wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7349 commits 20 branches 302 tags 153 MiB
Commit graph

3588 commits

Author SHA1 Message Date
Geoff Thorpe
23fc5ac646 Improve a couple of the bignum macros. Note, this doesn't eliminate 
tolerance of ambiguous zero-representation, it just improves
BN_abs_is_word() and simplifies other macros that depend on it.
 2003-11-30 22:02:10 +00:00
Geoff Thorpe
5734bebe05 Make BN_DEBUG_RAND less painfully slow by only consuming one byte of 
pseudo-random data for each bn_pollute().
 2003-11-30 21:21:30 +00:00
Geoff Thorpe
657a919598 This improves the placement of check_top() macros in a couple of bn_lib 
functions.
 2003-11-29 20:34:07 +00:00
Richard Levitte
b64614adfe We're getting a clash with C++ because it has a type called 'list'. 
Therefore, change all instances of the symbol 'list' to something else.

PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>
 2003-11-29 10:25:42 +00:00
Richard Levitte
3822740ce3 We're getting a clash with C++ because it has a type called 'list'. 
Therefore, change all instances of the symbol 'list' to something else.

PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>
 2003-11-29 10:25:37 +00:00
Richard Levitte
0d78bc3356 Add IPSec/IKE/Oakley curves. 
PR: 768
Submitted by: Vadim Fedukovich <vf@unity.net>
 2003-11-29 09:25:59 +00:00
Richard Levitte
d87b79bf31 Damnit, I'm sick of having to do something special every time a module 
that gets built before objects barfs all over the place because it
uses a new NID that hasn't had a chance of getting defined yet (in
this case, it was about a couple of new EC curves, and therefore a
couple of new corresponding NIDs).

I'm placing objects first in SDIRS!  There.
 2003-11-29 09:19:12 +00:00
Richard Levitte
753cbc2857 1024 is the export key bits limit according to current regulations, not 512. 
PR: 771
Submitted by: c zhang <czhang2005@hotmail.com>
 2003-11-28 22:39:23 +00:00
Richard Levitte
b727907ae8 1024 is the export key bits limit according to current regulations, not 512. 
PR: 771
Submitted by: c zhang <czhang2005@hotmail.com>
 2003-11-28 22:39:19 +00:00
Geoff Thorpe
444c3a8492 Get rid of some signed/unsigned comparison warnings. 2003-11-28 16:39:16 +00:00
Richard Levitte
4d8743f490 Netware-specific changes, 
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
 2003-11-28 13:10:58 +00:00
Richard Levitte
04dc4edb44 If dynamically-loadable ENGINEs are linked against a shared-library version 
of libcrypto, then it is possible that when they are loaded they will share
the same static data as the loading application/library. This means it will
be too late to set memory/ERR/ex_data/[etc] callbacks, but entirely
unnecessary to try.

This change (and a great part of this comment) was implemented in
0.9.8-dev a long time ago, but slightly differently.  In 0.9.8-dev, a
specific function that just returns a pointer to some static object is
used. For 0.9.7x, we couldn't do that, since the way we handle feature
freezes is, among other, to not add any more non-static functions.
Instead, we use the function ERR_get_implementation() and compare the
returned value with fns->err_fns, a member of fns that already is
there, and which therefore can safely be used in this manner.

What happens is that if the loaded ENGINE's return value from this
function matches the loading application/library's return value - they
share static data. If they don't match, the loaded ENGINE has its own
copy of libcrypto's static data and so the callbacks need to be set.
 2003-11-27 16:41:26 +00:00
Geoff Thorpe
81ba5f6713 Due to recent debugging bursts, openssl should be more or less solid 
against inconsistent BIGNUMs coming out of any of its API functions. So
this change no longer "fixes" the bn_print.c functions, but it makes for
cleaner code. This patch was a part of ticket 697.

PR: 697
Submitted by: Otto Moerbeek
Reviewed by: Geoff Thorpe
 2003-11-25 21:07:59 +00:00
Geoff Thorpe
6defae04f3 Fix some handling in bn_word. This also resolves the issues observed in 
ticket 697 (though uses a different solution than the proposed one). This
problem was initially raised by Otto Moerbeek.

PR: 697
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
 2003-11-25 20:39:19 +00:00
Geoff Thorpe
e1064adfd3 Some changes for bn_gf2m.c: better error checking plus some minor 
optimizations.

Submitted by: Nils Larsch
 2003-11-25 03:41:20 +00:00
Lutz Jänicke
d7559f16cd Free "engine" resource in case of failure to prevent memory leak 
PR: #778
Submitted by: George Mitchell <george@m5p.com>
 2003-11-24 16:48:52 +00:00
Lutz Jänicke
d161f5a9b2 Free "engine" resource in case of failure to prevent memory leak 
PR: #778
Submitted by: George Mitchell <george@m5p.com>
 2003-11-24 16:47:44 +00:00
Geoff Thorpe
9e989810ba BN_div() cleanup: replace the use of BN_sub and BN_add with bn_sub_words 
and bn_add_words to avoid using fake bignums to window other bignums that
can lead to corruption. This change allows all bignum tests to pass with
BN_DEBUG and BN_DEBUG_RAND debugging and valgrind. NB: This should be
tested on a few different architectures and configuration targets, as the
bignum code this deals with is quite preprocessor (and assembly) sensitive.

Submitted by: Nils Narsch
Reviewed by: Geoff Thorpe, Ulf Moeller
 2003-11-22 20:23:41 +00:00
Ulf Möller
28474e26f4 bn_sub_part_words() is unused in 0.9.7. 
Spotted by Markus Friedl.
 2003-11-22 10:42:33 +00:00
Geoff Thorpe
ec2179cf81 Fix a small bug in str_copy: if more than one variable is replaced, make 
sure the current length is used to calculate the new buffer length instead
of using the old length (prior to any variable substitution).

