Commit graph

1533 commits

Author SHA1 Message Date
Dr. Stephen Henson
2fc0d1f15e Add OCSP nonce extension to supported extensions.
This is a little unusual because it can contain no
structure i.e. the extension OCTET STRING content
octets do not contain a DER encoded structure.
2000-12-14 23:27:20 +00:00
Geoff Thorpe
016d7d250a This is an engine contributed by Broadcom - it is meant to support the
BCM5805 and BCM5820 units. So far I've merely taken a skim over the code
and changed a few things from their original contributed source
(de-shadowing variables, removing variables from the header, and
re-constifying some functions to remove warnings). If this gives
compilation problems on any system, please let me know. We will hopefully
know for sure whether this actually functions on a system with the relevant
hardware in a day or two.  :-)
2000-12-14 21:41:55 +00:00
Dr. Stephen Henson
2c15d426b9 New function X509V3_extensions_print() this removes extension duplication
from the print routines.

Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.

Implement some ASN1 functions needed to compile OCSP code.
2000-12-14 18:42:28 +00:00
Bodo Möller
3b28dbce7e The BN_mul bug test apparently is no longer needed 2000-12-14 17:46:36 +00:00
Dr. Stephen Henson
de487514ae New function X509_signature_print() to remove some duplicate
code from certificate, CRL and request printing routines.
2000-12-14 00:53:10 +00:00
Dr. Stephen Henson
06db4253e2 Change the PKCS7 structure to use SEQUENCE OF for the
authenticated attributes: this is used to retain the
original encoding and not break signatures.

Support for a SET OF which reorders the STACK when
encoding a structure. This will be used with the
PKCS7 code.
2000-12-13 23:54:30 +00:00
Dr. Stephen Henson
36f554d43c Replace the old style OCSP ASN1 module. 2000-12-13 18:21:51 +00:00
Richard Levitte
8d28d5f81b Constification of the data of a hash table. This means the callback
functions need to be constified, and therefore meant a number of easy
changes a little everywhere.

Now, if someone could explain to me why OBJ_dup() cheats...
2000-12-13 17:15:03 +00:00
Richard Levitte
53b407da84 Problem: bn_mul_normal() misbehaves if the size of b is 0.
Solution: multiply a with 0, putting the result in r, and return.
2000-12-13 15:29:29 +00:00
Richard Levitte
765e531159 In bn_mul_recursive(), make sure the comba routines are only called
when both a and b are of the exact right size.  This may change to
something better later.
2000-12-13 14:47:06 +00:00
Dr. Stephen Henson
36ac656a1b Stop extension creation code core dumping.
This was caused by no initialising the buffer
to NULL when using the auto allocating version
if i2d.
2000-12-13 13:55:03 +00:00
Dr. Stephen Henson
2aff7727f7 Rewrite the extension code to use an ASN1_ITEM structure
for its ASN1 operations as well as the old style function
pointers (i2d, d2i, new, free). Change standard extensions
to support this.

Fix a warning in BN_mul(), bn_mul.c about uninitialised 'j'.
2000-12-13 13:47:33 +00:00
Geoff Thorpe
d0fa136ce2 Next step in tidying up the LHASH code.
DECLARE/IMPLEMENT macros now exist to create type (and prototype) safe
wrapper functions that avoid the use of function pointer casting yet retain
type-safety for type-specific callbacks. However, most of the usage within
OpenSSL itself doesn't really require the extra function because the hash
and compare callbacks are internal functions declared only for use by the
hash table. So this change catches all those cases and reimplements the
functions using the base-level LHASH prototypes and does per-variable
casting inside those functions to convert to the appropriate item type.

The exception so far is in ssl_lib.c where the hash and compare callbacks
are not static - they're exposed in ssl.h so their prototypes should not be
changed. In this last case, the IMPLEMENT_LHASH_*** macros have been left
intact.
2000-12-08 20:02:01 +00:00
Ulf Möller
15156cce0e bn_part_sub_word prototype. 2000-12-08 19:10:33 +00:00
Dr. Stephen Henson
9d6b1ce644 Merge from the ASN1 branch of new ASN1 code
to main trunk.

Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00
Bodo Möller
8dea52fa42 Fix some things that look like bugs.
One problem that looked like a problem in bn_recp.c at first turned
out to be a BN_mul bug.  An example is given in bn_recp.c; finding
the bug responsible for this is left as an exercise.
2000-12-07 22:06:09 +00:00
Bodo Möller
f7356b677b TEST_MUL and TEST_SQR added. 2000-12-07 11:11:10 +00:00
Bodo Möller
80d89e6a6a Sign-related fixes (and tests).
BN_mod_exp_mont does not work properly yet if modulus m
is negative (we want computations to be carried out
modulo |m|).
2000-12-07 08:48:58 +00:00
Bodo Möller
bc5f2740d2 Move 'q->neg = 0' to those places where it is needed
(just in cases someone uses a negative modulus)
2000-12-07 07:55:26 +00:00
Bodo Möller
aa66eba7c8 BN_mod_sqrt documentation/comment 2000-12-06 21:33:58 +00:00
Ulf Möller
3bb4736289 remove a comment that shouldn't have been there any more 2000-12-06 16:30:23 +00:00
Bodo Möller
bac685417a Faster BN_mod_sqrt algorithm for p == 5 (8). 2000-12-06 12:25:33 +00:00
Bodo Möller
0a52d38b31 Use bc's "print" feature whenever it is available,
not just on certain platforms.
2000-12-06 10:32:55 +00:00
Ulf Möller
a6576c56dd remove useless instruction 2000-12-06 04:48:50 +00:00
Ulf Möller
240f516939 Intel assembler version for bn_sub_part_words(). I haven't got
reliable timings yet, please try it out!
2000-12-06 04:16:38 +00:00
Ulf Möller
ef8f14a882 another fix for the debug print 2000-12-06 04:14:37 +00:00
Ulf Möller
aecb0b018f test_mod_mul is useful, let's run it more often. 2000-12-06 04:14:30 +00:00
Ulf Möller
e4d56bab5b move constants for debug functions to end of file 2000-12-06 00:19:09 +00:00
Bodo Möller
9347ba487c Discuss http://www.shoup.net/papers/oaep.ps.Z 2000-12-05 10:30:21 +00:00
Richard Levitte
c28500900e On Windows, Rainbow uses _stdcall convention under Windows.
Spotted by plin <plin@rainbow.com>
2000-12-05 08:16:25 +00:00
Ulf Möller
e4c5391ddb push the flags too 2000-12-05 06:38:45 +00:00
Ulf Möller
0c34556cbd looks like it works now 2000-12-05 05:39:43 +00:00
Ulf Möller
b50118ca3e save registers in the debug output code (return value is overwritten too) 2000-12-05 05:10:05 +00:00
Ulf Möller
a57ecb95f6 more of the same: add printf() for perlasm. 2000-12-05 04:39:39 +00:00
Ulf Möller
428a55a0fe minor modification to the previous change 2000-12-05 03:57:58 +00:00
Ulf Möller
cc74659fcc PERLASM - the wierdest programming language since Intercal.
add debug output facilities.
2000-12-05 03:51:46 +00:00
Ulf Möller
90e7ce363a Use assert as in the rest of the BN library. 2000-12-05 02:00:40 +00:00
Richard Levitte
6a2347ee45 Remove the last bn_wexpand()s that made us break constness. Of
course, that means we need to handle the cases where the two arrays to
bn_mul_recursive() and bn_mul_part_recursive() differ in size.

