Commit graph

586 commits

Author SHA1 Message Date
Ben Laurie
2121f15daf Use the right length (reported by Quanhong Wang). 2009-03-03 15:12:56 +00:00
Dr. Stephen Henson
a63bf2c53c Make no-engine work again. 2009-02-15 15:28:18 +00:00
Ben Laurie
b3f3407850 Use new common flags and fix resulting warnings. 2009-02-15 14:08:51 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should
test for them!
2008-12-29 16:11:58 +00:00
Andy Polyakov
5cabcf96e7 Fix "possible loss of data" Win64 compiler warnings. 2008-12-29 12:35:49 +00:00
Bodo Möller
7a76219774 Implement Configure option pattern "experimental-foo"
(specifically, "experimental-jpake").
2008-12-02 01:21:39 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
7b808412c9 Make -DKSSL_DEBUG work again. 2008-11-10 19:08:37 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Ben Laurie
f80921b6a6 Formatting. 2008-11-04 12:06:09 +00:00
Dr. Stephen Henson
70d71f6185 Fix warnings: printf format mismatches on 64 bit platforms.
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
2008-11-02 15:41:30 +00:00
Dr. Stephen Henson
c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed
not used.
2008-11-02 12:50:48 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Andy Polyakov
b444ac3e6f size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
underlying cipher to be size_t-fied, it allows for size_t, signed and
unsigned long. It maintains source and even binary compatibility.
2008-10-31 19:48:25 +00:00
Dr. Stephen Henson
e19106f5fb Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Dr. Stephen Henson
606f6c477a Fix a shed load or warnings:
Duplicate const.
Use of ; outside function.
2008-10-20 15:12:00 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Bodo Möller
2e415778f2 Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.
2008-08-14 21:37:51 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs,
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Dr. Stephen Henson
d4cdbab99b Avoid warnings with -pedantic, specifically:
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
version some time soon.
2008-07-03 19:59:25 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism,
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins...
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Andy Polyakov
ebc06fba67 Bunch of constifications. 2007-10-13 15:51:32 +00:00
Andy Polyakov
71f4ea44eb EVP_*_cfb1 was broken.
PR: 1318
2007-07-08 19:14:02 +00:00
Dr. Stephen Henson
18096abb29 Handle NULL parameter in some EVP utility functions. 2007-05-31 12:39:21 +00:00
Dr. Stephen Henson
e77dbf325f Prepend signature name in dgst output. 2007-05-17 16:19:17 +00:00
Dr. Stephen Henson
e69adea539 New function EVP_PKEY_asn1_copy(). Use default MD if type param is NULL. 2007-05-15 23:52:03 +00:00
Bodo Möller
96afc1cfd5 Add SEED encryption algorithm.
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
18327cd0e4 Copy update callback across when copying EVP_MD_CTX.
Remove unnecessary reference to EVP_MD_CTX in HMAC pkey method.
2007-04-12 13:02:31 +00:00
Dr. Stephen Henson
2022cfe07e New -mac and -macopt options to dgst utility. Reimplement -hmac option in
terms of new API.
2007-04-11 17:20:40 +00:00
Dr. Stephen Henson
74633553a9 Experimental HMAC support via EVP_PKEY_METHOD. 2007-04-11 12:33:06 +00:00
Dr. Stephen Henson
baecb96e8a Fix digest signing so digest type is set after init. 2007-04-08 16:53:50 +00:00
Dr. Stephen Henson
6181f5e404 Preliminary support for signctx/verifyctx callbacks. 2007-04-08 13:03:26 +00:00
Ben Laurie
ab2d91bd6b Don't copy from a nonexistent next. Coverity ID 47. 2007-04-05 17:23:51 +00:00
Dr. Stephen Henson
6e7ca5e1eb Update from stable branch. 2007-02-27 18:43:42 +00:00
Nils Larsch
0d5ac5a738 allow EVP_PKEY_CTX_free(NULL) 2007-02-26 18:32:53 +00:00
Dr. Stephen Henson
52cfa39716 Add -hmac option to dgst from 0.9.7 stable branch. 2007-02-08 19:07:43 +00:00
Dr. Stephen Henson
560b79cbff Constify version strings and some structures. 2007-01-21 13:07:17 +00:00
Nils Larsch
b0ec114685 fix order
PR: 1442
2006-12-21 19:50:48 +00:00
Nils Larsch
06e2dd037e add support for ecdsa-with-sha256 etc. 2006-12-20 08:58:54 +00:00
Nils Larsch
34f0a19309 remove trailing '\'
PR: 1438
2006-12-19 19:49:02 +00:00
Nils Larsch
7806f3dd4b replace macros with functions
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:54:57 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Ben Laurie
84948b39df Fix various warnings. 2006-11-08 09:45:12 +00:00
Dr. Stephen Henson
02c9b66a6c Fix C++ style comments, change assert to OPENSSL_assert, stop warning with
pedantic mode.
2006-08-31 20:56:20 +00:00
Ben Laurie
777c47acbe Make things static that should be. Declare stuff in headers that should be.
Fix warnings.
2006-08-28 17:01:04 +00:00
Dr. Stephen Henson
5c95c2ac23 Fix various error codes to match functions. 2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
29cf84c692 New docs for EVP_Digest{Sign,Verify}*() function. Update existing docs. 2006-07-12 12:31:30 +00:00
Dr. Stephen Henson
b7683e3a5d Allow digests to supply S/MIME micalg values from a ctrl.
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Dr. Stephen Henson
0ee2166cc5 New functions to add and free up application defined signature OIDs. 2006-07-09 16:05:43 +00:00
Dr. Stephen Henson
5ba4bf35c5 New functions to enumerate digests and ciphers. 2006-07-09 00:53:45 +00:00
Andy Polyakov
975efcbaee Typos(?) in HEAD/crypto/evp/p_lib.c. 2006-07-04 20:27:44 +00:00
Dr. Stephen Henson
86207c1960 Make return value from EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() consistent. 2006-07-02 21:12:40 +00:00
Dr. Stephen Henson
944f858021 Fix EVP_PKEY_CTX_dup() to return correct value and handle NULL keys in
the source.
2006-06-27 17:23:24 +00:00
Bodo Möller
dd030860c4 Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-11 01:09:07 +00:00
Bodo Möller
f3dea9a595 Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Dr. Stephen Henson
01b8b3c7d2 Complete EVP_PKEY_ASN1_METHOD ENGINE support. 2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
e18e3eba76 Make update. 2006-06-02 17:54:47 +00:00
Dr. Stephen Henson
1892c8bf97 Extend default method string to include public key methods.
Add missing prototypes.

