openssl

Author	SHA1	Message	Date
Andy Polyakov	c50226594d	Don't emit SSE2 instructions unless were asked to. PR: 1073	2005-05-18 08:42:08 +00:00
Andy Polyakov	38a1757168	Engage Applink in mingw. [from HEAD]	2005-05-18 08:17:29 +00:00
Andy Polyakov	51ff6bde38	Engage Applink in mingw. Note that application-side module is not compiled into our aplpications. That's because mingw is always consistent with itself. Having library-side code linked into .dll makes it possible to deploy the .dll with user-code compiled with another compiler [which is pretty much the whole point behind Applink].	2005-05-18 08:16:46 +00:00
Richard Levitte	4104a57107	OpenSSL 0.9.8 has just entered beta status. Not quite releasing yet, since I need to write a NEWS entry. This means we're in feature freeze. HEAD is now 0.9.9-dev.	2005-05-18 04:14:22 +00:00
Richard Levitte	c800a070b5	I just branched 0.9.8, so HEAD needs to be bumped to 0.9.9-dev. The 0.9.8 branch is called OpenSSL_0_9_8-stable.	2005-05-18 03:58:34 +00:00
Andy Polyakov	53d8996764	Engage Applink for VC builds.	2005-05-17 16:50:46 +00:00
Nils Larsch	8712009778	simplify EC_KEY_dup	2005-05-17 12:23:16 +00:00
Bodo Möller	f468e3824a	fix memory leak (BIO_free_all needs pointer to first BIO) PR: 1070	2005-05-17 05:52:24 +00:00
Andy Polyakov	ea1b02db6a	OPENSSL_Applink update.	2005-05-17 00:08:28 +00:00
Andy Polyakov	25a66ee3cb	Move cryptlib.h prior bio.h. Actually it makes sense to include cryptlib.h first everywhere in crypto and skip stdio.h and string.h [because it includes them].	2005-05-17 00:01:48 +00:00
Andy Polyakov	ce92b6eb9c	Further BUILDENV refinement, further fool-proofing of Makefiles and [most importantly] put back dependencies accidentaly eliminated in check-in #13342.	2005-05-16 16:55:47 +00:00
Andy Polyakov	7abbffc3fb	Further BUILDENV clean-up, 'make depend' is operational again.	2005-05-16 14:24:45 +00:00
Nils Larsch	9dd8405341	ecc api cleanup; summary: - hide the EC_KEY structure definition in ec_lcl.c + add some functions to use/access the EC_KEY fields - change the way how method specific data (ecdsa/ecdh) is attached to a EC_KEY - add ECDSA_sign_ex and ECDSA_do_sign_ex functions with additional parameters for pre-computed values - rebuild libeay.num from 0.9.7	2005-05-16 10:11:04 +00:00
Bodo Möller	46a643763d	Implement fixed-window exponentiation to mitigate hyper-threading timing attacks. BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for RSA/DSA/DH private key computations unless RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/ DH_FLAG_NO_EXP_CONSTTIME is set. Submitted by: Matthew D Wood Reviewed by: Bodo Moeller	2005-05-16 01:43:31 +00:00
Bodo Möller	10cde5010d	make update	2005-05-16 00:27:37 +00:00
Andy Polyakov	734540f887	Consolidate BUILDENV [idea is to keep all variables in one place].	2005-05-15 23:53:34 +00:00
Andy Polyakov	804515425a	+20% performance improvement of P4-specific RC4_CHAR loop.	2005-05-15 22:43:00 +00:00
Andy Polyakov	81a86fcf17	Fool-proofing Makefiles	2005-05-15 22:23:26 +00:00
Dr. Stephen Henson	b6995add5c	Make -CSP option work again in pkcs12 utility by checking for attribute in EVP_PKEY structure.	2005-05-15 00:54:45 +00:00
Dr. Stephen Henson	8ccd06c66c	openssl_fcast should always be defined, not just with DEBUG_SAFESTACK	2005-05-14 12:58:20 +00:00
Dr. Stephen Henson	fe86616c72	Some C compilers produce warnings or compilation errors if an attempt is made to directly cast a function of one type to what it considers and incompatible type. In particular gcc 3.4.2. Add new openssl_fcast macro to place functions into a form where the compiler will allow them to be cast. The current version achives this by casting to: void function(void).	2005-05-12 23:01:44 +00:00
Dr. Stephen Henson	ba2ba27008	Avoid warnings.	2005-05-12 22:40:19 +00:00
Dr. Stephen Henson	c596c795bf	Typo.	2005-05-12 17:28:53 +00:00
Ben Laurie	4b26fe30de	There must be an explicit way to build the .o!	2005-05-11 16:39:05 +00:00
Bodo Möller	8afca8d9c6	Fix more error codes. (Also improve util/ck_errf.pl script, and occasionally fix source code formatting.)	2005-05-11 03:45:39 +00:00
Nils Larsch	8b15c74018	give EC_GROUP_new_by_nid a more meanigful name: EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name	2005-05-10 11:37:47 +00:00
Andy Polyakov	e19e549041	Comply with optimization manual (no data should share cache-line with code).	2005-05-09 21:48:01 +00:00
Andy Polyakov	d7561ac576	Allow for 64-bit cache-line alignments in code segment.	2005-05-09 21:27:40 +00:00
Bodo Möller	fbeaa3c47d	Update util/ck_errf.pl script, and have it run automatically during "make errors" and thus during "make update". Fix lots of bugs that util/ck_errf.pl can detect automatically. Various others of these are still left to fix; that's why "make update" will complain loudly when run now.	2005-05-09 00:27:37 +00:00
Bodo Möller	b0ac0a8ef8	improve comment readability	2005-05-09 00:06:54 +00:00
Nils Larsch	7dc17a6cf0	give EC_GROUP_*_nid functions a more meaningful name EC_GROUP_get_nid -> EC_GROUP_get_curve_name EC_GROUP_set_nid -> EC_GROUP_set_curve_name	2005-05-08 22:09:12 +00:00
