Commit graph

7089 commits

Author SHA1 Message Date
Richard Levitte
0d78bc3356 Add IPSec/IKE/Oakley curves.
PR: 768
Submitted by: Vadim Fedukovich <vf@unity.net>
2003-11-29 09:25:59 +00:00
Richard Levitte
d87b79bf31 Damnit, I'm sick of having to do something special every time a module
that gets built before objects barfs all over the place because it
uses a new NID that hasn't had a chance of getting defined yet (in
this case, it was about a couple of new EC curves, and therefore a
couple of new corresponding NIDs).

I'm placing objects first in SDIRS!  There.
2003-11-29 09:19:12 +00:00
Richard Levitte
6a6a08cbea RSA_size() and DH_size() return the amount of bytes in a key, and we
compared it to the amount of bits required...
PR: 770
Submitted by: c zhang <czhang2005@hotmail.com>
2003-11-28 23:03:19 +00:00
Richard Levitte
70ef9c5a3d RSA_size() and DH_size() return the amount of bytes in a key, and we
compared it to the amount of bits required...
PR: 770
Submitted by: c zhang <czhang2005@hotmail.com>
2003-11-28 23:03:14 +00:00
Richard Levitte
753cbc2857 1024 is the export key bits limit according to current regulations, not 512.
PR: 771
Submitted by: c zhang <czhang2005@hotmail.com>
2003-11-28 22:39:23 +00:00
Richard Levitte
b727907ae8 1024 is the export key bits limit according to current regulations, not 512.
PR: 771
Submitted by: c zhang <czhang2005@hotmail.com>
2003-11-28 22:39:19 +00:00
Geoff Thorpe
444c3a8492 Get rid of some signed/unsigned comparison warnings. 2003-11-28 16:39:16 +00:00
Richard Levitte
0b352c58db Make a number of changes to the OS/2 build. Submitter's comment below.
PR: 732
Submitted by: Ilya Zakharevich <nospam-abuse@ilyaz.org>

Submitter's comment:

This patch:

a) Introduces a new file os2/backwardify.pl.

b) Introduces a new mk1mf.pl variable $preamble.  As you can see, it may
   be used also to move some OS-specific code to VC-CE too (the the
   first chunk of the patch);

c) The DESCRIPTION specifier of the .def file is made more informative:
   now it contains the version number too.  On OS/2 it is made conformant
   to OS/2 conventions; in particular, when one runs the standard command
	BLDLEVEL this.DLL
   one can see:

   Vendor:      www.openssl.org/
   Revision:    0.9.7c
   Description: OpenSSL: implementation of Secure Socket Layer; DLL for library crypto.  Build for EMX -Zmtd

   [I did not make Win32 descriptions as informative as this - I'm afraid to
    break something.  Be welcome to fix this.]

d) On OS/2 the generated DLL was hardly usable (it had a shared initialized
   data segment).

e) On OS/2 the generated DLLs had names like ssl.dll.  However, DLL names on
   OS/2 are "global data".  It is hard to have several DLLs with the same
   name on the system.  Thus this precluded coexistence of OpenSSL with DLLs
   for other SLL implementations - or other name clashes.  I transparently
   changed the names of the DLLs to open_ssl.dll and cryptssl.dll.

f) The file added in (a) is used to create "forwarder" DLLs, so the
   applications expecting the "old" DLL names may use the new DLLs
   transparently.  (A presence of these DLLs on the system nullifies (e),
   but makes old applications work.  This is a stopgap measure until the
   old applications are relinked.  Systems with no old applications do not
   need these DLLs, so may enjoy all the benefits of (e).)

