form '#if defined(...) || defined(...) || ...' and '#if !defined(...)
&& !defined(...) && ...'. This also avoids the growing number of
special cases it was previously handling (some of them wrongly).
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.
Fix typo in uid.c
Make ca.c correctly initialize the revocation date.
Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.
Bleichenbacher's DSA attack. With this implementation, the expected
number of iterations never exceeds 2.
New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
certificates.
One is a valid CA which has no basicConstraints
but does have certSign keyUsage.
Other is S/MIME signer with nonRepudiation but
no digitalSignature.
OCSP requests. It can also query reponders and parse or
print out responses.
Still needs some more work: OCSP response checks and
of course documentation.
but will verify the signatures on a response
and locate the signers certifcate.
Still needs to implement a proper OCSP certificate
verify.
Fix warning in RAND_egd().
allocation callbacks so that it is no longer visible to applications
that these live at a different call level than conventional memory
allocation callbacks.
handling routines that need file name and line number information,
I've added a call level to our memory handling routines to allow that
kind of hooking.
only queried when the /dev/[u]random devices did not return enough
entropy. Only the amount of entropy missing to reach the required minimum
is queried, as EGD may be drained.
Queried locations are: /etc/entropy, /var/run/egd-pool
"doall" functions to using type-safe wrappers. As and where required, this
can be replaced by redeclaring the underlying callbacks to use the
underlying "void"-based prototypes (eg. if performance suffers from an
extra level of function invocation).
them for a short period of time (actually, poll them with select(),
then read() whatever is there), which is about 10ms (hard-coded value)
each.
Separate Windows and Unixly code, and start on a VMS variant that
currently just returns 0.
Remove extensions argument from various functions
because it is not needed with the new extension
code.
New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.
New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.
Fix typo in CRL distribution points extension.
Fix ASN1 code so it adds a final null to constructed
strings.
horrible macros.
Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
most of the old wrappers. A few of the old versions remain
because they are non standard and the corresponding ASN1
code has not been reimplemented yet.
* detect "unknown" algorithms (any C macro starting with NO_ that is
not explicitely mentioned in mkdef.pl as a known algorithm) and
report.
* add a number of algorithms that can be deselected.
* look in ssl/kssl.h as well.
* accept multiple whitespace (not just one SPC) in preprocessor lines.
currently OpenSSL itself wont compile with this set
because some old style stuff remains.
Change old functions X509_sign(), X509_verify() etc
to use new item based functions.
Replace OCSP function declarations with DECLARE macros.
Don't try to print request certificates if signature is not present.
Remove unnecessary test for certificates being NULL.
Fix typos in printed output.
Tidy up output.
Fix for typo in OCSP_SERVICELOC ASN1 template.
Also give a bit more info in CHANGES about the ASN1 revision.
from the print routines.
Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.
Implement some ASN1 functions needed to compile OCSP code.
authenticated attributes: this is used to retain the
original encoding and not break signatures.
Support for a SET OF which reorders the STACK when
encoding a structure. This will be used with the
PKCS7 code.
for its ASN1 operations as well as the old style function
pointers (i2d, d2i, new, free). Change standard extensions
to support this.
Fix a warning in BN_mul(), bn_mul.c about uninitialised 'j'.
One problem that looked like a problem in bn_recp.c at first turned
out to be a BN_mul bug. An example is given in bn_recp.c; finding
the bug responsible for this is left as an exercise.
This caused a segmentation fault in calls to malloc, so I cleaned up
bn_lib.c a little so that it is easier to see what is going on.
The bug turned out to be an off-by-one error in BN_bin2bn.
BN_mul() correctly constified, avoids two realloc()'s that aren't
really necessary and saves memory to boot. This required a small
change in bn_mul_part_recursive() and the addition of variants of
bn_cmp_words(), bn_add_words() and bn_sub_words() that can take arrays
with differing sizes.
The test results show a performance that very closely matches the
original code from before my constification. This may seem like a
very small win from a performance point of view, but if one remembers
that the variants of bn_cmp_words(), bn_add_words() and bn_sub_words()
are not at all optimized for the moment (and there's no corresponding
assembler code), and that their use may be just as non-optimal, I'm
pretty confident there are possibilities...
This code needs reviewing!
two functions that did expansion on in parameters (BN_mul() and
BN_sqr()). The problem was solved by making bn_dup_expand() which is
a mix of bn_expand2() and BN_dup().
full version number and not just 0. This should mark the shared
libraries as not backward compatible. Of course, this should be
changed again when we can guarantee backward binary compatibility.
load the "external" built-in engines (those that require DSO). This
makes linking with libdl or other dso libraries non-mandatory.