Andy Polyakov	b6223d2f70	Eliminate "statement with no effect" warning when OPENSSL_assert macro is used with constant assertion.	2005-05-08 19:54:33 +00:00
Andy Polyakov	5d0d60e2f5	x86_64 assembler translator update.	2005-05-07 08:13:51 +00:00
Andy Polyakov	57ee007035	Fix constants. PR: 1059	2005-05-07 08:11:50 +00:00
Richard Levitte	82e8cb403a	Since BN_LLONG will only be defined for Alpha/VMS and not VAX/VMS, there's no need to undefine it here. Then, let's get a bit paranoid and not define BN_ULLONG on THIRTY_TWO_BIT machines when BN_LLONG isn't defined.	2005-05-06 13:34:35 +00:00
Nils Larsch	2c288b2a7e	fix compiler warning; pow10 is also in math.h	2005-05-05 20:57:37 +00:00
Andy Polyakov	0ee883650d	Commentary update motivating code update in 0.9.7.	2005-05-04 14:51:38 +00:00
Andy Polyakov	70cf309517	x86_64 assembler translator update.	2005-05-04 08:42:47 +00:00
Andy Polyakov	8b5bf52ac2	Cvs missed adapted module itself, here it goes...	2005-05-03 23:03:31 +00:00
Andy Polyakov	73a9485081	Engage md5-x86_64 assembler module.	2005-05-03 22:59:17 +00:00
Andy Polyakov	d37a65bc81	Throw in md5-x86_64 assembler.	2005-05-03 22:56:15 +00:00
Andy Polyakov	34c7ff6dc9	Cygwin doesn't expose Win32 [not "officially"].	2005-05-03 21:20:17 +00:00
Andy Polyakov	647907918d	Commentary update.	2005-05-03 21:16:42 +00:00
Andy Polyakov	cee73df3bd	Cpuid modules updates.	2005-05-03 21:05:06 +00:00
Nils Larsch	f15c448a72	remove BN_ncopy, it was only used in bn_nist.c and wasn't particular useful anyway	2005-05-03 20:27:00 +00:00
Nils Larsch	fcb41c0ee8	rewrite of bn_nist.c, disable support for some curves on 64 bit platforms for now (it was broken anyway)	2005-05-03 20:23:33 +00:00
Andy Polyakov	5f1841cdca	Rename amd64 modules to x86_64 and update RC4 implementation.	2005-05-03 15:42:05 +00:00
Andy Polyakov	4b45051902	x86_64 assembler translator update.	2005-05-03 15:35:14 +00:00
Dr. Stephen Henson	05338b58ce	Support for smime-type MIME parameter.	2005-05-01 12:46:57 +00:00
Andy Polyakov	405d9761a5	Allow for ./config no-sha0 [from stable].	2005-04-30 21:51:41 +00:00
Dr. Stephen Henson	98a2fd32a0	Typo.	2005-04-30 18:07:30 +00:00
Dr. Stephen Henson	7bdeeb64ac	Don't attempt to parse nested ASN1 strings by default.	2005-04-30 18:02:54 +00:00
Dr. Stephen Henson	e1cc0671ac	Use more efficient way to locate end of an ASN1 structure.	2005-04-30 13:06:45 +00:00
Nils Larsch	c1a8a5de13	don't let BN_CTX_free(NULL) segfault	2005-04-29 21:20:31 +00:00
Nils Larsch	6a50d0a422	hide the definition of ECDSA_METHOD and ECDSA_DATA (and mutatis mutandis for ecdh)	2005-04-29 15:56:06 +00:00
Nils Larsch	1897c89302	avoid warnings when building on systems where sizeof(void *) > sizeof(int)	2005-04-29 14:26:59 +00:00
Andy Polyakov	3cc54008eb	Pointer to BN_MONT_CTX could be used uninitialized.	2005-04-28 08:49:01 +00:00
Richard Levitte	ff8bcccdd4	Synchronise with Unix build system.	2005-04-28 04:55:28 +00:00
Dr. Stephen Henson	a93b01be57	Increase offset for BIO_f_enc() to avoid problems with overlapping buffers when decrypting data.	2005-04-28 00:21:29 +00:00
Dr. Stephen Henson	6c61726b2a	Lots of Win32 fixes for DTLS. 1. "unsigned long long" isn't portable changed: to BN_ULLONG. 2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used. 2. Avoid lots of compiler warnings about signed/unsigned mismatches. 3. Include new library directory pqueue in mk1mf build system. 4. Update symbols.	2005-04-27 16:27:14 +00:00
Nils Larsch	df9e0bf507	add missing parentheses	2005-04-27 07:57:50 +00:00
Dr. Stephen Henson	879b19801a	Change method_mont_p from (char ) to (BN_MONT_CTX ) and remove several casts.	2005-04-27 00:04:59 +00:00
Dr. Stephen Henson	6ec8e63af6	Port BN_MONT_CTX_set_locked() from stable branch. The function rsa_eay_mont_helper() has been removed because it is no longer needed after this change.	2005-04-26 23:58:54 +00:00
Dr. Stephen Henson	465b9f6b26	Stop unused variable warning.	2005-04-26 23:45:49 +00:00
Dr. Stephen Henson	2deadf1672	Port from stable branch.	2005-04-26 23:21:49 +00:00
Nils Larsch	800e400de5	some updates for the blinding code; summary: - possibility of re-creation of the blinding parameters after a fixed number of uses (suggested by Bodo) - calculatition of the rsa::e in case it's absent and p and q are present (see bug report #785) - improve the performance when if one rsa structure is shared by more than a thread (see bug report #555) - fix the problem described in bug report #827 - hide the definition ot the BN_BLINDING structure in bn_blind.c	2005-04-26 22:31:48 +00:00
Dr. Stephen Henson	667aef4c6a	Port from stable branch.	2005-04-26 22:07:17 +00:00
Bodo Möller	aa4ce7315f	Fix various incorrect error function codes. ("perl util/ck_errf.pl /.c //*.c" still reports many more.)	2005-04-26 18:53:22 +00:00
Bodo Möller	0d5ea7613e	make update	2005-04-26 18:09:21 +00:00
Ben Laurie	36d16f8ee0	Add DTLS support.	2005-04-26 16:02:40 +00:00
Bodo Möller	2e7245f5a3	Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c PR: 959	2005-04-25 23:09:00 +00:00
Andy Polyakov	3d5fd31280	Avoid L1 cache aliasing even between key and S-boxes.	2005-04-24 21:09:20 +00:00
