09 07:50:09 +00:00
Nils Larsch
8215e7a938 fix warnings when building openssl with the following compiler options:
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
        -Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
        -Wstrict-prototypes -Wreturn-type -Wpointer-arith  -W -Wunused
        -Wno-unused-parameter -Wuninitialized
2005-08-28 22:49:57 +00:00
Nils Larsch
9a1a5b8785 avoid infinite recursion if dynamic engine isn't loaded
Submitted by: Jonathon Green <jonathon_au@yahoo.com>
2005-08-06 10:46:19 +00:00
Nils Larsch
3eeaab4bed make
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159
2005-07-16 12:37:36 +00:00
Nils Larsch
63d740752f changes from 0.9.8 2005-05-31 18:22:53 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
2005-05-16 16:55:47 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
c596c795bf Typo. 2005-05-12 17:28:53 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes.
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
987bebaf8c New "algorithm define" OPENSSL_NO_GMP. Update mkdef.pl and Configure script
to use it.
2005-04-19 13:24:44 +00:00
Andy Polyakov
2b85e23d2e Prototype mnemonics in padlock_verify_context for better portability
[read support for Solaris assembler].
2005-04-14 07:47:10 +00:00
Andy Polyakov
026bb0b96a Fix for bug emerged in openvpn conext. 2005-04-14 07:41:29 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Andy Polyakov
f8fa22d826 Some non-GNU compilers (such as Sun C) define __i386. 2005-04-04 17:05:06 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Andy Polyakov
e532a6c449 FreeBSD 5 refuses to #include <malloc.h>. Fix compiler warning after
http://cvs.openssl.org/chngview?cn=12843.
2005-01-25 22:07:22 +00:00
Andy Polyakov
e7e1150706 "Monolithic" x86 assembler replacement for aes_core.c. Up to +15% better
performance on recent microarchitectures.
2005-01-13 15:35:44 +00:00
Richard Levitte
3c97bd833b Change libeay.num so it's synchronised with additions in 0.9.7-stable.
make update
2004-12-13 22:57:08 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Richard Levitte
c38ff58b6b Move the declaration of alloca() so it's ony declared when really
necessary.
2004-09-27 21:59:44 +00:00
Geoff Thorpe
c743966156 Nils Larsch reported that this include is required. Strange that this had
gone unnoticed ...
2004-09-24 23:37:52 +00:00
Richard Levitte
6f9bafafa3 - There's no more need for the snprintf macro.
- Move the inclusion of malloc.h until after all other includes, so we
  can do proper tests of system macros.
- Make sure the correct header file is included to get the builtin
  "alloca" under VMS, and define a macro to map the symbol 'alloca' to
  it.
2004-09-13 09:15:06 +00:00
Richard Levitte
d813ff2ac1 make update 2004-09-10 10:30:33 +00:00
Andy Polyakov
36734b2bab Make VIA Padlock engine more platform friendly and eliminate compiler
warning.

Submitted by: Doug Kaufman <dkaufman@rahul.net>
2004-09-09 14:54:12 +00:00
Dr. Stephen Henson
d993addbed Stop compiler warnings. 2004-09-06 18:37:46 +00:00
Andy Polyakov
526975906b Minor VIA Padlock engine update: eliminate -Wunused warning when *not*
compiling the engine and inline memcpy in performance critical pathes.
2004-08-24 09:01:09 +00:00
Andy Polyakov
b88606c28e Padlock engine update to fix a typo in MSC assembler and to address
potential corruption problem if user manages to inter-leave aligined
and misaligned requests [as well as some MSC-specific tweaks].
2004-08-04 12:58:26 +00:00
Andy Polyakov
7d15a556f8 Minor clean-up to make Microsoft compiler shut up. 2004-08-02 21:54:40 +00:00
Andy Polyakov
5b17246324 VIA C3 processor extends IA-32 instruction set with instuctions
performing AES encryption in hardware, as well as one accessing
hardware RNG. As you surely imagine this engine access this
extended instruction set. Well, only AES for the moment, support
for RNG is to be added later on...
PR: 889
Submitted by: Michal Ludvig <michal@logix.cz>