Fix engine method lookup.
2006-06-02 13:09:59 +00:00
Dr. Stephen Henson
5e428e7d0d Typo. 2006-06-02 12:37:02 +00:00
Dr. Stephen Henson
c9777d2659 Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
implementations and functional reference counting when a context
is allocated, free or copied.
2006-06-02 12:33:39 +00:00
Dr. Stephen Henson
e0c1ea9038 Fix error code. make update 2006-06-01 12:43:39 +00:00
Dr. Stephen Henson
b28dea4e10 New pkey functions for keygen callbacks and retrieving operation type. 2006-05-31 17:34:14 +00:00
Dr. Stephen Henson
3207e61222 Add prototypes, update Win32 ordinals. 2006-05-25 11:44:05 +00:00
Dr. Stephen Henson
3a828611e9 Update EVP_MD_CTX_copy_ex() to use EVP_PKEY_CTX_dup(). 2006-05-25 00:55:00 +00:00
Dr. Stephen Henson
8bdcef40e4 New function to dup EVP_PKEY_CTX. This will be needed to make new signing
functions and EVP_MD_CTX_copy work properly.
2006-05-24 23:49:30 +00:00
Dr. Stephen Henson
91c9e62123 New functions for enchanced digest sign/verify. 2006-05-24 17:30:09 +00:00
Dr. Stephen Henson
0e3453536e Fix warnings. 2006-05-24 13:29:32 +00:00
Dr. Stephen Henson
eaff5a1412 Use size_t for new crypto size parameters. 2006-05-24 12:33:46 +00:00
Dr. Stephen Henson
0965991600 Add ctrl to EVP_MD and EVP_PKEY_CTX to EVP_MD_CTX. These will be used
for enhanced sign/verify operations.
2006-05-22 13:01:01 +00:00
Dr. Stephen Henson
a620626a33 Code tidy. 2006-05-18 18:06:03 +00:00
Dr. Stephen Henson
3ef3e07a49 make update 2006-05-18 17:22:31 +00:00
Dr. Stephen Henson
1631d5f9b9 HMAC OIDs from RFC4231. 2006-05-17 12:27:45 +00:00
Dr. Stephen Henson
6d3a1eac3b Add PRF preference ctrl to ciphers. 2006-05-15 18:35:13 +00:00
Dr. Stephen Henson
b8f702a0af Change builting PBE to use static table. Add entries for HMAC and MD5, GOST. 2006-05-15 17:34:36 +00:00
Dr. Stephen Henson
856640b54f Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-14 18:40:53 +00:00
Dr. Stephen Henson
7f57b076a6 New functions to get key types without dereferncing EVP_PKEY.
More error checking for RSA pmeth.
2006-05-11 21:33:00 +00:00
Dr. Stephen Henson
399a6f0bd1 Update PKCS#7 enveloped data to new API. 2006-05-08 12:44:25 +00:00
Dr. Stephen Henson
03919683f9 Add support for default public key digest type ctrl. 2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
b46343583c Update EVP_PKEY_cmp() and X509_check_private() to return sensible values and
handle unsupported key types.
2006-04-28 12:27:37 +00:00
Dr. Stephen Henson
a78568b7e9 Replace RSA specific PKCS7_RECIP_INFO set up with an public key algorithm
ctrl.
2006-04-27 18:20:34 +00:00
Dr. Stephen Henson
81cebb8b79 Add prototypes and pkey accessor function for EVP_PKEY_CTX. 2006-04-26 11:52:36 +00:00
Dr. Stephen Henson
cddaba8ede Add 'flags' parameter to EVP_PKEY_asn1_meth_new() to set algorithm flags. 2006-04-21 17:38:58 +00:00
Nils Larsch
f8296228f1 as we encrypt every bit separately we need to loop through the number
of bits; thanks to Michael McDougall <mmcdouga@saul.cis.upenn.edu>

