Commit graph

6045 commits

Author SHA1 Message Date
Dr. Stephen Henson
beedea2fef Free up BIO properly when using streaming S/MIME sign. 2004-03-26 00:24:38 +00:00
Dr. Stephen Henson
34be34fdd0 Remove BN_CTX debug from debug-steve 2004-03-25 23:32:06 +00:00
Richard Levitte
0020502a07 SSL_COMP_get_compression_method is a typo (a missing 's' at the end of
the symbol name).
2004-03-25 21:32:30 +00:00
Richard Levitte
d530017c00 Move the definition of Win32_rename(), since the macro rename gets undefined
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853
2004-03-25 20:09:00 +00:00
Richard Levitte
fd9fa844e2 Wrap code starting with a definition.
PR: 854
2004-03-25 20:01:01 +00:00
Richard Levitte
c2dc3ee8d9 Change spaces to symbols in names.
PR: 856
2004-03-25 19:52:34 +00:00
Richard Levitte
482c2acf02 Make prototypes for some callback pointers. 2004-03-25 16:21:42 +00:00
Richard Levitte
a481b4b52c A couple more cases where RAND_add() gets an integer instead of a
doule as last argument.
2004-03-25 16:04:02 +00:00
Richard Levitte
a87228031f RAND_add() wants a double as it's last argument. 2004-03-25 15:52:43 +00:00
Dr. Stephen Henson
b79c82eaab Fix loads of warnings in policy code.
I'll remember to try to compile this with warnings enabled next time :-)
2004-03-25 13:45:58 +00:00
Dr. Stephen Henson
69d1d5e6ce Fix ASN1 warnings. 2004-03-25 13:37:02 +00:00
Geoff Thorpe
c86f2054f3 Adjust various bignum functions to use BN_CTX for variables instead of
locally initialising their own.

NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near
future.
2004-03-25 04:32:24 +00:00
Geoff Thorpe
5c98b2caf5 Replace the BN_CTX implementation with my current work. I'm leaving the
little TODO list in there as well as the debugging code (only enabled if
BN_CTX_DEBUG is defined).

I'd appreciate as much review and testing as can be spared for this. I'll
commit some changes to other parts of the bignum code shortly to make
better use of this implementation (no more fixed size limitations). Note
also that under identical optimisations, I'm seeing a noticable speed
increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
systems would also be most welcome.
2004-03-25 04:16:14 +00:00
Geoff Thorpe
5148710994 Adds warnings about two curves and fixes the "seed" value for two other
curves.

Submitted by: Nils Larsch
2004-03-25 03:03:52 +00:00
Geoff Thorpe
ea77fc3380 ... and this should likewise fix up those RSA implementations that weren't
already built and tested.
2004-03-25 02:55:17 +00:00
Geoff Thorpe
46ef873f0b By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.

