openssl

Author	SHA1	Message	Date
Andy Polyakov	89c53672c2	Make rand_win.c UNICODE savvy.	2004-07-21 17:17:30 +00:00
Richard Levitte	64ba6cf222	From LPlib: Windows changes that detects if multibyte characters are available and deals with them properly. Contributed by Andy Polyakov <appro@fy.chalmers.se>	2004-07-20 21:24:43 +00:00
Richard Levitte	210a4f78ae	Imported from LPlib, making sure the entry name (at least on Unix) is NUL-teminated at all times, and that we don't make unneeded calls to free().	2004-07-19 16:36:28 +00:00
Richard Levitte	334ef04949	Since version 7.0, The C RTL in VMS handles time in terms of UTC instead of local time.	2004-07-19 07:50:43 +00:00
Andy Polyakov	859ceeeb51	Anchor AES and SHA-256/-512 assembler from C.	2004-07-18 17:26:01 +00:00
Andy Polyakov	d0590fe6b2	Add anchors for AES, SHA-256/-512 assembler modules and SSE2 code pathes. I also used this opportunity to clean up some out-of-date targets and re-group targets by OS.	2004-07-18 16:19:34 +00:00
Andy Polyakov	2232b10f5a	Add licensing terms.	2004-07-17 13:24:58 +00:00
Andy Polyakov	e34794dd1b	IA-64 is intolerant to misaligned access. It was a problem on Win64 as we were mislead by _MSC_VER macro, which is defined by all Windows Microsoft compilers.	2004-07-17 12:55:55 +00:00
Geoff Thorpe	0210065bbd	Quick fix. Submitted by: Nils Larsch	2004-07-16 03:24:51 +00:00
Geoff Thorpe	7f5b4dd1e8	Using Horner's algorithm to evaluate the ec polynomial (suggested by Adam Young <ayoung@cigital.com>) Submitted by: Nils Larsch	2004-07-16 03:24:19 +00:00
Richard Levitte	5906e8d5fe	I think it could be a good thing to know what went wrong with the tests...	2004-07-12 12:25:54 +00:00
Richard Levitte	2b002273f3	'SSL_add_dir_cert_subjects_to_stack' is longer than 31 characters. Lucky me, I had prepared for this :-).	2004-07-11 20:22:37 +00:00
Richard Levitte	15d155e45a	o_dir needs to be compiler with the warnings about dollar signs in identities disabled.	2004-07-11 20:21:56 +00:00
Richard Levitte	b0841348b6	In some cases, EVMSERR isn't visible (that's fairly new...). Don't have a constant that you're going to assign to, that's just plain stupid (I was the stupidhead here...).	2004-07-11 20:21:19 +00:00
Andy Polyakov	090e81d4aa	Integration of RC4 AMD64 module.	2004-07-11 16:49:09 +00:00
Andy Polyakov	e4528e48e3	RC4 tune-up for AMD64. Performance improvement of 2.22x is measured for linux-x86_64 target.	2004-07-11 16:44:07 +00:00
Richard Levitte	a2400fcab8	Copy a few files from LPlib (a new project of mine), add a wrapper. Now we have directory reading capabilities for VMS as well, and all of it in a fairly general manner.	2004-07-10 13:16:02 +00:00
Richard Levitte	dc56eb5079	o_str.c: Windows doesn't have <strings.h>, and since we use _strnicmp() and _stricmp() on that platform, use the appropriate header file for it, <string.h>. o_str.h: we only want to get size_t, which is defined in <stddef.h>. Philippe Bougeret <philippe.bougeret@freesbee.fr> notified us about Windows not having a <strings.h>	2004-07-08 08:32:48 +00:00
Dr. Stephen Henson	637ff35ef6	Delta CRL support in extension code.	2004-07-06 17:16:40 +00:00
Geoff Thorpe	ace3ebd661	Improve error handling if decompression of an ec point fails, and cleanup ec_curve.c (unify comments, etc). Submitted by: Nils Larsch Reviewed by: Bodo Moeller, Geoff Thorpe	2004-07-06 15:50:04 +00:00
Dr. Stephen Henson	eea674567c	Delete non-POSIX header file.	2004-07-04 16:48:27 +00:00
Dr. Stephen Henson	c39c32dd65	PKCS#8 fixes from stable branch.	2004-07-04 16:44:52 +00:00
Andy Polyakov	80bbc9ceaf	Minor (+12% on P4) performance tweak for sha512_block_sse2.	2004-07-01 11:29:00 +00:00
Andy Polyakov	51ce5230cd	AES assembler implementation for IA-64. Note that there is no anchor from C code yet...	2004-07-01 11:15:23 +00:00
Andy Polyakov	b6d8ba11e9	New SHA algorithms assembler implementation for IA-64. Note that despite module name both SHA-256 and SHA-512 are supported.	2004-07-01 11:13:44 +00:00
Andy Polyakov	e2f2a9af2c	New scalable bn_mul_add_words loop, which provides up to >20% overall performance improvement. Make module more gcc friendly and clarify copyright issues for division routine.	2004-07-01 11:10:38 +00:00
Richard Levitte	28a8003467	Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>. PR: 499	2004-06-28 22:01:37 +00:00
Richard Levitte	47c1735acd	NetWare fixes provided by Verdon Walker for OpenSSL 0.9.8-dev. The changes have been mailed to <crypt@bis.doc.gov> as well. PR: 903	2004-06-28 11:55:28 +00:00
Geoff Thorpe	d459e39012	Tidy up, including; - Remove unused and unuseful debug cruft. - Remove unnecessary 'top' fudging from BN_copy(). - Fix a potential memory leak and simplify the expansion logic in BN_bin2bn(). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-06-20 04:16:12 +00:00
Geoff Thorpe	340f5856ec	Incomplete initial sweep over the engine code. Mainly reducing some comment-noise to managable levels and inverting the sense of the "uptodate" boolean (which was counter-intuitive the way I'd left it).	2004-06-19 03:58:42 +00:00
Geoff Thorpe	df11e1e921	Deprecate unused cruft, and "make update".	2004-06-17 23:50:25 +00:00
Geoff Thorpe	1275c4569e	Minor change to group like functions together.	2004-06-17 23:35:45 +00:00
Geoff Thorpe	afbe74d386	Actually, that last change to BN_get_word() was a little too simple.	2004-06-17 22:05:40 +00:00
Geoff Thorpe	f18ea6cae9	Get rid of signed/unsigned warnings, and teach CVS about new things to ignore.	2004-06-17 20:28:28 +00:00
Geoff Thorpe	9088d5f24f	As Nils put it; Yet another question: some time ago you changed BN_set_word. Why didn't you change BN_get_word as well? Quite. I'm also removing the older commented-out implementations to improve readability. This complex stuff seems to date from a time when the types didn't match up well. Submitted by: Nils Larsch, Geoff Thorpe	2004-06-17 20:13:50 +00:00
Geoff Thorpe	cf9056cfda	BN_div_word() was breaking when called from BN_bn2dec() (actually, this is the only function that uses it) because it would trip up an assertion in bn_div_words() when first invoked. This also adds BN_div_word() testing to bntest. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-06-17 20:03:56 +00:00
Richard Levitte	f7fc4ca1dd	Making some values explicitely unsigned was derived from ongoing work that isn't yet committed. It wasn't meant to be committed already, so I'm removing it for now.	2004-06-15 12:52:26 +00:00
Richard Levitte	132fc53223	Typo, setting the first element of nids[] to NULL instead of setting *cnids.	2004-06-15 11:45:42 +00:00
Geoff Thorpe	b3b6720944	Correct the return codes for ecdsatest. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-06-14 23:37:32 +00:00
Andy Polyakov	385c8e89f4	SHA fails to compile on x86_64 if compiled with custom flags, without recommended -DMD32_REG_T=int in particular. PR: 893 Submitted by: Michal Ludvig <michal-list@logix.cz>	2004-06-11 17:50:57 +00:00
Geoff Thorpe	9081980565	This fixes the installation target for dynamic engines, which was trying to install to a different location than it had created. (BTW, VMS will need a matching fix in eng_list.c.) Note, these aren't ssl-specific, so I'm putting "engines/" into the libs directory rather than at the "--prefix" level or inside "ssl/".	2004-06-01 03:18:58 +00:00
Andy Polyakov	057cfaf2f8	Extend HMAC_MAX_MD_CBLOCK to accomodate SHA-512.	2004-05-31 13:28:23 +00:00
Richard Levitte	914d36ba19	make update	2004-05-31 13:16:08 +00:00
Andy Polyakov	31c2ac1cdc	EVP bindings to new SHA algorithms.	2004-05-31 13:14:08 +00:00
Andy Polyakov	6bca8e3886	objects.txt update for SHA-224/-256/-384/-512. SHA-224 ids still appear "draft," but we have to start somewhere... Submitted by: Nils Larsch <nlarsch@compuserve.de>	2004-05-31 13:07:19 +00:00
Andy Polyakov	31e9b9b2e9	Typo in commentary section.	2004-05-31 12:30:41 +00:00
Andy Polyakov	7997b13aa3	Final SHA-256/-512 touches. Extra md_len field in SHA[256\|512]_CTX reserves for truncated hash function output mode and makes SHA224 thread-safe. Next stop is integration with EVP and we're done...	2004-05-31 12:26:18 +00:00
Andy Polyakov	a2eb9688a4	Kill unused macro and reimplement it for that single context it can actually be used, namely x86* platforms [because they don't bomb on unaligned access]. This resulted in 30-40% [depending on message length] improvement for SHA-256 compiled with gcc and running on P4. In the lack of assembler implementation I give the compiler all the help it can possibly get:-)	2004-05-31 12:06:27 +00:00
Richard Levitte	af2bf07404	SHA224_Update() and SHA224_Final() aren't implemented, and since SHA224() uses SHA256_Update() and SHA256_Final() instead, let's just create aliases in form of macros. make update	2004-05-30 16:58:33 +00:00
Andy Polyakov	8d9fb0f04a	gcc -Wcast-qual clean-up.	2004-05-29 19:11:29 +00:00
Andy Polyakov	674ee8b72d	Make sure we return 0 if test passed.	2004-05-28 21:42:40 +00:00
Andy Polyakov	1809e858bb	Eliminate compiler warnings and throw in performance table.	2004-05-28 10:15:58 +00:00
Andy Polyakov	da8348e938	SHA-224 test vectors added.	2004-05-27 19:46:07 +00:00
Richard Levitte	ef16f45081	Since num is now a size_t, it's not necssary to check for less than 0, AND it avoids warnings on certain systems.	2004-05-27 09:20:42 +00:00
Richard Levitte	4d692e1ba0	Synchronise VMS with the Unixly Malefiles.	2004-05-26 17:05:51 +00:00
Richard Levitte	f2bfbcef76	make update	2004-05-25 09:41:00 +00:00
Andy Polyakov	63077bd40c	SHA-256/-512 update. A bug fix, SHA-512 tune-up for AMD64, hook for SSE2 code, Makefile update.	2004-05-20 21:24:41 +00:00
Andy Polyakov	df364f1b00	Stress collector/padding function.	2004-05-20 21:20:19 +00:00
Andy Polyakov	bc767216d9	Final API adaptation. Final, "all openssl" performance numbers [not mixture of different implementations]. Real-life performance improvement is rated at 2-3x, not 6x as preliminary announced.	2004-05-20 21:18:09 +00:00
Dr. Stephen Henson	eda52e175a	Delete obsolete and unimplemented function.	2004-05-19 17:05:02 +00:00
Richard Levitte	c4fc8b5bf4	X509_policy_lib_init is declared but not defined, so it raises havoc when trying to build a shared library on VMS or Windows...	2004-05-19 14:19:51 +00:00
Geoff Thorpe	9c52d2cc75	After the latest round of header-hacking, regenerate the dependencies in the Makefiles. NB: this commit is probably going to generate a huge posting and it is highly uninteresting to read.	2004-05-17 19:26:06 +00:00
Geoff Thorpe	0f814687b9	Deprecate the recursive includes of bn.h from various API headers (asn1.h, dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are already declared in ossl_typ.h. Add explicit includes for bn.h in those C files that need access to structure internals or API functions+macros.	2004-05-17 19:14:22 +00:00
Geoff Thorpe	298a2f9e58	Because of recent reductions in header interdependencies, these files need to include crypto.h directly.	2004-05-17 19:01:15 +00:00
Geoff Thorpe	ac0d0a5ecd	I can't verify this directly, but recent changes will probably require that the cryptodev implementation include bn.h directly (when building with OPENSSL_NO_DEPRECATED that is).	2004-05-17 18:58:47 +00:00
Geoff Thorpe	508999fa7d	Deprecate some recursive includes from the store.h API header, and put back required includes back via the internal header and str_lib.c.	2004-05-17 18:49:06 +00:00
Geoff Thorpe	210a21bc8d	Reduce dependencies on crypto.h by moving the opaque definition of CRYPTO_EX_DATA and the new/free/dup callback prototypes to ossl_typ.h.	2004-05-17 18:39:00 +00:00
Geoff Thorpe	678c1e025b	Moving opaque definitions to ossl_typ.h lets us reduce header dependencies. Deprecate inclusion of crypto.h from ui.h.	2004-05-17 18:01:28 +00:00
Andy Polyakov	1ab61a9179	Make reservations for FIPS code in HEAD branch, so that the moment FIPS comes in we have required macros in place.	2004-05-17 15:49:13 +00:00
Geoff Thorpe	d6dda126b7	Make some more API types opaquely available from ossl_typ.h, meaning the corresponding headers are only required for API functions or structure details. This now includes the bignum types and BUF_MEM. Subsequent commits will remove various dependencies on bn.h and buffer.h and update the makefile dependencies.	2004-05-15 18:32:08 +00:00
Geoff Thorpe	7771b6c5b5	This file implements various functions that have since been redefined as macros. I'm removing this from the NO_DEPRECATED build.	2004-05-15 18:26:15 +00:00
Andy Polyakov	9e0aad9fd6	size_t-fication of message digest APIs. We should size_t-fy more APIs...	2004-05-15 11:29:55 +00:00
Richard Levitte	1c7a0e2856	Reimplement old functions, so older software that link to libcrypto don't crash and burn.	2004-05-14 17:56:30 +00:00
Richard Levitte	abd23881c1	Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable.	2004-05-13 22:39:56 +00:00
Andy Polyakov	c842261b1b	SHA-224/-256/-384/-512 implementation. This is just sheer code commit. Makefile modifications, make test, etc. will appear later...	2004-05-13 13:48:33 +00:00
