Commit graph

273 commits

Author SHA1 Message Date
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Bodo Möller
b53e44e572 implement and use new macros BN_get_sign(), BN_set_sign()
Submitted by: Nils Larsch
2002-11-04 13:17:22 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Bodo Möller
74cc4903ef make update 2002-08-09 12:16:15 +00:00
Lutz Jänicke
3aecef7697 "make update" 2002-07-30 12:44:33 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam'
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Dr. Stephen Henson
0c372b94f7 Make {RSA,DSA,DH}_new_method obtain and release an ENGINE
functional reference in all cases.
2002-03-09 18:25:03 +00:00
Dr. Stephen Henson
2c2f9e2cc3 Make sure the type accessed by the LONG and ZLONG ASN1 type
is really a long, to avoid problems on platforms where
sizeof(int) != sizeof(long).
2002-03-05 13:48:51 +00:00
Bodo Möller
4d94ae00d5 ECDSA support
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our
types.h to ossl_typ.h.
2001-10-04 07:32:46 +00:00
Geoff Thorpe
534aaf3731 "make update". 2001-09-25 20:39:59 +00:00
Geoff Thorpe
cb78486d97 This commits changes to various parts of libcrypto required by the recent
ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE
pointers to manage their hooking with ENGINE. Previously their use of
"method" pointers was replaced by use of ENGINE references. See
crypto/engine/README for details.

Also, remove the ENGINE iterations from evp_test - even when the
cipher/digest code is committed in, this functionality would require a
different set of API calls.
2001-09-25 20:23:40 +00:00
Bodo Möller
6ac4e8bd6e Rename recently introduced functions for improved code clarity:
[DR]SA_up  =>  [DR]SA_up_ref
2001-09-03 13:40:07 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Geoff Thorpe
5cbc2e8bc1 Give DH, DSA, and RSA functions to "up" their reference counts. Otherwise,
dependant code has to directly increment the "references" value of each
such structure using the corresponding lock. Apart from code duplication,
this provided no "REF_CHECK/REF_PRINT" checking and violated
encapsulation.
2001-08-25 17:24:21 +00:00
Geoff Thorpe
b7727ee616 The indexes returned by ***_get_ex_new_index() functions are used when
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
2001-08-12 16:52:00 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Ben Laurie
bb2297a41d Header bloat reduction for EVP_PKEY. 2001-08-03 18:48:35 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Lutz Jänicke
a75b191502 Fix problem occuring when used from OpenSSH on Solaris 8. 2001-07-26 09:02:44 +00:00
Bodo Möller
c458a33196 DSA verification should insist that r and s are in the allowed range. 2001-06-26 09:48:17 +00:00
Dr. Stephen Henson
0c9de428ae In {RSA,DSA,DH}_new_method(x) need to increase the reference
count of the ENGINE is x is not NULL since it will be freed
in {RSA,DSA,DH}_free().
2001-06-23 23:07:34 +00:00
Richard Levitte
55dcfa421c make update 2001-06-23 16:43:03 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Richard Levitte
2b49dd1e8f 'make update' 2001-06-05 20:32:36 +00:00
Geoff Thorpe
7ae551fd03 In RSA, DSA, DH, and RAND - if the "***_new()" function fails because the
ENGINE code does not return a default, set an error.
2001-04-30 15:24:41 +00:00
Dr. Stephen Henson
c962479bdf Fix ASN1 bug when decoding OTHER type.
Various S/MIME DSA related fixes.
2001-04-21 12:06:01 +00:00
Bodo Möller
10654d3a74 Forcibly enable memory leak checking during "make test" 2001-03-11 14:49:46 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Dr. Stephen Henson
d339187b1a Get rid of ASN1_ITEM_FUNCTIONS dummy function
prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;
2001-02-23 12:47:06 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Ulf Möller
12c2fe8d53 Use BN_rand_range(). 2001-02-20 00:43:59 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Bodo Möller
e306892994 Simplify BN_rand_range 2001-02-10 00:34:02 +00:00
Bodo Möller
35ed8cb8b6 Integrate my implementation of a countermeasure against
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
2001-02-08 12:14:51 +00:00
Ulf Möller
57e7d3ce15 Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00
Ben Laurie
4978361212 Make depend. 2001-02-04 21:06:55 +00:00
Dr. Stephen Henson
9d6b1ce644 Merge from the ASN1 branch of new ASN1 code
to main trunk.

Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00
Geoff Thorpe
d50f1bdfac Do to DH and DSA what has already been done to RSA. This involves moving
the initialisation and cleanup of "ex_data" elements to before an init()
handler and after a finish() handler respectively.
2000-11-29 19:59:45 +00:00
Richard Levitte
0cc1115643 Make sure bs is assigned NULL when it's free'd, or there will be an
(incorrect) attempt to free it once more...
2000-11-19 14:14:52 +00:00
Ulf Möller
6a8ba34f9d in some new file names the first 8 characters were not unique 2000-11-12 22:32:18 +00:00
Richard Levitte
a4aba800d9 Constify DSA-related code. 2000-11-07 13:54:39 +00:00
Richard Levitte
5270e7025e Merge the engine branch into the main trunk. All conflicts resolved.
At the same time, add VMS support for Rijndael.
2000-10-26 21:07:28 +00:00
Richard Levitte
4e20a4e688 'ranlib' doesn't always run on some systems. That's actually
acceptable, since all that happens if it fails is a library with
an index, which makes linking slower, but still working correctly.
2000-09-25 08:53:15 +00:00
Ulf Möller
c11dead17c Don't set the two top bits to one when generating a random number < q.:wq 2000-09-13 01:45:54 +00:00
Richard Levitte
62ab514e98 'make update' 2000-09-07 08:46:51 +00:00
Geoff Thorpe
1c4f90a05d Enable DSO support on alpha (OSF1), cc and gcc.
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
2000-06-13 12:59:38 +00:00
Richard Levitte
ef33b97050 Using checks of the existence of HEADER_{foo}_H in other header files
was a really bad idea.  For example, the following:

	#include <x509.h>
	#include <bio.h>
	#include <asn1.h>

would make sure that things like ASN1_UTCTIME_print() wasn't defined
unless you moved the inclusion of bio.h to above the inclusion of
x509.h.  The reason is that x509.h includes asn1.h, and the
declaration of ASN1_UTCTIME_print() depended on the definition of
HEADER_BIO_H.  That's what I call an obscure bug.

Instead, this change makes sure that whatever header files are needed
for the correct process of one header file are included automagically,
and that the definitions of, for example, BIO-related things are
dependent on the absence of the NO_{foo} macros.  This is also
consistent with the way parts of OpenSSL can be excluded at will.
2000-06-09 10:41:35 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Richard Levitte
82271cee5b In Message-ID: <003201bfb332$14a07520$0801a8c0@janm.transactionsite.com>,
"Jan Mikkelsen" <janm@transactionsite.com> correctly states that the
OpenSSL header files have #include's and extern "C"'s in an incorrect
order.  Thusly fixed.
2000-05-02 12:16:01 +00:00
Geoff Thorpe
da414db464 The handling of DSA_METHOD and DH_METHOD wasn't quite as problematic as
with RSA_METHOD (the **_get_default_methods do set the default value if
it's not set). However, the code had some duplication and was a bit
conter-intuitive.
2000-04-20 07:58:11 +00:00
Bodo Möller
59fc2b0fc2 Preserve reason strings in automatically build tables. 2000-03-05 00:19:36 +00:00
Bodo Möller
19c057da2e Check BN_rand return value.
"make update".
2000-02-29 22:37:27 +00:00
Bodo Möller
29a28ee503 Cosmetic changes. 2000-02-05 21:28:09 +00:00
Ulf Möller
9b141126d4 New functions BN_CTX_start(), BN_CTX_get(), BN_CTX_end() to access
temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but
the BN_CTX implementation could now easily be changed.
2000-02-05 14:17:32 +00:00
Dr. Stephen Henson
82fc1d9c28 Add new -notext option to 'ca', -pubkey option to spkac.
Remove some "WTF??" casts from applications.

Fixes to keep VC++ happy and avoid warnings.