I haven't yet changed the comments that describe bn_mul_recursive()
and bn_mul_part_recursive().  I want this to be tested by more people
before I consider this change final.  Please test away!
2000-12-04 17:11:59 +00:00
Bodo Möller
e5164b7041 Change error message to "bignum too long" 2000-12-04 09:24:54 +00:00
Geoff Thorpe
c0e7c3aab9 ANSI C doesn't allow trailing semi-colons after a function's closing brace
so these macros probably shouldn't be used like that at all. So, this
change removes the misleading comment and also adds an implicit trailing
semi-colon to the DECLARE macros so they too don't require one.
2000-12-04 04:52:38 +00:00
Geoff Thorpe
97b1719583 Make the remaining LHASH macro changes. This should leave no remaining
cases of function pointer casting in lh_new() calls - and leave only the
lh_doall and lh_doall_arg cases to be finished.
2000-12-04 03:02:44 +00:00
Bodo Möller
addb309ad6 include <limits.h> 2000-12-03 09:55:08 +00:00
Bodo Möller
152a689cf9 Don't allow BIGNUMs to become so large that computations with dmax
might overflow.
2000-12-03 09:39:04 +00:00
Geoff Thorpe
dfa46e502d Next step in tidying up the LHASH code. This commit defines DECLARE and
IMPLEMENT macros for defining wrapper functions for "hash" and "cmp" callbacks
that are specific to the underlying item type in a hash-table. This prevents
function pointer casting altogether, and also provides some type-safety
because the macro does per-variable casting from the (void *) type used in
LHASH itself to the type declared in the macro - and if that doesn't match the
prototype expected by the "hash" or "cmp" function then a compiler error will
result.

NB: IMPLEMENT macros are not required unless predeclared forms are required
(either in a header file, or further up in a C file than the implementation
needs to be). The DECLARE macros must occur after the type-specific hash/cmp
callbacks are declared. Also, the IMPLEMENT and DECLARE macros are such that
they can be prefixed with "static" if desired and a trailing semi-colon should
be appended (making it look more like a regular declaration and easier on
auto-formatting text-editors too).

Now that these macros are defined, I will next be commiting changes to a
number of places in the library where the casting was doing bad things. After
that, the final step will be to make the analogous changes for the lh_doall
and lh_doall_arg functions (more specifically, their callback parameters).
2000-12-02 23:08:59 +00:00
Richard Levitte
c21c35e6a4 Add a comment to explain the purpose of bn_cmp_part_words(). 2000-12-02 21:16:13 +00:00
Ulf Möller
b26f84cbbd last commit was wrong. Now it works. :) 2000-12-02 20:51:47 +00:00
Ulf Möller
0dba0613ea argl 2000-12-02 19:34:42 +00:00
Ulf Möller
ea1b7fe6d4 forgot to remove the loop variable 2000-12-02 16:20:04 +00:00
Ulf Möller
db88223baa Loops like this one:
if (bp == NULL)
                        for (j=0; j<10000; j++)
                                BN_add(&c,&a,&b);

seem to be pretty useless, and bp never is NULL anyway.
2000-12-02 16:13:27 +00:00
Ulf Möller
111482cf2e New function BN_bntest_rand() to detect more BN library bugs.
The bn_cmp_part_words bug was only caught in the BN_mod_mul() test,
not in the BN_mul() test, so apparently the choice of parameters in
some cases is bad.
2000-12-02 07:32:57 +00:00
Ulf Möller
52a1bab2d9 Fix bn_cmp_part_words() and move it to bn_lib.c. 2000-12-02 07:28:43 +00:00
Geoff Thorpe
385d81380c First step in tidying up the LHASH code. The callback prototypes (and
casts) used in the lhash code are about as horrible and evil as they can
be. For starters, the callback prototypes contain empty parameter lists.
Yuck.

This first change defines clearer prototypes - including "typedef"'d
function pointer types to use as "hash" and "compare" callbacks, as well as
the callbacks passed to the lh_doall and lh_doall_arg iteration functions.
Now at least more explicit (and clear) casting is required in all of the
dependant code - and that should be included in this commit.

