Commit graph

2056 commits

Author SHA1 Message Date
Richard Levitte
0410b6c50b Tagging has been done, move on to 0.9.6c-dev. 2001-07-09 15:10:56 +00:00
Richard Levitte
483c4e0682 Add security patch and create release.
Tags will be OpenSSL_0_9_6b and OpenSSL-engine-0_9_6b
2001-07-09 14:36:30 +00:00
Ben Laurie
7b6055d1af Handle the common case first (where input size is a multiple of block size).
Worth around 5% for encrypt. Slows down decrypt slightly, but I expect to
regain that later.
2001-07-08 19:42:10 +00:00
Ben Laurie
f31b12503e Use & instead of % - worth about 4% for 8 byte blocks. 2001-07-08 17:27:32 +00:00
Ben Laurie
0774f470d9 Correct const-ness. 2001-07-08 11:42:38 +00:00
Ben Laurie
d7a9e91688 Remove unnecessary casts. 2001-07-06 22:06:08 +00:00
Ben Laurie
601cb9be20 Constification. 2001-07-06 21:35:00 +00:00
Richard Levitte
de61328615 make update 2001-07-05 12:28:13 +00:00
Richard Levitte
f3229ee19a Use one address consistently. 2001-07-05 10:20:07 +00:00
Richard Levitte
219a3580b7 Change info to correct values. 2001-07-05 10:19:13 +00:00
Bodo Möller
b8e2f83ae6 Call ENGINE_cleanup() to avoid memory leak. 2001-07-04 20:55:36 +00:00
Bodo Möller
731e14031c Andy's mips3.s fix (as in main branch). 2001-07-04 20:17:52 +00:00
Ben Laurie
5be022712a Update nCipher header with more liberal licence. 2001-07-04 12:26:39 +00:00
Richard Levitte
72b1072fbd Let's include cryptlib.h *before* things like NO_SYSLOG are tested or
used.
2001-07-02 20:43:01 +00:00
Richard Levitte
3bfd99bfbb [Forgotten commits?]
Changes to have OpenSSL compile on OS/2.
Contributed by "Brian Havard" <brianh@kheldar.apana.org.au>
2001-07-02 20:41:05 +00:00
Richard Levitte
dc01b6b1f2 Changes to have OpenSSL compile on OS/2.
Contributed by "Brian Havard" <brianh@kheldar.apana.org.au>
2001-07-01 22:39:46 +00:00
Dr. Stephen Henson
b7a26e6daf Modify apps to use NCONF code instead of old CONF code.
Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...
2001-06-28 11:41:50 +00:00
Dr. Stephen Henson
9d2e51c199 Another empty X509_NAME fix. 2001-06-26 12:39:22 +00:00
Dr. Stephen Henson
1498ad74bb Another empty X509_NAME fix. 2001-06-26 12:38:33 +00:00
Dr. Stephen Henson
1e325f6149 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:35 +00:00
Dr. Stephen Henson
e319a89f84 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:12 +00:00
Bodo Möller
9fa5786340 DSA verification should insist that r and s are in the allowed range. 2001-06-26 09:48:56 +00:00
Bodo Möller
c458a33196 DSA verification should insist that r and s are in the allowed range. 2001-06-26 09:48:17 +00:00
Richard Levitte
b1460627f3 Make get_ip() a bit more strict in it's parsing of IP addresses, and
at the same time a bit more accepting with host names.
2001-06-25 14:12:45 +00:00
Bodo Möller
6a184a6098 Translate into valid C (don't call functions with wrong prototypes). 2001-06-25 10:09:55 +00:00
Richard Levitte
54c7559a7e Make sure we don't return 0 on error. 2001-06-24 07:00:41 +00:00
Dr. Stephen Henson
0c9de428ae In {RSA,DSA,DH}_new_method(x) need to increase the reference
count of the ENGINE is x is not NULL since it will be freed
in {RSA,DSA,DH}_free().
2001-06-23 23:07:34 +00:00
Richard Levitte
f13def508c Use the new UI features, among others the new boolean input.
NOTE: Boolean input hasn't been very well tested yet, so this part may
fail miserably.
2001-06-23 16:46:14 +00:00
Richard Levitte
1ae6ddac91 Including stdio.h before setting _XOPEN_SOURCE and
_XOPEN_SOURCE_EXTENDED wasn't very smart...
2001-06-23 16:44:15 +00:00
Richard Levitte
55dcfa421c make update 2001-06-23 16:43:03 +00:00
Richard Levitte
b589977b9e Do not loop i the OpenSSL UI method any more. Instead, letthe
application do that.