Submitted by: Nils Larsch
 2003-11-21 21:42:35 +00:00
Dr. Stephen Henson
a8287a90ea Give CRLDP its standard name. 
Max req -x509 use V1 if extensions section absent.
 2003-11-20 22:45:06 +00:00
Dr. Stephen Henson
85421c7148 Give CRLDP its standard name. 
Max req -x509 use V1 if extensions section absent.
 2003-11-20 22:43:28 +00:00
Geoff Thorpe
77cc150b61 Remove duplicate prototypes have already been (correctly) added to rsa.h, 
as this is already included by x509.h anyway.
 2003-11-19 05:18:54 +00:00
Ulf Möller
31182ad39b re-enable the test, keeping the original method for RAND_pseudo_bytes 
which is used by BN_DEBUG_RAND
Submitted by: Nils Larsch
 2003-11-16 19:33:31 +00:00
Lutz Jänicke
fda5e38551 Provide ASFLAGS in the subdirectories handling assembler code. 
Submitted by: Tim Rice <tim@multitalents.net>

PR: #735, #765
 2003-11-16 14:38:34 +00:00
Lutz Jänicke
a601df36f3 Provide ASFLAGS in the subdirectories handling assembler code. 
Submitted by: Tim Rice <tim@multitalents.net>

PR: #735, #765
 2003-11-16 14:37:48 +00:00
Ulf Möller
ac9c6e10a4 The x9.62 tests replace the PRNG with specific numbers, 
so don't run them if BN_DEBUG_RAND is defined.

Also, fix another small bug.

Submitted by: Nils Larsch
 2003-11-16 12:24:45 +00:00
Ulf Möller
1a01733047 BN_set_bit() etc should use "unsigned int". 
Keep it as is to avoid an API change, but check for negativ values.

Submitted by: Nils Larsch
 2003-11-15 08:37:50 +00:00
Geoff Thorpe
9dde17e8b4 This rewrites two "for" loops in BN_rshift() - equality with zero is 
generally a more efficient comparison than comparing two integers, and the
first of these two loops was off-by-one (copying one too many values). This
change also removes a superfluous assignment that would set an unused word
to zero (and potentially allow an overrun in some cases).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
 2003-11-13 15:03:14 +00:00
Geoff Thorpe
37af03d311 General improvements to the ec_asn1.c code. This squashes at least one bug 
(where it was impossible to create an EC certificate with a compressed
public key), and has some style improvements based on some comments from
Steve Henson about use of the ASN1 macros.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
 2003-11-10 18:09:18 +00:00
Geoff Thorpe
f7a397cc8d Avoid possible memory leaks in error-handling. 
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
 2003-11-10 18:05:22 +00:00
Dr. Stephen Henson
cd2e8a6f2d Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). 2003-11-10 01:37:23 +00:00
Dr. Stephen Henson
2d4b834926 Oops! 2003-11-10 01:29:27 +00:00
Dr. Stephen Henson
c22e6753ef Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). 2003-11-10 01:25:11 +00:00
Geoff Thorpe
f75abcefed This extends the debugging macros to use "pollution" during 
bn_correct_top(), previously only bn_check_top() did this.
 2003-11-06 23:24:44 +00:00
Geoff Thorpe
18f62d4b82 Add debug-screening of input parameters to some functions I'd missed 
before.
 2003-11-06 23:13:04 +00:00
Geoff Thorpe
5c0c22803e Put more debug screening in BN_div() and correct a comment. 2003-11-06 23:11:07 +00:00
Geoff Thorpe
0ef85c7f45 This is a revert of my previous commit to "improve" the declaration of 
constant BIGNUMs. It turns out that this trips up different but equally
useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness
it created. (Thanks to Ulf for the forehead-slap.)
 2003-11-05 19:30:29 +00:00
Ulf Möller
078dd1a0f9 typo in comment 2003-11-05 17:28:59 +00:00
Ulf Möller
2b96c95197 cleanup as discussed with Geoff 2003-11-05 17:28:25 +00:00
Geoff Thorpe
d870740cd7 Put the first stage of my bignum debugging adventures into CVS. This code 
is itself experimental, and in addition may cause execution to break on
existing openssl "bugs" that previously were harmless or at least
invisible.
 2003-11-04 22:54:49 +00:00
Geoff Thorpe
d8ec0dcf45 Avoid some shadowed variable names. 
Submitted by: Nils Larsch
 2003-11-04 00:51:32 +00:00
Geoff Thorpe
c465e7941e This is the least unacceptable way I've found for declaring the bignum data 
and structures as constant without having to cast away const at any point.
There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy,
but crypto/bn/ is now ok. Purists are welcome to suggest alternatives.
 2003-11-04 00:29:09 +00:00
Geoff Thorpe
a9fd78f9da bn_div() does some pretty nasty things with temporary variables, 
constructing BIGNUM structures with pointers offset into other bignums
(among other things). This corrects some of it that is too plainly insane,
and tries to ensure that bignums are normalised when passed to other
functions.
 2003-10-31 01:35:16 +00:00
Geoff Thorpe
5f747c7f4b When a BN_CTX is used for temporary workspace, the variables are sometimes 
left in an inconsistent state when they are released for later reuse. This
change resets the BIGNUMs when they are released back to the context.
 2003-10-30 01:07:56 +00:00
Geoff Thorpe
c4db1a8b5c This fixes a couple of cases where an inconsistent BIGNUM could be passed as 
input to a function.
 2003-10-30 01:03:31 +00:00
Geoff Thorpe
aca95e0b2f Remove a line that was causing redundant declarations. 
Obtained from: Stephen Henson <steve@openssl.org>
 2003-10-29 22:55:19 +00:00
Geoff Thorpe
06e4024d98 Oops, this file already had the "empty source file" workaround but it 
requires -DPEDANTIC and was hidden at the bottom of the file. This moves it
to the top and removes the redundant declaration.
 2003-10-29 22:25:04 +00:00
Geoff Thorpe
8087d8f7ea Make md32_common.h friendlier to compiler warnings. 
Obtained from: Andy Polyakov <appro@openssl.org>
 2003-10-29 20:55:03 +00:00
Geoff Thorpe
31166ec8f3 Some provisional bignum debugging has begun to detect inconsistent BIGNUM 
structures being passed in to or out of API functions, and this corrects a
couple of cases found so far.