The next step will be to hunt down and obliterate some of the function
pointer casting being used when it's not necessary - a particularly evil
variant exists in the implementation of lh_doall.
2000-12-01 20:31:52 +00:00
Bodo Möller
5a12df5c40 functionality for BN_mod_sqrt timings 2000-12-01 09:41:21 +00:00
Bodo Möller
b5a25a430a "make depend" 2000-12-01 08:48:42 +00:00
Bodo Möller
8df788c97f COMP_zlib should always be declared, even if it is not functional.
Don't dump core in ssltest.
2000-11-30 23:41:58 +00:00
Bodo Möller
12cfcc128c Fix the recently introduced test that checks if the result is 0 2000-11-30 22:58:27 +00:00
Richard Levitte
f9b3bff6f7 First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu> 2000-11-30 22:53:34 +00:00
Bodo Möller
fc2e05c2d5 Fix BN_rshift, which caused lots of trouble. 2000-11-30 22:34:57 +00:00
Bodo Möller
b2993bdea1 Remove randomness from the test. These constants give me a segment
violation in test_kron on a 32 bit system.
2000-11-30 21:03:13 +00:00
Bodo Möller
470fa98f8a BN_mod_exp(r,a,p,m,ctx) should not be called with r == p.
But even if this is avoided, there are still segmentation violations
(during one of the BN_free()s at the end of test_kron
in some cases, in other cases during BN_kronecker, or
later in BN_sqrt; choosing a different exponentiation
algorithm in bntest.c appears to influence when the SIGSEGV
takes place).
2000-11-30 20:03:24 +00:00
Bodo Möller
de6e207db6 It's "#elif", not "#elsif". 2000-11-30 19:35:51 +00:00
Richard Levitte
1363155145 A few bug fixes for Windows. 2000-11-30 17:41:01 +00:00
Bodo Möller
db5bda670f Changes to Lenka's Montgomery implementation.
Submitted by: Lenka Fibikova
2000-11-30 17:35:17 +00:00
Bodo Möller
19cda70045 Corrections to the comments in BN_mod_inverse. 2000-11-30 12:53:53 +00:00
Richard Levitte
a4614bf06d COMP_METHOD has a new argument since some time back... 2000-11-30 12:18:10 +00:00
Richard Levitte
c4438dc0e5 Change c_zlib further to allow loading a shared zlib on all operating
systems where such an operation is supported.
2000-11-30 11:56:00 +00:00
Bodo Möller
04ca16890b BN_mod_exp problems ... 2000-11-30 11:47:04 +00:00
Richard Levitte
20f88b9bd4 Changes to c_zlib.c to make ZLIB.DLL dynamically loadable under
Windows.  Really, this should probably be done on Unix as well, but
that will be a later story...
2000-11-30 10:25:45 +00:00
Bodo Möller
25439b76ad Move reduction step from BN_mod_exp to BN_mod_exp_mont_word.
Fix BN_mod_exp_simple for a==0 (mod m).
Skip useless round in BN_mod_sqrt (1 is always a square, no need
to test BN_kronecker for it).
2000-11-30 09:45:26 +00:00
Bodo Möller
ac445acf69 bn_modfs.c is no longer needed, a BN_sqrt implementation
exists in bn_sqrt.c now
2000-11-30 00:43:41 +00:00
Bodo Möller
77ac92d00a Fix bntest.c problem -- one of the primes got lost 2000-11-30 00:37:49 +00:00
Bodo Möller
73c2522c7c Handle special cases correctly in exponentation functions.
test_bn still fails in the BN_sqrt test because
small primes appear to turn into zero for no
obvious reason, leading to "div by zero" errors.
2000-11-30 00:33:18 +00:00
Bodo Möller
6b5d39e82d BN_mod_sqrt 2000-11-30 00:20:20 +00:00
Bodo Möller
cd2eebfd64 BN_sqrt 2000-11-30 00:18:19 +00:00
Bodo Möller
01e62900c7 BN_legendre is no longer needed now that OpenSSL has BN_kronecker. 2000-11-29 19:59:59 +00:00
Geoff Thorpe
d50f1bdfac Do to DH and DSA what has already been done to RSA. This involves moving
the initialisation and cleanup of "ex_data" elements to before an init()
handler and after a finish() handler respectively.
2000-11-29 19:59:45 +00:00
Bodo Möller
eb1f1b0a34 Fix BN_kronecker so that it works correctly if 'a' is negative
(we need the two's complement of BN_lsw then).
2000-11-29 19:26:33 +00:00
Bodo Möller
14697d9d6d BN_to_montgomery expects its inputs to be in the interval 0 .. modulus-1,
so we have to reduce the random numbers used in test_mont.

