Commit graph

4318 commits

Author SHA1 Message Date
Bodo Möller
f4681b0864 Use uniformly chosen witnesses for Miller-Rabin test
(by using new BN_pseudo_rand_range function)
2001-09-03 13:01:28 +00:00
Bodo Möller
983495c4b2 Use uniformly chosen witnesses for Miller-Rabin test
(by using new BN_pseudo_rand_range function)
2001-09-03 12:58:16 +00:00
Bodo Möller
931a23a5a5 rearrange #includes because trying to include <crypto/cryptodev.h>
is a bad idea if OPENSSL_OPENBSD_DEV_CRYPTO is not defined
2001-09-03 12:37:13 +00:00
Geoff Thorpe
72849dce81 Convert "max" to "mx" for variable names (brought to my attention by Steve
Henson). Also, reverse a previous change that used an implicit function
pointer cast rather than an explicit data pointer cast in the STACK cleanup
code.
2001-09-02 20:41:34 +00:00
Ben Laurie
2618893114 Make MD functions take EVP_MD_CTX * instead of void *, add copy() function. 2001-09-02 20:05:27 +00:00
Geoff Thorpe
36026dfc01 Note the "ex_data" changes. 2001-09-01 20:20:16 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Geoff Thorpe
3a0799977b First step in fixing "ex_data" support. Warning: big commit log ...
Currently, this change merely addresses where ex_data indexes are stored
and managed, and thus fixes the thread-safety issues that existed at that
level. "Class" code (eg. RSA, DSA, etc) no longer store their own STACKS
and per-class index counters - all such data is stored inside ex_data.c. So
rather than passing both STACK+counter to index-management ex_data
functions, a 'class_index' is instead passed to indicate the class (eg.
CRYPTO_EX_INDEX_RSA). New classes can be dynamically registered on-the-fly
and this is also thread-safe inside ex_data.c (though whether the caller
manages the return value in a thread-safe way is not addressed).

This does not change the "get/set" functions on individual "ex_data"
structures, and so thread-safety at that level isn't (yet) assured.
Likewise, the method of getting and storing per-class indexes has not
changed, so locking may still be required at the "caller" end but is
nonetheless thread-safe inside "ex_data"'s internal implementation.
Typically this occurs when code implements a new method of some kind and
stores its own per-class index in a global variable without locking the
setting and usage of that variable. If the code in question is likely to be
used in multiple threads, locking the setting and use of that index is
still up to the code in question. Possible fixes to this are being
sketched, but definitely require more major changes to the API itself than
this change undertakes.

The underlying implementation in ex_data.c has also been modularised so
that alternative "ex_data" implementations (that control all access to
state) can be plugged in. Eg. a loaded module can have its implementation
set to that of the application loaded it - the result being that
thread-safety and consistency of "ex_data" classes and indexes can be
maintained in the same place rather than the loaded module using its own
copy of ex_data support code and state.

Due to the centralisation of "state" with this change, cleanup of all
"ex_data" state can now be performed properly. Previously all allocation of
ex_data state was guaranteed to leak - and MemCheck_off() had been used to
avoid it flagging up the memory debugging. A new function has been added to
perfrom all this cleanup, CRYPTO_cleanup_all_ex_data(). The "openssl"
command(s) have been changed to use this cleanup, as have the relevant test
programs. External application code may want to do so too - failure to
cleanup will not induce more memory leaking than was the case before, but
the memory debugging is not tricked into hiding it any more so it may
"appear" where it previously did not.
2001-09-01 19:56:46 +00:00
Geoff Thorpe
e19ea55783 Only OPENSSL_free() non-NULL pointers. 2001-09-01 18:37:17 +00:00
Ulf Möller
8716dbea40 undo, didn't work 2001-09-01 05:59:27 +00:00
Ulf Möller
e9bc66c84f *** empty log message *** 2001-09-01 05:30:45 +00:00
Ulf Möller
c078798c60 strsep implementation to allow the file to compile on non-BSD systems
Submitted by: "Brian Havard" <brianh@kheldar.apana.org.au>
2001-09-01 05:05:32 +00:00
Ulf Möller
de73cca923 make update 2001-09-01 04:25:50 +00:00
Ulf Möller
b1051789d6 zlib default was broken on most platforms.
-mcpu=i486 is new as of gcc 2.95, and if you have that, you wouldn't
want to optimize for 486 anyway.
2001-09-01 04:18:00 +00:00
Geoff Thorpe
4db73c1bb8 (A version of) gcc had been giving somewhat odd "trigraph" warnings about
this construct, and Ulf provided the following insight as to why;

> ANSI C compliant compilers must substitute "??)" for "]" because your
> terminal might not have a "]" key if you bought it in the early 1970s.