Also, lop off a couple of bytes of white-space.
 2003-10-29 20:47:49 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. 
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
 2003-10-29 20:24:15 +00:00
Geoff Thorpe
2ce90b9b74 BN_CTX is opaque and the static initialiser BN_CTX_init() is not used 
except internally to the allocator BN_CTX_new(), as such this deprecates
the use of BN_CTX_init() in the API. Moreover, the structure definition of
BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.

NDEBUG should probably only be "forced" in the top-level configuration, but
until it is I will avoid removing it from bn_ctx.c which might surprise
people with massive slow-downs in their keygens. So I've left it in
bn_ctx.c but tidied up the preprocessor logic a touch and made it more
tolerant of debugging efforts.
 2003-10-29 18:04:37 +00:00
Richard Levitte
db5b10fab5 Removing those memcpy()s also took away the possibility for in and out to 
be the same.  Therefore, the removed memcpy()s need to be restored.
 2003-10-29 06:21:25 +00:00
Richard Levitte
4e952ae4fc Removing those memcpy()s also took away the possibility for in and out to 
be the same.  Therefore, the removed memcpy()s need to be restored.
 2003-10-29 06:21:22 +00:00
Geoff Thorpe
db59141467 remove accidentally committed debugging cruft. 2003-10-29 05:35:31 +00:00
Geoff Thorpe
8a66d17899 Remove an unnecessary cast that causes certain compilers (eg. mine) some 
confusion. Also silence a couple of signed/unsigned warnings.
 2003-10-29 05:00:57 +00:00
Geoff Thorpe
2eeaa0261e Remove redundant declaration. 2003-10-29 04:58:23 +00:00
Geoff Thorpe
8dc344ccbf Relax some over-zealous constification that gave some lhash-based code no 
choice but to have to cast away "const" qualifiers from their prototypes.
This does not remove constification restrictions from hash/compare
callbacks, but allows destructor commands to be run over a tables' elements
without bad casts.
 2003-10-29 04:57:05 +00:00
Geoff Thorpe
6bcd3f903a Comments out some unimplemented functions instead of redeclaring them. 2003-10-29 04:42:29 +00:00
Geoff Thorpe
40f935f5b4 Avoid "empty source file" warnings. 2003-10-29 04:41:19 +00:00
Geoff Thorpe
0991f07034 For whatever reason (compiler or header bugs), at least one commonly-used 
linux system (namely mine) chokes on our definitions and uses of the "HZ"
symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast"
(when in fact there is no function casting involved at all). In both cases,
it is easily worked around by not defining a cast into the macro and
jiggling the expressions slightly.

In addition - this highlights some cruft in openssl that needs sorting out.
The tmdiff.h header is exported as part of the openssl API despite the fact
that it is ugly as the driven sludge and not used anywhere in the library,
applications, or utilities. More weird still, almost identical code exists
in apps/speed.c though it looks to be slightly tweaked - so either tmdiff
should be updated and used by speed.c, or it should be dumped because it's
obviously not useful enough.

Rather than removing it for now, I've changed the API for tmdiff to at
least make sense. This involves taking the object type (MS_TM) from the
implementation and using it in the header rather than using "char *" in the
API and casting mercilessly in the code (ugh). If someone doesn't like
"MS_TM" and the "ms_time_***" naming, by all means change it. This should
be a harmless improvement, because the existing API is clearly not very
useful (eg. we reimplement it rather than using it in our own utils).

However, someone still needs to take a hack at consolidating speed.c and
tmdiff.[ch] somehow.
 2003-10-29 04:40:13 +00:00
Geoff Thorpe
2aaec9cced Update any code that was using deprecated functions so that everything builds 
and links with OPENSSL_NO_DEPRECATED defined.
 2003-10-29 04:14:08 +00:00
Geoff Thorpe
9d473aa2e4 When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should 
be) precompiled out in the API headers. This change is to ensure that if
it is defined when compiling openssl, the deprecated functions aren't
implemented either.
 2003-10-29 04:06:50 +00:00
Geoff Thorpe
6145b0b183 The "cryptodev" engine preprocessor logic used undefined symbols in 
comparisons. It's better not to allow this, because it gives false
positives when using compiler warnings that detect mistyped symbols.
 2003-10-29 04:00:14 +00:00
Geoff Thorpe
66b82f5aad make update 2003-10-28 22:10:47 +00:00
Geoff Thorpe
12bdceac8a Ignore derived file. 2003-10-28 17:26:46 +00:00
Geoff Thorpe
8ad7e3ad2a Remove duplicate prototypes have already been (correctly) added to rsa.h, 
as this is already included by x509.h anyway.
 2003-10-24 16:17:11 +00:00
Richard Levitte
fa5846e58b Correct serious bug in AES-CBC decryption when the message length isn't 
a multiple of AES_BLOCK_SIZE.
Optimize decryption of all complete blocks in AES-CBC by removing an
unnecessary memcpy().

The error was notified by James Fernandes <jf210032@exchange.DAYTONOH.NCR.com>.
The unnecessary memcpy() was found as an effect of investigating that error.
 2003-10-15 09:00:18 +00:00
Richard Levitte
0b6956b474 Correct serious bug in AES-CBC decryption when the message length isn't 
a multiple of AES_BLOCK_SIZE.
Optimize decryption of all complete blocks in AES-CBC by removing an
unnecessary memcpy().

