Commit graph

3559 commits

Author SHA1 Message Date
Richard Levitte
5affe206e1 Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation for
size_t-ification of those algorithms in future version of OpenSSL...
2004-05-19 14:16:33 +00:00
Andy Polyakov
1f4eccaaa5 Make reservations in FIPS code for upcoming size_t-fication of OpenSSL API.
And couple of bug-fixes in fips/rand code [return without lock release and
incorrect return value in fips_rand_bytes].
2004-05-17 15:37:26 +00:00
Ben Laurie
9ac9a29407 Fix self-tests, ban some things in FIPS mode, fix copyrights. 2004-05-15 17:51:26 +00:00
Richard Levitte
bac2e26a9e Reimplement old functions, so older software that link to libcrypto
don't crash and burn.
2004-05-14 17:55:59 +00:00
Richard Levitte
dbf2ac31c9 Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable. 2004-05-13 22:40:08 +00:00
Ben Laurie
72d75ee206 Blow up in people's faces if they don't reseed. 2004-05-12 14:11:10 +00:00
Richard Levitte
49bc4c1023 make update 2004-05-12 10:17:15 +00:00
Richard Levitte
0e92f7738a Forgot to update the Makefile with the o_str stuff... 2004-05-12 10:17:02 +00:00
Richard Levitte
d529f2a8f7 The functions OPENSSL_strcasen?cmp() were forgotten when merging the
FIPS branch into this.  It's needed at least for certain OpenVMS
versions, and should really be used in a more general way.
2004-05-12 10:09:00 +00:00
Richard Levitte
90cce79346 Makefile.ssl changed name to Makefile. 2004-05-12 08:28:00 +00:00
Ben Laurie
3642f632d3 Pull FIPS back into stable. 2004-05-11 12:46:24 +00:00
Richard Levitte
3b8ba6b610 When the pointer 'from' changes, it's stored length needs to change as
well.

Notified by Frank Kardel <kardel@acm.org> in PR 879.
2004-05-06 09:31:31 +00:00
Dr. Stephen Henson
6e308baf5a Fix memory leak.
PR:870
2004-04-22 12:33:03 +00:00
Geoff Thorpe
688791b22b Extend the index parameter checking from sk_value to sk_set(). Also tidy up
some similar code elsewhere.

Thanks to Francesco Petruzzi for bringing this to my attention.
2004-04-21 15:09:25 +00:00
cvs2svn
462a286eeb This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2004-04-13 17:47:38 +00:00
Richard Levitte
a110d01771 Typo. "pa-rics2W" corrected to "pa-risc2W".
PR: 868
2004-04-02 12:39:54 +00:00
Geoff Thorpe
7ef7a1b3de Avoid undefined results when the parameter is out of range. 2004-04-02 06:25:53 +00:00
Geoff Thorpe
2749276b95 Avoid undefined results when the parameter is out of range. 2004-04-02 06:25:11 +00:00
Dr. Stephen Henson
b6a5fdb8a7 Don't use C++ reserved word. 2004-04-01 22:23:46 +00:00
Dr. Stephen Henson
ecf139917d New function X509_POLICY_NODE_print() 2004-03-31 12:17:24 +00:00
Richard Levitte
ab23d5ffda Add symbol hacks for some long names.
make update
2004-03-29 08:13:49 +00:00
Andy Polyakov
1a979201d5 This is essentially Intel 32-bit compiler tune-up. To start with all
available compiler versions generated bogus machine code trying to
compile new crypto/des/cfb_enc.c. Secondly, 8th version defines
__GNUC__ macro, but fails to compile *some* inline assembler correctly.
Note that all versions of icc implement MSC-like _lrot[rl] intrinsic,
which is used now instead of offensive asm. Finally, unnecessary linker
dependencies are eliminated. Most notably dependency from libirc.a
caused trouble at application start-up, if libcrypto.so is linked with
-Bsymbolic (which it is).
2004-03-28 21:27:47 +00:00
Dr. Stephen Henson
216659eb87 Enhance EVP code to generate random symmetric keys of the
appropriate form, for example correct DES parity.

Update S/MIME code and EVP_SealInit to use new functions.