NOTE: there's no requirement for other UI_METHODs to avoid this kind
of loop.  For example, a GUI UI_METHOD would probably check the
lengths of the answers from within instead of being constantly
redisplayed for everything that is wrong.
2001-06-23 16:25:56 +00:00
Richard Levitte
291e4a6ebe make update 2001-06-23 16:23:17 +00:00
Richard Levitte
2d2ed9dffd Implement boolean (yes/no or OK/Cancel, ...) input.
Implement UI controls.  Current controls are the possibility to output
the OpenSSL error stack on the same channel from within UI_process()
and to check if the same user interface can be redone without being
rebuilt (this is often more a question of philosophy than
technicalities).
2001-06-23 16:22:48 +00:00
Richard Levitte
8ada6e7705 New error printing function that gives the possibility to print the
errors through an arbitrary function.
2001-06-23 15:06:17 +00:00
Richard Levitte
7f657f342a Include the UI error strings. 2001-06-23 15:04:51 +00:00
Richard Levitte
20e8f0ee27 For the UI functions that return an int, 0 or any positive number is a
success return, any negative number is a failure.  Make sure we check
the return value with that in mind.
2001-06-23 14:51:53 +00:00
Dr. Stephen Henson
429266b7e4 Fix hwcrhk_insert_card. 2001-06-23 12:50:06 +00:00
Dr. Stephen Henson
54f7ebe789 In UI_dup_*() function, use the duped string, not the original. 2001-06-23 11:51:16 +00:00
Andy Polyakov
19a6e8b32c This fixes "Spurious test failures on IRIX?" reported in April. Apparently
I was wrong in conclusions about when addition starts overflowing in combaX
routines.
2001-06-22 19:17:42 +00:00
Dr. Stephen Henson
ed5538dc2b Fix memory leak when RAND is used: need to cleanup
RANDs ENGINE reference in ENGINE_cleanup().
2001-06-21 12:19:10 +00:00
Richard Levitte
eb929eef14 Since there is a way to create UI_METHODs, implement a destructor as
well.