Obtained from: http://www.logix.cz/michal/devel/padlock/
2004-08-02 21:48:11 +00:00
Geoff Thorpe
340f5856ec Incomplete initial sweep over the engine code. Mainly reducing some
comment-noise to managable levels and inverting the sense of the "uptodate"
boolean (which was counter-intuitive the way I'd left it).
2004-06-19 03:58:42 +00:00
Geoff Thorpe
1275c4569e Minor change to group like functions together. 2004-06-17 23:35:45 +00:00
Richard Levitte
132fc53223 Typo, setting the first element of nids[] to NULL instead of setting
*cnids.
2004-06-15 11:45:42 +00:00
Geoff Thorpe
9081980565 This fixes the installation target for dynamic engines, which was trying to
install to a different location than it had created. (BTW, VMS will need a
matching fix in eng_list.c.) Note, these aren't ssl-specific, so I'm
putting "engines/" into the libs directory rather than at the "--prefix"
level or inside "ssl/".
2004-06-01 03:18:58 +00:00
Geoff Thorpe
9c52d2cc75 After the latest round of header-hacking, regenerate the dependencies in
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
ac0d0a5ecd I can't verify this directly, but recent changes will probably require that
the cryptodev implementation include bn.h directly (when building with
OPENSSL_NO_DEPRECATED that is).
2004-05-17 18:58:47 +00:00
Andy Polyakov
9e0aad9fd6 size_t-fication of message digest APIs. We should size_t-fy more APIs... 2004-05-15 11:29:55 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Geoff Thorpe
28ded31b97 More updates for the header cleanups (and apologies, again, for not having
consolidated these prior to committing).
2004-04-19 18:30:41 +00:00
Geoff Thorpe
60a938c6bc (oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Geoff Thorpe
3a87a9b9db Reduce header interdependencies, initially in engine.h (the rest of the
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
2004-04-19 17:46:04 +00:00
Geoff Thorpe
ea77fc3380 ... and this should likewise fix up those RSA implementations that weren't
already built and tested.
2004-03-25 02:55:17 +00:00
Richard Levitte
7cf803230b OpenBSD-internal changes.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 15:02:56 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Richard Levitte
3822740ce3 We're getting a clash with C++ because it has a type called 'list'.
Therefore, change all instances of the symbol 'list' to something else.

PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>
2003-11-29 10:25:37 +00:00
Lutz Jänicke
d7559f16cd Free "engine" resource in case of failure to prevent memory leak
PR: #778
Submitted by: George Mitchell <george@m5p.com>
2003-11-24 16:48:52 +00:00
Geoff Thorpe
6145b0b183 The "cryptodev" engine preprocessor logic used undefined symbols in
comparisons. It's better not to allow this, because it gives false
positives when using compiler warnings that detect mistyped symbols.
2003-10-29 04:00:14 +00:00
Richard Levitte
dfc3151925 The definition of dynamic_ctrl() should change along with the
declaration :-).
2003-06-26 07:03:49 +00:00
Richard Levitte
834ac33a37 dynamic_ctrl() didn't have exactly the same prototype as defined by
ENGINE_CTRL_FUNC_PTR.
2003-06-19 16:57:38 +00:00
Richard Levitte
e31047744a Make sure the function definitions match their declaration. 2003-06-04 09:11:15 +00:00
Richard Levitte
0239876511 Remove certain functions 2003-05-19 23:03:43 +00:00
Richard Levitte
9ee789e6c3 Yeah, right, an object file ending with .c, that'll work! 2003-05-03 06:58:08 +00:00
Richard Levitte
7f6af7d9db Get the year right... 2003-05-01 20:15:35 +00:00
Richard Levitte
3bbb0212f3 Add STORE support in ENGINE. 2003-05-01 03:57:46 +00:00
Geoff Thorpe
bba2cb3ada Fix a bone-head bug. This warrants a CHANGES entry because it could affect
applications if they were passing a bogus 'flags' parameter yet having
things work as they wanted anyway.
2003-03-13 20:28:42 +00:00
Geoff Thorpe
b653327d47 Declare prototypes for function pointer types, even if they are likely to
be cast later on.
2003-02-15 20:32:13 +00:00
Ben Laurie
33cc07f79a Fix warning. 2003-02-01 20:55:29 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:39:26 +00:00
Geoff Thorpe
f3c22ef10d This glues the GMP wrapper ENGINE into OpenSSL if it is being built (ie. if
the OPENSSL_USE_GMP symbol is defined). Also, I've re-ordered the listing
of other builtin ENGINEs to be alphabetical (though "dynamic" will still
come first).
2003-01-30 15:49:03 +00:00
Richard Levitte
0c3426da86 Missing 0 broke FreeBSD build.
PR: 470
2003-01-23 08:10:04 +00:00
Richard Levitte
c00cee00fd FreeBSD has /dev/crypto as well.
PR: 462
2003-01-16 18:29:30 +00:00
Lutz Jänicke
018c56fdca Armor against systems without ranlib...
Submitted by: Thierry Lelegard <thierry.lelegard@canal-plus.fr>