PR: 700
2004-03-28 17:38:00 +00:00
Dr. Stephen Henson
5d6383c83f Make {i2v,v2i}_ASN1_BIT_STRING global.
make update
2004-03-28 12:40:11 +00:00
Dr. Stephen Henson
f36f469430 Obsolete files. 2004-03-28 12:29:53 +00:00
Dr. Stephen Henson
e07d3a021d Remove obsolete files. 2004-03-28 12:29:05 +00:00
Dr. Stephen Henson
e1a27eb34a Allow CRLs to be passed into X509_STORE_CTX. This is useful when the
verified structure can contain its own CRLs (such as PKCS#7 signedData).

Tidy up some of the verify code.
2004-03-27 22:49:28 +00:00
Dr. Stephen Henson
6446e0c3c8 Extend OID config module format. 2004-03-27 13:30:14 +00:00
Dr. Stephen Henson
beedea2fef Free up BIO properly when using streaming S/MIME sign. 2004-03-26 00:24:38 +00:00
Richard Levitte
0020502a07 SSL_COMP_get_compression_method is a typo (a missing 's' at the end of
the symbol name).
2004-03-25 21:32:30 +00:00
Richard Levitte
b7e3c73d7c Wrap code starting with a definition.
PR: 854
2004-03-25 20:01:08 +00:00
Richard Levitte
fd9fa844e2 Wrap code starting with a definition.
PR: 854
2004-03-25 20:01:01 +00:00
Richard Levitte
482c2acf02 Make prototypes for some callback pointers. 2004-03-25 16:21:42 +00:00
Richard Levitte
a481b4b52c A couple more cases where RAND_add() gets an integer instead of a
doule as last argument.
2004-03-25 16:04:02 +00:00
Richard Levitte
a87228031f RAND_add() wants a double as it's last argument. 2004-03-25 15:52:43 +00:00
Dr. Stephen Henson
b79c82eaab Fix loads of warnings in policy code.
I'll remember to try to compile this with warnings enabled next time :-)
2004-03-25 13:45:58 +00:00
Dr. Stephen Henson
69d1d5e6ce Fix ASN1 warnings. 2004-03-25 13:37:02 +00:00
Geoff Thorpe
c86f2054f3 Adjust various bignum functions to use BN_CTX for variables instead of
locally initialising their own.

NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near
future.
2004-03-25 04:32:24 +00:00
Geoff Thorpe
5c98b2caf5 Replace the BN_CTX implementation with my current work. I'm leaving the
little TODO list in there as well as the debugging code (only enabled if
BN_CTX_DEBUG is defined).

I'd appreciate as much review and testing as can be spared for this. I'll
commit some changes to other parts of the bignum code shortly to make
better use of this implementation (no more fixed size limitations). Note
also that under identical optimisations, I'm seeing a noticable speed
increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
systems would also be most welcome.
2004-03-25 04:16:14 +00:00
Geoff Thorpe
5148710994 Adds warnings about two curves and fixes the "seed" value for two other
curves.

Submitted by: Nils Larsch
2004-03-25 03:03:52 +00:00
Geoff Thorpe
ea77fc3380 ... and this should likewise fix up those RSA implementations that weren't
already built and tested.
2004-03-25 02:55:17 +00:00
Geoff Thorpe
46ef873f0b By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.

This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.
2004-03-25 02:52:04 +00:00
Geoff Thorpe
2d2a5ba32a Damn, I was a bit hasty with my fix and hadn't spotted the linker
dependency from asn1.
2004-03-25 02:41:35 +00:00
Geoff Thorpe
2bd4e3379f Remove some warnings. 2004-03-25 02:24:38 +00:00
Geoff Thorpe
032c3ecb18 Protect against gcc's "warning: cast does not match function type". 2004-03-25 02:19:42 +00:00
Dr. Stephen Henson
a0cac0ff75 Make S/MIME encrypt work again. 2004-03-25 00:57:23 +00:00
Richard Levitte
817089b66d Don't define fd for platforms that do not use it, as some may not declare fileno() properly 2004-03-24 10:55:50 +00:00
Richard Levitte
e703b46598 Don't define fd for platforms that do not use it, as some may not declare fileno() properly 2004-03-24 10:55:48 +00:00
Richard Levitte
0fa793bc7b Correct constness problems. 2004-03-24 10:50:42 +00:00
Richard Levitte
5c42f62e48 Only build the PKCS#7 test applications if "pkcs7" is present in
SDIRS.
2004-03-24 10:48:50 +00:00