Before this change, test_mont failed in [debug-]solaris-sparcv9-gcc
configurations ("Montgomery multiplication test failed!" because
the multiplication result obtained with Montgomery multiplication
differed from the result obtained by BN_mod_mul).
Substituing the old version of bn_gcd.c (BN_mod_inverse) did not avoid
the problem.

The strange thing is that it I did not observe any problems
when using debug-solaris-sparcv8-gcc and solaris-sparcv9-cc,
as well as when compiling OpenSSL 0.9.6 in the solaric-sparcv9-gcc
configuration on the same system.
2000-11-29 18:08:24 +00:00
Ulf Möller
c1db5bfc08 fix for Borland C 2000-11-29 16:43:50 +00:00
Bodo Möller
429b8162c6 add missing braces 2000-11-29 16:43:03 +00:00
Bodo Möller
03a0848922 Fix warnings in expspeed.c (but the segmentation fault remains)
Improve readability of bn_shift.c.

Add comment in bn_lib.c (why zero data between top and max?)

Change bntest.c output for BN_kronecker test
2000-11-29 13:40:08 +00:00
Bodo Möller
9161672950 BN_bin2bn did *not* contain an off-by-one error;
I'm still investigating what caused the segementation fault
(maybe "make clean; make" will cure it ...).
But BN_bin2bn should always reset ret->neg.
2000-11-29 12:53:41 +00:00
Bodo Möller
a08bcccc67 Expand expspeed.c to make BN_kronecker timings.
This caused a segmentation fault in calls to malloc, so I cleaned up
bn_lib.c a little so that it is easier to see what is going on.
The bug turned out to be an off-by-one error in BN_bin2bn.
2000-11-29 12:32:10 +00:00
Bodo Möller
bdec3c5323 Implement BN_kronecker test.
Modify "CHANGES" entry for BN_mod_inverse (it's not just avoiding BN_div
that increases performance, avoiding BN_mul also helps)
2000-11-29 11:06:50 +00:00
Bodo Möller
b6cafbd7d8 Make BN_mod_inverse a little faster 2000-11-29 09:57:13 +00:00
Bodo Möller
499e167fda Improve BN_mod_inverse performance.
Get the BN_mod_exp_mont bugfix (for handling negative inputs) correct
this time.
2000-11-29 09:41:19 +00:00
Richard Levitte
0135e33511 Copy and paste error... bn_add_part_words() should of course call
bn_add_words(), not bn_sub_words()...
2000-11-29 09:36:48 +00:00
Ulf Möller
fe8686ba4b use standard C 2000-11-29 00:07:07 +00:00
Bodo Möller
adcc64cd9e Use BN_pseudo_rand instead of BN_rand 2000-11-28 11:49:12 +00:00
Bodo Möller
c94b6de017 Timings. 2000-11-28 11:47:51 +00:00
Richard Levitte
f1d6f64c8e Addapt to added files in the BIGNUM section 2000-11-28 10:20:02 +00:00
Bodo Möller
d79cab27a5 Correct a bug in BN_kronecker.
Sketch the test for BN_kronecker.
2000-11-28 07:53:35 +00:00
Bodo Möller
c782089611 Add test_kron function, which will contain a test for BN_kronecker. 2000-11-28 06:41:05 +00:00
Bodo Möller
265592b99a Add bn_kron.c (BN_kronecker), which I forgot in the previous commit.
Also add the next file in advance so that I can't forget this one :-)
2000-11-28 06:37:43 +00:00
Bodo Möller
077ff61eef Undo previous commit, which was an accident. 2000-11-27 21:22:45 +00:00
Bodo Möller
dcbd0d74d5 Fix BN_is_... macros.
Fix BN_gcd.
Analyze BN_mod_inverse.
Add BN_kronecker.
"make update".
2000-11-27 21:17:20 +00:00
Bodo Möller
1ec0a3862e Change submitted files so that they compile (in particular,
use BN_CTX_start/get/end instead of accessing ctx->tos).