This probably requires reference counters and locks as well.  To be
implemented later.
2001-06-20 15:00:08 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Richard Levitte
b7fe2f9675 cp is only used when DSA is built. 2001-06-19 16:40:36 +00:00
Richard Levitte
839590f576 - Add the possibility to control engines through control names but
with arbitrary arguments instead of just a string.
- Change the key loaders to take a UI_METHOD instead of a callback
  function pointer.  NOTE: this breaks binary compatibility with
  earlier versions of OpenSSL [engine].
- Addapt the nCipher code for these new conditions and add a card
  insertion callback.
2001-06-19 16:12:18 +00:00
Richard Levitte
e0a8d1f94e The default flag should be for default passwords only. Otherwise,
someone having a default that is not a password will be confused.
2001-06-19 15:54:47 +00:00
Richard Levitte
9ad0f6812f Enhance the user interface with better support for dialog box
prompting, application-defined prompts, the possibility to use
defaults (for example default passwords from somewhere else) and
interrupts/cancelations.
2001-06-19 15:52:00 +00:00
Dr. Stephen Henson
1b822decb8 Don't set *pointer if add_lock_callback used. 2001-06-19 00:09:20 +00:00
Dr. Stephen Henson
3cc1f498a1 Don't set pointer if add_lock_callback used. 2001-06-19 00:04:57 +00:00
Ben Laurie
853b1eb424 Fix a memory leak (there's another around here somewhere, though).
PR:
2001-06-17 14:42:57 +00:00
Ben Laurie
09a2615fb2 Delete a redundant line. 2001-06-16 21:51:26 +00:00
Bodo Möller
508f15cdab For MSDOS, the tty filename still is "con", not "/dev/tty" ... 2001-06-11 15:21:33 +00:00
Andy Polyakov
52c0d30078 Get rid of "possible WAW dependency" warnings.
Submitted by:
Reviewed by:
PR:
2001-06-11 12:47:52 +00:00
Bodo Möller
200bc9e3e8 Earlier OpenSSL versions printed prompts to stderr.
In the new crypto/ui/, this was changed into tty (which is usually
/dev/tty), i.e. the FILE * used for reading passwords from the user.
However stdio buffering for read/write streams is not without pitfalls
(passwords would be echoed on some systems).
To avoid problems, split tty into tty_in and tty_out (which are
opened separately).
2001-06-11 09:54:28 +00:00
Dr. Stephen Henson
76569fc662 Initialize UI ex_data. 2001-06-11 00:45:33 +00:00
Dr. Stephen Henson
f2a253e0dd Add support for MS CSP Name PKCS#12 attribute. 2001-06-11 00:43:20 +00:00
Ulf Möller
19352b794d as in head 2001-06-08 14:17:12 +00:00
Ulf Möller
0ad0eaf61c more error codes fixed 2001-06-08 14:16:39 +00:00
Lutz Jänicke
8746ee311e ERR_peek_error() returns "unsigned long". 2001-06-07 17:22:01 +00:00
Lutz Jänicke
47b0f48dd9 ERR_peek_error() returns "unsigned long". 2001-06-07 17:20:50 +00:00
Richard Levitte
f420de027f Don't forget to initialise. 2001-06-06 23:12:41 +00:00
Bodo Möller
a650df440b when checking OAEP, signal just a single kind of 'decoding error' 2001-06-06 18:48:57 +00:00
Bodo Möller
20e021bf41 when checking OAEP, signal just a single kind of 'decoding error' 2001-06-06 18:48:49 +00:00
Ulf Möller
afd7b5affe as in head 2001-06-06 17:24:03 +00:00
Ulf Möller
8ca2ae775d move check to avoid memory leak. 2001-06-06 17:23:23 +00:00
Ulf Möller
ee8aa8217a make sure we don't write to seed[-1] 2001-06-06 17:17:53 +00:00
Ulf Möller
38c3436577 make sure we don't write to seed[-1] 2001-06-06 17:15:47 +00:00
Richard Levitte
2b49dd1e8f 'make update' 2001-06-05 20:32:36 +00:00
Richard Levitte
30a54b9085 Defining __USE_XOPEN_EXTENDED was the wrong thing. Instead, define
_XOPEN_SOURCE.
2001-06-05 20:29:26 +00:00
Richard Levitte
1e7e62f8cd A good use of the UI interface is as a password callback replacement
(for new functions...).  One might still want to be able to pass down
a user-data pointer to be used by the UI.  However, ex_data doesn't
quite cut it, since that means the appropriate index to it might need
to be shared between parts that aren't really related in that sense,
and would require the currently hidden (static) index holders to be
uncovered.  Not a good thing.  Therefore, add the possibility to add a
user-data pointer to a UI.
2001-06-05 19:05:52 +00:00
Richard Levitte
7e9547e126 Accept digits in symbol names. Spotted by Brian Havard <brianh@kheldar.apana.org.au> 2001-06-04 16:34:39 +00:00
Richard Levitte
20251f01ea Accept digits in symbol names. Spotted by Brian Havard <brianh@kheldar.apana.org.au> 2001-06-04 16:34:31 +00:00
Richard Levitte
1690863acc Confusion between algorithms resolved. 2001-06-01 15:30:13 +00:00
Richard Levitte
397211323c nCipher callbacks shall return 0 on success, something else otherwise. 2001-06-01 15:29:32 +00:00
Richard Levitte
a87f50fb5a Stop mishandling the type number in dynlock locking 2001-06-01 15:21:01 +00:00
Bodo Möller
41d208db79 increase DEFAULT_BUFFER_SIZE (4K instead of just 1K) 2001-06-01 08:39:02 +00:00
Bodo Möller
be487c429e increase DEFAULT_BUFFER_SIZE (4K instead of just 1K) 2001-06-01 08:38:29 +00:00
Richard Levitte
9a1c40049e From revision 1.25, 2001/05/31 22:25:30 by levitte
Don't decrement the reference counter twice when destroying dynamic
links.
2001-06-01 05:36:44 +00:00
Richard Levitte
80340f1fe9 Don't decrement the reference counter twice when destroying dynamic
links.
2001-05-31 22:25:30 +00:00
Geoff Thorpe
d918f85146 Fix a memory leak in 'sk_dup' in the case a realloc() fails. Also, tidy up
a bit of weird code in sk_new.
2001-05-31 19:01:08 +00:00
Andy Polyakov
a95541d61e Get rid of RAW dependency warnings.
Submitted by:
Reviewed by:
PR:
2001-05-30 22:01:33 +00:00
Andy Polyakov
4cb73bf8e4 Assembler support for IA-64. See the source code commentary for further
details (performance numbers and accompanying discussions:-). Note that
the code is not engaged in ./Configure yet. I'll add it later this week
along with updates for .spec file.