The error was notified by James Fernandes <jf210032@exchange.DAYTONOH.NCR.com>.
The unnecessary memcpy() was found as an effect of investigating that error.
 2003-10-15 09:00:14 +00:00
Richard Levitte
0bb6187e71 The object file is o_str.o, not o_str.c. 
Thanks to Peter Sylvester <Peter.Sylvester@EdelWeb.fr> for the notification.
 2003-10-13 11:34:40 +00:00
Dr. Stephen Henson
c5a5546389 Add support for digested data PKCS#7 type. 2003-10-11 22:11:45 +00:00
Dr. Stephen Henson
79e4022a33 Simplify cipher and digest lookup in PKCS#7 code. 2003-10-11 16:47:44 +00:00
Dr. Stephen Henson
77fe058c10 Simplify cipher and digest lookup in PKCS#7 code. 2003-10-11 16:46:40 +00:00
Dr. Stephen Henson
8d9086dfa2 New function to initialize a PKCS7 structure of type other. 2003-10-10 23:40:47 +00:00
Dr. Stephen Henson
0602abf5bd Initialize digested data type in PKCS7_set_type(). 2003-10-10 23:31:53 +00:00
Dr. Stephen Henson
caf044cb3e Retrieve correct content to sign when the 
type is "other".
 2003-10-10 23:25:43 +00:00
Dr. Stephen Henson
80986c9ced Retrieve correct content to sign when the 
type is "other".
 2003-10-10 23:24:10 +00:00
Richard Levitte
ede7c28eb7 In realloc, don't destroy the old memory area if a new one couldn't be 
allocated.
Notified by Daniel Lucq <daniel@lucq.org>
 2003-10-07 12:09:42 +00:00
Richard Levitte
83eb412da8 In realloc, don't destroy the old memory area if a new one couldn't be 
allocated.
Notified by Daniel Lucq <daniel@lucq.org>
 2003-10-07 12:09:39 +00:00
Richard Levitte
8242354952 Make sure int SSL_COMP_add_compression_method() checks if a certain 
compression identity is already present among the registered
compression methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
 2003-10-06 11:00:15 +00:00
Richard Levitte
c40b9bdefb Setting the ex_data index is unsafe in a threaded environment, so 
let's wrap it with a lock.
 2003-10-06 09:09:44 +00:00
Richard Levitte
6895cca89d Remove unused code, don't use zlib functions that are really macros 
and provide missing prototypes.
 2003-10-04 09:09:19 +00:00
Richard Levitte
cf89b40584 Include e_os.h to get a proper definition of memmove on the platforms 
that do not have it.
 2003-10-01 20:43:03 +00:00
Richard Levitte
d680c13060 Include e_os.h to get a proper definition for memmove() for the 
platforms that don't have it.
 2003-10-01 20:41:49 +00:00
Dr. Stephen Henson
2990244980 ASN1 parse fix and release file changes. 2003-09-30 16:47:33 +00:00
Dr. Stephen Henson
0c6fa13fee In order to get the expected self signed error when 
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
 2003-09-30 13:10:48 +00:00
Dr. Stephen Henson
68f0bcfbc3 Changes for release 2003-09-30 12:08:23 +00:00
Dr. Stephen Henson
662ede2370 Fix for ASN1 parsing bugs. 2003-09-30 12:05:44 +00:00
Dr. Stephen Henson
c93f908f7f Fix to make it compile under Win32. 2003-09-29 17:10:01 +00:00
Richard Levitte
057a04398d Synchronise util/libeay.num with the 0.9.7-stable one. 
make update
 2003-09-28 09:34:50 +00:00
Richard Levitte
71583fb0d7 Uhmm, It seem to have forgotten one file when I committed the MSDOS 
change yesterday.
PR: 669
 2003-09-28 07:11:37 +00:00
Richard Levitte
7f3ba9428f Uhmm, It seem to have forgotten one file when I committed the MSDOS 
change yesterday.
PR: 669
 2003-09-28 07:11:33 +00:00
Richard Levitte
058f86e9e0 Change the indentation from 12 to indent+4. 
PR: 657
 2003-09-27 22:48:36 +00:00
Richard Levitte
3c02e24bb3 Change the indentation from 12 to indent+4. 
PR: 657
 2003-09-27 22:48:33 +00:00
Richard Levitte
4509102cb9 Make MD5 assembler code able to handle messages larger than 2GB on 32-bit 
systems and above.
PR: 664
 2003-09-27 22:14:47 +00:00
Richard Levitte
1be02dd842 Make MD5 assembler code able to handle messages larger than 2GB on 32-bit 
systems and above.
PR: 664
 2003-09-27 22:14:39 +00:00
Richard Levitte
732d1bf43a Add reference counting around the thread state hash table. 
Unfortunately, this means that the dynamic ENGINE version just went up, and
isn't backward compatible.
PR: 678
 2003-09-27 20:29:11 +00:00
Richard Levitte
11171f3c74 Add reference counting around the thread state hash table. 
Unfortunately, this means that the dynamic ENGINE version just went up, and
isn't backward compatible.
PR: 678
 2003-09-27 20:29:05 +00:00
Ralf S. Engelschall
6bd27f8644 Fix prime generation loop in crypto/bn/bn_prime.pl by making 
sure the loop does correctly stop and breaking ("division by zero")
modulus operations are not performed. The (pre-generated) prime
table crypto/bn/bn_prime.h was already correct, but it could not be
re-generated on some platforms because of the "division by zero"
situation in the script.
 2003-09-25 13:57:58 +00:00
Dr. Stephen Henson
82384690e2 Typos. 2003-09-09 23:44:39 +00:00
Richard Levitte
e6fa67fa93 Generalise the definition of strcasecmp() and strncasecmp() for 
platforms that don't (necessarely) have it.  In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).
 2003-09-09 14:48:36 +00:00
Dr. Stephen Henson
510dc1ecd0 outlen should be int * in out_utf8. 2003-08-21 12:32:12 +00:00
Dr. Stephen Henson
3b07c32fe7 outlen should be int * in out_utf8. 2003-08-21 12:31:17 +00:00
Richard Levitte
05a1f76093 make update 2003-08-11 09:53:24 +00:00
Richard Levitte
4ed9388e5d A new branch for FIPS-related changes has been created with the name 
OpenSSL-fips-0_9_7-stable.

