Commit graph

4110 commits

Author SHA1 Message Date
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Ben Laurie
0821bcd4de Constification. 2005-03-30 10:26:02 +00:00
Nils Larsch
c01d2b974e when building with OPENSSL_NO_DEPRECATED defined BN_zero is a macro
which cannot be evaluated in an if statement
2005-03-28 15:06:29 +00:00
Dr. Stephen Henson
8c04994bfe Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS mode. 2005-03-27 03:36:14 +00:00
Andy Polyakov
989c0f8215 Resolve "operation size not specified" in NASM modules. 2005-03-26 19:32:31 +00:00
Ulf Möller
7a8c728860 undo Cygwin change 2005-03-24 00:14:59 +00:00
Ulf Möller
4cf8f9369c undo Cygwin change 2005-03-23 22:01:57 +00:00
Ben Laurie
801fea5f11 Constification. 2005-03-23 08:21:30 +00:00
Dr. Stephen Henson
da26bcb5de Update CHANGES, opensslv.h 2005-03-22 21:27:36 +00:00
Dr. Stephen Henson
5c1fd5e316 Update files ready for release. 2005-03-22 18:17:23 +00:00
Dr. Stephen Henson
f42a82777d make update 2005-03-22 18:15:56 +00:00
Nils Larsch
41e455bfc4 test, remove unnecessary const cast 2005-03-22 17:55:18 +00:00
Ulf Möller
6d2a7098d6 Cygwin randomness 2005-03-19 11:40:41 +00:00
Ulf Möller
130db968b8 Use Windows randomness code on Cygwin 2005-03-19 11:39:17 +00:00
Ulf Möller
8d274837e5 fix breakage for Perl versions that do boolean operations on long words 2005-03-19 11:13:30 +00:00
Andy Polyakov
b43b9de9e4 Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this in
crypto/Makefile and make Makefile.org and fips/Makefile more discreet.
2005-03-15 09:46:14 +00:00
Bodo Möller
9f6715d4bb "make depend". This takes into account the algorithms that are now
disabled by default (MDC2 and RC5), which until now were skipped
by "make links" and yet supposedly required by some of the Makefiles,
meaning that the recent snapshots failed to compile.

Problem reported by Nils Larsch.
2005-03-13 19:49:47 +00:00
Andy Polyakov
1642000707 Cygwin to use DSO_FLFCN and mingw to use DSO_WIN32. 2005-03-12 11:28:41 +00:00
Andy Polyakov
9d14506f29 Cygwin to use DSO_FLFCN and mingw to use DSO_WIN32 (required for FIPS). 2005-03-12 11:28:22 +00:00
Andy Polyakov
2cf68c0b1a Avoid re-build avalanches with HP-UX make. 2005-03-12 09:13:15 +00:00
Andy Polyakov
f7f2125522 Avoid re-build avalanches with HP-UX make. 2005-03-12 09:12:44 +00:00
Bodo Möller
2b61034b0b fix potential memory leak when allocation fails
PR: 801
Submitted by: Nils Larsch
2005-03-11 09:01:24 +00:00
Bodo Möller
97d49cdd6f fix potential memory leak when allocation fails
PR: 801
Submitted by: Nils Larsch
2005-03-11 09:00:59 +00:00
Bodo Möller
80c808b90b Fix typo
PR: 1017
Submitted by: ciresh@yahoo.com
Reviewed by: Nils Larsch
2005-03-09 19:08:02 +00:00
Lutz Jänicke
f69a8aebab Fix hang in EGD/PRNGD query when communication socket is closed
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
2005-02-19 10:19:07 +00:00
Lutz Jänicke
e22e6bf0be Fix hang in EGD/PRNGD query when communication socket is closed
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
2005-02-19 10:17:26 +00:00
Dr. Stephen Henson
2ecf923286 Avoid possible memory leak. 2005-02-14 21:54:29 +00:00
Dr. Stephen Henson
9d10b15ef9 Fix possible memory leak. 2005-02-14 21:53:24 +00:00
Andy Polyakov
da30c74a27 Remove unused assembler modules. 2005-02-06 13:43:02 +00:00
Andy Polyakov
67ea999d4a This patch was "ignited" by OpenBSD 3>=4 support. They've switched to ELF
and GNU binutils, but kept BSD make... And I took the opportunity to
unify other targets to this common least denominator...
2005-02-06 13:23:34 +00:00
Dr. Stephen Henson
66d68327cb Avoid memory leak. 2005-01-31 01:40:39 +00:00
Dr. Stephen Henson
7cfcca8ba3 Further FIPS algorithm blocking.
Fixes to cipher blocking and enabling code.

Add option -non-fips-allow to 'enc' and update testenc.
2005-01-28 14:03:54 +00:00
Richard Levitte
8c3c570134 The first argument to load_iv should really be a char ** instead of an
unsigned char **, since it points at text.

Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out
the inelegance of our code :-)
2005-01-27 11:42:28 +00:00
Richard Levitte
0cae19f5ef The first argument to load_iv should really be a char ** instead of an
unsigned char **, since it points at text.

Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out
the inelegance of our code :-)
2005-01-27 11:42:25 +00:00
Dr. Stephen Henson
6be00c7e16 More FIPS algorithm blocking.
Catch attempted use of non FIPS algorithms with HMAC.

Give an assertion error for applications that ignore FIPS digest errors.