Nils Larsch	9edf4e8157	make asn.1 field names const	2005-04-23 13:45:49 +00:00
Nils Larsch	965a1cb92e	change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible	2005-04-23 10:11:16 +00:00
Ben Laurie	e9ad6665a5	Add debug target, remove cast, note possible bug.	2005-04-23 06:05:24 +00:00
Ben Laurie	b5855b2f32	Add prototypes.	2005-04-22 23:57:46 +00:00
Nils Larsch	a0bee97e55	more const	2005-04-22 21:57:36 +00:00
Nils Larsch	ff22e913a3	- use BN_set_negative and BN_is_negative instead of BN_set_sign and BN_get_sign - implement BN_set_negative as a function - always use "#define BN_is_zero(a) ((a)->top == 0)"	2005-04-22 20:02:44 +00:00
Andy Polyakov	04d0d0accf	Avoid aliasing between stack frames and S-boxes. Compress prefetch code.	2005-04-22 11:49:32 +00:00
Richard Levitte	630e4a6e59	Provide a default OPENSSL_ia32cap_loc for non-Intel platforms where util/libeay.num is important when building shared libraries, like VMS.	2005-04-21 09:10:19 +00:00
Dr. Stephen Henson	2c45bf2bc9	Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts. Remove more bogus shadow warnings.	2005-04-20 21:48:06 +00:00
Dr. Stephen Henson	836ec0c764	Stop compiler warnings about deprecated lvalue casts.	2005-04-20 21:39:13 +00:00
Dr. Stephen Henson	5e72fb063a	Stop bogus shadowing warning.	2005-04-20 21:34:29 +00:00
Richard Levitte	a74286d636	Make sure id2_func is properly cast as well...	2005-04-20 13:17:42 +00:00
Richard Levitte	254cfe878e	signed vs. unsigned.	2005-04-20 13:12:33 +00:00
Richard Levitte	ed824195a1	Avoid compiler complaint about mismatched function signatures (void * != char *)	2005-04-20 13:09:46 +00:00
Richard Levitte	22c3600e4c	Resolve signed vs. unsigned.	2005-04-20 12:55:15 +00:00
Richard Levitte	49f386578e	Type mismatch detected by DEC C compiler. void* != void**	2005-04-20 12:53:50 +00:00
Richard Levitte	7c671508bd	Avoid compiler complaint about mismatched function signatures (void * != RSA *)	2005-04-20 10:02:16 +00:00
Dr. Stephen Henson	987bebaf8c	New "algorithm define" OPENSSL_NO_GMP. Update mkdef.pl and Configure script to use it.	2005-04-19 13:24:44 +00:00
Dr. Stephen Henson	f68854b4c3	Various Win32 and other fixes for warnings and compilation errors. Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.	2005-04-19 00:12:36 +00:00
Andy Polyakov	1cfd258ed6	Throw in x86_64 AT&T to MASM assembler converter to facilitate development of dual-ABI Unix/Win64 modules.	2005-04-17 21:05:57 +00:00
Richard Levitte	2906dc8601	Synchronise with ec/Makefile.	2005-04-17 09:07:37 +00:00
Andy Polyakov	c8d5c71af5	Mitigate cache-timing attack in CBC mode. This is done by implementing compressed tables (2x compression factor) and by pre-fetching them into processor cache prior every CBC en-/decryption pass. One can argue why just CBC? Well, it's commonly used mode in real-life applications and API allows us to amortize the prefetch costs for larger data chunks...	2005-04-16 15:23:21 +00:00
Dr. Stephen Henson	fbe6ba81e9	Check return values of <Digest>_Init functions in low level digest calls.	2005-04-14 22:58:44 +00:00
Andy Polyakov	2b85e23d2e	Prototype mnemonics in padlock_verify_context for better portability [read support for Solaris assembler].	2005-04-14 07:47:10 +00:00
Andy Polyakov	026bb0b96a	Fix for bug emerged in openvpn conext.	2005-04-14 07:41:29 +00:00
Andy Polyakov	e62991a07c	Zap OPENSSL_EXTERN on symbols, which are not meant to be local to DLL.	2005-04-13 20:51:42 +00:00
Andy Polyakov	1bf955920a	Fix typos.	2005-04-13 15:41:11 +00:00
Andy Polyakov	51d28013db	Introduce OPENSSL_NONPIC_relocated to denote relocated DLLs.	2005-04-13 08:46:35 +00:00
Andy Polyakov	9e88c82703	Minor cryptlib.c update: compiler warnings in OPENSSL_showfatal and OPENSSL_stderr stub.	2005-04-13 06:55:42 +00:00
Dr. Stephen Henson	ad0db060b1	More overwritten stuff...	2005-04-12 16:36:36 +00:00
Dr. Stephen Henson	3547478fc8	Replace overwritten lines before error codes.	2005-04-12 16:17:53 +00:00
Dr. Stephen Henson	29dc350813	Rebuild error codes.	2005-04-12 16:15:22 +00:00
Dr. Stephen Henson	bc3cae7e7d	Include error library value in C error source files instead of fixing up at runtime.	2005-04-12 13:31:14 +00:00
Nils Larsch	37942fab51	include limits.h for UINT_MAX etc.	2005-04-11 20:59:58 +00:00
Richard Levitte	4bb61becbb	Add emacs cache files to .cvsignore.	2005-04-11 14:17:07 +00:00
Dr. Stephen Henson	b392e52050	Move allow_proxy_certs declaration to start of function.	2005-04-10 23:41:09 +00:00
Richard Levitte	d9bfe4f97c	Added restrictions on the use of proxy certificates, as they may pose a security threat on unexpecting applications. Document and test.	2005-04-09 16:07:12 +00:00
Nils Larsch	f763e0b5ae	make sure error queue is totally emptied PR: 359	2005-04-07 22:53:35 +00:00
Andy Polyakov	9f2027e56d	Implement OPENSSL_showfatal and make it Win32 GUI and service aware [meaning that it will detect in which context application is running and either write message to stderr, post a dialog or log an event].	2005-04-07 18:39:45 +00:00
Andy Polyakov	e1d51de41f	Harmonize cygwin/mingw and VC targets.	2005-04-07 15:51:55 +00:00