Since the 0.9.7-stable branch is supposed to be in freeze and should
only contain bug corrections, this change removes the FIPS changes
from that branch.
 2003-08-11 09:37:17 +00:00
Richard Levitte
88401ed449 Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>: 
1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
   not CloseHandle.
 2003-08-07 11:57:42 +00:00
Richard Levitte
30e4269241 Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>: 
1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
   not CloseHandle.
 2003-08-07 11:57:21 +00:00
Bodo Möller
59315df637 add OpenSSL license 
fix typo
 2003-08-06 10:38:37 +00:00
Bodo Möller
3aa8d3a7f1 add OpenSSL license 
fix typo
 2003-08-06 10:36:25 +00:00
Richard Levitte
98c1a4900c Inclusion of openssl/engine.h should always be wrapped with a check that 
OPENSSL_NO_ENGINE is not defined.
 2003-08-04 10:12:38 +00:00
Richard Levitte
5b6e7c8c65 Inclusion of openssl/engine.h should always be wrapped with a check that 
OPENSSL_NO_ENGINE is not defined.
 2003-08-04 10:12:36 +00:00
Dr. Stephen Henson
6b063f32d9 Make the EFB NIDs have empty OIDs aliased to the real EFB OID. 2003-08-01 17:06:48 +00:00
Ben Laurie
afab06d3f5 DES CFB8 test. 2003-08-01 10:31:25 +00:00
Ben Laurie
8fb97c9acd Fix DES CFB-r. 2003-08-01 10:25:58 +00:00
Ben Laurie
c5f070d5d5 Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8. 2003-07-30 18:30:18 +00:00
Ben Laurie
f3b2ea53e2 AES CFB8. 2003-07-29 17:05:16 +00:00
Ben Laurie
c473d53898 The rest of the keysizes for CFB1, working AES AVS test for CFB1. 2003-07-29 13:24:27 +00:00
Ben Laurie
e8f8249319 Working CFB1 and test vectors. 2003-07-29 10:56:56 +00:00
Ben Laurie
e2ced802b4 Add support for partial CFB modes, make tests work, update dependencies. 2003-07-28 15:08:00 +00:00
Ben Laurie
75622f1ece Unfinished FIPS stuff for review/improvement. 2003-07-27 17:00:51 +00:00
Ben Laurie
a052dd6532 Add untested CFB-r mode. Will be tested soon. 2003-07-27 13:46:57 +00:00
Dr. Stephen Henson
f96d1af449 Avoid clashes with Win32 names in WinCrypt.h 2003-07-23 00:10:43 +00:00
Bodo Möller
968766cad8 updates for draft-ietf-tls-ecc-03.txt 
Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller
 2003-07-22 12:34:21 +00:00
Bodo Möller
652ae06bad add test for secp160r1 
add code for kP+lQ timings

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
Reviewed by: Bodo Moeller
 2003-07-22 10:39:10 +00:00
Bodo Möller
ada0e717fa new function EC_GROUP_cmp() (used by EVP_PKEY_cmp()) 
Submitted by: Nils Larsch
 2003-07-21 13:43:28 +00:00
Richard Levitte
f9d183c209 Replace CCITT with ITU-T. Keep CCITT around as an alias. 
make update

PR: 80
 2003-07-04 15:45:04 +00:00
Richard Levitte
61f00386ab The counter is big-endian. Since it comes as an array of char, 
there's absolutely no need to special-case it on little-endian
machines.

