Commit graph

7081 commits

Author SHA1 Message Date
Geoff Thorpe
c465e7941e This is the least unacceptable way I've found for declaring the bignum data
and structures as constant without having to cast away const at any point.
There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy,
but crypto/bn/ is now ok. Purists are welcome to suggest alternatives.
2003-11-04 00:29:09 +00:00
Richard Levitte
933398f110 Engines are usually binary, and should therefore be in INSTALLTOP
rather than OPENSSLDIR.
2003-10-31 10:48:48 +00:00
Richard Levitte
cfd06a6223 Let exit codes propagate from within for loops. 2003-10-31 06:58:24 +00:00
Geoff Thorpe
a9fd78f9da bn_div() does some pretty nasty things with temporary variables,
constructing BIGNUM structures with pointers offset into other bignums
(among other things). This corrects some of it that is too plainly insane,
and tries to ensure that bignums are normalised when passed to other
functions.
2003-10-31 01:35:16 +00:00
Geoff Thorpe
5f747c7f4b When a BN_CTX is used for temporary workspace, the variables are sometimes
left in an inconsistent state when they are released for later reuse. This
change resets the BIGNUMs when they are released back to the context.
2003-10-30 01:07:56 +00:00
Geoff Thorpe
c4db1a8b5c This fixes a couple of cases where an inconsistent BIGNUM could be passed as
input to a function.
2003-10-30 01:03:31 +00:00
Geoff Thorpe
f7939fcd9a make update 2003-10-29 23:25:52 +00:00
Geoff Thorpe
d531c9014d Tighten up my compiler settings. 2003-10-29 23:25:34 +00:00
Geoff Thorpe
aca95e0b2f Remove a line that was causing redundant declarations.
Obtained from: Stephen Henson <steve@openssl.org>
2003-10-29 22:55:19 +00:00
Geoff Thorpe
bc3c578208 Copy-n-paste bug (don't mix variable declarations and code). This sets the
callback structure just before it is needed.
2003-10-29 22:30:45 +00:00
Geoff Thorpe
06e4024d98 Oops, this file already had the "empty source file" workaround but it
requires -DPEDANTIC and was hidden at the bottom of the file. This moves it
to the top and removes the redundant declaration.
2003-10-29 22:25:04 +00:00
Geoff Thorpe
8087d8f7ea Make md32_common.h friendlier to compiler warnings.
Obtained from: Andy Polyakov <appro@openssl.org>
2003-10-29 20:55:03 +00:00
Geoff Thorpe
31166ec8f3 Some provisional bignum debugging has begun to detect inconsistent BIGNUM
structures being passed in to or out of API functions, and this corrects a
couple of cases found so far.

Also, lop off a couple of bytes of white-space.
2003-10-29 20:47:49 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Geoff Thorpe
2ce90b9b74 BN_CTX is opaque and the static initialiser BN_CTX_init() is not used
except internally to the allocator BN_CTX_new(), as such this deprecates
the use of BN_CTX_init() in the API. Moreover, the structure definition of
BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.

NDEBUG should probably only be "forced" in the top-level configuration, but
until it is I will avoid removing it from bn_ctx.c which might surprise
people with massive slow-downs in their keygens. So I've left it in
bn_ctx.c but tidied up the preprocessor logic a touch and made it more
tolerant of debugging efforts.
2003-10-29 18:04:37 +00:00
Richard Levitte
db5b10fab5 Removing those memcpy()s also took away the possibility for in and out to
be the same.  Therefore, the removed memcpy()s need to be restored.
2003-10-29 06:21:25 +00:00
Richard Levitte
4e952ae4fc Removing those memcpy()s also took away the possibility for in and out to
be the same.  Therefore, the removed memcpy()s need to be restored.
2003-10-29 06:21:22 +00:00
Geoff Thorpe
db59141467 remove accidentally committed debugging cruft. 2003-10-29 05:35:31 +00:00
Geoff Thorpe
8a66d17899 Remove an unnecessary cast that causes certain compilers (eg. mine) some
confusion. Also silence a couple of signed/unsigned warnings.
2003-10-29 05:00:57 +00:00
Geoff Thorpe
2eeaa0261e Remove redundant declaration. 2003-10-29 04:58:23 +00:00
Geoff Thorpe
8dc344ccbf Relax some over-zealous constification that gave some lhash-based code no
choice but to have to cast away "const" qualifiers from their prototypes.
This does not remove constification restrictions from hash/compare
callbacks, but allows destructor commands to be run over a tables' elements
without bad casts.
2003-10-29 04:57:05 +00:00
Geoff Thorpe
6bcd3f903a Comments out some unimplemented functions instead of redeclaring them. 2003-10-29 04:42:29 +00:00
Geoff Thorpe
40f935f5b4 Avoid "empty source file" warnings. 2003-10-29 04:41:19 +00:00
Geoff Thorpe
0991f07034 For whatever reason (compiler or header bugs), at least one commonly-used
linux system (namely mine) chokes on our definitions and uses of the "HZ"
symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast"
(when in fact there is no function casting involved at all). In both cases,
it is easily worked around by not defining a cast into the macro and
jiggling the expressions slightly.

In addition - this highlights some cruft in openssl that needs sorting out.
The tmdiff.h header is exported as part of the openssl API despite the fact
that it is ugly as the driven sludge and not used anywhere in the library,
applications, or utilities. More weird still, almost identical code exists
in apps/speed.c though it looks to be slightly tweaked - so either tmdiff
should be updated and used by speed.c, or it should be dumped because it's
obviously not useful enough.