Andy Polyakov	81ee80ab88	+45% RC4 performance boost on Intel EM64T core. Unrolled loop providing further +35% will follow... Submitted by: Zou Nanhai	2005-04-06 09:45:42 +00:00
Nils Larsch	70f34a5841	some const fixes and cleanup	2005-04-05 10:29:43 +00:00
Nils Larsch	c2e40d0f9a	remove unused recp method	2005-04-04 18:15:59 +00:00
Andy Polyakov	0abfd60604	Extend Solaris x86 support to amd64.	2005-04-04 17:10:53 +00:00
Andy Polyakov	e5dbccc182	Solaris x86 linker erroneously pads .init segment with zeros instead of nops, which causes SEGV at startup. So I don't align anymore.	2005-04-04 17:07:16 +00:00
Andy Polyakov	f8fa22d826	Some non-GNU compilers (such as Sun C) define __i386.	2005-04-04 17:05:06 +00:00
Andy Polyakov	60fd574cdf	Make bn/asm/x86_64-gcc.c gcc4 savvy. +r is likely to be initially introduced for a reason [like bug in initial gcc port], but proposed =&r is treated correctly by senior 3.2, so we can assume it's safe now. PR: 1031	2005-04-03 18:53:29 +00:00
Ben Laurie	73705abc34	If input is bad, we still need to clear the buffer.	2005-04-03 16:38:22 +00:00
Dr. Stephen Henson	7bdf8eed69	Typo	2005-04-01 21:56:15 +00:00
Ben Laurie	8bb826ee53	Consistency.	2005-03-31 13:57:54 +00:00
Ben Laurie	45d10efc35	Simplicate and add lightness.	2005-03-31 10:55:55 +00:00
Ben Laurie	41a15c4f0f	Give everything prototypes (well, everything that's actually used).	2005-03-31 09:26:39 +00:00
Nils Larsch	fea4280a8b	fix header	2005-03-30 21:38:29 +00:00
Ben Laurie	42ba5d2329	Blow away Makefile.ssl.	2005-03-30 13:05:57 +00:00
Ben Laurie	0821bcd4de	Constification.	2005-03-30 10:26:02 +00:00
Nils Larsch	c01d2b974e	when building with OPENSSL_NO_DEPRECATED defined BN_zero is a macro which cannot be evaluated in an if statement	2005-03-28 15:06:29 +00:00
Ulf Möller	7a8c728860	undo Cygwin change	2005-03-24 00:14:59 +00:00
Nils Larsch	41e455bfc4	test, remove unnecessary const cast	2005-03-22 17:55:18 +00:00
Ulf Möller	130db968b8	Use Windows randomness code on Cygwin	2005-03-19 11:39:17 +00:00
Ulf Möller	8d274837e5	fix breakage for Perl versions that do boolean operations on long words	2005-03-19 11:13:30 +00:00
Bodo Möller	9f6715d4bb	"make depend". This takes into account the algorithms that are now disabled by default (MDC2 and RC5), which until now were skipped by "make links" and yet supposedly required by some of the Makefiles, meaning that the recent snapshots failed to compile. Problem reported by Nils Larsch.	2005-03-13 19:49:47 +00:00
Andy Polyakov	1642000707	Cygwin to use DSO_FLFCN and mingw to use DSO_WIN32.	2005-03-12 11:28:41 +00:00
Andy Polyakov	f7f2125522	Avoid re-build avalanches with HP-UX make.	2005-03-12 09:12:44 +00:00
Bodo Möller	2b61034b0b	fix potential memory leak when allocation fails PR: 801 Submitted by: Nils Larsch	2005-03-11 09:01:24 +00:00
Bodo Möller	80c808b90b	Fix typo PR: 1017 Submitted by: ciresh@yahoo.com Reviewed by: Nils Larsch	2005-03-09 19:08:02 +00:00
Lutz Jänicke	f69a8aebab	Fix hang in EGD/PRNGD query when communication socket is closed prematurely by EGD/PRNGD. PR: 1014 Submitted by: Darren Tucker <dtucker@zip.com.au>	2005-02-19 10:19:07 +00:00
Dr. Stephen Henson	9d10b15ef9	Fix possible memory leak.	2005-02-14 21:53:24 +00:00
Andy Polyakov	da30c74a27	Remove unused assembler modules.	2005-02-06 13:43:02 +00:00
Andy Polyakov	67ea999d4a	This patch was "ignited" by OpenBSD 3>=4 support. They've switched to ELF and GNU binutils, but kept BSD make... And I took the opportunity to unify other targets to this common least denominator...	2005-02-06 13:23:34 +00:00
Richard Levitte	8c3c570134	The first argument to load_iv should really be a char instead of an unsigned char , since it points at text. Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out the inelegance of our code :-)	2005-01-27 11:42:28 +00:00
Richard Levitte	bf746f0f46	Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might cause a segfault... This was uncovered because EVP_VerifyInit() may fail in FIPS mode if the wrong algorithm is chosen...	2005-01-27 01:49:25 +00:00
Richard Levitte	a229e3038e	Get rid if the annoying warning	2005-01-27 01:47:31 +00:00
Andy Polyakov	fbdce13e5a	Please BSD make...	2005-01-25 22:09:11 +00:00
Andy Polyakov	e532a6c449	FreeBSD 5 refuses to #include <malloc.h>. Fix compiler warning after http://cvs.openssl.org/chngview?cn=12843.	2005-01-25 22:07:22 +00:00
Andy Polyakov	8359421d90	Default to AES u32 being unsinged int and not long. This improves cache locality on 64-bit platforms (and fixes IA64 assembler-empowered build:-). The choice is guarded by newly introduced AES_LONG macro, which needs to be defined only on 16-bit platforms which we don't support (not that I know of). Meaning that one could as well skip long option altogether.	2005-01-24 14:22:05 +00:00
Andy Polyakov	efde5230f1	Improve ECB performance (48+14rounds -> 18+13rounds) and reserve for hand-coded zero-copy AES_cbc_encrypt.	2005-01-24 14:14:53 +00:00
Andy Polyakov	bac252a5e3	Bug-fix in CBC encrypt tail processing and commentary section update.	2005-01-20 10:33:37 +00:00