Make -non-fips-allow work with dgst and HMAC.
2005-01-27 01:49:42 +00:00
Richard Levitte
bf746f0f46 Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
cause a segfault...  This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
2005-01-27 01:49:25 +00:00
Richard Levitte
532d936be8 Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
cause a segfault...  This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
2005-01-27 01:49:23 +00:00
Richard Levitte
a229e3038e Get rid if the annoying warning 2005-01-27 01:47:31 +00:00
Richard Levitte
d88edf1447 Get rid if the annoying warning 2005-01-27 01:47:27 +00:00
Dr. Stephen Henson
f60fc19a69 make update 2005-01-26 20:05:46 +00:00
Dr. Stephen Henson
d0edffc7da FIPS algorithm blocking.
Non FIPS algorithms are not normally allowed in FIPS mode.

Any attempt to use them via high level functions will return an error.

The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.

There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.

For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().

For high level functions an override is performed by setting a flag in
the context.
2005-01-26 20:00:40 +00:00
Andy Polyakov
fbdce13e5a Please BSD make... 2005-01-25 22:09:11 +00:00
Andy Polyakov
e532a6c449 FreeBSD 5 refuses to #include <malloc.h>. Fix compiler warning after
http://cvs.openssl.org/chngview?cn=12843.
2005-01-25 22:07:22 +00:00
Andy Polyakov
8359421d90 Default to AES u32 being unsinged int and not long. This improves cache
locality on 64-bit platforms (and fixes IA64 assembler-empowered build:-).
The choice is guarded by newly introduced AES_LONG macro, which needs
to be defined only on 16-bit platforms which we don't support (not that
I know of). Meaning that one could as well skip long option altogether.
2005-01-24 14:22:05 +00:00
Andy Polyakov
efde5230f1 Improve ECB performance (48+14*rounds -> 18+13*rounds) and reserve for
hand-coded zero-copy AES_cbc_encrypt.
2005-01-24 14:14:53 +00:00
Andy Polyakov
bac252a5e3 Bug-fix in CBC encrypt tail processing and commentary section update. 2005-01-20 10:33:37 +00:00
Andy Polyakov
addb6e16a8 Throw in AES CBC assembler, up to +40% on aes-128-cbc benchmark. 2005-01-18 01:04:41 +00:00
Andy Polyakov
ed65fab910 Reserve for AES CBC assembler implementation... 2005-01-18 00:43:32 +00:00
Andy Polyakov
90cc40911b Don't zap AES CBC IV, when decrypting truncated content in place. 2005-01-18 00:26:52 +00:00
Andy Polyakov
134d6a44ec Don't zap AES CBC IV, when decrypting truncated content in place. 2005-01-18 00:24:55 +00:00
Richard Levitte
a7201e9a1b Changes concering RFC 3820 (proxy certificates) integration:
- Enforce that there should be no policy settings when the language
   is one of id-ppl-independent or id-ppl-inheritAll.
 - Add functionality to ssltest.c so that it can process proxy rights
   and check that they are set correctly.  Rights consist of ASCII
   letters, and the condition is a boolean expression that includes
   letters, parenthesis, &, | and ^.
 - Change the proxy certificate configurations so they get proxy
   rights that are understood by ssltest.c.
 - Add a script that tests proxy certificates with SSL operations.

Other changes:

 - Change the copyright end year in mkerr.pl.
 - make update.
2005-01-17 17:06:58 +00:00
Dr. Stephen Henson
420eb6a306 PKCS7_verify() performance optimization. When the content is large and a
memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots
of slow memory copies from the memory BIO by saving the content in a
temporary read only memory BIO.
2005-01-14 17:53:16 +00:00
Dr. Stephen Henson
fcd5cca418 PKCS7_verify() performance optimization. When the content is large and a
memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots
of slow memory copies from the memory BIO by saving the content in a
temporary read only memory BIO.
2005-01-14 17:52:24 +00:00
Andy Polyakov
ea28f93c2d Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX
environments.
2005-01-14 16:22:02 +00:00
Andy Polyakov
adeb20b6b7 O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.
PR: 998
2005-01-14 16:19:47 +00:00
Richard Levitte
086b64d0d3 make update 2005-01-14 00:16:31 +00:00
Andy Polyakov
e6d27baf52 Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX
environments.
2005-01-13 15:46:09 +00:00
Andy Polyakov
e7e1150706 "Monolithic" x86 assembler replacement for aes_core.c. Up to +15% better
performance on recent microarchitectures.
2005-01-13 15:35:44 +00:00
Andy Polyakov
5d727078ac Fix an "oops" typo! Well, it was a debugging left-over... 2005-01-13 15:25:30 +00:00
Andy Polyakov
108159ffcc O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.
PR: 998
2005-01-13 15:20:42 +00:00
Richard Levitte
b15a93a9c5 Correct a faulty address assignment, and add a length check (not
really needed now, but may be needed in the future, who knows?).
2005-01-12 09:53:20 +00:00
Richard Levitte
47c88d7413 Correct a faulty address assignment, and add a length check (not
really needed now, but may be needed in the future, who knows?).
2005-01-12 09:51:31 +00:00
Andy Polyakov
5cdf5e3308 Allow for ./config no-sha0.
PR: 993
2005-01-09 17:58:18 +00:00
Andy Polyakov
7de4b5b060 Permit "monolithic" AES assembler implementations, i.e. such which would
replace *whole* aes_core.c, not only AES_[de|en]crypt routines.
2005-01-09 16:01:58 +00:00
Andy Polyakov
02a00bb054 DJGPP update.
PR: 989
Submitted by: Doug Kaufman
2005-01-04 10:28:38 +00:00
Andy Polyakov
b58560b915 DJGPP update.
PR: 989
Submitted by: Doug Kaufman
2005-01-04 10:21:55 +00:00
Andy Polyakov
83f69163fd Borrow #include <string[s].h> from e_os.h. 2004-12-31 00:01:23 +00:00
Andy Polyakov
3b4de6e4cc Borrow #include <string[s].h> from e_os.h. 2004-12-31 00:00:05 +00:00
Andy Polyakov
bdbc9b4d1a Make whiny compilers stop complaining about missing prototype. 2004-12-30 23:40:31 +00:00
Andy Polyakov
5ca3a0aa86 Make whiny compilers stop complaining about missing prototype. 2004-12-30 23:39:06 +00:00
Andy Polyakov
702be727c0 AES CBC and CFB performance tune-up from HEAD. 2004-12-30 22:57:19 +00:00
Andy Polyakov
25866e3982 Commentary update for AES IA-64 assembler module. 2004-12-30 10:55:02 +00:00
Andy Polyakov
3b3df98ca6 Minor AES x86 assembler tune-up. 2004-12-30 10:46:03 +00:00
Andy Polyakov
2e4a99f38b AES-CFB[18] 2x optimization. Well, I bet nobody cares about AES-CFB1
performance, but anyway...
2004-12-30 10:43:33 +00:00
Andy Polyakov
f1ce306f30 Oops-kind typos in aes-ia64.S... 2004-12-28 17:10:42 +00:00
Richard Levitte
37b11ca78e iv needs to be const because it sometimes takes it's value from a
const.
2004-12-28 10:35:13 +00:00
Richard Levitte
a17af9e277 Forgot to synchronise the VMS build scripts. 2004-12-28 10:22:00 +00:00
Richard Levitte
6951c23afd Add functionality needed to process proxy certificates. 2004-12-28 00:21:35 +00:00
Andy Polyakov
de421076a5 Minor cygwin update.
PR: 949
2004-12-27 21:27:46 +00:00
Andy Polyakov
f709ffe832 Minor cygwin update.
PR: 949
2004-12-27 21:26:10 +00:00
Andy Polyakov
9850f7f6b2 Remove yet another redundant memcpy. Not at least performance critical,
essentially cosmetic modification...
2004-12-26 13:05:40 +00:00
Andy Polyakov
131e064e4a Eliminate redundant memcpy of IV material. Performance improvement varies
from platform to platform and can be as large as 20%.
2004-12-26 12:31:37 +00:00
Andy Polyakov
556b8f3f77 Engage AES x86 assembler module for COFF and a.out targets. 2004-12-26 10:58:39 +00:00
Andy Polyakov
045d3285e2 Engage AES x86 assembler module on ELF platforms. 2004-12-23 21:44:28 +00:00
Andy Polyakov
d1df5b4339 x86 perlasm update to accomodate aes-586.pl. 2004-12-23 21:43:25 +00:00
Andy Polyakov
25558bf743 Eliminate copies of TeN and TdN, use those found in assembler module. 2004-12-23 21:40:23 +00:00
Andy Polyakov
713147109c AES x86 assembler implementation. 2004-12-23 21:32:34 +00:00
Andy Polyakov
76ef6ac956 Refine PowerPC platform support. 2004-12-20 13:44:34 +00:00
Andy Polyakov
fb39cd850c Improved PowerPC platform support. 2004-12-20 13:20:22 +00:00
Andy Polyakov
15bbc1574f Backport of PPC BN module from HEAD. 2004-12-20 13:15:51 +00:00
Dr. Stephen Henson
a842df6659 Remove unused buffer 'buf'. 2004-12-20 00:49:36 +00:00