Change indentation to "EAY" style.
2000-11-26 19:20:56 +00:00
Bodo Möller
946cd9a540 Change submitted files so that they compile (in particular,
use BN_CTX_start/get/end instead of accessing ctx->tos).

Change indentation to "EAY" style.
2000-11-26 19:13:52 +00:00
Geoff Thorpe
7abe830501 Ensure that the "ex_data" member of an RSA structure is initialised before
the RSA_METHOD's "init()" handler is called, and is cleaned up after the
RSA_METHOD's "finish()" handler is called. Custom RSA_METHODs may wish to
initialise contexts and other specifics in the RSA structure upon creation
and that was previously not possible - "ex_data" is where that stuff
should go and it was being initialised too late for it to be used.
2000-11-26 18:34:45 +00:00
Bodo Möller
5acaa49504 More BN_mod_... functions. 2000-11-26 18:31:32 +00:00
Bodo Möller
535b9b5724 Add bn_mod.c (should have happend in the previous commit ...).
BN_swap manual page.
2000-11-26 16:46:57 +00:00
Bodo Möller
78a0c1f18d modular arithmetics
"make update"
2000-11-26 16:42:38 +00:00
Bodo Möller
6cc5e19d47 Remove CR at line ends. 2000-11-26 12:55:19 +00:00
Bodo Möller
7e0c5264e7 Elliptic curves over GF(p), new BIGNUM functions, Montgomery re-implementation.
These new files will not be included literally in OpenSSL, but I intend
to integrate most of their contents.  Most file names will change,
and when the integration is done, the superfluous files will be deleted.

Submitted by: Lenka Fibikova <fibikova@exp-math.uni-essen.de>
2000-11-26 12:12:35 +00:00
Richard Levitte
73343ac38a Correct a number of syntax errors. 2000-11-22 18:20:31 +00:00
Richard Levitte
01412ec600 Addapt the VMS scripts to the changes in the Makefiles. 2000-11-22 04:54:06 +00:00
Richard Levitte
c4f3542abf Reimplement bn_div_words, bn_add_words and bn_sub_words for VAX.
I'm a little bit nervous about bn_div_words, as I don't know what it's
supposed to return on overflow.  For now, I trust the rest of the
system to give it numbers that will not cause any overflow...
2000-11-21 23:32:38 +00:00
Richard Levitte
c799770060 Avoid getting warnings about unary - being used on unsigned integer. 2000-11-21 23:29:55 +00:00
Ben Laurie
646d56956b Better handling of EVP names, add EVP to speed. 2000-11-20 04:14:19 +00:00
Richard Levitte
0cc1115643 Make sure bs is assigned NULL when it's free'd, or there will be an
(incorrect) attempt to free it once more...
2000-11-19 14:14:52 +00:00
Richard Levitte
baa257f1ed Remove two bn_wexpand() from BN_mul(), which is a step toward getting
BN_mul() correctly constified, avoids two realloc()'s that aren't
really necessary and saves memory to boot.  This required a small
change in bn_mul_part_recursive() and the addition of variants of
bn_cmp_words(), bn_add_words() and bn_sub_words() that can take arrays
with differing sizes.

The test results show a performance that very closely matches the
original code from before my constification.  This may seem like a
very small win from a performance point of view, but if one remembers
that the variants of bn_cmp_words(), bn_add_words() and bn_sub_words()
are not at all optimized for the moment (and there's no corresponding
assembler code), and that their use may be just as non-optimal, I'm
pretty confident there are possibilities...