Notified by Thierry Boivin <Thierry.Boivin@celsecat.com>
 2003-07-04 11:37:50 +00:00
Richard Levitte
5f24adda77 Oops, I forgot to replace 'counter' with 'ivec' when used... 2003-07-03 20:50:46 +00:00
Richard Levitte
2ae0352b0f Oops, I forgot to replace 'counter' with 'ivec' when used... 2003-07-03 20:50:44 +00:00
Richard Levitte
ba64c2cc8f The 'counter' is really the IV. 2003-07-03 06:42:45 +00:00
Richard Levitte
da6c44fc97 The 'counter' is really the IV. 2003-07-03 06:42:43 +00:00
Richard Levitte
29e62e487f Change AES-CTR to increment the IV by 1 instead of 2^64. 2003-07-03 06:41:33 +00:00
Richard Levitte
da0d33560f Change AES-CTR to increment the IV by 1 instead of 2^64. 2003-07-03 06:41:30 +00:00
Richard Levitte
eb3d68c454 Nils Larsch told me I could remove that variable entirely. 2003-06-26 11:52:23 +00:00
Richard Levitte
c89f31def0 make update 2003-06-26 10:27:11 +00:00
Richard Levitte
ed5fae580e Implement missing functions. 
Have the f parameter to _ctrl functions have the prototype (*)(void)
rather than (*)(), for the sake of C++ compilers.
Disable unimplemented functionality.
 2003-06-26 10:26:42 +00:00
Richard Levitte
d55141ed7a "Remove" unused variable 2003-06-26 10:23:00 +00:00
Richard Levitte
dfc3151925 The definition of dynamic_ctrl() should change along with the 
declaration :-).
 2003-06-26 07:03:49 +00:00
Bodo Möller
0fbffe7a71 implement PKCS #8 / SEC1 private key format for ECC 
Submitted by: Nils Larsch
 2003-06-25 21:35:05 +00:00
Dr. Stephen Henson
00dc2d7551 Return EOF when an S/MIME part have been read. 2003-06-24 17:12:22 +00:00
Dr. Stephen Henson
037f6e73f1 Return EOF when an S/MIME part have been read. 2003-06-24 17:11:44 +00:00
Richard Levitte
4aae637f6c We set the export flag for 512 *bit* keys, not 512 *byte* ones. 
PR: 587
 2003-06-19 18:55:56 +00:00
Richard Levitte
f6b9cd7f82 We set the export flag for 512 *bit* keys, not 512 *byte* ones. 
PR: 587
 2003-06-19 18:55:50 +00:00
Richard Levitte
834ac33a37 dynamic_ctrl() didn't have exactly the same prototype as defined by 
ENGINE_CTRL_FUNC_PTR.
 2003-06-19 16:57:38 +00:00
Richard Levitte
4e9023f4d2 Unsigned vs. signed fixed. 2003-06-19 16:56:48 +00:00
Richard Levitte
0bd71d3b7e Add the application data type to the README. 2003-06-18 07:14:52 +00:00
Richard Levitte
d97322f0e6 Missing string and potential memory leaks. 
Notified by Goetz Babin-Ebell <goetz@shomitefo.de>
 2003-06-18 07:12:28 +00:00
Richard Levitte
b52d512dfa Slightly better check of attributes. Now, mem_list_next can actually stop when the searched for key doesn't have it's attributes within the range of the checked key. 2003-06-12 21:32:54 +00:00
Richard Levitte
a3a2ff4cd9 Beautify 2003-06-12 18:13:27 +00:00
Richard Levitte
8c2786fff7 Do not try to use non-existent gmtime_r() on SunOS4. 
PR: 585
 2003-06-12 00:57:27 +00:00
Richard Levitte
8645c415cf Do not try to use non-existent gmtime_r() on SunOS4. 
PR: 585
 2003-06-12 00:57:25 +00:00
Richard Levitte
1b9f21fdc8 Make sure DSO-dlfcn works properly on SunOS4. 
PR: 585
 2003-06-12 00:51:59 +00:00
Richard Levitte
54bbde3c3f Make sure DSO-dlfcn works properly on SunOS4. 
PR: 585
 2003-06-12 00:51:54 +00:00
Richard Levitte
e666c4599f Add the possibility to have symbols loaded globally with DSO. 2003-06-11 22:42:28 +00:00
Richard Levitte
c78b4f1d3d Remove unused variable 2003-06-11 21:47:21 +00:00
Richard Levitte
6e260c4093 Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[]. 
PR: 617
 2003-06-11 21:22:34 +00:00
Richard Levitte
33862b90bb Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[]. 
PR: 617
 2003-06-11 21:22:30 +00:00
Richard Levitte
54f6451670 Add functionality to set marks on the error stack and to pop all errors to the next mark. 2003-06-11 20:49:58 +00:00
Richard Levitte
25a1259911 Make sure to NUL-terminate the string on end-of-file (and error) 
PR: 643
 2003-06-11 18:43:49 +00:00
Richard Levitte
606c8048a0 Make sure to NUL-terminate the string on end-of-file (and error) 
PR: 643
 2003-06-11 18:43:45 +00:00
Richard Levitte
4eebab0d22 The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting 2003-06-10 04:11:46 +00:00
Richard Levitte
55b12f8641 The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting 2003-06-10 04:11:42 +00:00
Geoff Thorpe
bc63a2ee0e This memset() in the ubsec ENGINE is a bug. Zeroing out the result array 
should not be necessary in any case, but more importantly the result and
input BIGNUMs could be the same, in which case this is clearly a problem.

Submitted by: Jonathan Hersch
Reviewed by: Joe Orton
Approved by: Geoff Thorpe
 2003-06-06 17:53:24 +00:00
Richard Levitte
2ee67f1dad Make sure the sigaction structure and fileno function are properly declared with an ANSI compiler on Solaris (and possibly others). 2003-06-04 09:13:19 +00:00
Richard Levitte
4af3184662 Remove extra ; 2003-06-04 09:11:44 +00:00
Richard Levitte
e31047744a Make sure the function definitions match their declaration. 2003-06-04 09:11:15 +00:00
Richard Levitte
f6eba601b0 Make sure that size_t matches size_t. 2003-06-04 09:10:43 +00:00
Dr. Stephen Henson
476f09712c Really get X509_CRL_CHECK_ALL right this time... 2003-06-04 00:40:47 +00:00
Dr. Stephen Henson
50078051bd Really get X509_CRL_CHECK_ALL right this time... 2003-06-04 00:40:05 +00:00
Dr. Stephen Henson
16c9148220 Move the base64 BIO fixes to 0.9.7-stable 2003-06-03 00:11:37 +00:00
Dr. Stephen Henson
ca82ac1fee Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect 
results if CR+LF straddles the line buffer.
 2003-06-02 17:53:42 +00:00
Dr. Stephen Henson
9d92486cfb Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect 
results if CR+LF straddles the line buffer.
 2003-06-02 17:52:19 +00:00
Dr. Stephen Henson
aff0542844 Stop checking for CRLF when start of buffer is reached. 
Add rest of long line fix which got missed before
 2003-06-02 01:12:01 +00:00
Dr. Stephen Henson
bb41fdb5ec Stop checking for CRLF when start of buffer is reached. 2003-06-02 01:03:08 +00:00
Dr. Stephen Henson
beab098d53 Various S/MIME bug and compatibility fixes. 2003-06-01 20:51:58 +00:00
Dr. Stephen Henson
3410aa1aa8 Various S/MIME bug and compatibility fixes. 2003-06-01 20:45:44 +00:00
Richard Levitte
2a948bd306 Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration 
macros get properly defined.
 2003-05-29 22:22:34 +00:00
Richard Levitte
c4d471552f Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration 
macros get properly defined.
 2003-05-29 22:22:30 +00:00
Richard Levitte
d4e35514ba Have ASFLAGS be defined the same way as CFLAGS 2003-05-29 22:20:57 +00:00
Richard Levitte
01fc834bc9 Have ASFLAGS be defined the same way as CFLAGS 2003-05-29 22:20:47 +00:00
Richard Levitte
f7f8d82aaa PR: 630 
Avoid looking outside the key_data array.
 2003-05-29 20:59:38 +00:00
Richard Levitte
3fd6b9f6d4 PR: 630 
Avoid looking outside the key_data array.
 2003-05-29 20:59:30 +00:00
Lutz Jänicke
83b4f49c0a Move header file inclusion to prevent irritation of users forgetting to 
call "make depend" after enabling or disabling ciphers...
Submitted by: Tal Mozes <talm@cyber-ark.com>