Richard Levitte
fbf218b8c3 make update (oops, missed this file) 2004-12-13 22:57:39 +00:00
Richard Levitte
3c97bd833b Change libeay.num so it's synchronised with additions in 0.9.7-stable.
make update
2004-12-13 22:57:08 +00:00
Richard Levitte
37ece6156a make update 2004-12-13 22:48:01 +00:00
Dr. Stephen Henson
965574039b Remove duplicate lines. 2004-12-12 13:18:23 +00:00
Dr. Stephen Henson
5e8904f289 Remove duplicate lines. 2004-12-12 13:15:49 +00:00
Andy Polyakov
a661c1728f Respect no-asm with fips option and disable FIPS DES assembler in
shared context [because it's not PIC].
2004-12-10 11:37:25 +00:00
Andy Polyakov
13e387c3fe olaris x86 perlasm update [from HEAD]. 2004-12-10 11:27:09 +00:00
Andy Polyakov
0c0788ba0a Solaris x86 perlasm update. 2004-12-10 11:24:42 +00:00
Andy Polyakov
3dd16fb7fd Eliminate false dependency on 386 config option is FIPS context.
At the same time limit assembler support to ELF platforms [that's
what is there, ELF modules].
2004-12-09 22:43:29 +00:00
Andy Polyakov
ab09133881 Engage SHA1 IA64 assembler on IA64 platforms [from HEAD]. 2004-12-09 21:05:14 +00:00
Andy Polyakov
bd5a2195de Postpone linking of shared libcrypto in FIPS build. 2004-12-09 18:03:23 +00:00
Andy Polyakov
905fd45b36 Engage SHA1 IA64 assembler on IA64 platforms. 2004-12-09 15:39:55 +00:00
Dr. Stephen Henson
c162b132eb Automatically mark the CRL cached encoding as invalid when some operations
are performed.
2004-12-09 13:35:06 +00:00
Dr. Stephen Henson
a4c9668f3c Automatically mark the CRL cached encoding as invalid when some operations
are performed.
2004-12-09 13:34:41 +00:00
cvs2svn
f1ca15dd69 This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2004-12-09 11:57:39 +00:00
Andy Polyakov
b4e0ce5165 SHA1 assembler for IA-64. 2004-12-09 11:57:38 +00:00
Andy Polyakov
17f0e916db Extend RC4 test. 2004-12-07 11:55:56 +00:00
Dr. Stephen Henson
41c70d47d7 Remaing bits of PR:620 relevant to 0.9.8. 2004-12-05 01:50:56 +00:00
Dr. Stephen Henson
ec46cd8bb8 Remaining parts of PR:620 2004-12-05 01:46:03 +00:00
Dr. Stephen Henson
da8534693c Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620
2004-12-05 01:04:44 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620
2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
c98175bf88 In by_file.c check last error for no start line, not first error. 2004-12-04 21:26:11 +00:00
Dr. Stephen Henson
3e66ee9f01 In by_file.c check last error for no start line, not first error. 2004-12-04 21:25:51 +00:00
Dr. Stephen Henson
8db8893cd7 V1 certificates that aren't self signed can't be accepted as CAs. 2004-12-03 00:10:59 +00:00
Dr. Stephen Henson
8f284faaec V1 certificates that aren't self signed can't be accepted as CAs. 2004-12-03 00:10:34 +00:00
Andy Polyakov
3010b1730e sha1_block_asm_data_order can't hash if message crosses 2GB boundary.
[back-port from HEAD branch]
2004-12-02 17:05:38 +00:00
Andy Polyakov
f670069a19 Back-port of RC4 assembler support for IA-64 from HEAD branch. 2004-12-02 10:54:36 +00:00
Andy Polyakov
575dbdc965 Downstream update from HEAD 2004-12-02 10:09:50 +00:00
Andy Polyakov
f774accdbf Fix rc4-ia64.S to pass more exhaustive regression tests. 2004-12-02 10:07:55 +00:00
Dr. Stephen Henson
8544a80776 Add couple of OIDs. Resync NIDs for consistency with 0.9.7. 2004-12-01 18:09:53 +00:00
Dr. Stephen Henson
2e1366366e Add two OIDs, make update 2004-12-01 17:55:07 +00:00
Andy Polyakov
fda344ece8 Complete backport of i386 RC4 assembler module from HEAD. 2004-12-01 15:45:34 +00:00
Andy Polyakov
280e3bd2c9 Downstream update from HEAD. 2004-12-01 15:30:50 +00:00
Andy Polyakov
7c69478064 I've introduced a bug to i386 RC4 assembler, which would emerge with
certain mix of calls to RC4 routine not covered by rc4test.c.
It's fixed now. In addition this patch inadvertently fixes minor
performance problem: in 0.9.7 context P4 was performing 12% slower
than the original implementation...
2004-12-01 15:28:18 +00:00
Dr. Stephen Henson
41191d14ce Perform partial comparison of different character types in X509_NAME_cmp(). 2004-12-01 01:45:57 +00:00
Dr. Stephen Henson
1862dae862 Perform partial comparison of different character types in X509_NAME_cmp(). 2004-12-01 01:45:30 +00:00
Andy Polyakov
62c19d2dd9 Back-port of RC4 assembler support for AMD64 from HEAD branch. 2004-11-30 18:00:33 +00:00
Andy Polyakov
2d1a37bc9f Downsync new and updated RC4 assembler modules from HEAD. 2004-11-30 17:53:44 +00:00
cvs2svn
24e85c3dee This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2004-11-30 15:46:47 +00:00
Andy Polyakov
b7b46c9a87 Add 0.9.7 specific comments to RC4 assembler modules. 2004-11-30 15:46:46 +00:00
Richard Levitte
5073ff0346 Split X509_check_ca() into a small self and an internal function
check_ca(), to resolve constness issue.  check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().
2004-11-30 12:18:55 +00:00
Richard Levitte
fa032a6941 Split X509_check_ca() into a small self and an internal function