Submitted by:
Reviewed by:
PR:
2001-05-28 20:02:51 +00:00
Richard Levitte
6c1a3e4f58 We had the password callback for ENGINEs pretty much wrong. And
passwords that were given to the key loading functions were completely
ignored, at least in the ncipher code, and then we made the assumption
that the callback wanted a prompt as user argument.

All that is now changed, and the application author is forced to give
a callback function of type pem_callback_cb and possibly an argument
for it, just as for all other functions that want to generate password
prompting.

NOTE: this change creates binary and source incompatibilities with
previous versions of OpenSSL [engine].  It's worth it this time, to
get it right (or at least better and with a chance that it'll work).
2001-05-25 21:08:56 +00:00
Dr. Stephen Henson
39bed15e53 Add missing variable length cipher flag for Blowfish.
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
2001-05-24 23:00:46 +00:00
Dr. Stephen Henson
76c919c1a3 Add missing variable length cipher flag for Blowfish.
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
2001-05-24 22:58:35 +00:00
Dr. Stephen Henson
4b04466f14 Fix for missing DSA parameters. 2001-05-24 22:33:16 +00:00
Dr. Stephen Henson
b49a5b2dc0 Fix for new UI functions under Win32.
For some unknown reason fopen("con", "w") is the
only way to make this work. Using "r+" and "w+"
causes the fopen call to fail and the fallback
(using stdin) doesn't work because writing to stdin
fails.
2001-05-17 11:47:08 +00:00
Richard Levitte
b8e35bd66e New internal function OPENSSL_gmtime, which is intended to do the same
as gmtime_r() on the systems where that is defined.
2001-05-16 08:44:09 +00:00
Lutz Jänicke
e8734731d3 Increase ENTROPY_NEEDED to support Rijndael's larger key size. 2001-05-15 16:02:35 +00:00
Richard Levitte
9e0fcabeca Do not forget to increment the pointers... 2001-05-15 15:49:54 +00:00
Richard Levitte
6482dec1bb Low-case the names of the system routines, since some versions of
DEC C only have them declared that way (it doesn't really matter,
since the linker is case-insensitive by default)
2001-05-15 05:15:47 +00:00
Richard Levitte
81b5eeed6a branch on equal is beql, not beq... 2001-05-14 22:10:09 +00:00
Richard Levitte
365359dd79 Make sure strdup() is properly declared. 2001-05-14 12:23:28 +00:00
Richard Levitte
2757be06de Make sure memset() is properly declared. 2001-05-14 12:22:58 +00:00
Richard Levitte
d0afe49d3e ui was forgotten when installing libcrypto and it's headers. 2001-05-14 12:22:27 +00:00
Richard Levitte
2643b122fc Remove the password reading objects from LIB_DES. 2001-05-14 11:59:02 +00:00
Richard Levitte
88db657ac2 Make more short aliases for symbols that are longer than 31
characters.
2001-05-14 11:58:08 +00:00
Richard Levitte
1f0af2c073 len is a size_t, which is an unsigned integer. Therefore, some
compilers will complain against the check for less than zero.
2001-05-14 11:56:47 +00:00
Richard Levitte
2ed2d1515e Use ui_compat.h to get the password reading functions. 2001-05-14 11:54:36 +00:00
Richard Levitte
bb5b16a36c Make it so the compiler doesn't inform me about the dollars in some
symbols.
2001-05-14 11:53:37 +00:00
Richard Levitte
739862384c A randomizer for OpenVMS, using the statistics that are easily
reachable.