PR: 1318
2006-04-20 13:11:52 +00:00
Dr. Stephen Henson
ee1d9ec019 Remove link between digests and signature algorithms.
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
614b448a67 Remove comment from SSLeay days about EVP_PKEY_METHOD. 2006-04-19 12:16:58 +00:00
Dr. Stephen Henson
492a9e2415 Allow public key ASN1 methods to set PKCS#7 SignerInfo structures. 2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
c20276e4ae Fix (most) WIN32 warnings and errors. 2006-04-17 12:08:22 +00:00
Dr. Stephen Henson
9ca7047d71 Provisional support for EC pkey method, supporting ECDH and ECDSA. 2006-04-16 16:15:59 +00:00
Dr. Stephen Henson
b010b7c434 Use more flexible method of determining output length, by setting &outlen
value of the passed output buffer is NULL.

The old method of using EVP_PKEY_size(pkey) isn't flexible enough to cover all
cases where the output length may depend on the operation or the parameters
associated with it.
2006-04-15 18:50:56 +00:00
Dr. Stephen Henson
9dc17a2536 Fix from 0.9.7-stable branch. 2006-04-15 17:43:43 +00:00
Dr. Stephen Henson
ba30bad57b Add functions to allow setting and adding external EVP_PKEY_METHOD. 2006-04-14 12:41:35 +00:00
Dr. Stephen Henson
ffb1ac674c Complete key derivation support. 2006-04-13 20:16:56 +00:00
Dr. Stephen Henson
3be34589e8 Update dependencies. 2006-04-13 13:00:45 +00:00
Dr. Stephen Henson
d87e615209 Add key derivation support. 2006-04-13 12:56:41 +00:00