check_ca(), to resolve constness issue.  check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().
2004-11-30 12:18:53 +00:00
Andy Polyakov
fc7fc5678f sha1_block_asm_data_order can't hash if message crosses 2GB boundary. 2004-11-29 21:19:56 +00:00
Andy Polyakov
7a3240e319 Final touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core. 2004-11-29 21:12:58 +00:00
Richard Levitte
30b415b076 Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)
2004-11-29 11:28:08 +00:00
Richard Levitte
cd52956357 Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)
2004-11-29 11:18:00 +00:00
Andy Polyakov
914c2a28c0 perlasm/x86[ms|nasm] update to accomodate updated RC4 assembler module. 2004-11-27 15:14:58 +00:00
Andy Polyakov
bc3e7fabe7 Engage RC4 IA-64 assembler module. 2004-11-26 15:12:17 +00:00
Andy Polyakov
d675c74d14 RC4 IA-64 assembler implementation. 2004-11-26 15:07:50 +00:00
cvs2svn
4443f44012 This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2004-11-25 18:21:27 +00:00
Dr. Stephen Henson
dfcf822c65 Check return code of EVP_CipherInit() in PKCS#12 code. 2004-11-24 01:21:57 +00:00
Dr. Stephen Henson
9d2996b82f Check return code of EVP_CipherInit() in PKCS#12 code. 2004-11-24 01:21:03 +00:00
Andy Polyakov
959f9b1158 linux-x86_64 didn't link after EM64T RC4 tune-up... 2004-11-23 09:06:12 +00:00
Andy Polyakov
376729e130 RC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's
apparently impossible to compose blended code with would perform
satisfactory on all x86 and x86_64 cores, an extra RC4_CHAR
code-path is introduced and P4 core is detected at run-time. This
way we keep original performance on non-P4 implementations and
turbo-charge P4 performance by factor of 2.8x (on 32-bit core).
2004-11-21 10:36:25 +00:00
Dr. Stephen Henson
ced27cc681 PR: 959
Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
2004-11-13 13:52:34 +00:00
Dr. Stephen Henson
f94481196c The use of "exp" as a variable name in a prototype causes a conflict with FC2
headers.
2004-11-11 01:18:57 +00:00
Andy Polyakov
68d9e764cb As was shown by Marc Bevand reordering of couple of load operations
results in even higher performance gain of 3.3x:-) At least on
Opteron...
2004-11-09 17:23:26 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Richard Levitte
a2617f727d Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:53:31 +00:00
Richard Levitte
ee478901b0 Make sure memmove() is defined, even on SunOS 4.1.4.
PR: 963
2004-11-01 07:58:43 +00:00
Richard Levitte
1a4b8e7cee Make sure memmove() is defined, even on SunOS 4.1.4.
PR: 963
2004-11-01 07:58:38 +00:00
Richard Levitte
871080b94b fips/dh was missing in mkfiles.pl.
make update
2004-10-26 12:17:25 +00:00
Dr. Stephen Henson
2f547d2c1c Change version numbers to 0.9.7f-dev 2004-10-25 11:31:28 +00:00
Dr. Stephen Henson
bfb7bac83b Updates for 0.9.7e release. 2004-10-25 11:24:39 +00:00
Dr. Stephen Henson
75f7141ab4 make update 2004-10-25 00:04:22 +00:00
Geoff Thorpe
58ae65cd1a Update ECDSA and ECDH for OPENSSL_NO_ENGINE.
Reported by: Maxim Masiutin
Submitted by: Nils Larsch
2004-10-21 00:06:14 +00:00
Richard Levitte
9e57ab615c Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up.  Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.
2004-10-14 05:49:01 +00:00
Richard Levitte
5b0f1f7d13 Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up.  Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.
2004-10-14 05:48:59 +00:00
Dr. Stephen Henson
70bfcc895e Oops.. 2004-10-04 17:28:57 +00:00
Dr. Stephen Henson
785e827323 Oops! 2004-10-04 17:28:31 +00:00
Dr. Stephen Henson
2f605e8d24 Fix race condition when CRL checking is enabled. 2004-10-04 16:30:12 +00:00
Dr. Stephen Henson
8de8bcbe2c Fix race condition when CRL checking is enabled. 2004-10-04 16:27:36 +00:00
Dr. Stephen Henson
175ac6811a Don't use C++ reserved work "explicit". 2004-10-01 11:21:53 +00:00
Andy Polyakov
07d488daf6 Fix Solaris 10_x86 shared build. -Bsymbolic is required to avoid
"remaining relocations" in assembler modules. The latter seems to
be new behaviour, elder as/ld managed to resolve this relocations
as internal. It's possible to address this problem differently,
but I settle for -Bsymbolic...
PR: 546
2004-09-28 20:45:10 +00:00
Richard Levitte
c38ff58b6b Move the declaration of alloca() so it's ony declared when really
necessary.
2004-09-27 21:59:44 +00:00
Andy Polyakov
c29ef588dc SHA1 asm Pentium tune-up. Performance loss is not as bad anymore. 2004-09-27 09:37:03 +00:00
Andy Polyakov
968c31bd84 sha256_block advances the input pointer double as fast sometimes. Fix the
bug and test that it's actually gone.
PR: 950
2004-09-27 09:35:59 +00:00
Geoff Thorpe
c743966156 Nils Larsch reported that this include is required. Strange that this had
gone unnoticed ...
2004-09-24 23:37:52 +00:00
Richard Levitte
bb09fd2bb6 Import changed files from LPlib. The changes are logged as follows
for LPdir_unix.c in LPlib.  For the other files, only the last log
entry applies.