Andy Polyakov	addb6e16a8	Throw in AES CBC assembler, up to +40% on aes-128-cbc benchmark.	2005-01-18 01:04:41 +00:00
Andy Polyakov	ed65fab910	Reserve for AES CBC assembler implementation...	2005-01-18 00:43:32 +00:00
Andy Polyakov	90cc40911b	Don't zap AES CBC IV, when decrypting truncated content in place.	2005-01-18 00:26:52 +00:00
Richard Levitte	a7201e9a1b	Changes concering RFC 3820 (proxy certificates) integration: - Enforce that there should be no policy settings when the language is one of id-ppl-independent or id-ppl-inheritAll. - Add functionality to ssltest.c so that it can process proxy rights and check that they are set correctly. Rights consist of ASCII letters, and the condition is a boolean expression that includes letters, parenthesis, &, \| and ^. - Change the proxy certificate configurations so they get proxy rights that are understood by ssltest.c. - Add a script that tests proxy certificates with SSL operations. Other changes: - Change the copyright end year in mkerr.pl. - make update.	2005-01-17 17:06:58 +00:00
Dr. Stephen Henson	fcd5cca418	PKCS7_verify() performance optimization. When the content is large and a memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots of slow memory copies from the memory BIO by saving the content in a temporary read only memory BIO.	2005-01-14 17:52:24 +00:00
Andy Polyakov	e6d27baf52	Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX environments.	2005-01-13 15:46:09 +00:00
Andy Polyakov	e7e1150706	"Monolithic" x86 assembler replacement for aes_core.c. Up to +15% better performance on recent microarchitectures.	2005-01-13 15:35:44 +00:00
Andy Polyakov	5d727078ac	Fix an "oops" typo! Well, it was a debugging left-over...	2005-01-13 15:25:30 +00:00
Andy Polyakov	108159ffcc	O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris. PR: 998	2005-01-13 15:20:42 +00:00
Richard Levitte	b15a93a9c5	Correct a faulty address assignment, and add a length check (not really needed now, but may be needed in the future, who knows?).	2005-01-12 09:53:20 +00:00
Andy Polyakov	7de4b5b060	Permit "monolithic" AES assembler implementations, i.e. such which would replace whole aes_core.c, not only AES_[de\|en]crypt routines.	2005-01-09 16:01:58 +00:00
Andy Polyakov	02a00bb054	DJGPP update. PR: 989 Submitted by: Doug Kaufman	2005-01-04 10:28:38 +00:00
Andy Polyakov	3b4de6e4cc	Borrow #include <string[s].h> from e_os.h.	2004-12-31 00:00:05 +00:00
Andy Polyakov	bdbc9b4d1a	Make whiny compilers stop complaining about missing prototype.	2004-12-30 23:40:31 +00:00
Andy Polyakov	25866e3982	Commentary update for AES IA-64 assembler module.	2004-12-30 10:55:02 +00:00
Andy Polyakov	3b3df98ca6	Minor AES x86 assembler tune-up.	2004-12-30 10:46:03 +00:00
Andy Polyakov	2e4a99f38b	AES-CFB[18] 2x optimization. Well, I bet nobody cares about AES-CFB1 performance, but anyway...	2004-12-30 10:43:33 +00:00
Andy Polyakov	f1ce306f30	Oops-kind typos in aes-ia64.S...	2004-12-28 17:10:42 +00:00
Richard Levitte	37b11ca78e	iv needs to be const because it sometimes takes it's value from a const.	2004-12-28 10:35:13 +00:00
Richard Levitte	a17af9e277	Forgot to synchronise the VMS build scripts.	2004-12-28 10:22:00 +00:00
Richard Levitte	6951c23afd	Add functionality needed to process proxy certificates.	2004-12-28 00:21:35 +00:00
Andy Polyakov	de421076a5	Minor cygwin update. PR: 949	2004-12-27 21:27:46 +00:00
Andy Polyakov	9850f7f6b2	Remove yet another redundant memcpy. Not at least performance critical, essentially cosmetic modification...	2004-12-26 13:05:40 +00:00
Andy Polyakov	131e064e4a	Eliminate redundant memcpy of IV material. Performance improvement varies from platform to platform and can be as large as 20%.	2004-12-26 12:31:37 +00:00
Andy Polyakov	556b8f3f77	Engage AES x86 assembler module for COFF and a.out targets.	2004-12-26 10:58:39 +00:00
Andy Polyakov	045d3285e2	Engage AES x86 assembler module on ELF platforms.	2004-12-23 21:44:28 +00:00
Andy Polyakov	d1df5b4339	x86 perlasm update to accomodate aes-586.pl.	2004-12-23 21:43:25 +00:00
Andy Polyakov	25558bf743	Eliminate copies of TeN and TdN, use those found in assembler module.	2004-12-23 21:40:23 +00:00
Andy Polyakov	713147109c	AES x86 assembler implementation.	2004-12-23 21:32:34 +00:00
Andy Polyakov	76ef6ac956	Refine PowerPC platform support.	2004-12-20 13:44:34 +00:00
Dr. Stephen Henson	a842df6659	Remove unused buffer 'buf'.	2004-12-20 00:49:36 +00:00
Richard Levitte	fbf218b8c3	make update (oops, missed this file)	2004-12-13 22:57:39 +00:00
Richard Levitte	3c97bd833b	Change libeay.num so it's synchronised with additions in 0.9.7-stable. make update	2004-12-13 22:57:08 +00:00
Dr. Stephen Henson	5e8904f289	Remove duplicate lines.	2004-12-12 13:15:49 +00:00
Andy Polyakov	0c0788ba0a	Solaris x86 perlasm update.	2004-12-10 11:24:42 +00:00
Andy Polyakov	905fd45b36	Engage SHA1 IA64 assembler on IA64 platforms.	2004-12-09 15:39:55 +00:00
Dr. Stephen Henson	c162b132eb	Automatically mark the CRL cached encoding as invalid when some operations are performed.	2004-12-09 13:35:06 +00:00
Andy Polyakov	b4e0ce5165	SHA1 assembler for IA-64.	2004-12-09 11:57:38 +00:00