Docs tidy.
2000-02-03 02:56:48 +00:00
Bodo Möller
aff0825c61 Tolerate negative numbers in BN_is_prime. 2000-02-02 22:18:01 +00:00
Bodo Möller
e74231ed9e rndsort{Miller, Rabin} primality test. 2000-02-02 21:20:44 +00:00
Bodo Möller
7865b871c0 Tiny changes to previous patch (the log message was meant to be
"Make DSA_generate_parameters faster").
2000-01-30 02:40:38 +00:00
Bodo Möller
a87030a1ed Make DSA_generate_parameters, and fix a couple of bug
(including another problem in the s3_srvr.c state machine).
2000-01-30 02:23:03 +00:00
Ulf Möller
38e33cef15 Document DSA and SHA.
New function BN_pseudo_rand().
Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
generating DSA primes (why not use BN_is_prime()?)
2000-01-27 19:31:26 +00:00
Dr. Stephen Henson
dd9d233e2a Tidy up CRYPTO_EX_DATA structures. 2000-01-23 23:41:49 +00:00
Ulf Möller
e7f97e2d22 Check RAND_bytes() return value or use RAND_pseudo_bytes(). 2000-01-21 01:15:56 +00:00
Bodo Möller
7d388202bd add "randomness" 2000-01-15 21:48:46 +00:00
Dr. Stephen Henson
ce1b4fe146 Allow additional information to be attached to a
certificate: currently this includes trust settings
and a "friendly name".
1999-11-04 00:45:35 +00:00
Bodo Möller
798757762a Improve support for running everything as a monolithic application.
Submitted by: Lennart Bång, Bodo Möller
1999-10-25 19:36:01 +00:00
Dr. Stephen Henson
08e9c1af6c Replace the macros in asn1.h with function equivalents. Also make UTF8Strings
tolerated in certificates.
1999-10-20 01:50:23 +00:00
Ralf S. Engelschall
f846335657 Add prototypes for new DSA functions Steve added recently. 1999-10-04 10:55:04 +00:00
Ulf Möller
43ca6c02dc make update. 1999-08-24 17:45:16 +00:00
Dr. Stephen Henson
13066cee60 Initial support for DH_METHOD. Also added a DH lock. A few changes made to
DSA_METHOD to make it more consistent with RSA_METHOD.
1999-08-23 23:11:32 +00:00
Dr. Stephen Henson
c0711f7f0f Initial support for DSA_METHOD... 1999-08-22 17:57:38 +00:00
Bodo Möller
a12258fcd2 fix the bug 1999-08-06 12:27:39 +00:00
Bodo Möller
48c843c367 New function DSA_dup_DH, and fixes for bugs that were found
while implementing and using it.
1999-08-05 11:50:18 +00:00
Bodo Möller
f0e8ae723c Torture weak compilers less by not automatically including x509.h where
it is not needed.
1999-07-21 22:10:23 +00:00
Bodo Möller
777ab7e611 Fix memory checking. 1999-07-09 16:27:30 +00:00
Bodo Möller
227cd06ffe Avoid some memory holes, one of which was pointed out by
"Chad C. Mulligan" <mulligan@antipope.org>.
1999-06-25 13:41:35 +00:00
Bodo Möller
e0f12c41de Avoid some warnings (on silly compilers). 1999-06-12 09:52:44 +00:00
Bodo Möller
b1c4fe3625 Don't mix real tabs with tabs expanded as 8 spaces -- that's
a pain to read when using 4-space tabs.
1999-06-07 20:26:51 +00:00
Bodo Möller
7e70181723 It was a very bad idea to use #include "../e_os.h" -- when this occurs
in cryptlib.h (which is often included as "../cryptlib.h"), then the
question remains relative to which directory this is to be interpreted.
gcc went one further directory up, as intended; but makedepend thinks
differently, and so probably do some C compilers.  So the ../ must go away;
thus e_os.h goes back into include/openssl (but I now use
#include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) --
and we have another huge bunch of dependency changes.  Argh.
1999-05-21 11:16:48 +00:00
Bodo Möller
d6847aed10 Add a kludge :-(
There were problems with putting e_os.h just into the top directory,
because the test programs are compiled within test/ in the "standard"
case in in their original directories in the makefile.one case;
and in the latter symlinks may not be available.
1999-05-20 22:18:49 +00:00
Bodo Möller
17e3dd1c62 Don't install e_os.h in include/openssl, use it only as a local
include file.
1999-05-20 21:59:20 +00:00
Bodo Möller
127640b449 Update dependencies. 1999-05-15 13:38:48 +00:00
Ben Laurie
5b1b044606 Update dependencies. 1999-05-01 22:36:10 +00:00
Bodo Möller
e5f3045fbf Support INSTALL_PREFIX for packagers.
Submitted by:
Reviewed by:
PR:
1999-04-29 21:52:08 +00:00
Ulf Möller
d575d2924c Ignore Makefile.save
Submitted by: Anonymous
1999-04-29 16:04:54 +00:00
Bodo Möller
1314c344ac Obey $(PERL) when running util/mklink.pl.
Submitted by:
Reviewed by:
PR:
1999-04-29 12:46:59 +00:00
Bodo Möller