Change 'openssl engine' accordingly.
Change the engine header files so some declarations (that differed at
that!) aren't duplicated, and make sure engine_int.h includes
engine.h. That way, there should be no way of missing the needed
info.
implementation is contained in the application, and the capability
string building part should really be part of the engine library.
This is therefore an experimental hack, and will be changed in the
near future.
- Make note of the expected extension for the shared libraries and
if there is a need for symbolic links from for example libcrypto.so.0
to libcrypto.so.0.9.7. There is extended info in Configure for
that.
- Make as few rebuilds of the shared libraries as possible.
- Still avoid linking the OpenSSL programs with the shared libraries.
- When installing, install the shared libraries separately from the
static ones.
record-oriented fashion. That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it. This can be very confusing.
The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record. Voila, BIO_f_linebuffer() is born.
Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this. After
the release, this BIO method will be enabled on all other platforms as
well.
BN_mod_mul_montgomery, which calls bn_sqr_recursive
without much preparation.
bn_sqr_recursive requires the length of its argument to be
a power of 2, which is not always the case here.
There's no reason for not using BN_sqr -- if a simpler
approach to squaring made sense, then why not change
BN_sqr? (Using BN_sqr should also speed up DH where g is chosen
such that it becomes small [e.g., 2] when converted
to Montgomery representation.)
Case closed :-)
process when some symbols are missing. Instead, all needed info is
saved in the .num files, including what conditions are needed for a
specific symbol to exist.
This was needed for the work I'm doing with shared libraries under
VMS.
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.
set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.
remove extraneous '\r' in MIME encoder.
Allow a NULL to be passed to X509_gmtime_adj()
Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
test was never triggered due to an off-by-one error.
In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.
The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).
Still needs to be documented, integrated into other
utilities and extensively tested.
there's support for building under Linux and True64 (using examples
from the programming manuals), including versioning that is currently
the same as OpenSSL versions but should really be a different series.
With this change, it's up to the users to decide if they want shared
libraries as well as the static ones. This decision now has to be
done at configuration time (well, not really, those who know what they
do can still do it the same way as before).
The OpenSSL programs (openssl and the test programs) are currently
always linked statically, but this may change in the future in a
configurable manner. The necessary makefile variables to enable this
are in place.
Also note that I have done absolutely nothing about the Windows target
to get something similar. On the other hand, DLLs are already the
default there, but without versioning, and I've no idea what the
possibilities for such a thing are there...
call the i2c/c2i (they were not using the
content length for the headers).
Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.
New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.
into lexical order. Previously it depended on
the order of files in the directory.
This should now mean that all systems will
agree on the order of safestack.h and will
not change it needlessly and avoid massive
needless commits to safestack.h in future.
It wont however avoid this one :-(
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).
Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.
The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.
Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
After some messing around this seems to work but needs
a few more tests. Working out the syntax for sk_set_cmp_func()
(cast it to a function that itself returns a function pointer)
was painful :-(
Needs some testing to see what other compilers think of this
syntax.
Also needs similar stuff for ASN1_SET_OF etc etc.
Don't give performance gain estimates that appear to be more precise
than they really are, especially when they are wrong
(2/(1/1.15 + 1) = ca. 1.0698).
because we're only handling words anyway) in BN_mod_exp_mont_word
making it a little faster for very small exponents,
and adjust the performance gain estimate in CHANGES according
to slightly more thorough measurements.
(15% faster than BN_mod_exp_mont for "large" base,
20% faster than BN_mod_exp_mont for small base.)
structures and functions for each stack type. The previous behaviour
can be enabled by configuring with the "-DDEBUG_SAFESTACK" option.
This will also cause "make update" (mkdef.pl in particular) to
update the libeay.num and ssleay.num symbol tables with the number of
extra functions DEBUG_SAFESTACK creates.
The way this change works is to accompany each DECLARE_STACK_OF()
macro with a set of "#define"d versions of the sk_##type##_***
functions that ensures all the existing "type-safe" stack calls are
precompiled into the underlying stack calls. The presence or abscence
of the DEBUG_SAFESTACK symbol controls whether this block of
"#define"s or the DECLARE_STACK_OF() macro is taking effect. The
block of "#define"s is in turn generated and maintained by a perl
script (util/mkstack.pl) that encompasses the block with delimiting
C comments. This works in a similar way to the auto-generated error
codes and, like the other such maintenance utilities, is invoked
by the "make update" target.