Andy Polyakov	17f0e916db	Extend RC4 test.	2004-12-07 11:55:56 +00:00
Dr. Stephen Henson	41c70d47d7	Remaing bits of PR:620 relevant to 0.9.8.	2004-12-05 01:50:56 +00:00
Dr. Stephen Henson	a0e7c8eede	Add lots of checks for memory allocation failure, error codes to indicate failure and freeing up memory if a failure occurs. PR:620	2004-12-05 01:03:15 +00:00
Dr. Stephen Henson	3e66ee9f01	In by_file.c check last error for no start line, not first error.	2004-12-04 21:25:51 +00:00
Dr. Stephen Henson	8f284faaec	V1 certificates that aren't self signed can't be accepted as CAs.	2004-12-03 00:10:34 +00:00
Andy Polyakov	f774accdbf	Fix rc4-ia64.S to pass more exhaustive regression tests.	2004-12-02 10:07:55 +00:00
Dr. Stephen Henson	8544a80776	Add couple of OIDs. Resync NIDs for consistency with 0.9.7.	2004-12-01 18:09:53 +00:00
Andy Polyakov	7c69478064	I've introduced a bug to i386 RC4 assembler, which would emerge with certain mix of calls to RC4 routine not covered by rc4test.c. It's fixed now. In addition this patch inadvertently fixes minor performance problem: in 0.9.7 context P4 was performing 12% slower than the original implementation...	2004-12-01 15:28:18 +00:00
Dr. Stephen Henson	1862dae862	Perform partial comparison of different character types in X509_NAME_cmp().	2004-12-01 01:45:30 +00:00
Andy Polyakov	b7b46c9a87	Add 0.9.7 specific comments to RC4 assembler modules.	2004-11-30 15:46:46 +00:00
Richard Levitte	5073ff0346	Split X509_check_ca() into a small self and an internal function check_ca(), to resolve constness issue. check_ca() is called from the purpose checkers instead of X509_check_ca(), since the stuff done by the latter (except for calling check_ca()) is also done by X509_check_purpose().	2004-11-30 12:18:55 +00:00
Andy Polyakov	fc7fc5678f	sha1_block_asm_data_order can't hash if message crosses 2GB boundary.	2004-11-29 21:19:56 +00:00
Andy Polyakov	7a3240e319	Final touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core.	2004-11-29 21:12:58 +00:00
Richard Levitte	30b415b076	Make an explicit check during certificate validation to see that the CA setting in each certificate on the chain is correct. As a side- effect always do the following basic checks on extensions, not just when there's an associated purpose to the check: - if there is an unhandled critical extension (unless the user has chosen to ignore this fault) - if the path length has been exceeded (if one is set at all) - that certain extensions fit the associated purpose (if one has been given)	2004-11-29 11:28:08 +00:00
Andy Polyakov	914c2a28c0	perlasm/x86[ms\|nasm] update to accomodate updated RC4 assembler module.	2004-11-27 15:14:58 +00:00
Andy Polyakov	bc3e7fabe7	Engage RC4 IA-64 assembler module.	2004-11-26 15:12:17 +00:00
Andy Polyakov	d675c74d14	RC4 IA-64 assembler implementation.	2004-11-26 15:07:50 +00:00
Dr. Stephen Henson	9d2996b82f	Check return code of EVP_CipherInit() in PKCS#12 code.	2004-11-24 01:21:03 +00:00
Andy Polyakov	959f9b1158	linux-x86_64 didn't link after EM64T RC4 tune-up...	2004-11-23 09:06:12 +00:00
Andy Polyakov	376729e130	RC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's apparently impossible to compose blended code with would perform satisfactory on all x86 and x86_64 cores, an extra RC4_CHAR code-path is introduced and P4 core is detected at run-time. This way we keep original performance on non-P4 implementations and turbo-charge P4 performance by factor of 2.8x (on 32-bit core).	2004-11-21 10:36:25 +00:00
Andy Polyakov	68d9e764cb	As was shown by Marc Bevand reordering of couple of load operations results in even higher performance gain of 3.3x:-) At least on Opteron...	2004-11-09 17:23:26 +00:00
Richard Levitte	a2ac429da2	Don't use $(EXHEADER) directly in for loops, as most shells will break if $(EXHEADER) is empty. Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>	2004-11-02 23:55:01 +00:00
Richard Levitte	1a4b8e7cee	Make sure memmove() is defined, even on SunOS 4.1.4. PR: 963	2004-11-01 07:58:38 +00:00
Geoff Thorpe	58ae65cd1a	Update ECDSA and ECDH for OPENSSL_NO_ENGINE. Reported by: Maxim Masiutin Submitted by: Nils Larsch	2004-10-21 00:06:14 +00:00
Richard Levitte	5b0f1f7d13	Because libraries on Windows lack useful version information, the zlib guys had to change the name to differentiate with older versions when a backward incompatibility came up. Of course, we need to adapt. This change simply tries to load the library through the newer name (ZLIB1) first, and if that fails, it tries the good old ZLIB.	2004-10-14 05:48:59 +00:00
Dr. Stephen Henson	785e827323	Oops!	2004-10-04 17:28:31 +00:00
Dr. Stephen Henson	2f605e8d24	Fix race condition when CRL checking is enabled.	2004-10-04 16:30:12 +00:00
Dr. Stephen Henson	175ac6811a	Don't use C++ reserved work "explicit".	2004-10-01 11:21:53 +00:00
Andy Polyakov	07d488daf6	Fix Solaris 10_x86 shared build. -Bsymbolic is required to avoid "remaining relocations" in assembler modules. The latter seems to be new behaviour, elder as/ld managed to resolve this relocations as internal. It's possible to address this problem differently, but I settle for -Bsymbolic... PR: 546	2004-09-28 20:45:10 +00:00