Andy Polyakov	1e6bccc240	SSE2 SHA512_Transform implementation. No, it's not used anywhere yet and is subject to change as C implementation is added...	2004-05-06 10:41:07 +00:00
Andy Polyakov	d3adc3d3ed	SSE2 accelerated bn_mul_add_words. Code is currently disabled till proper config and run-time support is added. PR: 788 Submitted by: <dean@arctic.org> Reviewed by: <appro> Obtained from: http://arctic.org/~dean/crypto/rsa.html	2004-05-06 10:36:49 +00:00
Andy Polyakov	10e7d6d526	Support for IA-32 SSE2 instruction set.	2004-05-06 10:31:09 +00:00
Richard Levitte	430d7afd80	When the pointer 'from' changes, it's stored length needs to change as well. Notified by Frank Kardel <kardel@acm.org> in PR 879.	2004-05-06 09:33:22 +00:00
Geoff Thorpe	ca982e4870	Fix realloc usage in ec_curve.c Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-05-04 20:08:55 +00:00
Geoff Thorpe	08e1cbc62c	The new BN_CTX code makes this sort of abuse unnecessary.	2004-04-28 18:34:39 +00:00
Andy Polyakov	dd55880644	Improved PowerPC support. Proper ./config support for ppc targets, especially for AIX. But most important BIGNUM assembler implementation submitted by IBM. Submitted by: Peter Waltenberg <pwalten@au1.ibm.com> Reviewed by: appro	2004-04-27 22:05:50 +00:00
Dr. Stephen Henson	bd1640bb01	Make ASN1 code work again...	2004-04-27 18:33:40 +00:00
Geoff Thorpe	081991ac01	With the new dynamic BN_CTX implementation, there should be no need for additional contexts.	2004-04-27 13:24:51 +00:00
Geoff Thorpe	8a85c341fe	The problem of rsa key-generation getting stuck in a loop for (pointlessly) small key sizes seems to result from the code continually regenerating the same prime value once the range is small enough. From my tests, this change fixes the problem by setting an escape velocity of 3 repeats for the second of the two primes. PR: 874	2004-04-26 15:38:44 +00:00
Geoff Thorpe	bcfea9fb25	Allow RSA key-generation to specify an arbitrary public exponent. Jelte proposed the change and submitted the patch, I jiggled it slightly and adjusted the other parts of openssl that were affected. PR: 867 Submitted by: Jelte Jansen Reviewed by: Geoff Thorpe	2004-04-26 15:31:35 +00:00
Dr. Stephen Henson	f3f52d7f45	More ASN1 reformat/tidy.	2004-04-25 12:46:39 +00:00
Dr. Stephen Henson	8845420f4e	Reformat/tidy some of the ASN1 code.	2004-04-24 17:02:48 +00:00
Dr. Stephen Henson	d735c64905	Fix leak. PR:870	2004-04-22 12:37:16 +00:00
Geoff Thorpe	8c521c7a34	Extend the index parameter checking from sk_value to sk_set(). Also tidy up some similar code elsewhere. Thanks to Francesco Petruzzi for bringing this to my attention.	2004-04-21 15:08:56 +00:00
Richard Levitte	863d2b196f	Print the debug thingies on stderr instead of stdout. If for nothing else then at least so bc doesn't have problems parsing the output from bntest :-).	2004-04-20 10:57:07 +00:00
Geoff Thorpe	c57bc2dc51	make update	2004-04-19 18:33:41 +00:00
Geoff Thorpe	28ded31b97	More updates for the header cleanups (and apologies, again, for not having consolidated these prior to committing).	2004-04-19 18:30:41 +00:00
Geoff Thorpe	60a938c6bc	(oops) Apologies all, that last header-cleanup commit was from the wrong tree. This further reduces header interdependencies, and makes some associated cleanups.	2004-04-19 18:09:28 +00:00
Geoff Thorpe	3a87a9b9db	Reduce header interdependencies, initially in engine.h (the rest of the changes are the fallout). As this could break source code that doesn't directly include headers for interfaces it uses, changes to recursive includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to define this when building and using openssl, and then adapt code where necessary - this is how to stay current. However the mechanism exists for the lethargic.	2004-04-19 17:46:04 +00:00
Geoff Thorpe	2749276b95	Avoid undefined results when the parameter is out of range.	2004-04-02 06:25:11 +00:00
Dr. Stephen Henson	b6a5fdb8a7	Don't use C++ reserved word.	2004-04-01 22:23:46 +00:00
Dr. Stephen Henson	ecf139917d	New function X509_POLICY_NODE_print()	2004-03-31 12:17:24 +00:00
Richard Levitte	ab23d5ffda	Add symbol hacks for some long names. make update	2004-03-29 08:13:49 +00:00
Andy Polyakov	1a979201d5	This is essentially Intel 32-bit compiler tune-up. To start with all available compiler versions generated bogus machine code trying to compile new crypto/des/cfb_enc.c. Secondly, 8th version defines __GNUC__ macro, but fails to compile some inline assembler correctly. Note that all versions of icc implement MSC-like _lrot[rl] intrinsic, which is used now instead of offensive asm. Finally, unnecessary linker dependencies are eliminated. Most notably dependency from libirc.a caused trouble at application start-up, if libcrypto.so is linked with -Bsymbolic (which it is).	2004-03-28 21:27:47 +00:00
Dr. Stephen Henson	216659eb87	Enhance EVP code to generate random symmetric keys of the appropriate form, for example correct DES parity. Update S/MIME code and EVP_SealInit to use new functions. PR: 700	2004-03-28 17:38:00 +00:00
Dr. Stephen Henson	5d6383c83f	Make {i2v,v2i}_ASN1_BIT_STRING global. make update	2004-03-28 12:40:11 +00:00
Dr. Stephen Henson	e07d3a021d	Remove obsolete files.	2004-03-28 12:29:05 +00:00
Dr. Stephen Henson	e1a27eb34a	Allow CRLs to be passed into X509_STORE_CTX. This is useful when the verified structure can contain its own CRLs (such as PKCS#7 signedData). Tidy up some of the verify code.	2004-03-27 22:49:28 +00:00
Dr. Stephen Henson	6446e0c3c8	Extend OID config module format.	2004-03-27 13:30:14 +00:00
Dr. Stephen Henson	beedea2fef	Free up BIO properly when using streaming S/MIME sign.	2004-03-26 00:24:38 +00:00
Richard Levitte	0020502a07	SSL_COMP_get_compression_method is a typo (a missing 's' at the end of the symbol name).	2004-03-25 21:32:30 +00:00
Richard Levitte	fd9fa844e2	Wrap code starting with a definition. PR: 854	2004-03-25 20:01:01 +00:00
Richard Levitte	482c2acf02	Make prototypes for some callback pointers.	2004-03-25 16:21:42 +00:00
Richard Levitte	a481b4b52c	A couple more cases where RAND_add() gets an integer instead of a doule as last argument.	2004-03-25 16:04:02 +00:00
Richard Levitte	a87228031f	RAND_add() wants a double as it's last argument.	2004-03-25 15:52:43 +00:00
Dr. Stephen Henson	b79c82eaab	Fix loads of warnings in policy code. I'll remember to try to compile this with warnings enabled next time :-)	2004-03-25 13:45:58 +00:00
Dr. Stephen Henson	69d1d5e6ce	Fix ASN1 warnings.	2004-03-25 13:37:02 +00:00
Geoff Thorpe	c86f2054f3	Adjust various bignum functions to use BN_CTX for variables instead of locally initialising their own. NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of these functions, and that may be a major part of the performance improvements we're seeing. The "free" part can be removed because we're using BN_CTX. The "clear" part OTOH can be removed because BN_CTX destruction automatically performs this task, so performing it inside functions that may be called repeatedly is wasteful. This is currently safe within openssl due to the fact that BN_CTX objects are never created for longer than a single high-level operation. However, that is only because there's currently no mechanism in openssl for thread-local storage. Beyond that, this might be an issue for applications using the bignum API directly and caching their own BN_CTX objects. The solution is to introduce a flag to BN_CTX_start() that allows its variables to be automatically sanitised on release during BN_CTX_end(). This way any higher-level function (and perhaps the application) can specify this flag in its own BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions specifying the flag to be ignored so that sanitisation is handled only once back out at the higher level. I will be implementing this in the near future.	2004-03-25 04:32:24 +00:00
Geoff Thorpe	5c98b2caf5	Replace the BN_CTX implementation with my current work. I'm leaving the little TODO list in there as well as the debugging code (only enabled if BN_CTX_DEBUG is defined). I'd appreciate as much review and testing as can be spared for this. I'll commit some changes to other parts of the bignum code shortly to make better use of this implementation (no more fixed size limitations). Note also that under identical optimisations, I'm seeing a noticable speed increase over openssl-0.9.7 - so any feedback to confirm/deny this on other systems would also be most welcome.	2004-03-25 04:16:14 +00:00
Geoff Thorpe	5148710994	Adds warnings about two curves and fixes the "seed" value for two other curves. Submitted by: Nils Larsch	2004-03-25 03:03:52 +00:00
Geoff Thorpe	ea77fc3380	... and this should likewise fix up those RSA implementations that weren't already built and tested.	2004-03-25 02:55:17 +00:00
Geoff Thorpe	46ef873f0b	By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key operations no longer require two distinct BN_CTX structures. This may put more "strain" on the current BN_CTX implementation (which has a fixed limit to the number of variables it will hold), but so far this limit is not triggered by any of the tests pass and I will be changing BN_CTX in the near future to avoid this problem anyway. This also changes the default RSA implementation code to use the BN_CTX in favour of initialising some of its variables locally in each function.	2004-03-25 02:52:04 +00:00
Geoff Thorpe	2d2a5ba32a	Damn, I was a bit hasty with my fix and hadn't spotted the linker dependency from asn1.	2004-03-25 02:41:35 +00:00
Geoff Thorpe	2bd4e3379f	Remove some warnings.	2004-03-25 02:24:38 +00:00
Geoff Thorpe	032c3ecb18	Protect against gcc's "warning: cast does not match function type".	2004-03-25 02:19:42 +00:00
Richard Levitte	e703b46598	Don't define fd for platforms that do not use it, as some may not declare fileno() properly	2004-03-24 10:55:48 +00:00
Richard Levitte	0fa793bc7b	Correct constness problems.	2004-03-24 10:50:42 +00:00
Richard Levitte	5c42f62e48	Only build the PKCS#7 test applications if "pkcs7" is present in SDIRS.	2004-03-24 10:48:50 +00:00
Richard Levitte	a08e05d1be	Add store.h among the exported headers on VMS.	2004-03-24 09:52:16 +00:00
Richard Levitte	a0b5ebeac6	Typo...	2004-03-24 09:40:59 +00:00
Richard Levitte	8ee18dd520	Make sure toupper() is properly declared.	2004-03-24 09:40:23 +00:00
Richard Levitte	e725a9660b	make update	2004-03-23 15:06:33 +00:00
Richard Levitte	d7eed1929b	Sync the VMS build with Unix.	2004-03-23 14:50:16 +00:00
Dr. Stephen Henson	4acc3e907d	Initial support for certificate policy checking and evaluation. This is currently very experimental and needs to be more fully integrated with the main verification code.	2004-03-23 14:14:35 +00:00
Richard Levitte	ec5d8a54e9	Remove a warning for conversion double->long. This has impacts on Windows. PR: 849	2004-03-21 22:39:52 +00:00
Richard Levitte	18a6333180	Make sure fd is defined where it should. PR: 849	2004-03-21 22:36:27 +00:00
Geoff Thorpe	e042540f6b	Variety of belt-tightenings in the bignum code. (Please help test this!) - Remove some unnecessary "+1"-like fudges. Sizes should be handled exactly, as enlarging size parameters causes needless bloat and may just make bugs less likely rather than fixing them: bn_expand() macro, bn_expand_internal(), and BN_sqr(). - Deprecate bn_dup_expand() - it's new since 0.9.7, unused, and not that useful. - Remove unnecessary zeroing of unused bytes in bn_expand2(). - Rewrite BN_set_word() - it should be much simpler, the previous complexities probably date from old mismatched type issues. - Add missing bn_check_top() macros in bn_word.c - Improve some degenerate case handling in BN_[add\|sub]_word(), add comments, and avoid a bignum expansion if an overflow isn't possible.	2004-03-17 17:36:54 +00:00
Richard Levitte	875a644a90	Constify d2i, s2i, c2i and r2i functions and other associated functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.	2004-03-15 23:15:26 +00:00
Richard Levitte	ec37635c94	It was just pointed out to me that it's better to cast to double...	2004-03-15 23:02:55 +00:00
Richard Levitte	fd836aeee0	Make sure that the last argument to RAND_add() is a float, or some compilers may complain.	2004-03-15 22:37:08 +00:00
Richard Levitte	560f7abb7e	Make sure we use unsigned constants, or come compilers may complain.	2004-03-15 22:33:19 +00:00
Geoff Thorpe	b6358c89a1	Convert openssl code not to assume the deprecated form of BN_zero(). Remove certain redundant BN_zero() initialisations, because BN_CTX_get(), BN_init(), [etc] already initialise to zero. Correct error checking in bn_sqr.c, and be less wishy-wash about how/why the result's 'top' value is set (note also, 'max' is always > 0 at this point).	2004-03-13 23:57:20 +00:00