PR: #628
 2003-05-28 19:56:46 +00:00
Lutz Jänicke
828ce10ce7 Move header file inclusion to prevent irritation of users forgetting to 
call "make depend" after enabling or disabling ciphers...
Submitted by: Tal Mozes <talm@cyber-ark.com>

PR: #628
 2003-05-28 19:56:04 +00:00
Dr. Stephen Henson
8939adbad9 PR: 627 
Allocate certificatePolicies correctly if CPS field is absent.

Fix various memory leaks in certificatePolicies.
 2003-05-28 17:28:42 +00:00
Dr. Stephen Henson
60790aff6f PR: 627 
Allocate certificatePolicies correctly if CPS field is absent.

Fix various memory leaks in certificatePolicies.
 2003-05-28 17:28:11 +00:00
Dr. Stephen Henson
ff160dba54 PR: 631 
Submitted by: Doug Sauder <dws+001@hunnysoft.com>

Fix bug in X509V3_get_d2i() when idx in not NULL.
 2003-05-28 16:57:22 +00:00
Dr. Stephen Henson
e19d0ef068 PR: 631 
Submitted by: Doug Sauder <dws+001@hunnysoft.com>

Fix bug in X509V3_get_d2i() when idx in not NULL.
 2003-05-28 16:57:08 +00:00
Richard Levitte
f5f7dffdd1 Make sure to compare unsigned against unsigned. 2003-05-28 10:34:29 +00:00
Richard Levitte
fb5b7317a7 Make sure to compare unsigned against unsigned. 2003-05-28 10:34:04 +00:00
Richard Levitte
457f692eab Fix sign bugs. 
PR: 621
 2003-05-21 14:29:33 +00:00
Richard Levitte
83743ad039 Fix sign bugs. 
PR: 621
 2003-05-21 14:29:13 +00:00
Richard Levitte
163f5b236c Correct signedness 2003-05-21 14:21:26 +00:00
Richard Levitte
e077b5452f Make sure EC_window_bits_for_scalar_size() returns a size_t 2003-05-21 08:40:18 +00:00
Richard Levitte
513c01a591 Make sure EC_window_bits_for_scalar_size() returns a size_t 2003-05-21 08:40:06 +00:00
Richard Levitte
d9a2a89a17 I have no idea how I cut away that piece of text... 2003-05-21 06:50:51 +00:00
Richard Levitte
31939f1544 I don't remember what my thinking was with str_compat.h. Maybe it'll 
come back to me...
 2003-05-20 09:00:59 +00:00
Richard Levitte
9acef3bbd7 Misspelled functions. 2003-05-20 08:50:18 +00:00
Richard Levitte
164bc7dae8 Some misspelled function names. 2003-05-20 08:49:12 +00:00
Richard Levitte
f59c941950 Make the function STORE_new_engine() public. 2003-05-19 23:06:09 +00:00
Richard Levitte
0239876511 Remove certain functions 2003-05-19 23:03:43 +00:00
Dr. Stephen Henson
727ef76ebd Add correct DN entry for serialNumber. 2003-05-07 23:20:58 +00:00
Dr. Stephen Henson
22e6c2524e Add correct DN entry for serialNumber. 2003-05-07 23:20:41 +00:00
Richard Levitte
bca52f7d4e Define the two authentication parameter types for passphrase and 
Kerberos 5 authentications.
 2003-05-07 21:17:30 +00:00
Richard Levitte
48c36fdb2a Add the possibility to hand execution parameters (for example 
authentication material) to the STORE functions.
Suggested by Götz Babin-Ebell <babin-ebell@trustcenter.de>.
 2003-05-07 21:06:15 +00:00
Richard Levitte
54a7ea6f36 DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function 
called downstream that need it to be non-const.  The fact that the RSA_METHOD
functions take the RSA* as a const doesn't matter, it just expresses that
*they* won't touch it.
PR: 602
 2003-05-07 11:38:13 +00:00
Richard Levitte
816d785721 DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function 
called downstream that need it to be non-const.  The fact that the RSA_METHOD
functions take the RSA* as a const doesn't matter, it just expresses that
*they* won't touch it.
PR: 602
 2003-05-07 11:38:10 +00:00
Richard Levitte
742b139f54 Add the possibility to store arbitrary data in a STORE. 
Suggested by Götz Babin-Ebell <babin-ebell@trustcenter.de>.
 2003-05-06 08:02:14 +00:00
Richard Levitte
0e2f5ec2d2 Constify RSA_sign() and RSA_verify(). 
PR: 602
 2003-05-05 13:55:23 +00:00
Richard Levitte
3b30121bd9 Constify RSA_sign() and RSA_verify(). 
PR: 602
 2003-05-05 13:55:18 +00:00
Richard Levitte
9ee789e6c3 Yeah, right, an object file ending with .c, that'll work! 2003-05-03 06:58:08 +00:00
Dr. Stephen Henson
8c5e375c8e Typo. 2003-05-02 11:42:17 +00:00
Dr. Stephen Henson
b9d2d20086 Make DER option work again. 
Fix typo.
 2003-05-02 11:41:40 +00:00
Richard Levitte
b9d7ca9748 It's usually best if the function name matches everywhere... 2003-05-02 07:25:54 +00:00
Richard Levitte
5b194dfbd5 STORE was created 2003, darnit! 2003-05-01 20:44:20 +00:00
Richard Levitte
7f6af7d9db Get the year right... 2003-05-01 20:15:35 +00:00
Richard Levitte
42b2b6a2d5 Provide some extra comments about the STORE_Memory STORE method. 2003-05-01 04:31:12 +00:00
Richard Levitte