Rather than removing it for now, I've changed the API for tmdiff to at
least make sense. This involves taking the object type (MS_TM) from the
implementation and using it in the header rather than using "char *" in the
API and casting mercilessly in the code (ugh). If someone doesn't like
"MS_TM" and the "ms_time_***" naming, by all means change it. This should
be a harmless improvement, because the existing API is clearly not very
useful (eg. we reimplement it rather than using it in our own utils).

However, someone still needs to take a hack at consolidating speed.c and
tmdiff.[ch] somehow.
2003-10-29 04:40:13 +00:00
Geoff Thorpe
2aaec9cced Update any code that was using deprecated functions so that everything builds
and links with OPENSSL_NO_DEPRECATED defined.
2003-10-29 04:14:08 +00:00
Geoff Thorpe
9d473aa2e4 When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should
be) precompiled out in the API headers. This change is to ensure that if
it is defined when compiling openssl, the deprecated functions aren't
implemented either.
2003-10-29 04:06:50 +00:00
Geoff Thorpe
6145b0b183 The "cryptodev" engine preprocessor logic used undefined symbols in
comparisons. It's better not to allow this, because it gives false
positives when using compiler warnings that detect mistyped symbols.
2003-10-29 04:00:14 +00:00
Geoff Thorpe
2a85f77146 Add my own debug config target. 2003-10-28 22:57:18 +00:00
Geoff Thorpe
66b82f5aad make update 2003-10-28 22:10:47 +00:00
Geoff Thorpe
12bdceac8a Ignore derived file. 2003-10-28 17:26:46 +00:00
Geoff Thorpe
aea293e3bc crypto/evp/evptests.txt is copied to tests/ rather than symlinked because
of windows (see checkin 1.75 of crypto/evp/Makefile.ssl), so quiet cvs
noise for the copied version.
2003-10-28 17:24:29 +00:00
Geoff Thorpe
8ad7e3ad2a Remove duplicate prototypes have already been (correctly) added to rsa.h,
as this is already included by x509.h anyway.
2003-10-24 16:17:11 +00:00
Richard Levitte
fa5846e58b Correct serious bug in AES-CBC decryption when the message length isn't
a multiple of AES_BLOCK_SIZE.
Optimize decryption of all complete blocks in AES-CBC by removing an
unnecessary memcpy().

The error was notified by James Fernandes <jf210032@exchange.DAYTONOH.NCR.com>.
The unnecessary memcpy() was found as an effect of investigating that error.
2003-10-15 09:00:18 +00:00
Richard Levitte
0b6956b474 Correct serious bug in AES-CBC decryption when the message length isn't
a multiple of AES_BLOCK_SIZE.
Optimize decryption of all complete blocks in AES-CBC by removing an
unnecessary memcpy().

The error was notified by James Fernandes <jf210032@exchange.DAYTONOH.NCR.com>.
The unnecessary memcpy() was found as an effect of investigating that error.
2003-10-15 09:00:14 +00:00
Richard Levitte
0bb6187e71 The object file is o_str.o, not o_str.c.
Thanks to Peter Sylvester <Peter.Sylvester@EdelWeb.fr> for the notification.
2003-10-13 11:34:40 +00:00
Dr. Stephen Henson
c5a5546389 Add support for digested data PKCS#7 type. 2003-10-11 22:11:45 +00:00
Dr. Stephen Henson
79e4022a33 Simplify cipher and digest lookup in PKCS#7 code. 2003-10-11 16:47:44 +00:00
Dr. Stephen Henson
77fe058c10 Simplify cipher and digest lookup in PKCS#7 code. 2003-10-11 16:46:40 +00:00
Dr. Stephen Henson
8d9086dfa2 New function to initialize a PKCS7 structure of type other. 2003-10-10 23:40:47 +00:00
Dr. Stephen Henson
0602abf5bd Initialize digested data type in PKCS7_set_type(). 2003-10-10 23:31:53 +00:00
Dr. Stephen Henson
caf044cb3e Retrieve correct content to sign when the
type is "other".
2003-10-10 23:25:43 +00:00
Dr. Stephen Henson
80986c9ced Retrieve correct content to sign when the
type is "other".
2003-10-10 23:24:10 +00:00
Dr. Stephen Henson
a08ced78c8 Avoid warnings: add missing prototype, don't shadow. 2003-10-10 23:07:24 +00:00
Richard Levitte
ede7c28eb7 In realloc, don't destroy the old memory area if a new one couldn't be
allocated.
Notified by Daniel Lucq <daniel@lucq.org>
2003-10-07 12:09:42 +00:00
Richard Levitte
83eb412da8 In realloc, don't destroy the old memory area if a new one couldn't be
allocated.
Notified by Daniel Lucq <daniel@lucq.org>
2003-10-07 12:09:39 +00:00
Richard Levitte
4d1c443123 make update 2003-10-06 12:22:42 +00:00
Richard Levitte
f44e184ec6 s_client should inform the user of any compression/expansion methods used. 2003-10-06 12:19:38 +00:00
Richard Levitte
377dcdba44 Add functionality to get information on compression methods (not quite complete). 2003-10-06 12:18:39 +00:00
Richard Levitte
8242354952 Make sure int SSL_COMP_add_compression_method() checks if a certain
compression identity is already present among the registered
compression methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
2003-10-06 11:00:15 +00:00
Richard Levitte
c40b9bdefb Setting the ex_data index is unsafe in a threaded environment, so
let's wrap it with a lock.
2003-10-06 09:09:44 +00:00