Geoff Thorpe	5d735465d1	The efforts to eliminate the dual-representation of zero and to ensure bignums are passed in and out of functions and APIs in a consistent form has highlighted that zero-valued bignums don't need any allocated word data. The use of BN_set_word() to initialise a bignum to zero causes needless allocation and gives it a return value that must be checked. This change converts BN_zero() to a self-contained macro that has no return/expression value and does not cause any expansion of bignum data. Note, it would be tempting to rewrite the deprecated version as a success-valued comma expression, such as; #define BN_zero(a) ((a)->top = (a)->neg = 0, 1) However, this evaluates 'a' twice and would confuse initialisation loops (eg. while(..) { BN_zero(bn++) } ). As such, the deprecated version continues to use BN_set_word().	2004-03-13 23:04:15 +00:00
Geoff Thorpe	9e051bac13	Document a change I'd already made, and at the same time, correct the change to work properly; BN_zero() should set 'neg' to zero as well as 'top' to match the behaviour of BN_new().	2004-03-13 22:10:15 +00:00
Geoff Thorpe	93825dddad	static	2004-03-10 01:20:26 +00:00
Geoff Thorpe	a8aa764d3c	Minimise the amount of code dependent on BN_DEBUG_RAND. In particular, redefine bn_clear_top2max() to be a NOP in the non-debugging case, and remove some unnecessary usages in bn_nist.c. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe, Ulf Möller	2004-03-09 03:53:40 +00:00
Geoff Thorpe	e7716b7a19	More changes coming out of the bignum auditing. BN_CTX_get() should ideally return a "zero" bignum as BN_new() does - so reset 'top'. During BN_CTX_end(), released bignums should be consistent so enforce this in debug builds. Also, reduce the number of wasted BN_clear_free() calls from BN_CTX_end() (typically by 75% or so). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe, Ulf Möller	2004-03-09 03:47:35 +00:00
Dr. Stephen Henson	a4e3150f00	Fix policy constraints syntax.	2004-03-08 18:15:32 +00:00
Dr. Stephen Henson	edec614efd	Support for inhibitAnyPolicy extension.	2004-03-08 13:56:31 +00:00
Dr. Stephen Henson	5fa5eb71a4	Cleanup ASN1 OID module when it exits.	2004-03-05 23:47:56 +00:00
Dr. Stephen Henson	216ad9ef58	Memory leak fix.	2004-03-05 23:39:42 +00:00
Dr. Stephen Henson	bc50157010	Various X509 fixes. Disable broken certificate workarounds when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions.	2004-03-05 17:16:35 +00:00
Dr. Stephen Henson	91180d45f9	Typos. Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>	2004-03-04 21:44:39 +00:00
Richard Levitte	4cfa4ae820	Avoid a memory leak in OCSP_parse_url(). Notified by Paul Siegel <psiegel@corestreet.com>	2004-03-01 14:58:22 +00:00
Richard Levitte	f727266ae8	Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also. PR: 833	2004-02-26 22:07:45 +00:00
Geoff Thorpe	c6700d2746	A cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-02-22 19:32:53 +00:00
Geoff Thorpe	1b06804491	When adding positive elements, we can use BN_uadd() instead of BN_add(). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-02-22 19:30:41 +00:00
Dr. Stephen Henson	dc90f64d56	Use an OCTET STRING for the encoding of an OCSP nonce value. The old raw format can't be handled by some implementations and updates to RFC2560 will make this mandatory.	2004-02-19 18:16:38 +00:00
Geoff Thorpe	6c43032121	minor signed/unsigned warning fixes	2004-02-10 18:46:10 +00:00
Andy Polyakov	1751034669	Typo in crypto/bn/asm/x86_64.c, bn_div_words(). PR: 821	2004-02-07 09:51:28 +00:00
Dr. Stephen Henson	d4575825f1	Add flag to avoid continuous memory allocate when calling EVP_MD_CTX_copy_ex(). Without this HMAC is several times slower than < 0.9.7.	2004-02-01 13:39:51 +00:00
Andy Polyakov	d04b1b4656	Typo in PA-RISC 2 rules in crypto/bn/Makefile.ssl	2004-01-30 05:41:23 +00:00
Andy Polyakov	1247092776	HP/UX PA-RISC 2 targets update.	2004-01-29 22:16:08 +00:00
Richard Levitte	61a88c31c0	Typo	2004-01-29 02:55:43 +00:00
Richard Levitte	e5886a2388	make update	2004-01-28 19:07:41 +00:00
Richard Levitte	8d1ebe0bd1	Add the missing parts for DES CFB1 and CFB8. Add the corresponding AES parts while I'm at it. make update	2004-01-28 19:05:35 +00:00
Richard Levitte	1fb724449d	make update	2004-01-28 18:38:33 +00:00
Richard Levitte	721a5e83f9	Unsigned vs. signed problem removed	2004-01-28 08:48:11 +00:00
Andy Polyakov	6df617a59d	#undef _POSIX_C_SOURCE in ui_openssl.c ruined IRIX builds. Comment on why _POSIX_C_SOURCE needed in first place.	2004-01-27 22:06:48 +00:00
Andy Polyakov	8c6336b0aa	CFB DES sync-up with FIPS branch.	2004-01-27 21:47:35 +00:00
Richard Levitte	87203dc99a	Avoid signed vs. unsigned warnings (which are treated like errors on Windows).	2004-01-27 01:16:38 +00:00
Richard Levitte	4de65cbc06	S_IFBLK and S_IFCHR may not exist in some places (like Windows), so let's check for those macros, and if they aren't defined, let's assume there aren't Unixly devices on this platform.	2004-01-26 23:45:32 +00:00
Andy Polyakov	27b2b78f90	Even though C specification explicitly says that constant type "stretches" automatically to accomodate the value, some compilers fail to do so. Most notably 0x0123456789ABCDEF should come out as long long in 32-bit context, but HP compiler truncates it to 32-bit value. Which in turn breaks GF(2^m) arithmetics in hpux-parisc2-cc build. Therefore this fix...	2004-01-25 10:53:43 +00:00
Andy Polyakov	7f24b1c3e9	Get rid of bogus warning when compiling with Sun vendor compiler.	2004-01-24 16:31:21 +00:00
Richard Levitte	a5e8bcfb7b	We're passed p, so let's use p instead of making assumptions.	2004-01-24 01:16:02 +00:00
Richard Levitte	9d5c3c1939	Typo...	2004-01-22 22:36:46 +00:00
Andy Polyakov	30cb9ec715	SHA-1 assembler tune-up for Intel P4	2004-01-21 08:17:08 +00:00
Richard Levitte	af6dab9b00	Adding a slash between the directoryt and the file is a problem with VMS. The C RTL can handle it well if the "directory" is a logical name with no colon, therefore ending being 'logname/file'. However, if the given logical names actually has a colon, or if you use a full VMS-syntax directory, you end up with 'logname:/file' or 'dev:[dir1.dir2]/file', and that isn't handled in any good way. So, on VMS, we need to check if the directory string ends with a separator (one of ':', ']' or '>' (< and > can be used instead [ and ])), and handle that by not inserting anything between the directory spec and the file name. In all other cases, it's assumed the directory spec is a logical name, so we need to place a colon between it and the file. Notified by Kevin Greaney <kevin.greaney@hp.com>.	2004-01-10 18:04:38 +00:00
Lutz Jänicke	c0017a5a65	Update URI Submitted by: Gertjan van Oosten <gertjan@West.NL> PR: #804	2004-01-04 18:05:50 +00:00
Richard Levitte	075521725d	Fix Perl problems on sparc64. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 16:13:18 +00:00
Richard Levitte	f28e8bd300	Only use environment variables if uid and gid are the same as euid and egid. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 16:07:20 +00:00
Richard Levitte	de02ec2767	Check if a random "file" is really a device file, and treat it specially if it is. Add a few OpenBSD-specific cases. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 16:02:22 +00:00
Richard Levitte	112341031b	Correct documentation typos. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 15:04:54 +00:00
Richard Levitte	7cf803230b	OpenBSD-internal changes. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 15:02:56 +00:00
Richard Levitte	79b42e7654	Use sh explicitely to run point.sh This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 14:59:07 +00:00
Richard Levitte	f0c5db92f7	Include strings.h so strcasecmp() and strncasecmp() get properly declared.	2003-12-27 14:54:48 +00:00
Richard Levitte	d420ac2c7d	Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 14:40:17 +00:00
Richard Levitte	a2b0de98af	To figure out if we're going outside the buffer, use the size of the buffer, not the size of the integer used to index in said buffer. PR: 794 Notified by: Rhett Garber <rhett_garber@hp.com>	2003-12-11 18:01:03 +00:00
Ulf Möller	380e145daf	Add "dif" variable to clean up the loop implementations. Submitted by: Nils Larsch	2003-12-06 11:55:46 +00:00
Ulf Möller	a9f2330f43	Skip a curve with generator of non-prime order. Submitted by: Nils Larsch	2003-12-06 11:41:22 +00:00
Ulf Möller	ce38bb1a8c	Avoid segfault if ret==0. Submitted by: Nils Larsch	2003-12-06 11:39:37 +00:00
Lutz Jänicke	919f8bcd21	Restructure make targets to allow parallel make. Submitted by: Witold Filipczyk <witekfl@poczta.gazeta.pl> PR: #513	2003-12-03 16:29:41 +00:00
Geoff Thorpe	2bfd2c74d2	Incremental cleanups to bn_lib.c. - Add missing bn_check_top() calls and relocate some others - Use BN_is_zero() where appropriate - Remove assert()s that bn_check_top() is already covering - Simplify the code in places (esp. bn_expand2()) - Only keep ambiguous zero handling if BN_STRICT isn't defined - Remove some white-space and make some other aesthetic tweaks	2003-12-02 20:01:30 +00:00
Geoff Thorpe	82b2f57e30	Use the BN_is_odd() macro in place of code that (inconsistently) does much the same thing. Also, I have some stuff on the back-burner related to some BN_CTX notes from Peter Gutmann about his cryptlib hacks to the bignum code. The BN_CTX comments are there to remind me of some relevant points in the code.	2003-12-02 03:28:24 +00:00
Geoff Thorpe	2ae1ea3788	BN_FLG_FREE is of extremely dubious usefulness, and is only referred to once in the source (where it is set for the benefit of no other code whatsoever). I've deprecated the declaration in the header and likewise made the use of the flag conditional in bn_lib.c. Note, this change also NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated.	2003-12-02 03:16:56 +00:00
Geoff Thorpe	34066d741a	Declare the static BIGNUM "BN_value_one()" more carefully.	2003-12-01 23:13:17 +00:00
Geoff Thorpe	b74cc0776b	Add missing bn_check_top()s to bn_kron.c, remove some miscellaneous white-space, and include extra headers to satisfy debugging builds.	2003-12-01 23:11:45 +00:00
Geoff Thorpe	e7e5fe4705	Add missing bn_check_top()s to bn_gf2m.c and remove some miscellaneous white-space.	2003-12-01 23:10:21 +00:00
Geoff Thorpe	998ae048e7	The bn_set_max() macro is only "used" by the bn_set_[low\|high]() macros which, in turn, are used nowhere at all. This is a good thing because bn_set_max() would currently generate code that wouldn't compile (BIGNUM has no 'max' element). The only apparent use for bn_set_[low\|high] would be for implementing windowing algorithms, and all of openssl's seem to use bn_***_words() helpers instead (including the BN_div() that Nils fixed recently, which had been using independently-coded versions of what these unused macros are intended for). I'm therefore consigning these macros to cvs oblivion in the name of readability.	2003-12-01 22:11:08 +00:00
Geoff Thorpe	e65c2b9872	bn_fix_top() exists for compatibility's sake and is mapped to bn_correct_top() or bn_check_top() depending on debug settings. For internal source, all bn_fix_top()s should be converted one way or the other depending on whether the use of bn_correct_top() is justified. For BN_div_recp(), these cases should not require correction if the other bignum functions are doing their jobs properly, so convert to bn_check_top().	2003-12-01 21:59:40 +00:00
Richard Levitte	2fe9ab8e20	It was pointed out to me that if the requested size is 0, we shouldn't ty to allocate anything at all. This will allow eNULL to still work. PR: 751 Notified by: Lutz Jaenicke	2003-12-01 13:25:37 +00:00
Richard Levitte	1145e03870	Check that OPENSSL_malloc() really returned some memory. PR: 751 Notified by: meder@mcs.anl.gov Reviewed by: Lutz Jaenicke, Richard Levitte	2003-12-01 12:11:55 +00:00
Richard Levitte	6781efb92f	CRYPTO_malloc(), CRYPTO_realloc() and variants of them should return NULL if the give size is 0. This is a thought that came up in PR 751.	2003-12-01 12:06:15 +00:00
Lutz Jänicke	0bf1c1d80d	Some more ASFLAGS settings required PR: #735 Submitted by: Tim Rice <tim@multitalents.net>	2003-12-01 08:12:47 +00:00
Geoff Thorpe	6ed474ca66	Add more debugging to my Configure target, and "make update" to incorporate this and a few other changes.	2003-11-30 23:29:27 +00:00
Geoff Thorpe	46cb8d3689	If BN_STRICT is defined, don't accept an ambiguous representation of zero (ie. where top may be zero, or it may be one if the corresponding word is set to zero). Note, this only affects the macros in bn.h, there are probably similar corrections required in some c files. Also, clarify the audit-related macros at the top of the header. Mental note: I must not forget to clean all this out before 0.9.8 is released ...	2003-11-30 22:23:12 +00:00
Geoff Thorpe	23fc5ac646	Improve a couple of the bignum macros. Note, this doesn't eliminate tolerance of ambiguous zero-representation, it just improves BN_abs_is_word() and simplifies other macros that depend on it.	2003-11-30 22:02:10 +00:00
Geoff Thorpe	5734bebe05	Make BN_DEBUG_RAND less painfully slow by only consuming one byte of pseudo-random data for each bn_pollute().	2003-11-30 21:21:30 +00:00
Geoff Thorpe	657a919598	This improves the placement of check_top() macros in a couple of bn_lib functions.	2003-11-29 20:34:07 +00:00