It's completely untested for now.  To be done in the next few days.
2001-05-13 10:34:18 +00:00
Richard Levitte
0a647c2b8b Define `ok' and better error detection. 2001-05-13 05:34:39 +00:00
Richard Levitte
429e4f0de8 make update 2001-05-13 05:16:58 +00:00
Richard Levitte
299053becd des_read_password() and des_read_2passwords() can only appear if DES
is compiled.
2001-05-13 04:59:09 +00:00
Richard Levitte
56bb1a7c83 Move the password reading functions completely away from the DES
section.

Add ui_compat.h for inclusion by those who want the old functions and
provide all of them, not just the higher-level ones, in ui_compat.c.
2001-05-13 04:40:44 +00:00
Dr. Stephen Henson
d70e5100c0 #if 0 out deleted (?) functions to stop Win32 DLL
build falling over.
2001-05-13 00:33:55 +00:00
Dr. Stephen Henson
4831e626aa Change Win32 to use EXPORT_VAR_AS_FN.
Fix OPENSSL_IMPLEMENT_GLOBAL.

Allow Win32 to use EXPORT_VAR_AS_FN in mkdef.pl

make update.
2001-05-12 23:57:41 +00:00
Dr. Stephen Henson
29fb08c2de Typo. 2001-05-12 00:09:04 +00:00
Richard Levitte
7babdf2029 e_os2.h defines things like OPENSSL_SYS_MSDOS, not opensslconf.h...
(basically: whooops :-))
2001-05-11 11:20:26 +00:00
Dr. Stephen Henson
926a56bfe3 Purpose and trust setting functions for X509_STORE.
Tidy existing code.
2001-05-10 00:13:59 +00:00
Dr. Stephen Henson
d6f188be71 Fix warning with DEBUG_SAFESTACK 2001-05-10 00:09:43 +00:00
Dr. Stephen Henson
bdee69f718 Allow various X509_STORE_CTX properties to be
inherited from X509_STORE.

Add CRL checking options to other applications.
2001-05-09 00:30:39 +00:00
Richard Levitte
f53948856e There is no uitest 2001-05-08 04:23:25 +00:00
Dr. Stephen Henson
b545dc6775 Initial CRL based revocation checking. 2001-05-07 22:52:50 +00:00
Richard Levitte
027902999e Clarify the license and copyright, make preprocessor dirctives a
little bit clearer and use the new OPENSSL_SYS_* macros.
2001-05-07 06:33:35 +00:00
Richard Levitte
9a310a5d4e make update 2001-05-06 23:51:37 +00:00
Richard Levitte
a63d5eaab2 Add a general user interface API. This is designed to replace things
like des_read_password and friends (backward compatibility functions
using this new API are provided).  The purpose is to remove prompting
functions from the DES code section as well as provide for prompting
through dialog boxes in a window system and the like.
2001-05-06 23:19:37 +00:00
Richard Levitte
3c836ff0f8 Some platforms (most notably Windows) do not have a $HOME by default.
For those, unless the environment variables RANDFILE or HOME are
defined (the default case!), RAND_file_name() will return NULL.
This change adds a default HOME for those platforms.

To add a default HOME for any platform, just define DEFAULT_HOME in
the proper place, wrapped in appropriate #ifdef..#endif, in e_os.h.
2001-05-03 07:50:39 +00:00
Richard Levitte
f0b54fefe9 Some platforms (most notably Windows) do not have a $HOME by default.
For those, unless the environment variables RANDFILE or HOME are
defined (the default case!), RAND_file_name() will return NULL.
This change adds a default HOME for those platforms.