Richard Levitte	c38ff58b6b	Move the declaration of alloca() so it's ony declared when really necessary.	2004-09-27 21:59:44 +00:00
Andy Polyakov	c29ef588dc	SHA1 asm Pentium tune-up. Performance loss is not as bad anymore.	2004-09-27 09:37:03 +00:00
Andy Polyakov	968c31bd84	sha256_block advances the input pointer double as fast sometimes. Fix the bug and test that it's actually gone. PR: 950	2004-09-27 09:35:59 +00:00
Geoff Thorpe	c743966156	Nils Larsch reported that this include is required. Strange that this had gone unnoticed ...	2004-09-24 23:37:52 +00:00
Richard Levitte	bb09fd2bb6	Import changed files from LPlib. The changes are logged as follows for LPdir_unix.c in LPlib. For the other files, only the last log entry applies. ---------------------------- revision 1.11 date: 2004/09/23 22:07:22; author: _cvs_levitte; state: Exp; lines: +20 -6 Define my own macro LP_ENTRY_SIZE to express the size of my own buffering of directory entries, and make it depend on whichever comes first of PATH_MAX and NAME_MAX. As a fallback, make sure it's set to 255 if neither PATH_MAX or NAME_MAX were defined. Also, if the size given from PATH_MAX or NAME_MAX is less than 255, force LP_ENTRY_SIZE to be 255. It makes no harm whatsoever if LP_ENTRY_SIZE is larger than the maximum local path name limit. It does make a lot of harm if LP_ENTRY_SIZE is smaller. 255 seemed like a fairly acceptable default when nothing else is available. ---------------------------- revision 1.10 date: 2004/08/26 13:36:05; author: _cvs_levitte; state: Exp; lines: +13 -13 License correction. I am not REGENTS, just a COPYRIGHT HOLDER. ----------------------------	2004-09-23 22:11:39 +00:00
Geoff Thorpe	280eb33b59	Remove distracting comments and code. Thanks to Nils for picking up on the outstanding ticket. PR: 926	2004-09-19 04:55:15 +00:00
Geoff Thorpe	f79110c633	Two TODO comments taken care of. Nils pointed out that one of them had already been done, and took care of the other one (which hadn't). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-09-19 04:43:46 +00:00
Geoff Thorpe	6ef2ff62fc	Make -Werror happy again.	2004-09-18 01:32:32 +00:00
Dr. Stephen Henson	980aea7860	Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap().	2004-09-15 23:47:25 +00:00
Dr. Stephen Henson	bd9327baa9	Change values of MBSTRING_* to the form MBSTRING_FLAG\|nbyte as assumed in ASN1_STRING_to_UTF8().	2004-09-13 22:33:56 +00:00
Richard Levitte	6f9bafafa3	- There's no more need for the snprintf macro. - Move the inclusion of malloc.h until after all other includes, so we can do proper tests of system macros. - Make sure the correct header file is included to get the builtin "alloca" under VMS, and define a macro to map the symbol 'alloca' to it.	2004-09-13 09:15:06 +00:00
Richard Levitte	422a4a33a5	Synchronise with Unix build.	2004-09-12 13:02:04 +00:00
Dr. Stephen Henson	58606421ae	When looking for request extensions in a certificate look first for the PKCS#9 OID then the non standard MS OID.	2004-09-10 20:20:54 +00:00
Richard Levitte	d813ff2ac1	make update	2004-09-10 10:30:33 +00:00
Andy Polyakov	36734b2bab	Make VIA Padlock engine more platform friendly and eliminate compiler warning. Submitted by: Doug Kaufman <dkaufman@rahul.net>	2004-09-09 14:54:12 +00:00
Andy Polyakov	c85c5c408a	x86 assembler updates: more instructions, new OPENSSL_instrument_halt [for DJGPP]...	2004-09-09 14:50:32 +00:00
Richard Levitte	2c1677d703	Synchronise VMS build files with Unixly Makefiles.	2004-09-08 08:13:34 +00:00
Richard Levitte	72348cbb8d	Another symbol longer than 31 characters...	2004-09-08 08:13:03 +00:00
Dr. Stephen Henson	5d7c222db8	New X509_VERIFY_PARAM structure and associated functionality. This tidies up verify parameters and adds support for integrated policy checking. Add support for policy related command line options. Currently only in smime application. WARNING: experimental code subject to change.	2004-09-06 18:43:01 +00:00
Dr. Stephen Henson	d993addbed	Stop compiler warnings.	2004-09-06 18:37:46 +00:00
Andy Polyakov	16760a3089	Proper support for OpenBSD-i386 shared build, including assember modules! "Proper" means "compiles and passes test." Versioning is broken (I think).	2004-08-29 21:36:37 +00:00
Andy Polyakov	2b247cf81f	OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a symbol, but a macro expanded as (*(OPENSSL_ia32cap_loc())). The latter is the only one to be exported to application.	2004-08-29 16:36:05 +00:00
Andy Polyakov	746fc2526f	Fix compiler warnings in crypto/evp/bio_ok.c as pointed out by Geoff.	2004-08-29 16:19:27 +00:00
Andy Polyakov	a8c65b400c	crypto/perlasm update primarily to unify Netware modules. Once it's verified x86*_nw.pl will be deleted. In addition this update implements initseg on several additional [in addition to ELF] platforms. Functions registered with initseg are supposed to be called prior main().	2004-08-29 16:10:27 +00:00
Andy Polyakov	526975906b	Minor VIA Padlock engine update: eliminate -Wunused warning when not compiling the engine and inline memcpy in performance critical pathes.	2004-08-24 09:01:09 +00:00