This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.
2004-03-25 02:52:04 +00:00
Geoff Thorpe
2d2a5ba32a Damn, I was a bit hasty with my fix and hadn't spotted the linker
dependency from asn1.
2004-03-25 02:41:35 +00:00
Geoff Thorpe
2bd4e3379f Remove some warnings. 2004-03-25 02:24:38 +00:00
Geoff Thorpe
032c3ecb18 Protect against gcc's "warning: cast does not match function type". 2004-03-25 02:19:42 +00:00
Richard Levitte
e703b46598 Don't define fd for platforms that do not use it, as some may not declare fileno() properly 2004-03-24 10:55:48 +00:00
Richard Levitte
0fa793bc7b Correct constness problems. 2004-03-24 10:50:42 +00:00
Richard Levitte
ba5477eb1a Make it easier to buld test applications... 2004-03-24 10:50:25 +00:00
Richard Levitte
5c42f62e48 Only build the PKCS#7 test applications if "pkcs7" is present in
SDIRS.
2004-03-24 10:48:50 +00:00
Richard Levitte
a08e05d1be Add store.h among the exported headers on VMS. 2004-03-24 09:52:16 +00:00
Richard Levitte
d342ec3335 o_str.h isn't a public header file, so make sure it will still be
included.
2004-03-24 09:43:03 +00:00
Richard Levitte
3d8b8860cf o_str.h isn't a public header file. 2004-03-24 09:41:33 +00:00
Richard Levitte
a0b5ebeac6 Typo... 2004-03-24 09:40:59 +00:00
Richard Levitte
8ee18dd520 Make sure toupper() is properly declared. 2004-03-24 09:40:23 +00:00
Richard Levitte
f46e76ef50 Make it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa) 2004-03-23 21:01:34 +00:00
Richard Levitte
e725a9660b make update 2004-03-23 15:06:33 +00:00
Richard Levitte
d7eed1929b Sync the VMS build with Unix. 2004-03-23 14:50:16 +00:00
Dr. Stephen Henson
4acc3e907d Initial support for certificate policy checking and evaluation.
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
2004-03-23 14:14:35 +00:00
Richard Levitte
9449e38504 Correct minor spelling error.
PR: 845
2004-03-21 23:03:52 +00:00
Richard Levitte
b8b0b5d856 Change \t to real tab in echo argument.
PR: 847
2004-03-21 22:50:20 +00:00
Richard Levitte
ec5d8a54e9 Remove a warning for conversion double->long. This has impacts on Windows.
PR: 849
2004-03-21 22:39:52 +00:00
Richard Levitte
18a6333180 Make sure fd is defined where it should.
PR: 849
2004-03-21 22:36:27 +00:00
Geoff Thorpe
7f663ce430 Note my bignum hijinx in case app maintainers are using CHANGES for their
porting efforts. Also, add Richard's name to the prior change.
2004-03-17 18:30:47 +00:00
Geoff Thorpe
e042540f6b Variety of belt-tightenings in the bignum code. (Please help test this!)
- Remove some unnecessary "+1"-like fudges. Sizes should be handled
  exactly, as enlarging size parameters causes needless bloat and may just
  make bugs less likely rather than fixing them: bn_expand() macro,
  bn_expand_internal(), and BN_sqr().
- Deprecate bn_dup_expand() - it's new since 0.9.7, unused, and not that
  useful.
- Remove unnecessary zeroing of unused bytes in bn_expand2().
- Rewrite BN_set_word() - it should be much simpler, the previous
  complexities probably date from old mismatched type issues.
- Add missing bn_check_top() macros in bn_word.c
- Improve some degenerate case handling in BN_[add|sub]_word(), add
  comments, and avoid a bignum expansion if an overflow isn't possible.
2004-03-17 17:36:54 +00:00
Dr. Stephen Henson
4e8172d6da Avoid warnings. 2004-03-16 13:51:11 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Richard Levitte
ec37635c94 It was just pointed out to me that it's better to cast to double... 2004-03-15 23:02:55 +00:00
Richard Levitte
fd836aeee0 Make sure that the last argument to RAND_add() is a float, or some
compilers may complain.
2004-03-15 22:37:08 +00:00
Richard Levitte
560f7abb7e Make sure we use unsigned constants, or come compilers may complain. 2004-03-15 22:33:19 +00:00
Geoff Thorpe
b6358c89a1 Convert openssl code not to assume the deprecated form of BN_zero().
Remove certain redundant BN_zero() initialisations, because BN_CTX_get(),
BN_init(), [etc] already initialise to zero.

Correct error checking in bn_sqr.c, and be less wishy-wash about how/why
the result's 'top' value is set (note also, 'max' is always > 0 at this
point).
2004-03-13 23:57:20 +00:00
Geoff Thorpe
5d735465d1 The efforts to eliminate the dual-representation of zero and to ensure
bignums are passed in and out of functions and APIs in a consistent form
has highlighted that zero-valued bignums don't need any allocated word
data. The use of BN_set_word() to initialise a bignum to zero causes
needless allocation and gives it a return value that must be checked. This
change converts BN_zero() to a self-contained macro that has no
return/expression value and does not cause any expansion of bignum data.

Note, it would be tempting to rewrite the deprecated version as a
success-valued comma expression, such as;
   #define BN_zero(a) ((a)->top = (a)->neg = 0, 1)
However, this evaluates 'a' twice and would confuse initialisation loops
(eg. while(..) { BN_zero(bn++) } ). As such, the deprecated version
continues to use BN_set_word().
2004-03-13 23:04:15 +00:00
Geoff Thorpe
9e051bac13 Document a change I'd already made, and at the same time, correct the
change to work properly; BN_zero() should set 'neg' to zero as well as
'top' to match the behaviour of BN_new().
2004-03-13 22:10:15 +00:00
Andy Polyakov
30fbcaa213 IRIX 6.x shared build fix-up.
For reference. Note that both cc and gcc support -Wl flag, but we can't
use -Wl,-[not]all with both drivers, because cc rearranges options
passed through -Wl. We can't use -Wl,-all,libcrypto.a,-notall with cc
either, because it refuses to start with "no input" error.
2004-03-12 21:52:54 +00:00
Geoff Thorpe
93825dddad static 2004-03-10 01:20:26 +00:00
Geoff Thorpe
a8aa764d3c Minimise the amount of code dependent on BN_DEBUG_RAND. In particular,
redefine bn_clear_top2max() to be a NOP in the non-debugging case, and
remove some unnecessary usages in bn_nist.c.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller
2004-03-09 03:53:40 +00:00
Geoff Thorpe
e7716b7a19 More changes coming out of the bignum auditing. BN_CTX_get() should ideally
return a "zero" bignum as BN_new() does - so reset 'top'. During
BN_CTX_end(), released bignums should be consistent so enforce this in
debug builds. Also, reduce the number of wasted BN_clear_free() calls from
BN_CTX_end() (typically by 75% or so).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller
2004-03-09 03:47:35 +00:00