To add a default HOME for any platform, just define DEFAULT_HOME in
the proper place, wrapped in appropriate #ifdef..#endif, in e_os.h.
2001-05-03 07:50:11 +00:00
Richard Levitte
4760dc31c9 Merge in the following changes (from the main trunk log):
>----------------------------
>revision 1.24
>date: 2001/04/29 16:30:59;  author: steve;  state: Exp;  lines: +5 -1
>Win32 fixes:
>
>define LLONG properly for VC++.
>
>stop compiler complaining about signed/unsigned mismatch in apps/engine.c
>----------------------------
>revision 1.22
>date: 2001/02/27 23:59:18;  author: ulf;  state: Exp;  lines: +1 -1
>%f conversion bug fix
>Submitted by: Henrik Eriksson <henrik.eriksson@axis.com>
>----------------------------
>revision 1.21
>date: 2000/10/22 12:44:12;  author: levitte;  state: Exp;  lines: +3 -3
>On some operating systems, MAX is defined.  Call ours OSSL_MAX instead
2001-05-02 07:10:42 +00:00
Geoff Thorpe
7ae551fd03 In RSA, DSA, DH, and RAND - if the "***_new()" function fails because the
ENGINE code does not return a default, set an error.
2001-04-30 15:24:41 +00:00
Dr. Stephen Henson
c2e45f6ddf Win32 fixes:
define LLONG properly for VC++.

stop compiler complaining about signed/unsigned mismatch in apps/engine.c
2001-04-29 16:30:59 +00:00
Geoff Thorpe
06cb0353e5 For some inexplicable reason, I'd (a) left the debugging irreversibly
turned on, and (b) left a somewhat curious debugging string in the output.
2001-04-27 00:31:21 +00:00
Geoff Thorpe
b41f836e5f Some fixes to the reference-counting in ENGINE code. First, there were a
few statements equivalent to "ENGINE_add(ENGINE_openssl())" etc. The inner
call to ENGINE_openssl() (as with other functions like it) orphans a
structural reference count. Second, the ENGINE_cleanup() function also
needs to clean up the functional reference counts held internally as the
list of "defaults" (ie. as used when RSA_new() requires an appropriate
ENGINE reference). So ENGINE_clear_defaults() was created and is called
from within ENGINE_cleanup(). Third, some of the existing code was
logically broken in its treatment of reference counts and locking (my
fault), so the necessary bits have been restructured and tidied up.

To test this stuff, compiling with ENGINE_REF_COUNT_DEBUG will cause every
reference count change (both structural and functional) to log a message to
'stderr'. Using with "openssl engine" for example shows this in action
quite well as the 'engine' sub-command cleans up after itself properly.

Also replaced some spaces with tabs.
2001-04-26 23:04:30 +00:00
Geoff Thorpe
0ce5f3e4f5 This adds 2 things to the ENGINE code.
* "ex_data" - a CRYPTO_EX_DATA structure in the ENGINE structure itself
   that allows an ENGINE to store its own information there rather than in
   global variables. It follows the declarations and implementations used
   in RSA code, for better or worse. However there's a problem when storing
   state with ENGINEs because, unlike related structure types in OpenSSL,
   there is no ENGINE-vs-ENGINE_METHOD separation. Because of what ENGINE
   is, it has method pointers as its structure elements ...  which leads
   to;