This code needs reviewing!
2000-11-18 22:58:26 +00:00
Richard Levitte
e06cc57118 Remove a declaration for a function that does not exist. 2000-11-18 20:52:14 +00:00
Richard Levitte
0450d28759 Make the definition of bn_add_words() match the definition. 2000-11-18 20:49:02 +00:00
Richard Levitte
227385b719 Make sure BN_DIV2W is not defining when defining it, and remove the
declarations of bn_add_part_words() and bn_sub_part_words() since they
do not exist.
2000-11-17 12:01:55 +00:00
Bodo Möller
28fd5c60de Constify bn_dump1 implementation so that it matches the prototype
in bn.h
2000-11-17 08:36:10 +00:00
Richard Levitte
cbd48ba626 More constification of the BN library. 2000-11-16 22:43:32 +00:00
Richard Levitte
67d93e6f49 Make sure to print the BN counting (BN_COUNT) to stderr instead of
stdout.  bc gets so confused by bean counts.
2000-11-16 22:42:39 +00:00
Richard Levitte
afb83c45e6 Oops, when I clean, I should do it thoroughly. 2000-11-16 22:41:26 +00:00
Richard Levitte
43fcc1b096 I've checked again and again. There really is no need to expand a to
4 times it's size when bn_sqr_recursive() won't look farther than the
original length.  Thereby, constification is no longer a problem.
2000-11-16 21:35:41 +00:00
Geoff Thorpe
8bfc8f934f I have no idea how this comment got there, but it's certainly not
applicable to ENGINE_ctrl()
2000-11-16 00:17:11 +00:00
Geoff Thorpe
ef02b10a16 Many applications that use OpenSSL with ENGINE support might face a
situation where they've initialised the ENGINE, loaded keys (which are then
linked to that ENGINE), and performed other checks (such as verifying
certificate chains etc). At that point, if the application goes
multi-threaded or multi-process it creates problems for any ENGINE
implementations that are either not thread/process safe or that perform
optimally when they do not have to perform locking and other contention
management tasks at "run-time".

This defines a new ENGINE_ctrl() command that can be supported by engines
at their discretion. If ENGINE_ctrl(..., ENGINE_CTRL_HUP,...) returns an
error then the caller should check if the *_R_COMMAND_NOT_IMPLEMENTED error
reason was set - it may just be that the engine doesn't support or need the
HUP command, or it could be that the attempted reinitialisation failed. A
crude alternative is to ignore the return value from ENGINE_ctrl() (and
clear any errors with ERR_clear_error()) and perform a test operation
immediately after the "HUP". Very crude indeed.