----------------------------
revision 1.11
date: 2004/09/23 22:07:22;  author: _cvs_levitte;  state: Exp;  lines: +20 -6
Define my own macro LP_ENTRY_SIZE to express the size of my own
buffering of directory entries, and make it depend on whichever comes
first of PATH_MAX and NAME_MAX.  As a fallback, make sure it's set to
255 if neither PATH_MAX or NAME_MAX were defined.  Also, if the size
given from PATH_MAX or NAME_MAX is less than 255, force LP_ENTRY_SIZE
to be 255.

It makes no harm whatsoever if LP_ENTRY_SIZE is larger than the
maximum local path name limit.  It does make a lot of harm if
LP_ENTRY_SIZE is smaller.  255 seemed like a fairly acceptable default
when nothing else is available.
----------------------------
revision 1.10
date: 2004/08/26 13:36:05;  author: _cvs_levitte;  state: Exp;  lines: +13 -13
License correction.  I am not REGENTS, just a COPYRIGHT HOLDER.
----------------------------
2004-09-23 22:11:39 +00:00
Geoff Thorpe
280eb33b59 Remove distracting comments and code. Thanks to Nils for picking up on the
outstanding ticket.

PR: 926
2004-09-19 04:55:15 +00:00
Geoff Thorpe
f79110c633 Two TODO comments taken care of. Nils pointed out that one of them had already
been done, and took care of the other one (which hadn't).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-09-19 04:43:46 +00:00
Geoff Thorpe
6ef2ff62fc Make -Werror happy again. 2004-09-18 01:32:32 +00:00
Dr. Stephen Henson
980aea7860 Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap(). 2004-09-15 23:47:25 +00:00
Dr. Stephen Henson
d06db8ad9e Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap(). 2004-09-15 23:38:45 +00:00
Dr. Stephen Henson
ffa8e7b74c Oops, forgot to reorder extension request nids. 2004-09-13 22:39:49 +00:00
Dr. Stephen Henson
bd9327baa9 Change values of MBSTRING_* to the form MBSTRING_FLAG|nbyte as assumed
in ASN1_STRING_to_UTF8().
2004-09-13 22:33:56 +00:00
Dr. Stephen Henson
85e8decc16 ASN1_STRING_to_UTF8() assumed that the MBSTRING_* flags were of
the form MBSTRING_FLAG|nbyte where "nbyte" is the number of
bytes per character.

Unfortunately this isn't so and we can't change the #defines because
this would break binary compatibility, so for 0.9.7X only translate
between the two.
2004-09-13 22:30:31 +00:00
Richard Levitte
6f9bafafa3 - There's no more need for the snprintf macro.
- Move the inclusion of malloc.h until after all other includes, so we
  can do proper tests of system macros.
- Make sure the correct header file is included to get the builtin
  "alloca" under VMS, and define a macro to map the symbol 'alloca' to
  it.
2004-09-13 09:15:06 +00:00
Richard Levitte
422a4a33a5 Synchronise with Unix build. 2004-09-12 13:02:04 +00:00
Dr. Stephen Henson
8f349c58f7 Stop warning. 2004-09-10 20:27:45 +00:00
Dr. Stephen Henson
cfafb6a73d When looking for request extensions in a certificate look first
for the PKCS#9 OID then the non standard MS OID.
2004-09-10 20:26:30 +00:00
Dr. Stephen Henson
58606421ae When looking for request extensions in a certificate look first
for the PKCS#9 OID then the non standard MS OID.
2004-09-10 20:20:54 +00:00
Richard Levitte
d813ff2ac1 make update 2004-09-10 10:30:33 +00:00
Andy Polyakov
36734b2bab Make VIA Padlock engine more platform friendly and eliminate compiler
warning.

Submitted by: Doug Kaufman <dkaufman@rahul.net>
2004-09-09 14:54:12 +00:00
Andy Polyakov
c85c5c408a x86 assembler updates: more instructions, new OPENSSL_instrument_halt
[for DJGPP]...
2004-09-09 14:50:32 +00:00
Richard Levitte
2c1677d703 Synchronise VMS build files with Unixly Makefiles. 2004-09-08 08:13:34 +00:00
Richard Levitte
72348cbb8d Another symbol longer than 31 characters... 2004-09-08 08:13:03 +00:00
Dr. Stephen Henson
5d7c222db8 New X509_VERIFY_PARAM structure and associated functionality.
This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.
2004-09-06 18:43:01 +00:00
Dr. Stephen Henson
d993addbed Stop compiler warnings. 2004-09-06 18:37:46 +00:00
Andy Polyakov
16760a3089 Proper support for OpenBSD-i386 shared build, including assember modules!
"Proper" means "compiles and passes test." Versioning is broken (I think).
2004-08-29 21:36:37 +00:00
Andy Polyakov
2b247cf81f OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a
symbol, but a macro expanded as (*(OPENSSL_ia32cap_loc())). The latter
is the only one to be exported to application.
2004-08-29 16:36:05 +00:00
Andy Polyakov
746fc2526f Fix compiler warnings in crypto/evp/bio_ok.c as pointed out by Geoff. 2004-08-29 16:19:27 +00:00
Andy Polyakov
a8c65b400c crypto/perlasm update primarily to unify Netware modules. Once it's verified
x86*_nw.pl will be deleted. In addition this update implements initseg
on several additional [in addition to ELF] platforms. Functions registered
with initseg are supposed to be called prior main().
2004-08-29 16:10:27 +00:00
Andy Polyakov
526975906b Minor VIA Padlock engine update: eliminate -Wunused warning when *not*
compiling the engine and inline memcpy in performance critical pathes.
2004-08-24 09:01:09 +00:00
Andy Polyakov
4157fae6fe Sync aes_ctr.c with HEAD. 2004-08-23 22:28:27 +00:00
Andy Polyakov
14fa6ad9f9 Make aes_ctr.c 64-bit savvy. 2004-08-23 22:19:51 +00:00
Richard Levitte
bb1a915c24 Basically, I wanted to be able to make a dump to a FILE*, and not have
to bother creating a BIO around it.  So here's a few more functions to
make it possible to make the dump using a printing callback, and to
print to a FILE* (based on the callback variant), done in the same
style as the functions in crypto/err/err_prn.c.
2004-08-11 21:13:57 +00:00
Dr. Stephen Henson
8c172bce1c Make ASN1_INTEGER_cmp() work as expected with negative integers. 2004-08-10 17:40:31 +00:00
Dr. Stephen Henson
e08aad1d14 Make ASN1_INTEGER_cmp() work as expected with negative integers. 2004-08-10 17:40:14 +00:00
Richard Levitte
1033449613 make update 2004-08-10 09:09:08 +00:00
Dr. Stephen Henson
bb82123707 Don't ignore return values of EVP_DigestInit_ex() in md BIOs and dgst. 2004-08-05 18:10:46 +00:00
Dr. Stephen Henson
c128bb0fa2 Don't ignore return value of EVP_DigestInit_ex() in md BIOs and dgst utility. 2004-08-05 18:09:50 +00:00
Andy Polyakov
b88606c28e Padlock engine update to fix a typo in MSC assembler and to address
potential corruption problem if user manages to inter-leave aligined
and misaligned requests [as well as some MSC-specific tweaks].
2004-08-04 12:58:26 +00:00
Richard Levitte
2ea6abf6e5 DJGPP has opendir() and friends, according to Gisle Vanem <giva@bgnett.no>. 2004-08-03 19:15:21 +00:00
Andy Polyakov
42096e05f7 Avoid a.out name table pollition. 2004-08-02 22:02:17 +00:00
Andy Polyakov
7d15a556f8 Minor clean-up to make Microsoft compiler shut up. 2004-08-02 21:54:40 +00:00
Andy Polyakov
5b17246324 VIA C3 processor extends IA-32 instruction set with instuctions
performing AES encryption in hardware, as well as one accessing
hardware RNG. As you surely imagine this engine access this
extended instruction set. Well, only AES for the moment, support
for RNG is to be added later on...
PR: 889
Submitted by: Michal Ludvig <michal@logix.cz>