6e6acfd4b9 Use util/mklink.pl instead of util/mklink.sh.
Submitted by:
Reviewed by:
PR:
1999-04-28 22:33:54 +00:00
Ulf Möller
d02f751ce1 Message digest stuff. 1999-04-27 04:18:53 +00:00
Ulf Möller
f5d7a031a3 New Configure option no-<cipher> (rsa, idea, rc5, ...). 1999-04-27 01:14:46 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Dr. Stephen Henson
7393480047 Change the command line options of mkerr.pl so -static is now default and
a -write option is needed to actually change anything. Second attempt at
getting rid of ERR, ERRC definitions: it might even work this time :-)
1999-04-24 17:28:43 +00:00
Bodo Möller
c76b0f751f Restore ERRC definitions that are needed to compile the library.
Submitted by:
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR:
1999-04-24 15:57:02 +00:00
Dr. Stephen Henson
6e781e8e07 Delete the unnecessary ERR and ERRC lines in makefiles, add some functionality
to error code script: it can now find untranslatable function codes (usually
because the function is static and not defined in a header: occasionally because
of a typo...) and unreferenced function and reason codes. To see this try:
perl util/mkerr.pl -recurse -debug
Also fixed some typos in crypto/pkcs12 that this found :-)
Also tidy up some error calls that had to be all on one line: the old error
script couldn't find codes unless the call was all on one line.
1999-04-24 13:28:57 +00:00
Dr. Stephen Henson
6d31193858 Complete rewrite of the error code generation script. It now runs as a single
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
1999-04-24 00:15:18 +00:00
Bodo Möller
bf57da0717 "make depend"
Submitted by:
Reviewed by:
PR:
1999-04-23 22:50:50 +00:00
Bodo Möller
ec577822f9 Change #include filenames from <foo.h> to <openssl.h>.
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ben Laurie
61f5b6f338 Work with -pedantic! 1999-04-23 15:01:15 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Ben Laurie
e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Ben Laurie
f73e07cf42 Add type-safe STACKs and SETs. 1999-04-12 17:23:57 +00:00
Ulf Möller
a8da89186c Separate DSA functionality from ASN.1 encoding.
New functions DSA_do_sign and DSA_do_verify to provide access to
the raw DSA values.
1999-04-09 16:24:32 +00:00
Ulf Möller
99aab1619f New Makefile variables $(RANLIB) and $(PERL). 1999-04-01 12:34:33 +00:00
Ben Laurie
b4cadc6e13 Fix security hole. 1999-03-22 12:22:14 +00:00
Ben Laurie
6242bb9c63 Put the dependencies back. 1999-03-06 14:32:48 +00:00
Ralf S. Engelschall
bb8f3c5879 General source tree makefile cleanups: Made `making xxx in yyy...' display
consistent in the source tree and replaced `/bin/rm' by `rm'.  Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.
1999-03-06 12:32:06 +00:00
Ralf S. Engelschall
4b8f2ce648 Typo 1999-02-25 11:06:52 +00:00
Dr. Stephen Henson
a8236c8c32 Fix various memory leaks in SSL, apps and DSA 1999-02-15 21:05:21 +00:00
Ben Laurie
6f93539970 This time, get it right. 1999-01-19 23:25:22 +00:00
Ben Laurie
8039257dbc Finally lay dependencies to rest (I hope!). 1999-01-19 21:36:31 +00:00
Dr. Stephen Henson
6c8abdd744 New err_code.pl script to retain old error codes. This should allow the use
of 'make errors' without causing huge re-organisations of files when a new
code is added.
1999-01-18 22:18:38 +00:00
Ralf S. Engelschall
9cb0969f65 Fix version stuff:
1. The already released version was 0.9.1c and not 0.9.1b

2. The next release should be 0.9.2 and not 0.9.1d, because
   first the changes are already too large, second we should avoid any more
   0.9.1x confusions and third, the Apache version semantics of
   VERSION.REVISION.PATCHLEVEL for the version string is reasonable (and here
   .2 is already just a patchlevel and not major change).
tVS: ----------------------------------------------------------------------
1998-12-31 09:36:40 +00:00
Ralf S. Engelschall
320a14cb5b *** empty log message *** 1998-12-23 12:09:47 +00:00
Ralf S. Engelschall
5f32680329 Switch version string to SSLeay/OpenSSL 1998-12-23 07:53:55 +00:00
Ralf S. Engelschall
651d0aff98 Various cleanups and fixed by Marc and Ralf to start the OpenTLS project 1998-12-22 15:04:48 +00:00
Ralf S. Engelschall
dfeab0689f Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Ralf S. Engelschall
58964a4922 Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00