Richard Levitte	3822740ce3	We're getting a clash with C++ because it has a type called 'list'. Therefore, change all instances of the symbol 'list' to something else. PR: 758 Submitted by: Frédéric Giudicelli <groups@newpki.org>	2003-11-29 10:25:37 +00:00
Richard Levitte	0d78bc3356	Add IPSec/IKE/Oakley curves. PR: 768 Submitted by: Vadim Fedukovich <vf@unity.net>	2003-11-29 09:25:59 +00:00
Richard Levitte	d87b79bf31	Damnit, I'm sick of having to do something special every time a module that gets built before objects barfs all over the place because it uses a new NID that hasn't had a chance of getting defined yet (in this case, it was about a couple of new EC curves, and therefore a couple of new corresponding NIDs). I'm placing objects first in SDIRS! There.	2003-11-29 09:19:12 +00:00
Richard Levitte	b727907ae8	1024 is the export key bits limit according to current regulations, not 512. PR: 771 Submitted by: c zhang <czhang2005@hotmail.com>	2003-11-28 22:39:19 +00:00
Geoff Thorpe	444c3a8492	Get rid of some signed/unsigned comparison warnings.	2003-11-28 16:39:16 +00:00
Richard Levitte	4d8743f490	Netware-specific changes, PR: 780 Submitted by: Verdon Walker <VWalker@novell.com> Reviewed by: Richard Levitte	2003-11-28 13:10:58 +00:00
Geoff Thorpe	81ba5f6713	Due to recent debugging bursts, openssl should be more or less solid against inconsistent BIGNUMs coming out of any of its API functions. So this change no longer "fixes" the bn_print.c functions, but it makes for cleaner code. This patch was a part of ticket 697. PR: 697 Submitted by: Otto Moerbeek Reviewed by: Geoff Thorpe	2003-11-25 21:07:59 +00:00
Geoff Thorpe	6defae04f3	Fix some handling in bn_word. This also resolves the issues observed in ticket 697 (though uses a different solution than the proposed one). This problem was initially raised by Otto Moerbeek. PR: 697 Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2003-11-25 20:39:19 +00:00
Geoff Thorpe	e1064adfd3	Some changes for bn_gf2m.c: better error checking plus some minor optimizations. Submitted by: Nils Larsch	2003-11-25 03:41:20 +00:00
Lutz Jänicke	d7559f16cd	Free "engine" resource in case of failure to prevent memory leak PR: #778 Submitted by: George Mitchell <george@m5p.com>	2003-11-24 16:48:52 +00:00
Geoff Thorpe	9e989810ba	BN_div() cleanup: replace the use of BN_sub and BN_add with bn_sub_words and bn_add_words to avoid using fake bignums to window other bignums that can lead to corruption. This change allows all bignum tests to pass with BN_DEBUG and BN_DEBUG_RAND debugging and valgrind. NB: This should be tested on a few different architectures and configuration targets, as the bignum code this deals with is quite preprocessor (and assembly) sensitive. Submitted by: Nils Narsch Reviewed by: Geoff Thorpe, Ulf Moeller	2003-11-22 20:23:41 +00:00
Geoff Thorpe	ec2179cf81	Fix a small bug in str_copy: if more than one variable is replaced, make sure the current length is used to calculate the new buffer length instead of using the old length (prior to any variable substitution). Submitted by: Nils Larsch	2003-11-21 21:42:35 +00:00
Dr. Stephen Henson	a8287a90ea	Give CRLDP its standard name. Max req -x509 use V1 if extensions section absent.	2003-11-20 22:45:06 +00:00
Ulf Möller	31182ad39b	re-enable the test, keeping the original method for RAND_pseudo_bytes which is used by BN_DEBUG_RAND Submitted by: Nils Larsch	2003-11-16 19:33:31 +00:00
Lutz Jänicke	fda5e38551	Provide ASFLAGS in the subdirectories handling assembler code. Submitted by: Tim Rice <tim@multitalents.net> PR: #735, #765	2003-11-16 14:38:34 +00:00
Ulf Möller	ac9c6e10a4	The x9.62 tests replace the PRNG with specific numbers, so don't run them if BN_DEBUG_RAND is defined. Also, fix another small bug. Submitted by: Nils Larsch	2003-11-16 12:24:45 +00:00
Ulf Möller	1a01733047	BN_set_bit() etc should use "unsigned int". Keep it as is to avoid an API change, but check for negativ values. Submitted by: Nils Larsch	2003-11-15 08:37:50 +00:00
Geoff Thorpe	9dde17e8b4	This rewrites two "for" loops in BN_rshift() - equality with zero is generally a more efficient comparison than comparing two integers, and the first of these two loops was off-by-one (copying one too many values). This change also removes a superfluous assignment that would set an unused word to zero (and potentially allow an overrun in some cases). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2003-11-13 15:03:14 +00:00
Geoff Thorpe	37af03d311	General improvements to the ec_asn1.c code. This squashes at least one bug (where it was impossible to create an EC certificate with a compressed public key), and has some style improvements based on some comments from Steve Henson about use of the ASN1 macros. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2003-11-10 18:09:18 +00:00
Geoff Thorpe	f7a397cc8d	Avoid possible memory leaks in error-handling. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2003-11-10 18:05:22 +00:00
Dr. Stephen Henson	cd2e8a6f2d	Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().	2003-11-10 01:37:23 +00:00
Geoff Thorpe	f75abcefed	This extends the debugging macros to use "pollution" during bn_correct_top(), previously only bn_check_top() did this.	2003-11-06 23:24:44 +00:00
Geoff Thorpe	18f62d4b82	Add debug-screening of input parameters to some functions I'd missed before.	2003-11-06 23:13:04 +00:00
Geoff Thorpe	5c0c22803e	Put more debug screening in BN_div() and correct a comment.	2003-11-06 23:11:07 +00:00
Geoff Thorpe	0ef85c7f45	This is a revert of my previous commit to "improve" the declaration of constant BIGNUMs. It turns out that this trips up different but equally useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness it created. (Thanks to Ulf for the forehead-slap.)	2003-11-05 19:30:29 +00:00
Ulf Möller	078dd1a0f9	typo in comment	2003-11-05 17:28:59 +00:00
Ulf Möller	2b96c95197	cleanup as discussed with Geoff	2003-11-05 17:28:25 +00:00
Geoff Thorpe	d870740cd7	Put the first stage of my bignum debugging adventures into CVS. This code is itself experimental, and in addition may cause execution to break on existing openssl "bugs" that previously were harmless or at least invisible.	2003-11-04 22:54:49 +00:00
Geoff Thorpe	d8ec0dcf45	Avoid some shadowed variable names. Submitted by: Nils Larsch	2003-11-04 00:51:32 +00:00
Geoff Thorpe	c465e7941e	This is the least unacceptable way I've found for declaring the bignum data and structures as constant without having to cast away const at any point. There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy, but crypto/bn/ is now ok. Purists are welcome to suggest alternatives.	2003-11-04 00:29:09 +00:00
Geoff Thorpe	a9fd78f9da	bn_div() does some pretty nasty things with temporary variables, constructing BIGNUM structures with pointers offset into other bignums (among other things). This corrects some of it that is too plainly insane, and tries to ensure that bignums are normalised when passed to other functions.	2003-10-31 01:35:16 +00:00
Geoff Thorpe	5f747c7f4b	When a BN_CTX is used for temporary workspace, the variables are sometimes left in an inconsistent state when they are released for later reuse. This change resets the BIGNUMs when they are released back to the context.	2003-10-30 01:07:56 +00:00
Geoff Thorpe	c4db1a8b5c	This fixes a couple of cases where an inconsistent BIGNUM could be passed as input to a function.	2003-10-30 01:03:31 +00:00
Geoff Thorpe	aca95e0b2f	Remove a line that was causing redundant declarations. Obtained from: Stephen Henson <steve@openssl.org>	2003-10-29 22:55:19 +00:00
Geoff Thorpe	06e4024d98	Oops, this file already had the "empty source file" workaround but it requires -DPEDANTIC and was hidden at the bottom of the file. This moves it to the top and removes the redundant declaration.	2003-10-29 22:25:04 +00:00
Geoff Thorpe	8087d8f7ea	Make md32_common.h friendlier to compiler warnings. Obtained from: Andy Polyakov <appro@openssl.org>	2003-10-29 20:55:03 +00:00
Geoff Thorpe	31166ec8f3	Some provisional bignum debugging has begun to detect inconsistent BIGNUM structures being passed in to or out of API functions, and this corrects a couple of cases found so far. Also, lop off a couple of bytes of white-space.	2003-10-29 20:47:49 +00:00
Geoff Thorpe	2754597013	A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.	2003-10-29 20:24:15 +00:00
Geoff Thorpe	2ce90b9b74	BN_CTX is opaque and the static initialiser BN_CTX_init() is not used except internally to the allocator BN_CTX_new(), as such this deprecates the use of BN_CTX_init() in the API. Moreover, the structure definition of BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself. NDEBUG should probably only be "forced" in the top-level configuration, but until it is I will avoid removing it from bn_ctx.c which might surprise people with massive slow-downs in their keygens. So I've left it in bn_ctx.c but tidied up the preprocessor logic a touch and made it more tolerant of debugging efforts.	2003-10-29 18:04:37 +00:00
Richard Levitte	4e952ae4fc	Removing those memcpy()s also took away the possibility for in and out to be the same. Therefore, the removed memcpy()s need to be restored.	2003-10-29 06:21:22 +00:00
Geoff Thorpe	db59141467	remove accidentally committed debugging cruft.	2003-10-29 05:35:31 +00:00
Geoff Thorpe	8a66d17899	Remove an unnecessary cast that causes certain compilers (eg. mine) some confusion. Also silence a couple of signed/unsigned warnings.	2003-10-29 05:00:57 +00:00
Geoff Thorpe	2eeaa0261e	Remove redundant declaration.	2003-10-29 04:58:23 +00:00
Geoff Thorpe	8dc344ccbf	Relax some over-zealous constification that gave some lhash-based code no choice but to have to cast away "const" qualifiers from their prototypes. This does not remove constification restrictions from hash/compare callbacks, but allows destructor commands to be run over a tables' elements without bad casts.	2003-10-29 04:57:05 +00:00
Geoff Thorpe	6bcd3f903a	Comments out some unimplemented functions instead of redeclaring them.	2003-10-29 04:42:29 +00:00
Geoff Thorpe	40f935f5b4	Avoid "empty source file" warnings.	2003-10-29 04:41:19 +00:00
Geoff Thorpe	0991f07034	For whatever reason (compiler or header bugs), at least one commonly-used linux system (namely mine) chokes on our definitions and uses of the "HZ" symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast" (when in fact there is no function casting involved at all). In both cases, it is easily worked around by not defining a cast into the macro and jiggling the expressions slightly. In addition - this highlights some cruft in openssl that needs sorting out. The tmdiff.h header is exported as part of the openssl API despite the fact that it is ugly as the driven sludge and not used anywhere in the library, applications, or utilities. More weird still, almost identical code exists in apps/speed.c though it looks to be slightly tweaked - so either tmdiff should be updated and used by speed.c, or it should be dumped because it's obviously not useful enough. Rather than removing it for now, I've changed the API for tmdiff to at least make sense. This involves taking the object type (MS_TM) from the implementation and using it in the header rather than using "char " in the API and casting mercilessly in the code (ugh). If someone doesn't like "MS_TM" and the "ms_time_**" naming, by all means change it. This should be a harmless improvement, because the existing API is clearly not very useful (eg. we reimplement it rather than using it in our own utils). However, someone still needs to take a hack at consolidating speed.c and tmdiff.[ch] somehow.	2003-10-29 04:40:13 +00:00
Geoff Thorpe	2aaec9cced	Update any code that was using deprecated functions so that everything builds and links with OPENSSL_NO_DEPRECATED defined.	2003-10-29 04:14:08 +00:00
Geoff Thorpe	9d473aa2e4	When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should be) precompiled out in the API headers. This change is to ensure that if it is defined when compiling openssl, the deprecated functions aren't implemented either.	2003-10-29 04:06:50 +00:00
Geoff Thorpe	6145b0b183	The "cryptodev" engine preprocessor logic used undefined symbols in comparisons. It's better not to allow this, because it gives false positives when using compiler warnings that detect mistyped symbols.	2003-10-29 04:00:14 +00:00
Geoff Thorpe	66b82f5aad	make update	2003-10-28 22:10:47 +00:00
Geoff Thorpe	12bdceac8a	Ignore derived file.	2003-10-28 17:26:46 +00:00
Geoff Thorpe	8ad7e3ad2a	Remove duplicate prototypes have already been (correctly) added to rsa.h, as this is already included by x509.h anyway.	2003-10-24 16:17:11 +00:00
Richard Levitte	0b6956b474	Correct serious bug in AES-CBC decryption when the message length isn't a multiple of AES_BLOCK_SIZE. Optimize decryption of all complete blocks in AES-CBC by removing an unnecessary memcpy(). The error was notified by James Fernandes <jf210032@exchange.DAYTONOH.NCR.com>. The unnecessary memcpy() was found as an effect of investigating that error.	2003-10-15 09:00:14 +00:00