Obtained from: http://www.logix.cz/michal/devel/padlock/
2004-08-02 21:48:11 +00:00
Richard Levitte
eb7bb58471 Let's lock a write lock when changing values, shall we?
Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk> for making
me aware of this error.
2004-08-02 14:15:07 +00:00
Andy Polyakov
c77094415f Cygwin fix-up for shared build. 2004-08-01 21:24:34 +00:00
Andy Polyakov
34413fca84 OpenBSD fix-up for new a.out targets. OpenBSD .s.o rule is busted... 2004-08-01 21:16:26 +00:00
Andy Polyakov
ec38ddc765 Clean-up GAS targets: get rid of "cpp" stuff and replace it with "purified"
COFF and a.out targets [similar to ELF targets]. You might notice some
rudementary support for shared mingw builds under cygwin. It works (it
produces cryptoeay32.dll and ssleay32.dll with everything exported by
name), but it's primarily for testing/debugging purposes, at least for
now...
2004-08-01 17:33:58 +00:00
Andy Polyakov
8aae01e223 Deprecate cpp and gaswin targets. New coff fills in for gaswin, but cpp is
going out...
2004-08-01 17:03:50 +00:00
Andy Polyakov
00555c2f2f DLLEntryPoint is a collective name, not what linker looks for. However,
if we explicitly intruct the linker to set entry point, then we become
obliged to initialize run-time library. Instead we can pick name run-time
will call and such name is DllMain. Note that this applies to both
"native" Win32 environment and Cygwin:-)
2004-08-01 14:27:43 +00:00
Richard Levitte
7f9c37457a To protect FIPS-related global variables, add locking mechanisms
around them.