So we escape the final '?' to avoid this pathological case.
2001-08-28 19:32:16 +00:00
Geoff Thorpe
3ae34e3a8c Ensure that failure to create the BIO in 'CRYPTO_mem_leaks_fp' doesn't
leave memory debugging turned off.
[Spotted by Götz Babin-Ebell]
2001-08-28 15:54:57 +00:00
Ben Laurie
1f3b65801b Fix SSL memory leak. 2001-08-28 13:45:41 +00:00
Geoff Thorpe
5e2c4e23f4 Make sure "CRYPTO_mem_leaks_fp" doesn't itself create a reportable memory
leak.
2001-08-27 22:12:56 +00:00
Geoff Thorpe
35780c2139 "make update" 2001-08-26 21:06:22 +00:00
Geoff Thorpe
ceff5fec5a gcc can't spot that 'derlst' is not used uninitialised, so appease it. 2001-08-26 21:04:21 +00:00
Ben Laurie
4897dc4056 Test digests. 2001-08-26 17:09:31 +00:00
Ben Laurie
35e33f0e52 Add digests. 2001-08-26 17:09:00 +00:00
Geoff Thorpe
a844e27baa Tidy up some code formatting. 2001-08-25 18:01:36 +00:00
Geoff Thorpe
0783bf151c Note the "ERR" changes. 2001-08-25 17:59:13 +00:00
Geoff Thorpe
566bdf2bda This changes the "ERR" code to have all access to state (a hash table of
error strings and a hash table storing per-thread error state) go via an
ERR_FNS function table. The first time an ERR operation occurs, the
implementation that will be used (from then on) is set to the internal
"defaults" implementation if it has not already been set. The actual LHASH
tables are only accessed by this implementation.

This is primarily for modules that can be loaded at run-time and bound into
an application (or a shared-library version of OpenSSL). If the module has
its own statically-linked copy of OpenSSL code - this mechanism allows it
to *not* create and use ERR information in its own linked "ERR" code, but
instead to use and interact with the state stored in the loader
(application or shared library). The loader calls ERR_get_implementation()
and the return value is what the module should use when calling its own
copy of ERR_set_implementation().
2001-08-25 17:51:59 +00:00
Geoff Thorpe
eb6dc02b23 Make a note of the "up" functions. 2001-08-25 17:37:46 +00:00
Geoff Thorpe
78435364ec Changes crypto/evp/ and ssl/ code from directly incrementing reference
counts in DH, DSA, and RSA structures. Instead they use the new "***_up()"
functions that handle this.
2001-08-25 17:28:23 +00:00
Geoff Thorpe
5cbc2e8bc1 Give DH, DSA, and RSA functions to "up" their reference counts. Otherwise,
dependant code has to directly increment the "references" value of each
such structure using the corresponding lock. Apart from code duplication,
this provided no "REF_CHECK/REF_PRINT" checking and violated
encapsulation.
2001-08-25 17:24:21 +00:00
Lutz Jänicke
e7cf7fcd21 Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.) 2001-08-25 11:49:24 +00:00
Lutz Jänicke
a04baf9b5c Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.) 2001-08-25 11:48:35 +00:00
Lutz Jänicke
029fb8aa26 Needed for build on SunOS 4.1.x with gcc (Jeffrey Hutzelman <jhutz@cmu.edu>). 2001-08-25 11:34:53 +00:00
Lutz Jänicke
bb8aab0211 Wording of comment... 2001-08-25 11:33:34 +00:00
Lutz Jänicke
0fbf5f7102 Needed for build on SunOS 4.1.x with gcc (Jeffrey Hutzelman <jhutz@cmu.edu>). 2001-08-25 11:31:19 +00:00
Lutz Jänicke
2cb95a153e More docs. 2001-08-24 14:31:36 +00:00
cvs2svn
20d57547e6 This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_6-stable'.
2001-08-24 14:29:49 +00:00
Lutz Jänicke
f1b2807478 More docs. 2001-08-24 14:29:48 +00:00
Lutz Jänicke
faacb092f8 -passin argument not used when actually loading the key
(found by Massimiliano Pala <madwolf@hackmasters.net>).
2001-08-24 13:33:15 +00:00
Dr. Stephen Henson
b439a74620 Load OCSP responder key before waiting for an incoming
connection so it can prompt for pass phrase on startup
instead of after the first connection.

Add -port switch to usage message.
2001-08-23 23:54:11 +00:00
Dr. Stephen Henson
3132ab8ce6 Add #ifdefs to some devcrypto code 2001-08-23 23:52:38 +00:00
Lutz Jänicke
ea5b10a177 More manual pages, no constification. 2001-08-23 18:50:16 +00:00
Lutz Jänicke
bfd7bb3eb6 Typo. 2001-08-23 17:41:20 +00:00
cvs2svn
dca598b911 This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_6-stable'.
2001-08-23 17:22:44 +00:00
Lutz Jänicke
11c8f0b79d More manual pages. Constify. 2001-08-23 17:22:43 +00:00
Lutz Jänicke
187ebb98ad As discussed recently on openssl-users. 2001-08-23 15:01:36 +00:00
cvs2svn
84712f4f9d This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_6-stable'.
2001-08-23 15:00:12 +00:00
Lutz Jänicke
c4068186ac As discussed recently on openssl-users. 2001-08-23 15:00:11 +00:00
Lutz Jänicke
44366c3713 Make clear, that using the compression layer is currently not recommended. 2001-08-23 09:42:56 +00:00
Lutz Jänicke
0a93a68020 Make clear, that using the compression layer is currently not recommended. 2001-08-23 09:42:12 +00:00
Ulf Möller
f2ab7d1392 typo. 2001-08-22 18:35:17 +00:00
Ben Laurie
c41ab9ade5 More tests. 2001-08-22 16:09:57 +00:00