Richard Levitte	0bb6187e71	The object file is o_str.o, not o_str.c. Thanks to Peter Sylvester <Peter.Sylvester@EdelWeb.fr> for the notification.	2003-10-13 11:34:40 +00:00
Dr. Stephen Henson	c5a5546389	Add support for digested data PKCS#7 type.	2003-10-11 22:11:45 +00:00
Dr. Stephen Henson	77fe058c10	Simplify cipher and digest lookup in PKCS#7 code.	2003-10-11 16:46:40 +00:00
Dr. Stephen Henson	8d9086dfa2	New function to initialize a PKCS7 structure of type other.	2003-10-10 23:40:47 +00:00
Dr. Stephen Henson	0602abf5bd	Initialize digested data type in PKCS7_set_type().	2003-10-10 23:31:53 +00:00
Dr. Stephen Henson	caf044cb3e	Retrieve correct content to sign when the type is "other".	2003-10-10 23:25:43 +00:00
Richard Levitte	83eb412da8	In realloc, don't destroy the old memory area if a new one couldn't be allocated. Notified by Daniel Lucq <daniel@lucq.org>	2003-10-07 12:09:39 +00:00
Richard Levitte	8242354952	Make sure int SSL_COMP_add_compression_method() checks if a certain compression identity is already present among the registered compression methods, and if so, reject the addition request. Declare SSL_COMP_get_compression_method() so it can be used properly. Change ssltest.c so it checks what compression methods are available and enumerates them. As a side-effect, built-in compression methods will be automagically loaded that way. Additionally, change the identities for ZLIB and RLE to be conformant to draft-ietf-tls-compression-05.txt. Finally, make update. Next on my list: have the built-in compression methods added "automatically" instead of requiring that the author call SSL_COMP_add_compression_method() or SSL_COMP_get_compression_methods().	2003-10-06 11:00:15 +00:00
Richard Levitte	c40b9bdefb	Setting the ex_data index is unsafe in a threaded environment, so let's wrap it with a lock.	2003-10-06 09:09:44 +00:00
Richard Levitte	6895cca89d	Remove unused code, don't use zlib functions that are really macros and provide missing prototypes.	2003-10-04 09:09:19 +00:00
Richard Levitte	cf89b40584	Include e_os.h to get a proper definition of memmove on the platforms that do not have it.	2003-10-01 20:43:03 +00:00
Dr. Stephen Henson	2990244980	ASN1 parse fix and release file changes.	2003-09-30 16:47:33 +00:00
Richard Levitte	057a04398d	Synchronise util/libeay.num with the 0.9.7-stable one. make update	2003-09-28 09:34:50 +00:00
Richard Levitte	7f3ba9428f	Uhmm, It seem to have forgotten one file when I committed the MSDOS change yesterday. PR: 669	2003-09-28 07:11:33 +00:00
Richard Levitte	3c02e24bb3	Change the indentation from 12 to indent+4. PR: 657	2003-09-27 22:48:33 +00:00
Richard Levitte	1be02dd842	Make MD5 assembler code able to handle messages larger than 2GB on 32-bit systems and above. PR: 664	2003-09-27 22:14:39 +00:00
Richard Levitte	11171f3c74	Add reference counting around the thread state hash table. Unfortunately, this means that the dynamic ENGINE version just went up, and isn't backward compatible. PR: 678	2003-09-27 20:29:05 +00:00
Ralf S. Engelschall	6bd27f8644	Fix prime generation loop in crypto/bn/bn_prime.pl by making sure the loop does correctly stop and breaking ("division by zero") modulus operations are not performed. The (pre-generated) prime table crypto/bn/bn_prime.h was already correct, but it could not be re-generated on some platforms because of the "division by zero" situation in the script.	2003-09-25 13:57:58 +00:00
Dr. Stephen Henson	82384690e2	Typos.	2003-09-09 23:44:39 +00:00
Richard Levitte	e6fa67fa93	Generalise the definition of strcasecmp() and strncasecmp() for platforms that don't (necessarely) have it. In the case of VMS, this means moving a couple of functions from apps/ to crypto/ and make them general (although only used privately).	2003-09-09 14:48:36 +00:00
Dr. Stephen Henson	510dc1ecd0	outlen should be int * in out_utf8.	2003-08-21 12:32:12 +00:00
Richard Levitte	88401ed449	Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>: 1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error. 2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot, not CloseHandle.	2003-08-07 11:57:42 +00:00
Bodo Möller	3aa8d3a7f1	add OpenSSL license fix typo	2003-08-06 10:36:25 +00:00
Richard Levitte	5b6e7c8c65	Inclusion of openssl/engine.h should always be wrapped with a check that OPENSSL_NO_ENGINE is not defined.	2003-08-04 10:12:36 +00:00
Dr. Stephen Henson	f96d1af449	Avoid clashes with Win32 names in WinCrypt.h	2003-07-23 00:10:43 +00:00
Bodo Möller	968766cad8	updates for draft-ietf-tls-ecc-03.txt Submitted by: Douglas Stebila Reviewed by: Bodo Moeller	2003-07-22 12:34:21 +00:00
Bodo Möller	652ae06bad	add test for secp160r1 add code for kP+lQ timings Submitted by: Douglas Stebila <douglas.stebila@sun.com> Reviewed by: Bodo Moeller	2003-07-22 10:39:10 +00:00
Bodo Möller	ada0e717fa	new function EC_GROUP_cmp() (used by EVP_PKEY_cmp()) Submitted by: Nils Larsch	2003-07-21 13:43:28 +00:00
Richard Levitte	f9d183c209	Replace CCITT with ITU-T. Keep CCITT around as an alias. make update PR: 80	2003-07-04 15:45:04 +00:00
Richard Levitte	61f00386ab	The counter is big-endian. Since it comes as an array of char, there's absolutely no need to special-case it on little-endian machines. Notified by Thierry Boivin <Thierry.Boivin@celsecat.com>	2003-07-04 11:37:50 +00:00
Richard Levitte	2ae0352b0f	Oops, I forgot to replace 'counter' with 'ivec' when used...	2003-07-03 20:50:44 +00:00
Richard Levitte	da6c44fc97	The 'counter' is really the IV.	2003-07-03 06:42:43 +00:00
Richard Levitte	da0d33560f	Change AES-CTR to increment the IV by 1 instead of 2^64.	2003-07-03 06:41:30 +00:00
Richard Levitte	eb3d68c454	Nils Larsch told me I could remove that variable entirely.	2003-06-26 11:52:23 +00:00
Richard Levitte	c89f31def0	make update	2003-06-26 10:27:11 +00:00
Richard Levitte	ed5fae580e	Implement missing functions. Have the f parameter to _ctrl functions have the prototype ()(void) rather than ()(), for the sake of C++ compilers. Disable unimplemented functionality.	2003-06-26 10:26:42 +00:00
Richard Levitte	d55141ed7a	"Remove" unused variable	2003-06-26 10:23:00 +00:00
Richard Levitte	dfc3151925	The definition of dynamic_ctrl() should change along with the declaration :-).	2003-06-26 07:03:49 +00:00
Bodo Möller	0fbffe7a71	implement PKCS #8 / SEC1 private key format for ECC Submitted by: Nils Larsch	2003-06-25 21:35:05 +00:00
Dr. Stephen Henson	037f6e73f1	Return EOF when an S/MIME part have been read.	2003-06-24 17:11:44 +00:00
Richard Levitte	f6b9cd7f82	We set the export flag for 512 bit keys, not 512 byte ones. PR: 587	2003-06-19 18:55:50 +00:00
Richard Levitte	834ac33a37	dynamic_ctrl() didn't have exactly the same prototype as defined by ENGINE_CTRL_FUNC_PTR.	2003-06-19 16:57:38 +00:00
Richard Levitte	4e9023f4d2	Unsigned vs. signed fixed.	2003-06-19 16:56:48 +00:00
Richard Levitte	0bd71d3b7e	Add the application data type to the README.	2003-06-18 07:14:52 +00:00
Richard Levitte	d97322f0e6	Missing string and potential memory leaks. Notified by Goetz Babin-Ebell <goetz@shomitefo.de>	2003-06-18 07:12:28 +00:00
Richard Levitte	b52d512dfa	Slightly better check of attributes. Now, mem_list_next can actually stop when the searched for key doesn't have it's attributes within the range of the checked key.	2003-06-12 21:32:54 +00:00
Richard Levitte	a3a2ff4cd9	Beautify	2003-06-12 18:13:27 +00:00
Richard Levitte	8645c415cf	Do not try to use non-existent gmtime_r() on SunOS4. PR: 585	2003-06-12 00:57:25 +00:00
Richard Levitte	54bbde3c3f	Make sure DSO-dlfcn works properly on SunOS4. PR: 585	2003-06-12 00:51:54 +00:00
Richard Levitte	e666c4599f	Add the possibility to have symbols loaded globally with DSO.	2003-06-11 22:42:28 +00:00
Richard Levitte	c78b4f1d3d	Remove unused variable	2003-06-11 21:47:21 +00:00
Richard Levitte	33862b90bb	Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[]. PR: 617	2003-06-11 21:22:30 +00:00
Richard Levitte	54f6451670	Add functionality to set marks on the error stack and to pop all errors to the next mark.	2003-06-11 20:49:58 +00:00
Richard Levitte	606c8048a0	Make sure to NUL-terminate the string on end-of-file (and error) PR: 643	2003-06-11 18:43:45 +00:00
Richard Levitte	55b12f8641	The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting	2003-06-10 04:11:42 +00:00
Richard Levitte	2ee67f1dad	Make sure the sigaction structure and fileno function are properly declared with an ANSI compiler on Solaris (and possibly others).	2003-06-04 09:13:19 +00:00
Richard Levitte	4af3184662	Remove extra ;	2003-06-04 09:11:44 +00:00
Richard Levitte	e31047744a	Make sure the function definitions match their declaration.	2003-06-04 09:11:15 +00:00
Richard Levitte	f6eba601b0	Make sure that size_t matches size_t.	2003-06-04 09:10:43 +00:00
Dr. Stephen Henson	50078051bd	Really get X509_CRL_CHECK_ALL right this time...	2003-06-04 00:40:05 +00:00
Dr. Stephen Henson	ca82ac1fee	Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect results if CR+LF straddles the line buffer.	2003-06-02 17:53:42 +00:00
Dr. Stephen Henson	aff0542844	Stop checking for CRLF when start of buffer is reached. Add rest of long line fix which got missed before	2003-06-02 01:12:01 +00:00
Dr. Stephen Henson	beab098d53	Various S/MIME bug and compatibility fixes.	2003-06-01 20:51:58 +00:00
Richard Levitte	c4d471552f	Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration macros get properly defined.	2003-05-29 22:22:30 +00:00
Richard Levitte	01fc834bc9	Have ASFLAGS be defined the same way as CFLAGS	2003-05-29 22:20:47 +00:00
Richard Levitte	f7f8d82aaa	PR: 630 Avoid looking outside the key_data array.	2003-05-29 20:59:38 +00:00
Lutz Jänicke	83b4f49c0a	Move header file inclusion to prevent irritation of users forgetting to call "make depend" after enabling or disabling ciphers... Submitted by: Tal Mozes <talm@cyber-ark.com> PR: #628	2003-05-28 19:56:46 +00:00
Dr. Stephen Henson	60790aff6f	PR: 627 Allocate certificatePolicies correctly if CPS field is absent. Fix various memory leaks in certificatePolicies.	2003-05-28 17:28:11 +00:00
Dr. Stephen Henson	e19d0ef068	PR: 631 Submitted by: Doug Sauder <dws+001@hunnysoft.com> Fix bug in X509V3_get_d2i() when idx in not NULL.	2003-05-28 16:57:08 +00:00
Richard Levitte	f5f7dffdd1	Make sure to compare unsigned against unsigned.	2003-05-28 10:34:29 +00:00
Richard Levitte	83743ad039	Fix sign bugs. PR: 621	2003-05-21 14:29:13 +00:00
Richard Levitte	163f5b236c	Correct signedness	2003-05-21 14:21:26 +00:00
Richard Levitte	513c01a591	Make sure EC_window_bits_for_scalar_size() returns a size_t	2003-05-21 08:40:06 +00:00
Richard Levitte	d9a2a89a17	I have no idea how I cut away that piece of text...	2003-05-21 06:50:51 +00:00
Richard Levitte	31939f1544	I don't remember what my thinking was with str_compat.h. Maybe it'll come back to me...	2003-05-20 09:00:59 +00:00
Richard Levitte	9acef3bbd7	Misspelled functions.	2003-05-20 08:50:18 +00:00
Richard Levitte	164bc7dae8	Some misspelled function names.	2003-05-20 08:49:12 +00:00
Richard Levitte	f59c941950	Make the function STORE_new_engine() public.	2003-05-19 23:06:09 +00:00
Richard Levitte	0239876511	Remove certain functions	2003-05-19 23:03:43 +00:00
Dr. Stephen Henson	727ef76ebd	Add correct DN entry for serialNumber.	2003-05-07 23:20:58 +00:00
Richard Levitte	bca52f7d4e	Define the two authentication parameter types for passphrase and Kerberos 5 authentications.	2003-05-07 21:17:30 +00:00
Richard Levitte	48c36fdb2a	Add the possibility to hand execution parameters (for example authentication material) to the STORE functions. Suggested by Götz Babin-Ebell <babin-ebell@trustcenter.de>.	2003-05-07 21:06:15 +00:00
Richard Levitte	816d785721	DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function called downstream that need it to be non-const. The fact that the RSA_METHOD functions take the RSA* as a const doesn't matter, it just expresses that they won't touch it. PR: 602	2003-05-07 11:38:10 +00:00
Richard Levitte	742b139f54	Add the possibility to store arbitrary data in a STORE. Suggested by Götz Babin-Ebell <babin-ebell@trustcenter.de>.	2003-05-06 08:02:14 +00:00
Richard Levitte	3b30121bd9	Constify RSA_sign() and RSA_verify(). PR: 602	2003-05-05 13:55:18 +00:00
Richard Levitte	9ee789e6c3	Yeah, right, an object file ending with .c, that'll work!	2003-05-03 06:58:08 +00:00
Dr. Stephen Henson	b9d2d20086	Make DER option work again. Fix typo.	2003-05-02 11:41:40 +00:00
Richard Levitte	b9d7ca9748	It's usually best if the function name matches everywhere...	2003-05-02 07:25:54 +00:00
Richard Levitte	5b194dfbd5	STORE was created 2003, darnit!	2003-05-01 20:44:20 +00:00
Richard Levitte	7f6af7d9db	Get the year right...	2003-05-01 20:15:35 +00:00
Richard Levitte	42b2b6a2d5	Provide some extra comments about the STORE_Memory STORE method.	2003-05-01 04:31:12 +00:00
Richard Levitte	d1465bac90	make update	2003-05-01 04:10:32 +00:00