 * ENGINE_FLAGS_BY_ID_COPY - if an ENGINE should not be used just as a
   reference to an "implementation" (eg. to get to a hardware device), but
   should also be able to maintain state, then this flag can be set by the
   ENGINE implementation. The result is that any call to ENGINE_by_id()
   will not result in the existing ENGINE being returned (with its
   structural reference count incremented) but instead a new copy of the
   ENGINE will be returned that can maintain its own state independantly of
   any other copies returned in the past or future. Eg. key-generation
   might involve a series of ENGINE-specific control commands to set
   algorithms, sizes, module-keys, ids, ACLs, etc. A final command could
   generate the key. An ENGINE doing this would *have* to declare
   ENGINE_FLAGS_BY_ID_COPY so that the state of that process can be
   maintained "per-handle" and unaffected by other code having a reference
   to the same ENGINE structure.
2001-04-26 19:35:44 +00:00
Richard Levitte
a679116f6f Provide the possibility to clean up internal ENGINE structures. This
takes care of what would otherwise be seen as a memory leak.
2001-04-26 16:07:08 +00:00
Richard Levitte
3988bb34aa gcc warns when certain values of an enumeration aren't taken care of,
unless there's a default clause.
2001-04-26 15:53:42 +00:00
Richard Levitte
9e78e6c3f8 Check for OPENSSL_NO_RSA, OPENSSL_NO_DSA and OPENSSL_NO_DH and disable
appropriate code if any of them is defined.
2001-04-26 15:45:12 +00:00
Richard Levitte
3caff6092a engine.h includes all the needed header files, so don't do it again
here.
2001-04-26 15:04:22 +00:00
Richard Levitte
91dc71f98d User OPENSSL_UNISTD instead of <unistd.h>.
Spotted by Mark Crispin <MRC@Panda.COM>
2001-04-26 08:26:18 +00:00
Geoff Thorpe
b7b6c047ca This change to the "dl", "dlfcn", and "win32" DSO_METHODs adds the filename
or symbol name to the error stack in the event a load or bind operation
failed.
2001-04-25 22:40:55 +00:00
Dr. Stephen Henson
c962479bdf Fix ASN1 bug when decoding OTHER type.
Various S/MIME DSA related fixes.
2001-04-21 12:06:01 +00:00
Richard Levitte
0cd5866726 VMS was behind when it comes to OCSP. 2001-04-20 12:37:14 +00:00
Geoff Thorpe
e2f3ae1252 Some more tweaks to ENGINE code.
This change adds some basic control commands to the existing ENGINEs
(except the software 'openssl' engine). All these engines currently load
shared-libraries for hardware APIs, so they've all been given "SO_PATH"
commands that will configure the chosen ENGINE to load its shared library
from the given path. Eg. by calling;
    ENGINE_ctrl_cmd_string(e, "SO_PATH", <path>, 0).

The nCipher 'chil' ENGINE has also had "FORK_CHECK" and "THREAD_LOCKING"
commands added so these settings could be handled via application-level
configuration rather than in application source code.

Changes to "openssl engine" to test and examine these control commands will
be made shortly. It will also provide the necessary tips to application
programs wanting to support these dynamic control commands.
2001-04-19 01:45:40 +00:00
Geoff Thorpe
40fcda292f Some BIG tweaks to ENGINE code.
This change adds some new functionality to the ENGINE code and API to
make it possible for ENGINEs to describe and implement their own control
commands that can be interrogated and used by calling applications at
run-time. The source code includes numerous comments explaining how it all
works and some of the finer details. But basically, an ENGINE will normally
declare an array of ENGINE_CMD_DEFN entries in its ENGINE - and the various
new ENGINE_CTRL_*** command types take care of iterating through this list
of definitions, converting command numbers to names, command names to
numbers, getting descriptions, getting input flags, etc. These
administrative commands are handled directly in the base ENGINE code rather
than in each ENGINE's ctrl() handler, unless they specify the
ENGINE_FLAGS_MANUAL_CMD_CTRL flag (ie. if they're doing something clever or
dynamic with the command definitions).

There is also a new function, ENGINE_cmd_is_executable(), that will
determine if an ENGINE control command is of an "executable" type that
can be used in another new function, ENGINE_ctrl_cmd_string(). If not, the
control command is not supposed to be exposed out to user/config level
access - eg. it could involve the exchange of binary data, returning
results to calling code, etc etc. If the command is executable then
ENGINE_ctrl_cmd_string() can be called using a name/arg string pair. The
control command's input flags will be used to determine necessary
conversions before the control command is called, and commands of this
form will always return zero or one (failure or success, respectively).
This is set up so that arbitrary applications can support control commands
in a consistent way so that tweaking particular ENGINE behaviour is
specific to the ENGINE and the host environment, and independant of the
application or OpenSSL.

Some code demonstrating this stuff in action will applied shortly to the
various ENGINE implementations, as well as "openssl engine" support for
executing arbitrary control commands before and/or after initialising
various ENGINEs.
2001-04-19 00:41:55 +00:00
Geoff Thorpe
59bc3126c5 Some more tweaks to ENGINE code.
The existing ENGINEs (including the default 'openssl' software engine) were
static, declared inside the source file for each engine implementation. The
reason this was not going boom was that all the ENGINEs had reference
counts that never hit zero (once linked into the internal list, each would
always have at least 1 lasting structural reference).