   The new DLLs are placed in os2/ and os2/noname subdirectories.

g) The makefiles created with os2/OS2-EMX.cmd did not work (some mysterious
   meaningless failures).  The change to util/pl/OS2-EMX.pl uses the
   variable introduced in (b) to switch the Makefiles to SHELL=sh syntax.
   All these backslashes are removed, and the generated Makefiles started to
   work.

h) Running os2/OS2-EMX.cmd now prints out what to do next.
2003-11-28 14:51:30 +00:00
Richard Levitte
9d68b289a0 Make a number of changes to the OS/2 build. Submitter's comment below.
PR: 732
Submitted by: Ilya Zakharevich <nospam-abuse@ilyaz.org>

Submitter's comment:

This patch:

a) Introduces a new file os2/backwardify.pl.

b) Introduces a new mk1mf.pl variable $preamble.  As you can see, it may
   be used also to move some OS-specific code to VC-CE too (the the
   first chunk of the patch);

c) The DESCRIPTION specifier of the .def file is made more informative:
   now it contains the version number too.  On OS/2 it is made conformant
   to OS/2 conventions; in particular, when one runs the standard command
	BLDLEVEL this.DLL
   one can see:

   Vendor:      www.openssl.org/
   Revision:    0.9.7c
   Description: OpenSSL: implementation of Secure Socket Layer; DLL for library crypto.  Build for EMX -Zmtd

   [I did not make Win32 descriptions as informative as this - I'm afraid to
    break something.  Be welcome to fix this.]

d) On OS/2 the generated DLL was hardly usable (it had a shared initialized
   data segment).

e) On OS/2 the generated DLLs had names like ssl.dll.  However, DLL names on
   OS/2 are "global data".  It is hard to have several DLLs with the same
   name on the system.  Thus this precluded coexistence of OpenSSL with DLLs
   for other SLL implementations - or other name clashes.  I transparently
   changed the names of the DLLs to open_ssl.dll and cryptssl.dll.

f) The file added in (a) is used to create "forwarder" DLLs, so the
   applications expecting the "old" DLL names may use the new DLLs
   transparently.  (A presence of these DLLs on the system nullifies (e),
   but makes old applications work.  This is a stopgap measure until the
   old applications are relinked.  Systems with no old applications do not
   need these DLLs, so may enjoy all the benefits of (e).)

   The new DLLs are placed in os2/ and os2/noname subdirectories.

g) The makefiles created with os2/OS2-EMX.cmd did not work (some mysterious
   meaningless failures).  The change to util/pl/OS2-EMX.pl uses the
   variable introduced in (b) to switch the Makefiles to SHELL=sh syntax.
   All these backslashes are removed, and the generated Makefiles started to
   work.

h) Running os2/OS2-EMX.cmd now prints out what to do next.
2003-11-28 14:51:17 +00:00
Richard Levitte
03ddbdd9b9 Move another common functionality (reproduced so far with cut'n'paste)
to apps.c, and give it the hopefully descriptive name parse_yesno().
2003-11-28 14:45:09 +00:00
Richard Levitte
eb5f555ffb Let's use text/plain in the example instead of crapy HTML.
PR: 777
Submitted by: Michael Shields <mshields@sunblocksystems.com>
2003-11-28 14:32:35 +00:00
Richard Levitte
5ebdb39084 Let's use text/plain in the example instead of crapy HTML.
PR: 777
Submitted by: Michael Shields <mshields@sunblocksystems.com>
2003-11-28 14:32:31 +00:00
Richard Levitte
d45a098472 Forgot to change the declaration of do_subject() to one of parse_name()... 2003-11-28 14:18:05 +00:00
Richard Levitte
6d5ffb591b Move do_subject() to apps.c and rename it to parse_name(). The
rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.
2003-11-28 14:07:14 +00:00
Richard Levitte
7ce9e425bc Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option
to 'openssl req' and 'openssl ca'.

PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte

(there will be some follow-up changes)
2003-11-28 14:04:09 +00:00
Richard Levitte
4d8743f490 Netware-specific changes,
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
2003-11-28 13:10:58 +00:00
Richard Levitte
4c8b4f9d03 Change my debugging entries to do fierce BIGNUM debugging. 2003-11-28 12:54:11 +00:00
Richard Levitte
04dc4edb44 If dynamically-loadable ENGINEs are linked against a shared-library version
of libcrypto, then it is possible that when they are loaded they will share
the same static data as the loading application/library. This means it will
be too late to set memory/ERR/ex_data/[etc] callbacks, but entirely
unnecessary to try.