Richard Levitte	3bbb0212f3	Add STORE support in ENGINE.	2003-05-01 03:57:46 +00:00
Richard Levitte	a5db6fa576	Define a STORE type. For documentation, read the entry in CHANGES, crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h.	2003-05-01 03:53:12 +00:00
Richard Levitte	9236b5b013	Define a STORE lock (the STORE type will be committed later).	2003-05-01 03:46:10 +00:00
Richard Levitte	535fba4907	Define the OPENSSL_ITEM structure.	2003-05-01 03:45:18 +00:00
Richard Levitte	1ae0a83bdd	Add BUF_strndup() and BUF_memdup(). Not currently used, but I've code that uses them that I'll commit in a few days.	2003-04-29 22:08:57 +00:00
Richard Levitte	7ae46c6761	make update	2003-04-29 21:35:28 +00:00
Richard Levitte	d584fd6b66	Include objects.h to get a correct declaration of OBJ_bsearch_ex(), not to mention the OBJ_BSEARCH_* macros.	2003-04-29 20:46:32 +00:00
Richard Levitte	54dbdd9837	Some variables were uninitialised...	2003-04-29 20:45:36 +00:00
Richard Levitte	26851b6b42	Add an extended variant of sk_find() which returns a non-NULL pointer even if an exact match wasn't found.	2003-04-29 20:30:55 +00:00
Richard Levitte	ea5240a5ed	Add an extended variant of OBJ_bsearch() that can be given a few flags.	2003-04-29 20:25:21 +00:00
Bodo Möller	eec7968f18	fix typo Submitted by: Nils Larsch	2003-04-22 08:29:21 +00:00
Richard Levitte	040c687ce4	Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances. Memory leak fix: RSA_blinding_on() would leave a dangling pointer in rsa->blinding under certain circumstances. Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.	2003-04-16 06:25:21 +00:00
Richard Levitte	cd1226bc6a	Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()	2003-04-15 13:01:37 +00:00
Richard Levitte	1a0c1f9052	make update	2003-04-10 20:11:09 +00:00
Dr. Stephen Henson	0b1c00abeb	Typo.	2003-04-10 00:04:02 +00:00
Richard Levitte	721688c2f8	Include rand.h, so RAND_status() and friends get properly declared.	2003-04-08 11:07:05 +00:00
Richard Levitte	0b55368306	We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in form of unneeded direct calls through the engine pointer..	2003-04-08 06:01:55 +00:00
Richard Levitte	43eb3b0130	We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form of unneeded includes of openssl/engine.h.	2003-04-08 06:00:05 +00:00
Richard Levitte	0a861ab7f3	RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function pointers should be used. It doesn't necessarely mean it should go through the ENGINE framework.	2003-04-07 19:15:25 +00:00
Richard Levitte	7b36590b17	What was I smoking? EVP_PKEY_cmp() should return with 0 if EVP_PKEY_cmp_parameters() returned 0, otherwise it should go on processing the public key component. Thia has nothing to do with the proper handling of EC parameters or not.	2003-04-07 10:15:32 +00:00
Richard Levitte	a8b728445c	Correct a typo. Have EVP_PKEY_cmp() call EVP_PKEY_cmp_parameters(), and make a note about the lack of parameter comparison for EC.	2003-04-07 10:09:44 +00:00
Richard Levitte	af0f0f3e8f	Constify	2003-04-06 15:31:18 +00:00
Richard Levitte	8d570498a2	Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined. PR: 564	2003-04-05 21:21:26 +00:00
Richard Levitte	3ae70939ba	Correct a lot of printing calls. Remove extra arguments...	2003-04-03 23:39:48 +00:00
Richard Levitte	c433d72593	Make %p and %# work properly, at least with pointers and floats.	2003-04-03 23:35:14 +00:00
Richard Levitte	68b42986cb	Add GCC attributes when compiled with gcc. This helps find out if we're using the printing functions correctly or not. I used the corresponding attributes found in the header files of my Linux installation.	2003-04-03 23:06:05 +00:00
Richard Levitte	e6526fbf4d	Add functionality to help making self-signed certificate.	2003-04-03 22:27:24 +00:00
Richard Levitte	8382ec5d37	Reindent for readability.	2003-04-03 19:10:32 +00:00
Bodo Möller	5679bcce07	make RSA blinding thread-safe	2003-04-02 09:50:22 +00:00
Richard Levitte	6dd6da6005	Don't feil when indent is 0. PR: 559	2003-03-31 13:24:02 +00:00
Dr. Stephen Henson	1a15c89988	Multi valued AVA support.	2003-03-30 01:51:16 +00:00
Richard Levitte	a47789e849	Update VMS building system	2003-03-26 14:34:38 +00:00
Dr. Stephen Henson	81bd0446a9	make update	2003-03-24 17:06:25 +00:00
Dr. Stephen Henson	520b76ffd9	Support for name constraints.	2003-03-24 17:04:44 +00:00
Dr. Stephen Henson	1c2d141238	Name Constraints OID.	2003-03-24 00:56:09 +00:00
Dr. Stephen Henson	5cc5ec1bba	make update	2003-03-21 16:28:29 +00:00
Dr. Stephen Henson	f80153e20b	Support for policy constraints.	2003-03-21 16:26:20 +00:00
Richard Levitte	9b94f215b1	Define COMP method function prototypes properly.	2003-03-21 00:05:14 +00:00
Richard Levitte	8b5bcef798	Make sure to declare mem*() properly.	2003-03-21 00:04:14 +00:00
Richard Levitte	ea17e1f00f	make update	2003-03-20 23:54:33 +00:00
Richard Levitte	be9bec9bc7	Make sure we get the definition of OPENSSL_NO_RSA.	2003-03-20 23:34:28 +00:00
Richard Levitte	9c35452842	Make sure we get the definition of OPENSSL_NO_HMAC and OPENSSL_NO_SHA.	2003-03-20 23:34:08 +00:00
Richard Levitte	69104cdf34	Make sure we get the definition of OPENSSL_NO_SHA.	2003-03-20 23:32:16 +00:00
Richard Levitte	dfefdb41f7	Make sure we get the definition of OPENSSL_NO_RIPEMD.	2003-03-20 23:31:56 +00:00
Richard Levitte	cd6ab56da0	Make sure we get the definition of OPENSSL_NO_MDC2.	2003-03-20 23:31:44 +00:00
Richard Levitte	c988c9b839	Make sure we get the definition of OPENSSL_NO_MD5.	2003-03-20 23:31:34 +00:00
Richard Levitte	bff8e1dddb	Make sure we get the definition of OPENSSL_NO_MD4.	2003-03-20 23:31:24 +00:00
Richard Levitte	641e6ef2cb	Make sure we get the definition of OPENSSL_NO_MD2.	2003-03-20 23:30:04 +00:00
Richard Levitte	9e9e8cb6a8	Make sure we get the definition of OPENSSL_NO_DES.	2003-03-20 23:29:38 +00:00
Richard Levitte	f118514501	Make sure we get the definition of OPENSSL_NO_RC5.	2003-03-20 23:29:26 +00:00
Richard Levitte	39c4b7092c	Make sure we get the definition of OPENSSL_NO_RC4.	2003-03-20 23:29:17 +00:00
Richard Levitte	c7e7fc3ee4	Make sure we get the definition of OPENSSL_NO_RC2.	2003-03-20 23:29:06 +00:00
Richard Levitte	786b0075d5	Make sure we get the definition of OPENSSL_NO_IDEA.	2003-03-20 23:28:55 +00:00
Richard Levitte	fb10590910	Make sure we get the definition of OPENSSL_NO_CAST.	2003-03-20 23:28:27 +00:00
Richard Levitte	abf21308d2	Make sure we get the definition of OPENSSL_NO_BF.	2003-03-20 23:28:16 +00:00
Richard Levitte	8c84b677e2	Make sure we get the definition of OPENSSL_NO_AES.	2003-03-20 23:28:03 +00:00
Richard Levitte	d5ef144222	Make sure we get the definition of a number of OPENSSL_NO_* macros.	2003-03-20 23:27:17 +00:00
Richard Levitte	741dae576f	Make sure we get the definition of OPENSSL_NO_BIO.	2003-03-20 23:26:46 +00:00
Richard Levitte	59ade20500	Include e_os.h correctly.	2003-03-20 23:26:32 +00:00
Richard Levitte	c11b9af75e	Make sure we get the definition of OPENSSL_NO_MD2.	2003-03-20 23:24:59 +00:00
Richard Levitte	08a54f6e6a	Make sure we get the definition of OPENSSL_NO_FP_API.	2003-03-20 23:24:47 +00:00
Richard Levitte	8305477157	Make sure we get the definition of OPENSSL_NO_IDEA and IDEA_INT.	2003-03-20 23:24:32 +00:00
Richard Levitte	e8cc7de4f4	Make sure we get the definition of OPENSSL_NO_HMAC.	2003-03-20 23:23:43 +00:00
Richard Levitte	3b6aa36c77	Make sure we get the definition of OPENSSL_NO_ECDSA.	2003-03-20 23:22:31 +00:00
Richard Levitte	03829b2b47	Make sure we get the definition of OPENSSL_NO_ECDH.	2003-03-20 23:22:17 +00:00
Richard Levitte	87c9c659de	Make sure we get the definition of OPENSSL_NO_EC.	2003-03-20 23:22:06 +00:00
Richard Levitte	751ff1d376	Make sure we get the definition of OPENSSL_NO_DSA and OPENSSL_NO_SHA.	2003-03-20 23:21:51 +00:00
Richard Levitte	d3ae5b1c8a	Make sure we get the definition of OPENSSL_NO_DH.	2003-03-20 23:21:27 +00:00
Richard Levitte	0f3879455b	Make sure we get the definition of OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG and OPENSSL_NO_DESCBCM.	2003-03-20 23:21:10 +00:00
Richard Levitte	0c7d61ee0e	Make sure we get the definition of OPENSSL_NO_CAST.	2003-03-20 23:20:15 +00:00
Richard Levitte	78951e7711	Make sure we get the definition of OPENSSL_NO_ERR.	2003-03-20 23:19:41 +00:00
Richard Levitte	9ba4cc007b	Make sure we get the definition of OPENSSL_NO_SOCK.	2003-03-20 23:18:32 +00:00
Richard Levitte	7b5a6c7a62	Make sure we get the definition of OPENSSL_NO_FP_API.	2003-03-20 23:17:23 +00:00
Richard Levitte	44deca977d	Make sure we get the definition of OPENSSL_NO_BF.	2003-03-20 23:17:04 +00:00
Richard Levitte	536b73e78e	Make sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA.	2003-03-20 23:16:45 +00:00
Richard Levitte	940767b03f	Make sure we get the definition of OPENSSL_NO_AES.	2003-03-20 23:15:51 +00:00
Dr. Stephen Henson	b24668626e	make update	2003-03-20 17:59:39 +00:00
Dr. Stephen Henson	ea3675b5b6	New ASN1 macros to just implement and declare the new and free functions and changes to mkdef.pl so it recognises them. Use these in policyMappings extension.	2003-03-20 17:58:33 +00:00
Bodo Möller	c554155b58	make sure RSA blinding works when the PRNG is not properly seeded; enable it automatically for the built-in engine	2003-03-20 17:31:30 +00:00
Dr. Stephen Henson	a1d12daed2	Support for policyMappings	2003-03-20 17:26:44 +00:00
Dr. Stephen Henson	6f528cac5a	Typo: OID should be policyMappings	2003-03-20 17:14:27 +00:00
Dr. Stephen Henson	10a66ad389	Avoid warning.	2003-03-20 17:09:46 +00:00
Dr. Stephen Henson	ce06265a37	make update	2003-03-20 14:21:36 +00:00
Richard Levitte	42a559163d	Shut up an ANSI compiler about uninitialised variables. PR: 517	2003-03-20 10:57:09 +00:00
Dr. Stephen Henson	9ed1fa4813	Fix Certificate and CRL adding in X509_load_cert_crl_file: an X509_INFO structure can contain more than one object, for example a certififcate and a CRL.	2003-03-19 13:55:48 +00:00
Dr. Stephen Henson	bc441b739b	Don't give an error if response reason absent in OCSP HTTP.	2003-03-14 23:38:34 +00:00
Dr. Stephen Henson	e6539fe22d	Add entry for domainComponent so it is treated correctly. Add table order test to end of a_strnid.c	2003-03-14 01:44:42 +00:00
Dr. Stephen Henson	ba5df66a8b	Add some OIDs.	2003-03-13 23:37:55 +00:00
Geoff Thorpe	bba2cb3ada	Fix a bone-head bug. This warrants a CHANGES entry because it could affect applications if they were passing a bogus 'flags' parameter yet having things work as they wanted anyway.	2003-03-13 20:28:42 +00:00
Dr. Stephen Henson	52c4c51f02	Return an error if gmtime returns NULL.	2003-03-13 14:13:53 +00:00
Dr. Stephen Henson	90e8a3102b	Fixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE.	2003-03-12 02:31:40 +00:00
Geoff Thorpe	879650b866	The default implementation of DSA_METHOD has an interdependence on the dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and dsa_sign_setup(). When another DSA_METHOD implementation does not define these lower-level handlers, it becomes impossible to do a fallback to software on errors using a simple DSA_OpenSSL()->fn(key). This change allows the default DSA_METHOD to function in such circumstances by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist, otherwise using BIGNUM implementations directly (which is what those handlers did before this change). There should be no noticable difference for the software case, or indeed any custom case that didn't already segfault, except perhaps that there is now one less level of indirection in all cases. PR: 507	2003-03-11 01:49:21 +00:00
Bodo Möller	176f31ddec	- new ECDH_compute_key interface (KDF is no longer a fixed built-in) - bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary	2003-02-28 15:37:10 +00:00
Dr. Stephen Henson	b8dc9693a7	Encryption BIOs misbehave when used with non blocking I/O. Two fixes: 1. If BIO_write() fails inside enc_write() it should return the total number of bytes successfully written. 2. If BIO_write() fails during BIO_flush() it should return immediately with the error code: previously it would fall through to the final encrypt, corrupting the buffer.	2003-02-27 14:07:59 +00:00
Bodo Möller	155bd1137e	add Certicom licensing e-mail address	2003-02-27 12:25:35 +00:00
Dr. Stephen Henson	f0dc08e656	Support for dirName from config files in GeneralName extensions.	2003-02-27 01:54:11 +00:00
Dr. Stephen Henson	e9ec63961b	Fix indefinite length encoding so EOC correctly updates the buffer pointer. Rename PKCS7_PARTSIGN to PKCS7_STREAM. Guess what that's for :-)	2003-02-25 19:03:31 +00:00
Bodo Möller	5c9a9c9c33	include OpenSSL license (in addition to EAY license)	2003-02-24 17:15:28 +00:00
Ulf Möller	b4f43344d5	Copy rather than symlink the test data. This is needed because Windows doesn't support symlinks. The Cygwin/MinGW build now passes "make test".	2003-02-22 22:19:48 +00:00
Ulf Möller	c8c5cec1f9	remove some more useless code. The mingw target can now be built under cygwin.	2003-02-22 22:15:31 +00:00
Ulf Möller	66ecdf3bfb	more mingw related cleanups.	2003-02-22 18:00:14 +00:00