d1465bac90 make update 2003-05-01 04:10:32 +00:00
Richard Levitte
3bbb0212f3 Add STORE support in ENGINE. 2003-05-01 03:57:46 +00:00
Richard Levitte
a5db6fa576 Define a STORE type. For documentation, read the entry in CHANGES, 
crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h.
 2003-05-01 03:53:12 +00:00
Richard Levitte
9236b5b013 Define a STORE lock (the STORE type will be committed later). 2003-05-01 03:46:10 +00:00
Richard Levitte
535fba4907 Define the OPENSSL_ITEM structure. 2003-05-01 03:45:18 +00:00
Richard Levitte
1ae0a83bdd Add BUF_strndup() and BUF_memdup(). Not currently used, but I've code 
that uses them that I'll commit in a few days.
 2003-04-29 22:08:57 +00:00
Richard Levitte
7ae46c6761 make update 2003-04-29 21:35:28 +00:00
Richard Levitte
d584fd6b66 Include objects.h to get a correct declaration of OBJ_bsearch_ex(), 
not to mention the OBJ_BSEARCH_* macros.
 2003-04-29 20:46:32 +00:00
Richard Levitte
54dbdd9837 Some variables were uninitialised... 2003-04-29 20:45:36 +00:00
Richard Levitte
26851b6b42 Add an extended variant of sk_find() which returns a non-NULL pointer 
even if an exact match wasn't found.
 2003-04-29 20:30:55 +00:00
Richard Levitte
ea5240a5ed Add an extended variant of OBJ_bsearch() that can be given a few 
flags.
 2003-04-29 20:25:21 +00:00
Bodo Möller
ce8a202831 fix typo 
Submitted by: Nils Larsch
 2003-04-22 12:44:58 +00:00
Bodo Möller
eec7968f18 fix typo 
Submitted by: Nils Larsch
 2003-04-22 08:29:21 +00:00
Richard Levitte
7f0f9f1934 Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances. 
Memory leak fix: RSA_blinding_on() would leave a dangling pointer in
                 rsa->blinding under certain circumstances.
Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.
 2003-04-16 06:25:29 +00:00
Richard Levitte
040c687ce4 Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances. 
Memory leak fix: RSA_blinding_on() would leave a dangling pointer in
                 rsa->blinding under certain circumstances.
Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.
 2003-04-16 06:25:21 +00:00
Richard Levitte
8f09a154e3 Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt() 2003-04-15 13:01:50 +00:00
Richard Levitte
cd1226bc6a Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt() 2003-04-15 13:01:37 +00:00
Richard Levitte
fba1cfa06d The release is tagged, time to work on 0.9.7c. 2003-04-10 20:40:19 +00:00
Richard Levitte
27f7d430ce Forgot to code the status bits for release. This file will be 
retagged.
 2003-04-10 20:29:08 +00:00
Richard Levitte
5964e95c0a Time to release 0.9.7b. 
The tag will be OpenSSL_0_9_7b.
 2003-04-10 20:22:15 +00:00
Richard Levitte
1a0c1f9052 make update 2003-04-10 20:11:09 +00:00
Richard Levitte
f78ae9c0f2 make update. 2003-04-10 20:10:22 +00:00
Dr. Stephen Henson
88ec5a637f Only call redirected rsa_sign or rsa_verify if the pointer is set. 
This allows, for example, a smart card to redirect rsa_sign and keep
the default rsa_verify.
 2003-04-10 01:13:37 +00:00
Dr. Stephen Henson
0b1c00abeb Typo. 2003-04-10 00:04:02 +00:00
Dr. Stephen Henson
75fcbb43a7 Typo. 2003-04-10 00:03:22 +00:00
Richard Levitte
0ae4ad9e9f Include rand.h, so RAND_status() and friends get properly declared. 2003-04-08 11:07:13 +00:00
Richard Levitte
721688c2f8 Include rand.h, so RAND_status() and friends get properly declared. 2003-04-08 11:07:05 +00:00
Richard Levitte
1ed3815650 We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in 
form of unneeded direct calls through the engine pointer..
 2003-04-08 06:02:00 +00:00
Richard Levitte
0b55368306 We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in 
form of unneeded direct calls through the engine pointer..
 2003-04-08 06:01:55 +00:00
Richard Levitte
27310553b1 We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form 
of unneeded includes of openssl/engine.h.
 2003-04-08 06:00:17 +00:00
Richard Levitte
43eb3b0130 We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form 
of unneeded includes of openssl/engine.h.
 2003-04-08 06:00:05 +00:00
Richard Levitte
78490b9cc2 RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function 
pointers should be used.  It doesn't necessarely mean it should go through
the ENGINE framework.
 2003-04-07 19:15:29 +00:00
Richard Levitte
0a861ab7f3 RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function 
pointers should be used.  It doesn't necessarely mean it should go through
the ENGINE framework.
 2003-04-07 19:15:25 +00:00