This change (and a great part of this comment) was implemented in
0.9.8-dev a long time ago, but slightly differently.  In 0.9.8-dev, a
specific function that just returns a pointer to some static object is
used. For 0.9.7x, we couldn't do that, since the way we handle feature
freezes is, among other, to not add any more non-static functions.
Instead, we use the function ERR_get_implementation() and compare the
returned value with fns->err_fns, a member of fns that already is
there, and which therefore can safely be used in this manner.

What happens is that if the loaded ENGINE's return value from this
function matches the loading application/library's return value - they
share static data. If they don't match, the loaded ENGINE has its own
copy of libcrypto's static data and so the callbacks need to be set.
2003-11-27 16:41:26 +00:00
Geoff Thorpe
81ba5f6713 Due to recent debugging bursts, openssl should be more or less solid
against inconsistent BIGNUMs coming out of any of its API functions. So
this change no longer "fixes" the bn_print.c functions, but it makes for
cleaner code. This patch was a part of ticket 697.

PR: 697
Submitted by: Otto Moerbeek
Reviewed by: Geoff Thorpe
2003-11-25 21:07:59 +00:00
Geoff Thorpe
6defae04f3 Fix some handling in bn_word. This also resolves the issues observed in
ticket 697 (though uses a different solution than the proposed one). This
problem was initially raised by Otto Moerbeek.

PR: 697
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-25 20:39:19 +00:00
Geoff Thorpe
e1064adfd3 Some changes for bn_gf2m.c: better error checking plus some minor
optimizations.

Submitted by: Nils Larsch
2003-11-25 03:41:20 +00:00
Lutz Jänicke
d7559f16cd Free "engine" resource in case of failure to prevent memory leak
PR: #778
Submitted by: George Mitchell <george@m5p.com>
2003-11-24 16:48:52 +00:00
Lutz Jänicke
d161f5a9b2 Free "engine" resource in case of failure to prevent memory leak
PR: #778
Submitted by: George Mitchell <george@m5p.com>
2003-11-24 16:47:44 +00:00
Geoff Thorpe
9e989810ba BN_div() cleanup: replace the use of BN_sub and BN_add with bn_sub_words
and bn_add_words to avoid using fake bignums to window other bignums that
can lead to corruption. This change allows all bignum tests to pass with
BN_DEBUG and BN_DEBUG_RAND debugging and valgrind. NB: This should be
tested on a few different architectures and configuration targets, as the
bignum code this deals with is quite preprocessor (and assembly) sensitive.

Submitted by: Nils Narsch
Reviewed by: Geoff Thorpe, Ulf Moeller
2003-11-22 20:23:41 +00:00
Ulf Möller
28474e26f4 bn_sub_part_words() is unused in 0.9.7.
Spotted by Markus Friedl.
2003-11-22 10:42:33 +00:00
Geoff Thorpe
ec2179cf81 Fix a small bug in str_copy: if more than one variable is replaced, make
sure the current length is used to calculate the new buffer length instead
of using the old length (prior to any variable substitution).

Submitted by: Nils Larsch
2003-11-21 21:42:35 +00:00
Dr. Stephen Henson
a8287a90ea Give CRLDP its standard name.
Max req -x509 use V1 if extensions section absent.
2003-11-20 22:45:06 +00:00
Dr. Stephen Henson
85421c7148 Give CRLDP its standard name.
Max req -x509 use V1 if extensions section absent.
2003-11-20 22:43:28 +00:00
Andy Polyakov
ad5f0ed509 hpux64-parisc2-gcc target added. Once it is verified, ./config should
be modified to choose it instead of hpux64-parisc-gcc, which should
then be removed. hpux64-parisc-cc is removed already now as redundant
[in case you wonder, 64-bit HP-UX ABI *implies* PA-RISC2.0].
2003-11-20 19:10:36 +00:00
Andy Polyakov
0a4c8baf5e ./config failed to correctly detect if gcc uses 64-bit ABI on HP-UX.
PR: 772
2003-11-20 18:33:20 +00:00
Geoff Thorpe
77cc150b61 Remove duplicate prototypes have already been (correctly) added to rsa.h,
as this is already included by x509.h anyway.
2003-11-19 05:18:54 +00:00
Lutz Jänicke
95de3d204f Make sure to initialize AES counters to obtain proper results.
Submitted by: Kirill Kochetkov <kochet@ixbt.com>