Dr. Stephen Henson	5562cfaca4	Base64 bio fixes. The base64 bio was seriously broken when reading from a non blocking BIO. It would incorrectly interpret retries as EOF, incorrectly buffer initial data and have no buffering at all after initial data (data would be sent one byte at a time to EVP_DecodeUpdate).	2003-02-22 02:12:52 +00:00
Bodo Möller	f2aa055ec6	treat 'out' like i2d functions do; cf. asn1_item_flags_i2d (crypto/asn/tasn_enc.c)	2003-02-21 16:06:39 +00:00
Bodo Möller	62e3163b1b	ECPublicKey_set_octet_string and ECPublicKey_get_octet_string behaviour was not quite consistent with the conventions for d2i and i2d functions as far as handling of the 'out' or 'in' pointer is concerned. This patch changes this behaviour, and renames the functions to o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the external encoding is just a raw object string without any DER icing). Submitted by: Nils Larsch	2003-02-21 13:58:23 +00:00
Dr. Stephen Henson	8214e74f76	Ooops forgot to recognise V_ASN1_GENERALSTRING.	2003-02-20 17:13:21 +00:00
Dr. Stephen Henson	542a1b1a2e	Re enable the read side non blocking test BIO code. For some reason it was disabled...	2003-02-20 13:39:30 +00:00
Dr. Stephen Henson	5672e3a321	Fix bug in base64 bios during write an non blocking I/O: if the write fails when flushing the buffer return the value to the application so it can retry.	2003-02-20 13:37:48 +00:00
Bodo Möller	fbbfd86b67	typo PR: 511 Submitted by: Eric Cronin	2003-02-19 16:29:47 +00:00
Richard Levitte	d5234c7b3a	Make sure the memory allocation routines check for negative sizes	2003-02-19 11:54:42 +00:00
Richard Levitte	77e270d10e	Borland C++ Builder 5 complains about unreachable statements.	2003-02-19 11:22:15 +00:00
Dr. Stephen Henson	988e8458ad	Typo.	2003-02-18 12:46:47 +00:00
Richard Levitte	758f942b88	Make the no-err option work properly	2003-02-18 12:14:57 +00:00
Geoff Thorpe	b653327d47	Declare prototypes for function pointer types, even if they are likely to be cast later on.	2003-02-15 20:32:13 +00:00
Dr. Stephen Henson	27068df7e0	Single pass processing to cleartext S/MIME signing.	2003-02-15 00:50:55 +00:00
Geoff Thorpe	b12753dffc	We cache a montgomery form for 'n' if the PUBLIC flag is set, not PRIVATE. Also, I've added handling for other mod_exp calls that were not using any cached montgomery forms. These cases matter only for special RSA keys (eg. ones that are missing information) so are unlikely to be used in normal circumstances.	2003-02-15 00:18:38 +00:00
Geoff Thorpe	79221bc265	David Brumley <dbrumley@stanford.edu> noted and corrected a case in the verification step of CRT private key operations in the RSA code - previously no montgomery form was checked or used for 'n', and so it would be generated on the fly each time. As a result, private key operations are now a percent or two faster. Rather than adding this as another repetition of the nearly-identical montgomery "check for first-use" initialisation code blocks, I've taken this chance to create a helper function and macro-wrapper to replace them. PR: 475	2003-02-14 23:21:19 +00:00
Richard Levitte	85d686e723	Make it possible to disable OCSP, the speed application, and the use of sockets. PR: 358	2003-02-14 01:02:58 +00:00
Richard Levitte	4989f0599f	Another long name to deal with	2003-02-13 13:21:13 +00:00
Richard Levitte	e4b52ac353	Oh, the destest program did look at the return value...	2003-02-13 08:53:40 +00:00
Bodo Möller	abd22c9c46	new lock for EC_PRE_COMP structures Submitted by: Nils Larsch	2003-02-12 22:01:12 +00:00
Bodo Möller	ba729265a8	Allow EC_GROUP objects to share precomputation for improved memory efficiency (EC_PRE_COMP objects are now constant once completed). Extend 'extra_data' API to support arbitrarily many slots (although we need only one at the moment). Modify EC internal 'extra_data' API: EC_GROUP_[clear_]free_extra_data now frees only a single slot (the previous functions are available as EC_GROUP_[clear_]free_all_extra_data). Submitted by: Nils Larsch Reviewed by: Bodo Moeller	2003-02-12 18:30:16 +00:00
Richard Levitte	9ec1d35f29	Adjust DES_cbc_cksum() so the returned value is the same as MIT's mit_des_cbc_cksum(). The difference was first observed, then verified by looking at the MIT source.	2003-02-12 17:20:39 +00:00
Dr. Stephen Henson	a8f5b2ed50	GeneralString support in mini-ASN1 compiler	2003-02-11 14:06:27 +00:00
Richard Levitte	28f573a28d	Make sure memcpy() is properly declared by including string.h.	2003-02-10 11:14:35 +00:00
Bodo Möller	e2c9c91b5b	fix EC_GROUP_copy for EC_GFp_nist_method() Submitted by: Nils Larsch	2003-02-08 19:51:37 +00:00
Bodo Möller	65b254e8c0	remove debugging leftovers	2003-02-08 15:56:05 +00:00
Bodo Möller	82871eaa17	comment	2003-02-07 11:54:57 +00:00
Bodo Möller	24893ca999	typo	2003-02-06 19:32:06 +00:00
Bodo Möller	37c660ff9b	implement fast point multiplication with precomputation Submitted by: Nils Larsch Reviewed by: Bodo Moeller	2003-02-06 19:25:12 +00:00
Bodo Möller	772ec4135c	typo in WIN16 section Submitted by: Toni Andjelkovic <toni@soth.at>	2003-02-05 16:54:10 +00:00
Dr. Stephen Henson	4e5d3a7f98	IPv6 display and input support for extensions usingh GeneralName.	2003-02-05 00:34:31 +00:00
Ben Laurie	2619676256	Old-style callbacks can be NULL!	2003-02-01 20:58:59 +00:00
Ben Laurie	33cc07f79a	Fix warning.	2003-02-01 20:55:29 +00:00
Richard Levitte	c029841e36	We can't say in advance what the argument to BIO_socket_ioctl() should be, so let's make that a void *. Also, BIO_socket_nbio() should send it an int argument, not a long. PR: 457	2003-01-31 12:20:35 +00:00
Richard Levitte	5d780babe3	A few small bugs with BIO popping. PR: 364	2003-01-30 21:49:12 +00:00
Richard Levitte	5fe11c7533	The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That's bad, so let's not check OPENSSL_NO_ENGINE in those places. Fortunately, all the header files where the problem existed include ossl_typ.h, which makes a 'forward declaration' of the ENGINE type.	2003-01-30 18:52:46 +00:00
Richard Levitte	0b13e9f055	Add the possibility to build without the ENGINE framework. PR: 287	2003-01-30 17:39:26 +00:00
Geoff Thorpe	f3c22ef10d	This glues the GMP wrapper ENGINE into OpenSSL if it is being built (ie. if the OPENSSL_USE_GMP symbol is defined). Also, I've re-ordered the listing of other builtin ENGINEs to be alphabetical (though "dynamic" will still come first).	2003-01-30 15:49:03 +00:00
Richard Levitte	c0a93e31ab	Small typo, OENSSL should really be spelled OPENSSL. PR: 476	2003-01-30 11:08:44 +00:00
Richard Levitte	b637670f03	DVCS (see RFC 3029) was missing among the possible purposes. Notified privately to me by Peter Sylvester <Peter.Sylvester@EdelWeb.fr>, one of the authors of said RFC	2003-01-29 15:06:35 +00:00
Bodo Möller	bd1217a176	simplify Submitted by: Nils Larsch	2003-01-28 13:08:21 +00:00
Bodo Möller	82516e3baf	cofactor is optional in parameter encodings Submitted by: Nils Larsch	2003-01-25 15:28:49 +00:00
Bodo Möller	9048c7245b	For ecdsa-with-SHA1, as for id-dsa-with-sha1, omit 'parameters' in AlgorithmIdentifier Submitted by: Nils Larsch	2003-01-24 21:43:08 +00:00
Andy Polyakov	02bf9a151a	Provide "dummy" &main::picmeup even in Windows perlasm modules.	2003-01-24 09:39:31 +00:00
Dr. Stephen Henson	d3b5cb5343	Check return value of gmtime() and add error codes where it fails in ASN1_TIME_set(). Edit asn1.h so the new error code is the same in 0.9.7 and 0.9.8, rebuild new error codes. Clear error queue in req.c if _min or _max is absent.	2003-01-24 01:12:01 +00:00
Andy Polyakov	97e6bf6b22	Workaround for lame compiler bug introduced in "CPU pack" for MSVC6SP5.	2003-01-23 10:05:39 +00:00
Richard Levitte	0c3426da86	Missing 0 broke FreeBSD build. PR: 470	2003-01-23 08:10:04 +00:00
Bodo Möller	9b3f03d5a2	fix warnings Submitted by: Nils Larsch	2003-01-21 09:53:14 +00:00
Andy Polyakov	722d17cbac	This is an initial tune-up. This update puts Itanium2 back on par with Itanium. I mean if overall performance improvement over C version was X for Itanium, it's X even for Itanium2.	2003-01-19 21:29:59 +00:00
Dr. Stephen Henson	59ae8c9419	EVP_DecryptInit() should call EVP_CipherInit() not EVP_CipherInit_ex().	2003-01-17 00:48:47 +00:00
Richard Levitte	2f09524501	A few more files to ignore	2003-01-16 21:32:56 +00:00
Richard Levitte	c00cee00fd	FreeBSD has /dev/crypto as well. PR: 462	2003-01-16 18:29:30 +00:00
Richard Levitte	8228f302dd	Add some debugging output.	2003-01-16 17:28:46 +00:00
Lutz Jänicke	018c56fdca	Armor against systems without ranlib... Submitted by: Thierry Lelegard <thierry.lelegard@canal-plus.fr> PR: 461	2003-01-16 17:22:30 +00:00
Bodo Möller	d745af4b0c	avoid potential confusion about curves (prime192v1 and prime256v1 are also known as secp192r1 and secp256r1, respectively) Submitted by: Nils Larsch, Bodo Moeller	2003-01-16 16:05:23 +00:00
Lutz Jänicke	a74333f905	Fix initialization sequence to prevent freeing of unitialized objects. Submitted by: Nils Larsch <nla@trustcenter.de> PR: 459	2003-01-15 14:54:59 +00:00
Bodo Möller	365e14622a	update error library for EC... changes Submitted by: Nils Larsch	2003-01-15 11:47:28 +00:00
Geoff Thorpe	0e4aa0d2d2	As with RSA, which was modified recently, this change makes it possible to override key-generation implementations by placing handlers in the methods for DSA and DH. Also, parameter generation for DSA and DH is possible by another new handler for each method.	2003-01-15 02:01:55 +00:00
Bodo Möller	b05645902a	"!Cname surname" has now become redundant ...	2003-01-13 15:57:33 +00:00
Bodo Möller	54d4f8c320	undo part of a recent change: it's "surname", not "surName" (see X.520 aka ISO/IEC 9594-6)	2003-01-13 15:52:04 +00:00
Richard Levitte	c76153f31d	Make sure not to declare a clashing read() for DJGPP. PR: 440	2003-01-13 15:35:22 +00:00
Richard Levitte	0535d3b25f	Correct a misleading comment. PR: 456	2003-01-13 14:53:43 +00:00
Richard Levitte	364c7cd621	UI_UTIL_read_pw() misinterpreted the values returned from UI functions. PR: 456	2003-01-13 14:17:43 +00:00
Richard Levitte	caa7b2ad4f	tty_in will never be stderr, so it will always be closed, which means stdin might get closed... Reported by Mark Daniel <Mark.Daniel@wasd.vsm.com.au>	2003-01-13 13:15:16 +00:00
Andy Polyakov	989f48d8c1	Avoid unnecessary pollution of object module name table. Cygwin shared build workaround (DJGPP swallows it too). One probably should do same as with ELF calling it COFF, but I'm very short in COFF platforms, so I just go for easy ad-hoc solution. I'll take care of merge to 0.9.7 later.	2003-01-10 10:16:39 +00:00
Richard Levitte	f8ea5cb579	Make sure everything that may be freed is allocated or initiated. PR: 446	2003-01-10 08:59:46 +00:00
Andy Polyakov	9d1b5614f9	At least OpenBSD implements PIC in the same way ELF does.	2003-01-09 16:06:09 +00:00
Richard Levitte	416b19c6fc	gcc wants character constants to be correct. Before this change, the following would happen on Solaris: m4 -B 8192 asm/des_enc.m4 > asm/des_enc-sparc.S gcc -DOPENSSL_SYSNAME_ULTRASPARC -DOPENSSL_NO_STATIC_ENGINE -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c -o asm/des_enc-sparc.o asm/des_enc-sparc.S asm/des_enc-sparc.S:2007: unterminated character constant asm/des_enc-sparc.S:2008: unterminated character constant	2003-01-09 13:25:14 +00:00
Andy Polyakov	699543e4a2	Finalizing asm support for UnixWare, SCO, OpenUnix... Note that I've replaced #if logic around bn_sub_part_words in bn_mul.c. I rely upon OPENSSL_BN_ASM_PART_WORDS being added by ./Configure script. Would it still work on non-Unix platforms?	2003-01-09 08:42:04 +00:00
Lutz Jänicke	4309c4ad46	Third argument to shl_load() is "long address", not a pointer. (Didn't influence functionality, as on HP-UX 32bit the NULL pointer is a 32bit 0-value and thus is identical to the required 0L.) PR: 443	2003-01-08 08:27:50 +00:00
Geoff Thorpe	2814c62915	This is the first step in allowing RSA_METHODs to implement their own key generation. This prototype matches the new API function RSA_generate_key_ex(), though both may be subject to change during development before 0.9.8.	2003-01-07 05:51:39 +00:00
Andy Polyakov	19a97a1df0	Another GAS fix-up and some commentary...	2003-01-04 14:41:09 +00:00
Andy Polyakov	72997517b0	GAS can't stand stub, which is stb's synonym.	2003-01-04 12:49:38 +00:00
Andy Polyakov	2a9fca82d2	Oops! I've toasted Cygwin! Fixed now.	2003-01-03 21:49:49 +00:00
Andy Polyakov	55b1516770	Redundant now as it's moved to ./Makefile.org.	2003-01-03 20:45:59 +00:00
Andy Polyakov	3cc9a89dda	Unified targets for ELF assembler modules. Tested on Linux, Solaris and FreeBSD. Goal is to extend support even to SCO5, UnixWare/OpenUnix...	2003-01-03 17:37:53 +00:00
Andy Polyakov	46a0d4fbcb	Support for ILP32 on HPUX-IA64.	2003-01-03 15:10:46 +00:00
Andy Polyakov	04945fda66	pa-risc2.s was not PIC, see RT#426. I strip call to fprintf as it's never called anyway (it's a debugging assertion). If pa-risc2W.s is PIC remains to be seen...	2003-01-03 10:52:40 +00:00