ENGINEs can support this command to close and reopen connections, files,
handles, or whatever as an alternative to run-time locking when such things
would otherwise be needed. In such a case, it's advisable for the engine
implementations to support locking by default but disable it after the
arrival of a HUP command, or any other indication by the application that
locking is not required. NB: This command exists to allow an ENGINE to
reinitialise without the ENGINE's functional reference count having to sink
down to zero and back up - which is what is normally required for the
finish() and init() handlers to get invoked. It would also be a bad idea
for engine_lib to catch this command itself and interpret it by calling the
engine's init() and finish() handlers directly, because reinitialisation
may need special handling on a case-by-case basis that is distinct from a
finish/init pair - eg. calling a finish() handler may invalidate the state
stored inside individual keys that have already loaded for this engine.
2000-11-16 00:15:50 +00:00
Ulf Möller
60b8607727 ignore 2000-11-14 19:18:31 +00:00
Richard Levitte
159564ae9f Modify () to (void), since that's what is actually defined in the
engine structure, and some ANSI C compilers will complain otherwise.
2000-11-14 15:33:06 +00:00
Richard Levitte
cd1bf28e2c Two OCSP functions that aren't yet implemented. 2000-11-14 13:50:42 +00:00
Richard Levitte
820aaa5fc5 Typo, was "time" instead of "tim".
Caught by Jeffrey Altman <jaltman@columbia.edu>
2000-11-14 10:52:16 +00:00
Ulf Möller
6a8ba34f9d in some new file names the first 8 characters were not unique 2000-11-12 22:32:18 +00:00
Richard Levitte
3d6001f7b9 Enhance granularity on what I want to debug for the moment by changing
LEVITTE_DEBUG to LEVITTE_DEBUG_MEM.
2000-11-12 18:25:30 +00:00
Ben Laurie
757e392d4e Make Rijndael work! Those long flights have some good points. 2000-11-12 02:13:38 +00:00
Ben Laurie
2f9f0c72de Make this stuff compile. 2000-11-12 02:11:13 +00:00
Bodo Möller
e1a8ac495b tmp2 is not used in BN_mod_mul_montgomery. 2000-11-09 16:39:01 +00:00
Richard Levitte
0b5806b5f5 Really stupid glitch (a comment not properly ended) fixed. 2000-11-08 18:10:35 +00:00
Richard Levitte
ccb9643f02 Remove references to RSAref. The glue library is but a memory to fade
away now...
2000-11-08 17:51:37 +00:00
Bodo Möller
7f7b8d6871 BN_CTX-related fixes. 2000-11-08 10:05:34 +00:00
Richard Levitte
bb7e632aef Constification of LHASH. Contributed by "Paul D. Smith" <psmith@gnu.org>
I didn't apply all his patches yet, since I have some hesitance about
unconstifying.  To be pondered.
2000-11-07 23:43:21 +00:00
Richard Levitte
f971ccb264 Constify DH-related code. 2000-11-07 14:30:37 +00:00
Richard Levitte
a4aba800d9 Constify DSA-related code. 2000-11-07 13:54:39 +00:00
Richard Levitte
669cefdd35 Make sure ERR_get_error() is declared. 2000-11-07 13:53:21 +00:00
Richard Levitte
7be7c2eda5 A few more constifications of some RSA routines that I forgot
yesterday.
2000-11-07 13:49:46 +00:00
Richard Levitte
74489a3668 When ENGINE_by_id() couldn't find the given engine id, it generates an
error.  When checking like engine_add() is, those errors are actually
good, so remove them.
2000-11-07 13:21:09 +00:00
Richard Levitte
e06433d9ba shl_load() also needs to load along a path given through an
environment variable, SHLIB_PATH.  This change makes that possible.
2000-11-07 11:25:26 +00:00
Bodo Möller
e0bf5c11ea Handle BN_copy failure after successful BN_new. 2000-11-07 09:39:51 +00:00
Bodo Möller
58f0f52e67 handle the case when BN_new returns NULL 2000-11-07 09:35:19 +00:00
Richard Levitte
bbbc96a87e Constification of CRYPTO_get_ex_data() needed for the sake of
RSA_get_ext_data().
2000-11-06 23:24:59 +00:00
Richard Levitte
7081f3bd89 Constify the RSA parts of the ASN.1 library. Note some ugly casts
that are needed in the ASN.1 macros.  Hopefully, we can get rid of
those in an elegant way in the future.
2000-11-06 23:04:15 +00:00
Richard Levitte
0413ba429c Constify the RSA library. 2000-11-06 22:49:05 +00:00
Richard Levitte
29c1f0615b Constify the RSA library. 2000-11-06 22:34:17 +00:00
Richard Levitte
10e473e930 As a consequence of the BIGNUM constification, the ENGINE code needs a
few small constifying changes, and why not throw in a couple of extras
while I'm at it?
2000-11-06 22:15:50 +00:00
Richard Levitte
020fc820dc Constify the BIGNUM routines a bit more. The only trouble were the
two functions that did expansion on in parameters (BN_mul() and
BN_sqr()).  The problem was solved by making bn_dup_expand() which is
a mix of bn_expand2() and BN_dup().
2000-11-06 21:15:54 +00:00
Richard Levitte
bc8a9f1f0f mode used too early in EVP_PKEY_save_parameters.
Spotted by Ken Lalonde <ken@torus.ca>
2000-11-06 21:12:21 +00:00
Ulf Möller
361c7f2b52 Set the CryptoAPI randomness estimate back to 0.
The randomness may not actually be very good (we don't know).
2000-11-04 03:33:26 +00:00