PR: 461
2003-01-16 17:22:30 +00:00
Richard Levitte
5e42f9ab46 make update 2002-12-29 01:38:15 +00:00
Geoff Thorpe
4329db3726 The ampersand is not required in these constructs, and was giving AIX
warnings.

Reported by: Bernhard Simon.
2002-12-13 22:01:46 +00:00
Richard Levitte
b84d5b72f1 Make sure to implement the cryptodev engine only when /dev/crypto exists. 2002-12-05 10:16:28 +00:00
Richard Levitte
439ae4d398 Do not implement RC4 stuff if RC4 is disabled. Concequently, apply the same
rule for SHA stuff.
PR: 381
2002-12-04 22:54:02 +00:00
Richard Levitte
7a1f92fdc3 Windows CE updates, contributed by Steven Reddie <smr@essemer.com.au> 2002-12-03 14:20:44 +00:00
Richard Levitte
0bf23d9b20 WinCE patches 2002-11-15 22:37:18 +00:00
Richard Levitte
db199abd9e Depend on OPENSSL_NO_STATIC_ENGINE rather than OPENSSL_NO_DYNAMIC_ENGINE.
Make sure to include openssl/opensslconf.h to make sure we get the
definition of those macros.
2002-11-01 12:37:22 +00:00
Bodo Möller
259cdf2af9 Sun has agreed to removing the covenant language from most files.
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
2002-10-29 10:59:32 +00:00
Richard Levitte
6cb686208e For the mkdef.pl to recognise if the "external" engines are inserted
into libcrypto, we need the "algorithm" STATIC_ENGINE.
2002-10-24 19:09:03 +00:00
Geoff Thorpe
0587ec2645 If dynamically-loadable ENGINEs are linked against a shared-library version
of libcrypto, then it is possible that when they are loaded they will share
the same static data as the loading application/library. This means it will
be too late to set memory/ERR/ex_data/[etc] callbacks, but entirely
unnecessary to try. This change puts a static variable in the core ENGINE
code (contained in libcrypto) and a function returning a pointer to it. If
the loaded ENGINE's return value from this function matches the loading
application/library's return value - they share static data. If they don't
match, the loaded ENGINE has its own copy of libcrypto's static data and so
the callbacks need to be set.

Also, although 0.9.7 hasn't been released yet, it's clear this will
introduce a binary incompatibility between dynamic ENGINEs built for 0.9.7
and 0.9.8 (though others probably exist already from EC_*** hooks and
what-not) - so the version control values are correspondingly bumped.
2002-10-18 20:45:38 +00:00
Geoff Thorpe
314c667050 - Remo Inverardi noticed that ENGINEs don't have an "up_ref" function in the
normal 'structural' case (ENGINE_init() satisfies this in the less normal
'functional' case). This change provides such a function.

- Correct some "read" locks that should actually be "write" locks.

