Commit graph

18 commits

Author SHA1 Message Date
Ben Laurie
d886975835 Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
Bodo Möller
3e4da3f7cb Always check bn_wexpend() return values for failure (CVE-2009-3245).
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
2010-02-23 10:36:41 +00:00
Dr. Stephen Henson
927a28ba3b gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
Fix various "computed value not used" warnings too.
2007-09-06 12:43:54 +00:00
Nils Larsch
4913b88f70 make
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
	make all test
work again (+ make update)

PR: 1159
2005-07-16 11:13:10 +00:00
Nils Larsch
3000bdcc3a clear dso pointer in case of an error
PR: 816
2005-06-17 21:27:28 +00:00
Bodo Möller
fbeaa3c47d Update util/ck_errf.pl script, and have it run automatically
during "make errors" and thus during "make update".

Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
2005-05-09 00:27:37 +00:00
Geoff Thorpe
f15390bdb4 The inclusion of bn.h from the engine.h API header has been deprecated, so
the engine implementations need to include bn.h to manipulate bignums.
2004-05-17 18:56:15 +00:00
Geoff Thorpe
3a87a9b9db Reduce header interdependencies, initially in engine.h (the rest of the
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
2004-04-19 17:46:04 +00:00
Geoff Thorpe
46ef873f0b By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.

This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.
2004-03-25 02:52:04 +00:00
Richard Levitte
a99ce1a574 Conform with the standard prototype for engine control functions. 2003-06-26 07:10:10 +00:00
Geoff Thorpe
dcfb57c736 This memset() in the ubsec ENGINE is a bug. Zeroing out the result array
should not be necessary in any case, but more importantly the result and
input BIGNUMs could be the same, in which case this is clearly a problem.

Submitted by: Jonathan Hersch
Reviewed by: Joe Orton
Approved by: Geoff Thorpe
2003-06-06 17:51:34 +00:00
Geoff Thorpe
0e4aa0d2d2 As with RSA, which was modified recently, this change makes it possible to
override key-generation implementations by placing handlers in the methods
for DSA and DH. Also, parameter generation for DSA and DH is possible by
another new handler for each method.
2003-01-15 02:01:55 +00:00
Geoff Thorpe
4ebb5293fc RSA_METHOD now supports key-generation, but (for now) none of these
ENGINEs implement it.
2003-01-07 05:53:58 +00:00
Richard Levitte
8f797f14b8 When build as dynamic engines, the loading functions should be defined
static.
2002-11-13 15:30:25 +00:00
Geoff Thorpe
5be1264b7e The ENGINE implementations in ./engines/ should be role models on how to
write external engines (and thus should require only installed openssl
headers and libs to compile without warnings). So this gets rid of recently
introduced compilation warnings (no longer including internal headers) by
including string.h directly.
2002-10-16 21:50:28 +00:00
Richard Levitte
665dc3924d Step 7 of move of engines: Engines should not depend on private
OpenSSL header files.
2002-10-11 18:17:16 +00:00
Richard Levitte
ecd45314b8 Step 6 of move of engines: rename the macro ENGINE_DYNAMIC_SUPPORT to
OPENSSL_NO_DYNAMIC_ENGINE and make sure that gets defined unless
shared library support has been specifically requested.
2002-10-11 18:06:08 +00:00
Richard Levitte
5572f482e7 Step 2 of move of engines: copy engines to new directory and rename them
to be prefixed with e_ instead of hw_.  They aren't necessarely hardware
engines.  The files commited here are exact copies of the corresponding
hw_ files found in crypto/engine/.
2002-10-11 17:08:27 +00:00