PR: #748
2003-11-18 18:27:12 +00:00
Lutz Jänicke
890b2abf19 Make sure to initialize AES counters to obtain proper results.
Submitted by: Kirill Kochetkov <kochet@ixbt.com>

PR: #748
2003-11-18 18:26:32 +00:00
Ulf Möller
31182ad39b re-enable the test, keeping the original method for RAND_pseudo_bytes
which is used by BN_DEBUG_RAND
Submitted by: Nils Larsch
2003-11-16 19:33:31 +00:00
Lutz Jänicke
6b051c4ebc Catch error condition to prevent NULL pointer dereference.
Submitted by: Goetz Babin-Ebell <babin-ebell@trustcenter.de>

PR: #766
2003-11-16 16:31:22 +00:00
Lutz Jänicke
f35232e6f3 Catch error condition to prevent NULL pointer dereference.
Submitted by: Goetz Babin-Ebell <babin-ebell@trustcenter.de>

PR: #766
2003-11-16 16:30:39 +00:00
Lutz Jänicke
fda5e38551 Provide ASFLAGS in the subdirectories handling assembler code.
Submitted by: Tim Rice <tim@multitalents.net>

PR: #735, #765
2003-11-16 14:38:34 +00:00
Lutz Jänicke
a601df36f3 Provide ASFLAGS in the subdirectories handling assembler code.
Submitted by: Tim Rice <tim@multitalents.net>

PR: #735, #765
2003-11-16 14:37:48 +00:00
Ulf Möller
ac9c6e10a4 The x9.62 tests replace the PRNG with specific numbers,
so don't run them if BN_DEBUG_RAND is defined.

Also, fix another small bug.

Submitted by: Nils Larsch
2003-11-16 12:24:45 +00:00
Ulf Möller
1a01733047 BN_set_bit() etc should use "unsigned int".
Keep it as is to avoid an API change, but check for negativ values.

Submitted by: Nils Larsch
2003-11-15 08:37:50 +00:00
Richard Levitte
d2cd46127c Less restrictive debugging build. 2003-11-14 14:06:40 +00:00
Geoff Thorpe
9dde17e8b4 This rewrites two "for" loops in BN_rshift() - equality with zero is
generally a more efficient comparison than comparing two integers, and the
first of these two loops was off-by-one (copying one too many values). This
change also removes a superfluous assignment that would set an unused word
to zero (and potentially allow an overrun in some cases).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-13 15:03:14 +00:00
Geoff Thorpe
37af03d311 General improvements to the ec_asn1.c code. This squashes at least one bug
(where it was impossible to create an EC certificate with a compressed
public key), and has some style improvements based on some comments from
Steve Henson about use of the ASN1 macros.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-10 18:09:18 +00:00
Geoff Thorpe
f7a397cc8d Avoid possible memory leaks in error-handling.
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-10 18:05:22 +00:00
Dr. Stephen Henson
cd2e8a6f2d Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). 2003-11-10 01:37:23 +00:00
Dr. Stephen Henson
2d4b834926 Oops! 2003-11-10 01:29:27 +00:00
Dr. Stephen Henson
c22e6753ef Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). 2003-11-10 01:25:11 +00:00
Ulf Möller
d18b993c43 Geoff suggested a more succinct description for "top". 2003-11-07 01:33:00 +00:00
Ulf Möller
e6e81c5894 oops... the description of ->top was inaccurate (the example is correct though) 2003-11-07 00:07:28 +00:00
Geoff Thorpe
f75abcefed This extends the debugging macros to use "pollution" during
bn_correct_top(), previously only bn_check_top() did this.
2003-11-06 23:24:44 +00:00