- make update.
2002-10-16 01:29:37 +00:00
Richard Levitte
677532629d makedepend complains when a header file is included more than once in
the same source file.
2002-10-14 10:02:36 +00:00
Richard Levitte
75871dda4b Step 13 of move of engines: Remove old files. 2002-10-11 18:52:42 +00:00
Richard Levitte
aae329c447 Step 11c of move of engines: Time to make the changes to support
automatic load of dynamic engines.  Change the iterator to try to load
the requested engine dynamically.  The environment variable
OPENSSL_ENGINES can be used to override the internal default directory
where one can expect to find dynamically loadable engines.

Note: The changes in step 11 have all been made by Geoff Thorpe.
Credit where credit is due.
2002-10-11 18:49:55 +00:00
Richard Levitte
02acf1409e Step 11b of move of engines: Time to make the changes to support
automatic load of dynamic engines.  Add functionality to the dynamic
engine to handle engine directories and loading from those.  This
is currently NOT compatible with the use of LD_LIBRARY_PATH and
similar environment variables.

Note: The changes in step 11 have all been made by Geoff Thorpe.
Credit where credit is due.
2002-10-11 18:47:51 +00:00
Richard Levitte
6ac3309c74 Step 11a of move of engines: Time to make the changes to support
automatic load of dynamic engines.  Unless we don't have shared
library support, do not try to load any "built-in" engines except for
cryptodev.
2002-10-11 18:42:54 +00:00
Richard Levitte
1b15cfa11d Step 10 of move of engines: Change crypto/engine/Makefile.ssl so we
don't build any "built-in" engines in that directory any more, except
fo the cryptodev one.
2002-10-11 18:40:47 +00:00
Richard Levitte
76dfca879f Step 9 of move of engines: rename crypto/engine/hw_cryptodev.c to
eng_cryptodev.c.  This is an engine that (at least currently) has
to be built in.
2002-10-11 18:38:26 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Dr. Stephen Henson
74e3931f84 Various Win32 fixes.
Resolve signed/unsigned conflicts

Make dso_win32.c compile.
2002-10-06 12:14:55 +00:00
Richard Levitte
6fed88113b For some reason, the random number support removed the destructor 2002-10-05 20:54:09 +00:00
Dr. Stephen Henson
3d840c827f make update 2002-10-04 21:16:58 +00:00
Richard Levitte
0638ced5cc Add random number generation capability to the cswift engine.
Should this be added to 0.9.6-stable as well?
PR: 275
2002-10-04 13:30:57 +00:00
Richard Levitte
20b33a015f Removal missing 2002-10-02 00:22:44 +00:00
Richard Levitte
293d5082c7 The OpenBSD project has replaced the first implementation of the /dev/crypto
engine with something they claim is better.  I have nothing to compare to,
and I assume they know what they're talking about.  The interesting part with
this one is that it's loaded by default on OpenBSD systems.
This change was originally introduced in OpenBSD's tracking of OpenSSL.
2002-10-02 00:19:33 +00:00
Richard Levitte
cd98ab6491 Incorrect argument order to memset() 2002-09-25 12:52:13 +00:00
Richard Levitte
b3823ac64b Missing ; 2002-09-25 12:49:40 +00:00
Geoff Thorpe
41cc7096b8 Fix a bug to allow the 4758 ENGINE to build as a DSO. 2002-08-28 19:11:08 +00:00
Dr. Stephen Henson
e88479243c Change C++ style comments 2002-08-22 23:03:04 +00:00
Bodo Möller
74cc4903ef make update 2002-08-09 12:16:15 +00:00
Bodo Möller
56939728b7 ECDH engine support
Submitted by: Douglas Stebila
2002-08-09 09:39:11 +00:00
Bodo Möller
e172d60ddb Add ECDH support.
Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
2002-08-09 08:43:04 +00:00
Richard Levitte
ba8fb52183 Certain flag macros were tested with #if instead if #ifdef... 2002-08-02 11:13:37 +00:00
Lutz Jänicke
c046fffa16 OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
2002-07-30 13:04:04 +00:00
Lutz Jänicke
3aecef7697 "make update" 2002-07-30 12:44:33 +00:00