To fix this so it will stay standing when an "unload" function is added to
match ENGINE_load_builtin_engines(), the "constructor" functions for each
ENGINE implementation have been changed to dynamically allocate and
construct their own ENGINEs using API functions. The other benefit of this
is that no ENGINE implementation has to include the internal "engine_int.h"
header file any more.
2001-04-18 21:46:00 +00:00
Bodo Möller
db17ecdae3 fix md_rand.c locking bugs 2001-04-18 15:08:19 +00:00
Bodo Möller
6e6d04e29a fix md_rand.c locking bugs 2001-04-18 15:07:35 +00:00
Geoff Thorpe
48ff225300 Make the shared library name and function symbol for the "nuron" ENGINE
static data where they could be parameterised by ctrl() commands.
2001-04-18 04:47:01 +00:00
Geoff Thorpe
a4a9d97a3e Some more tweaks from ENGINE code.
Previously RAND_get_rand_method was returning a non-const pointer, but it
should be const. As with all other such cases, METHOD pointers are stored and
returned as "const". The only methods one should be able to alter are methods
"local" to the relevant code, in which case a non-const handle to the methods
should already exist.

This change has been forced by the constifying of the ENGINE code (before
which RAND_METHOD was the only method pointer in an ENGINE structure that was
not constant).
2001-04-18 04:18:16 +00:00
Geoff Thorpe
404f952aa3 Some more tweaks to ENGINE code.
ENGINE handler functions should take the ENGINE structure as a parameter -
this is because ENGINE structures can be copied, and like other
structure/method setups in OpenSSL, it should be possible for init(),
finish(), ctrl(), etc to adjust state inside the ENGINE structures rather
than globally. This commit includes the dependant changes in the ENGINE
implementations.
2001-04-18 03:57:05 +00:00
Geoff Thorpe
dcd87618ab Some more tweaks to ENGINE code.
Previous changes permanently removed the commented-out old code for where
it was possible to create and use an ENGINE statically, and this code gets
rid of the ENGINE_FLAGS_MALLOCED flag that supported the distinction with
dynamically allocated ENGINEs. It also moves the area for ENGINE_FLAGS_***
values from engine_int.h to engine.h - because it should be possible to
declare ENGINEs just from declarations in exported headers.
2001-04-18 03:03:16 +00:00
Geoff Thorpe
d54bf14559 Some more tweaks to ENGINE code.
* Constify the get/set functions, and add some that functions were missing.

* Add a new 'ENGINE_cpy()' function that will produce a new ENGINE based
  copied from an original (except for the references, ie. the new copy will
  be like an ENGINE returned from 'ENGINE_new()' - a structural reference).

* Removed the "null parameter" checking in the get/set functions - it is
  legitimate to set NULL values as a way of *changing* an ENGINE (ie.
  removing a handler that previously existed). Also, passing a NULL pointer
  for an ENGINE is obviously wrong for these functions, so don't bother
  checking for it. The result is a number of error codes and strings could
  be removed.
2001-04-18 02:01:36 +00:00
Geoff Thorpe
ea3a429efe Structural references should never be decremented directly - so leave that
to ENGINE_free(). Also, remove "#if 0" code that has no useful future.
2001-04-18 01:07:28 +00:00
Geoff Thorpe
e3f1223fe4 This moves string constants out of vendor headers and into C files. 2001-04-18 00:43:23 +00:00
Geoff Thorpe
7ef6e3fe2f 'make update' 2001-04-17 23:53:58 +00:00
Ben Laurie
4f19a0672b Fix warning. 2001-04-16 03:00:57 +00:00
Lutz Jänicke
854e076df8 Constify (Jason Molenda <jason@molenda.com>) 2001-04-14 14:50:02 +00:00
Lutz Jänicke
b089e64654 Don't make half work when constifying... 2001-04-14 14:48:44 +00:00
Lutz Jänicke
3c1f0ccbf4 Constify "salt" (Jason Molenda <jason@molenda.com>) 2001-04-14 14:42:28 +00:00
Richard Levitte
c9fd77e9dd Make it possible to move the emailAddress object to the subjectAltName
extension instead of just copying it.  That makes a certificate comply
even more with PKIX recommendations according to RFC 2459.
2001-04-11 12:55:06 +00:00