Andy Polyakov	28e276f139	Complete integration of SPARC assembler DES implementation. Tested on Solaris only. I'll keep my eyes open for Linux and OpenBSD targets.	2003-01-02 23:26:46 +00:00
Andy Polyakov	f22e1e4dd2	UltraSPARC assembler DES implementation tune-up. The code can be compiled for any SPARC CPU (UltraSPARC performance is not affected), can be compiled for 64-bit ABI and is position-independent.	2003-01-02 17:40:33 +00:00
Andy Polyakov	e0d769caa2	Very old submission (from 2000) of UltraSPARC assembler DES implementation. It was not accepted because code is not PIC, too UltraSPARC-specific when it doesn't have to and 32-bit only. I'm committing the original version mostly for reference purposes. 64, PIC, blended CPU tune-up follows shortly. Obtained from: http://inet.uni2.dk/~svolaf/des.htm	2003-01-02 17:36:26 +00:00
Andy Polyakov	4a37c48789	I implemented this when troubleshooting performance problem on SPARC Solaris. As there is an apparent interest for optimization for footprint, I figured that this can eventually become useful.	2003-01-02 17:19:05 +00:00
Richard Levitte	0c055b201e	Adjust the parameter lists in some not commonly used files. PR: 428	2003-01-01 23:41:46 +00:00
Richard Levitte	7eed0fc041	Make sure the last character of the ASN.1 time string (the 'Z') is copied. PR: 429	2003-01-01 03:40:59 +00:00
Ben Laurie	8598289936	Correct asm exclusions.	2002-12-29 17:57:09 +00:00
Richard Levitte	35dde7480f	OS/2 does binary by default, apparently. Reported by Brian Havard <brianh@kheldar.apana.org.au>.	2002-12-29 10:19:58 +00:00
Richard Levitte	5e42f9ab46	make update	2002-12-29 01:38:15 +00:00
Richard Levitte	7acf00a633	Finally get rid of all the algorithm inclusions that were done from evp.h. Application authors BEWARE! If you have had the habit to count on evp.h to provide all those lower-level algorithm functions, you need to think again! Please change your programs NOW, or you will be sorry when 0.9.8 gets release (it's quite some time away...).	2002-12-29 01:37:35 +00:00
Richard Levitte	69339d254b	make update	2002-12-28 02:42:05 +00:00
Richard Levitte	ec517d25e8	Merge from 0.9.7-stable.	2002-12-28 02:41:17 +00:00
Andy Polyakov	0a2407a851	UltraSPARC performance "tune-up."	2002-12-27 14:51:49 +00:00
Richard Levitte	e9883d285d	Finally, a bn_div_words() in VAX assembler that goes through all tests. PR: 413	2002-12-23 11:25:51 +00:00
Richard Levitte	aa18245f7e	Make AES_ENCRYPT and AES_DECRYPT macros instead of static constants. PR: 411	2002-12-20 18:21:35 +00:00
Andy Polyakov	316bfb77b5	Fix for "shift count too large" when compiling for hpux-parisc2 and irix-mips. The bug was introduced with accelerated support for x86_64. My fault! Fixed now.	2002-12-20 18:11:30 +00:00
Richard Levitte	9b58214e4a	More accurate comments.	2002-12-20 16:38:36 +00:00
Richard Levitte	3c801fa460	A little debugging.	2002-12-20 16:38:06 +00:00
Richard Levitte	1c9202004b	Propagate MAKEDEPPROG to the subdirs under crypto/.	2002-12-20 15:28:42 +00:00
Richard Levitte	c9ecb1edd8	Keep the internal lowercase 'surname', for programmer's sake.	2002-12-20 09:39:34 +00:00
Richard Levitte	8baf5fdca0	Be consistent with capitalisation of object names.	2002-12-20 09:24:17 +00:00
Richard Levitte	aafafa314d	Be consistent with capitalisation of object names.	2002-12-20 09:18:18 +00:00
Andy Polyakov	07d09fdb66	Fix for RT#405, Solaris refuses to invoke preprocessor if egrep returns 1. Linux for example doesn't exhibit this behaviour, but I add "exit 0" to all potentially affected rules, just to be on the safe side.	2002-12-18 09:03:48 +00:00
Andy Polyakov	4553ed276b	Make "perl des-586.pl a.out" work, see RT#402	2002-12-17 08:05:49 +00:00
Richard Levitte	e29246cb17	Synchronise with Makefiles.	2002-12-15 20:59:24 +00:00
Andy Polyakov	a45051fbfc	DES PIC-ification. "Cygwin" companion. Problem was that preprocessor macro is not expanded if prepended with a $-sign.	2002-12-15 10:06:27 +00:00
Richard Levitte	9f100cf344	Don't define macros in terms of asm() when __STRICT_ANSI is defined.	2002-12-15 05:54:56 +00:00
Richard Levitte	a5a01e9051	Bring des_locl.h at the same level as in the 0.9.7 branch. Don't define macros in terms of asm() when __STRICT_ANSI is defined.	2002-12-15 05:54:26 +00:00
Andy Polyakov	6be4688bdc	Ooops! No ROTATE on some platforms after x86_64 performance patch...	2002-12-15 00:47:47 +00:00
Andy Polyakov	717c5cdcc7	As you might have noticed I tried to change for . prefix, because it's the one to be used to denote local labels in single function scope. Problem is that SHA uses same label set across functions, therefore I have to switch back to $ prefix.	2002-12-14 23:14:00 +00:00
Andy Polyakov	2f98abbcb6	x86_64 performance patch.	2002-12-14 20:42:05 +00:00
Andy Polyakov	270fa8aeda	DES PIC-ification. Windows companion.	2002-12-14 17:54:30 +00:00
Geoff Thorpe	4329db3726	The ampersand is not required in these constructs, and was giving AIX warnings. Reported by: Bernhard Simon.	2002-12-13 22:01:46 +00:00
Andy Polyakov	6f7ac8e1b0	IA-32 assembler modules (primarily DES) PIC-ification. Idea is to keep shared libraries shared.	2002-12-13 17:56:14 +00:00
Richard Levitte	b9b6e14b4a	In CRYPTO_lock(), check that the application cares about locking (provided callbacks) before attempting to lock.	2002-12-11 08:56:35 +00:00
Richard Levitte	442d42300b	sk_*_push() returns the number of items on the stack, not the index of the pushed item. The index is the number of items - 1. And if a NULL item was found, actually use it. Finally, provide a little bit of safety in CRYPTO_lock() by asserting the a requested dynamic lock really must exist, instead of just being silent about it	2002-12-11 08:33:31 +00:00
Richard Levitte	75e1c74724	Let's not forget the other places where HEADER_DES_H and HEADER_DES_OLD_H were defined.	2002-12-11 07:37:54 +00:00
Richard Levitte	5db2b5e573	Let's not forget the other places where HEADER_DES_H and HEADER_DES_OLD_H were defined.	2002-12-11 07:24:43 +00:00
Richard Levitte	005ef84c5d	Since HEADER_DES_H has been the protector of des.h since libdes (before SSLeay, maybe?), it's better to have that macro protect the compatibility header des_old.h. In the new des.h, let's use a slightly different protecting macro. The rationale is that there are application that might include (via other header files, perhaps) both an old libdes des.h and OpenSSL's des.h. Whichever comes first would overshadow the other because of the clash in protecting macro. This fix solves that problem.	2002-12-11 06:59:16 +00:00
Richard Levitte	c17810b087	A memset() too many got converted into a OPENSSL_cleanse(). PR: 393	2002-12-10 08:26:05 +00:00
Richard Levitte	0edad88a31	make update	2002-12-09 02:19:27 +00:00
Geoff Thorpe	e189872486	Nils Larsch submitted; - a patch to fix a memory leak in rsa_gen.c - a note about compiler warnings with unions - a note about improving structure element names This applies his patch and implements a solution to the notes.	2002-12-08 16:45:26 +00:00
Geoff Thorpe	e9224c7177	This is a first-cut at improving the callback mechanisms used in key-generation and prime-checking functions. Rather than explicitly passing callback functions and caller-defined context data for the callbacks, a new structure BN_GENCB is defined that encapsulates this; a pointer to the structure is passed to all such functions instead. This wrapper structure allows the encapsulation of "old" and "new" style callbacks - "new" callbacks return a boolean result on the understanding that returning FALSE should terminate keygen/primality processing. The BN_GENCB abstraction will allow future callback modifications without needing to break binary compatibility nor change the API function prototypes. The new API functions have been given names ending in "_ex" and the old functions are implemented as wrappers to the new ones. The OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined, declaration of the older functions will be skipped. NB: Some openssl-internal code will stick with the older callbacks for now, so appropriate "#undef" logic will be put in place - this is in case the user is building openssl (rather than including its headers) with this symbol defined. There is another change in the new _ex functions; the key-generation functions do not return key structures but operate on structures passed by the caller, the return value is a boolean. This will allow for a smoother transition to having key-generation as "virtual function" in the various ***_METHOD tables.	2002-12-08 05:24:31 +00:00
Richard Levitte	86a62cf15c	Implement a stateful variant if the ZLIB compression method. The old stateless variant is kept, but isn't used anywhere.	2002-12-08 02:39:38 +00:00
Andy Polyakov	bbf8198feb	Workaround for GCC-ia64 compiler bug. Submitted by: <appro> Reviewed by: PR:	2002-12-06 17:18:10 +00:00
Richard Levitte	3dda0dd2a2	Some compilers are quite picky about non-void functions that don't return anything.	2002-12-06 08:50:06 +00:00
Richard Levitte	4ba8cabf62	SSL_CERT_FILE should be used in place of the system default file, not as a first alternative to try	2002-12-05 21:07:26 +00:00
Richard Levitte	b84d5b72f1	Make sure to implement the cryptodev engine only when /dev/crypto exists.	2002-12-05 10:16:28 +00:00
Richard Levitte	8cbccedf7c	make update	2002-12-05 01:55:48 +00:00
Richard Levitte	4387f47832	Make sure using SSL_CERT_FILE actually works, and has priority over system defaults. PR: 376	2002-12-05 01:20:47 +00:00
Richard Levitte	85940ea8ea	Only check for a result buffer if the allocated string is a prompt string. PR: 381	2002-12-05 00:04:30 +00:00
Richard Levitte	439ae4d398	Do not implement RC4 stuff if RC4 is disabled. Concequently, apply the same rule for SHA stuff. PR: 381	2002-12-04 22:54:02 +00:00
Bodo Möller	7e8c30b589	In ECPKParameters_print, output the private key length correctly (length of the order of the group, not length of the actual key, which will be shorter in some cases). Submitted by: Nils Larsch	2002-12-04 17:43:01 +00:00
Bodo Möller	2b32b28191	Don't compute timings here, we can do this elsewhere. Include X9.62 signature examples. Submitted by: Nils Larsch	2002-12-04 17:38:40 +00:00
Dr. Stephen Henson	716b2079dc	Make ASN1_TYPE_get() work for V_ASN1_NULL type.	2002-12-04 00:49:46 +00:00
Dr. Stephen Henson	e7b6228fd3	Typo in X509v3_get_ext_by_critical	2002-12-04 00:16:00 +00:00
Dr. Stephen Henson	2053c43de2	In asn1_d2i_read_bio, don't assume BIO_read will return the requested number of bytes when reading content.	2002-12-03 23:50:59 +00:00
Richard Levitte	4707991520	Make CRYPTO_cleanse() independent of endianness.	2002-12-03 16:06:40 +00:00
Richard Levitte	7a1f92fdc3	Windows CE updates, contributed by Steven Reddie <smr@essemer.com.au>	2002-12-03 14:20:44 +00:00
Richard Levitte	6ab285bf4c	I think I got it now. Apparently, the case of having to shift down the divisor was a bit more complex than I first saw. The lost bit can't just be discarded, as there are cases where it is important. For example, look at dividing 320000 with 80000 vs. 80001 (all decimals), the difference is crucial. The trick here is to check if that lost bit was 1, and in that case, do the following: 1. subtract the quotient from the remainder 2. as long as the remainder is negative, add the divisor (the whole divisor, not the shofted down copy) to it, and decrease the quotient by one. There's probably a nice mathematical proof for this already, but I won't bother with that, unless someone requests it from me.	2002-12-02 21:31:45 +00:00
Richard Levitte	1d3159bcca	Make some names consistent.	2002-12-02 02:40:27 +00:00
Richard Levitte	f60ceb54eb	Through some experimentation and thinking, I think I finally got the proper implementation of bn_div_words() for VAX. If the tests go through well, the next step will be to test on Alpha.	2002-12-02 02:28:27 +00:00
Richard Levitte	0f995b2f40	Small bugfix: even when r == d, we need to adjust r and q. PR: 366	2002-12-01 02:17:23 +00:00
Richard Levitte	848f735ae4	EXIT() needs to be in a function that returns int.	2002-12-01 01:23:35 +00:00
Richard Levitte	a678430602	Redo the VAX assembler version of bn_div_words(). PR: 366	2002-12-01 00:49:36 +00:00
Richard Levitte	e9b553dac1	Remove incorrect assert. PR: 360	2002-11-29 15:18:22 +00:00
Richard Levitte	43d601641f	A few more memset()s converted to OPENSSL_cleanse(). I think I got them all covered by now, bu please, if you find any more, tell me and I'll correct it. PR: 343	2002-11-29 11:30:45 +00:00
Richard Levitte	55f78baf32	Have all tests use EXIT() to exit rather than exit(), since the latter doesn't always give the expected result on some platforms.	2002-11-28 18:54:30 +00:00
Richard Levitte	4579924b7e	Cleanse memory using the new OPENSSL_cleanse() function. I've covered all the memset()s I felt safe modifying, but may have missed some.	2002-11-28 08:04:36 +00:00
Richard Levitte	2047bda6fb	Unused variable removed.	2002-11-27 13:40:41 +00:00
Richard Levitte	406c6f6962	Extra ; removed.	2002-11-27 13:40:11 +00:00

... 10 11 12 13 14 ...

3682 commits