A long (but mundane) commit will follow this with the results of
"make update" - this will include all the "#define" blocks for
each DECLARE_STACK_OF() statement, along with stripped down
libeay.num and ssleay.num files.
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;
X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).
Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
Change EVP_SealInit() and EVP_OpenInit() to
handle cipher parameters.
Make it possible to set RC2 and RC5 params.
Make RC2 ASN1 code use the effective key bits
and not the key length.
TODO: document how new API works.
Declare ciphers in terms of macros. This reduces
the amount of code and places each block cipher EVP
definition in a single file instead of being spread
over 4 files.
Change functions like EVP_EncryptUpdate() so they now return a
value. These normally have software only implementations
which cannot fail so this was acceptable. However ciphers
can be implemented in hardware and these could return errors.
enhance and tidy up the EVP interface.
This patch adds initial support for variable length ciphers
and changes S/MIME code to use this.
Some other library functions need modifying to support use
of modified cipher parameters.
Also need to change all the cipher functions that should
return error codes, but currenly don't.
And of course it needs extensive testing...
initialised, at which point an appropriate default was chosen. This meant a
call to RSA_get_default_method might have returned FALSE.
This change fixes that; now any called to RSA_new(), RSA_new_method(NULL), or
RSA_get_default_method() will ensure that a default is chosen if it wasn't
already.
technique used is far from perfect and alternatives are welcome.
Basically if the translation flag is set, the string is not too
long, and there appears to be no path information in the string,
then it is converted to whatever the standard should be for the
DSO_METHOD in question, eg;
blah --> libblah.so on *nix, and
blah --> blah.dll on win32.
This change also introduces the DSO_ctrl() function that is used
by the name translation stuff.
See http://www.pdc.kth.se/kth-krb/
Their solution for CRAY is somewhat awkward.
I'll assume that a "short" is 32 bits on CRAY to avoid the
#ifdef _CRAY
typedef struct {
unsigned int a:32;
unsigned int b:32;
} XXX;
#else
typedef DES_LONG XXX;
#endif
in SSL_new.
If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh
on computing a DH key that will be ignored anyway.
ssltest -dhe1024dsa (w/ 160-bit sub-prime) had an unfair performance
advantage over -dhe1024 (safe prime): SSL_OP_SINGLE_DH_USE was
effectively always enabled because SSL_new ignored the DH key set in
the SSL_CTX. Now -dhe1024 takes the server only about twice as long
as -dhe1024dsa instead of three times as long (for 1024 bit RSA
with 1024 bit DH).
ssl3_get_message, which is more logical (and avoids a bug,
in addition to the one that I introduced yesterday :-)
and makes Microsoft "fast SGC" less special.
MS SGC should still work now without an extra state of its own
(it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state
for reading the body of a Client Hello message), however this should
be tested to make sure, and I don't have a MS SGC client.
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
- Made CRYPTO_MDEBUG even less used in crypto.h, giving
MemCheck_start() and MemCheck_stop() only one possible definition.
- Made the values of the debug function pointers in mem.c dependent
on the existence of the CRYPTO_MDEBUG macro, and made the rest of
the code understand the NULL case.
That's it. With this code, the old behvior of the debug functionality
is restored, but you can still opt to have it on, even when the
library wasn't compiled with a defined CRYPTO_MDEBUG.
- Moved the handling of compile-time defaults from crypto.h to
mem_dbg.c, since it doesn't make sense for the library users to try
to affect this without recompiling libcrypto.
- Made sure V_CRYPTO_MDEBUG_TIME and V_CRYPTO_MDEBUG_THREAD had clear
and constant definitions.
- Aesthetic correction.
With this change, the following is provided and present at all times
(meaning CRYPTO_MDEBUG is no longer required to get this functionality):
- hooks to provide your own allocation and deallocation routines.
They have to have the same interface as malloc(), realloc() and
free(). They are registered by calling CRYPTO_set_mem_functions()
with the function pointers.
- hooks to provide your own memory debugging routines. The have to
have the same interface as as the CRYPTO_dbg_*() routines. They
are registered by calling CRYPTO_set_mem_debug_functions() with
the function pointers.
I moved everything that was already built into OpenSSL and did memory
debugging to a separate file (mem_dbg.c), to make it clear what is
what.
With this, the relevance of the CRYPTO_MDEBUG has changed. The only
thing in crypto/crypto.h that it affects is the definition of the
MemCheck_start and MemCheck_stop macros.
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.