NOTE: because two new locks are added, this adds potential binary
incompatibility with earlier versions in the 0.9.7 series.  However,
those locks will only ever be touched when FIPS_mode_set() is called
and after, thanks to a variable that's only changed from 0 to 1 once
(when FIPS_mode_set() is called).  So basically, as long as FIPS mode
hasn't been engaged explicitely by the calling application, the new
locks are treated as if they didn't exist at all, thus not becoming a
problem.  Applications that are built or rebuilt to use FIPS
functionality will need to be recompiled in any case, thus not being a
problem either.
2004-07-30 14:38:02 +00:00
Richard Levitte
88a8ae6aee We build the crypto stuff, not the ssl stuff, in this command procedure... 2004-07-29 22:26:03 +00:00
Richard Levitte
07d80f6f35 We build the crypto stuff, not the ssl stuff, in this command procedure... 2004-07-29 22:25:59 +00:00
Dr. Stephen Henson
e4c1c03c5b Add FIPS name to error library. 2004-07-27 00:20:41 +00:00
Dr. Stephen Henson
a25aca2943 Oops, wrong version... 2004-07-27 00:19:58 +00:00
Dr. Stephen Henson
48c524827b Add FIPS library name to error routines. 2004-07-27 00:19:18 +00:00
Andy Polyakov
ebaec63e3e This is so to say "damage control" for jumbo "cpuid" patch, see
http://cvs.openssl.org/chngview?cn=12493. Now all platform should
be operational, while SSE2 code pathes get engaged on ELF platforms
only.
2004-07-26 22:01:50 +00:00
Andy Polyakov
14e21f863a Add framework for yet another assembler module dubbed "cpuid." Idea
is to have a placeholder to small routines, which can be written only
in assembler. In IA-32 case this includes processor capability
identification and access to Time-Stamp Counter. As discussed earlier
OPENSSL_ia32cap is introduced to control recently added SSE2 code
pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the
code is operational on ELF platforms only. I haven't checked it yet,
but I have all reasons to believe that Windows build should fail to
link too. I'll be looking into it shortly...
2004-07-26 20:18:55 +00:00
Andy Polyakov
f10725a6e1 Zero key-length for HMAC is apparently OK. 2004-07-25 20:24:49 +00:00
Andy Polyakov
0f71b77d5c Make bio_ok.c Microsoft compiler savvy. 2004-07-25 20:13:30 +00:00
Andy Polyakov
d6bb6a88be Typos, typos... 2004-07-25 20:09:56 +00:00
Andy Polyakov
3205db2bfe Make bio_ok.c 64-bit savvy. 2004-07-25 19:37:41 +00:00
Andy Polyakov
6f86850eec Stricter boundary condition check in HMAC_Init_ex. 2004-07-25 19:25:05 +00:00
Andy Polyakov
16ab8a93bc Minor 64-bit md32_common.h update and minor unsignification of digests. 2004-07-25 19:10:43 +00:00
Andy Polyakov
fbf96849e9 Make SHA-256/-512 optional. Note that no-sha switches off *all* SHA. 2004-07-25 18:25:24 +00:00
Andy Polyakov
d70e2507f8 Some compilers are just too whiny. Nothing makes Microsoft compiler
stop complaining about loss of precision, but explicit cast.
2004-07-25 17:00:56 +00:00
Andy Polyakov
2fcf435d73 Some compilers are just too whiny. DEC C doesn't like long long... 2004-07-25 16:54:08 +00:00
Andy Polyakov
da2ee71de5 Typos and due casts. As for the latter. It's "safe" to cast as below,
because "wrong" casts will either be optimized away or never performed.
2004-07-25 16:48:28 +00:00
Andy Polyakov
33c3ecf741 Build-n-link new IA-64 modules on Linux and HP-UX. 2004-07-23 23:27:10 +00:00
Andy Polyakov
5bd4c26057 Various IA-64 assembler fix-ups. 2004-07-23 22:54:18 +00:00
Andy Polyakov
afe67fb28e Adapt rc4-amd64.pl for Win64/AMD64 assembler. 2004-07-23 17:51:17 +00:00
Richard Levitte
f744f92adb From LPlib:
Apparently, the length *including* the NUL byte should be used.

Contributed by Andy Polyakov <appro@fy.chalmers.se>
2004-07-22 18:34:06 +00:00
Richard Levitte
75f134c077 From LPlib:
Make a nicer comment, as we don't really know for sure that it's
really needed, and just want to play on the safe side.

Suggest by Andy Polyakov <appro@fy.chalmers.se>
2004-07-22 13:00:14 +00:00
Andy Polyakov
f1bdf1d518 #include <limits.h> is required at least on HP-UX and IRIX. And what's
with HP-UX offering 14 for NAME_MAX?
2004-07-22 10:53:26 +00:00
Andy Polyakov
d58caee734 EVP_Digest is size_t-fied, clean up test programs accordingly. 2004-07-22 10:25:52 +00:00
Andy Polyakov
e39c2548f5 Run SHA-256/-512 tests through EVP... 2004-07-22 10:21:13 +00:00
Andy Polyakov
8169dd73f9 All SIXTY_FOUR_BIT platforms (mind the difference between SIXTY_FOUR_BIT and
SIXTY_FOUR_BIT_LONG) were failing to pass 'cd test; make test_bn'.
2004-07-22 09:32:11 +00:00
Richard Levitte
765e231a7c From LPlib:
Some code beautification.

Change the macro CP_THREAD_ACP to CP_ACP, because the latter is more
widely defined.

Add a conditional macro definition in case FindFirstFile and
FindNextFile aren't properly defined (might happen on WinCE).

Suggested by Andy Polyakov <appro@fy.chalmers.se>
2004-07-21 21:16:21 +00:00
Dr. Stephen Henson
43894f9c0d When in FIPS mode write private keys in PKCS#8 and PBES2 format to
avoid use of prohibited MD5 algorithm.
2004-07-21 17:41:26 +00:00
Andy Polyakov
c6e27dcf31 Make rand_win.c UNICODE savvy. "Backport" from HEAD. 2004-07-21 17:18:53 +00:00
Andy Polyakov
89c53672c2 Make rand_win.c UNICODE savvy. 2004-07-21 17:17:30 +00:00
Richard Levitte
64ba6cf222 From LPlib:
Windows changes that detects if multibyte characters are available and
deals with them properly.

Contributed by Andy Polyakov <appro@fy.chalmers.se>
2004-07-20 21:24:43 +00:00
Richard Levitte
210a4f78ae Imported from LPlib, making sure the entry name (at least on Unix) is
NUL-teminated at all times, and that we don't make unneeded calls to
free().
2004-07-19 16:36:28 +00:00
Richard Levitte
334ef04949 Since version 7.0, The C RTL in VMS handles time in terms of UTC
instead of local time.
2004-07-19 07:50:43 +00:00
Richard Levitte
a47e836efe Since version 7.0, The C RTL in VMS handles time in terms of UTC
instead of local time.
2004-07-19 07:49:47 +00:00
Andy Polyakov
859ceeeb51 Anchor AES and SHA-256/-512 assembler from C. 2004-07-18 17:26:01 +00:00