Andy Polyakov	14fa6ad9f9	Make aes_ctr.c 64-bit savvy.	2004-08-23 22:19:51 +00:00
Richard Levitte	bb1a915c24	Basically, I wanted to be able to make a dump to a FILE, and not have to bother creating a BIO around it. So here's a few more functions to make it possible to make the dump using a printing callback, and to print to a FILE (based on the callback variant), done in the same style as the functions in crypto/err/err_prn.c.	2004-08-11 21:13:57 +00:00
Dr. Stephen Henson	e08aad1d14	Make ASN1_INTEGER_cmp() work as expected with negative integers.	2004-08-10 17:40:14 +00:00
Dr. Stephen Henson	c128bb0fa2	Don't ignore return value of EVP_DigestInit_ex() in md BIOs and dgst utility.	2004-08-05 18:09:50 +00:00
Andy Polyakov	b88606c28e	Padlock engine update to fix a typo in MSC assembler and to address potential corruption problem if user manages to inter-leave aligined and misaligned requests [as well as some MSC-specific tweaks].	2004-08-04 12:58:26 +00:00
Richard Levitte	2ea6abf6e5	DJGPP has opendir() and friends, according to Gisle Vanem <giva@bgnett.no>.	2004-08-03 19:15:21 +00:00
Andy Polyakov	42096e05f7	Avoid a.out name table pollition.	2004-08-02 22:02:17 +00:00
Andy Polyakov	7d15a556f8	Minor clean-up to make Microsoft compiler shut up.	2004-08-02 21:54:40 +00:00
Andy Polyakov	5b17246324	VIA C3 processor extends IA-32 instruction set with instuctions performing AES encryption in hardware, as well as one accessing hardware RNG. As you surely imagine this engine access this extended instruction set. Well, only AES for the moment, support for RNG is to be added later on... PR: 889 Submitted by: Michal Ludvig <michal@logix.cz> Obtained from: http://www.logix.cz/michal/devel/padlock/	2004-08-02 21:48:11 +00:00
Andy Polyakov	c77094415f	Cygwin fix-up for shared build.	2004-08-01 21:24:34 +00:00
Andy Polyakov	34413fca84	OpenBSD fix-up for new a.out targets. OpenBSD .s.o rule is busted...	2004-08-01 21:16:26 +00:00
Andy Polyakov	ec38ddc765	Clean-up GAS targets: get rid of "cpp" stuff and replace it with "purified" COFF and a.out targets [similar to ELF targets]. You might notice some rudementary support for shared mingw builds under cygwin. It works (it produces cryptoeay32.dll and ssleay32.dll with everything exported by name), but it's primarily for testing/debugging purposes, at least for now...	2004-08-01 17:33:58 +00:00
Andy Polyakov	8aae01e223	Deprecate cpp and gaswin targets. New coff fills in for gaswin, but cpp is going out...	2004-08-01 17:03:50 +00:00
Andy Polyakov	00555c2f2f	DLLEntryPoint is a collective name, not what linker looks for. However, if we explicitly intruct the linker to set entry point, then we become obliged to initialize run-time library. Instead we can pick name run-time will call and such name is DllMain. Note that this applies to both "native" Win32 environment and Cygwin:-)	2004-08-01 14:27:43 +00:00
Richard Levitte	07d80f6f35	We build the crypto stuff, not the ssl stuff, in this command procedure...	2004-07-29 22:25:59 +00:00
Dr. Stephen Henson	a25aca2943	Oops, wrong version...	2004-07-27 00:19:58 +00:00
Dr. Stephen Henson	48c524827b	Add FIPS library name to error routines.	2004-07-27 00:19:18 +00:00
Andy Polyakov	ebaec63e3e	This is so to say "damage control" for jumbo "cpuid" patch, see http://cvs.openssl.org/chngview?cn=12493. Now all platform should be operational, while SSE2 code pathes get engaged on ELF platforms only.	2004-07-26 22:01:50 +00:00
Andy Polyakov	14e21f863a	Add framework for yet another assembler module dubbed "cpuid." Idea is to have a placeholder to small routines, which can be written only in assembler. In IA-32 case this includes processor capability identification and access to Time-Stamp Counter. As discussed earlier OPENSSL_ia32cap is introduced to control recently added SSE2 code pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the code is operational on ELF platforms only. I haven't checked it yet, but I have all reasons to believe that Windows build should fail to link too. I'll be looking into it shortly...	2004-07-26 20:18:55 +00:00
Andy Polyakov	f10725a6e1	Zero key-length for HMAC is apparently OK.	2004-07-25 20:24:49 +00:00
Andy Polyakov	0f71b77d5c	Make bio_ok.c Microsoft compiler savvy.	2004-07-25 20:13:30 +00:00
Andy Polyakov	d6bb6a88be	Typos, typos...	2004-07-25 20:09:56 +00:00
Andy Polyakov	3205db2bfe	Make bio_ok.c 64-bit savvy.	2004-07-25 19:37:41 +00:00
Andy Polyakov	6f86850eec	Stricter boundary condition check in HMAC_Init_ex.	2004-07-25 19:25:05 +00:00
Andy Polyakov	16ab8a93bc	Minor 64-bit md32_common.h update and minor unsignification of digests.	2004-07-25 19:10:43 +00:00
Andy Polyakov	fbf96849e9	Make SHA-256/-512 optional. Note that no-sha switches off all SHA.	2004-07-25 18:25:24 +00:00
Andy Polyakov	d70e2507f8	Some compilers are just too whiny. Nothing makes Microsoft compiler stop complaining about loss of precision, but explicit cast.	2004-07-25 17:00:56 +00:00
Andy Polyakov	2fcf435d73	Some compilers are just too whiny. DEC C doesn't like long long...	2004-07-25 16:54:08 +00:00
Andy Polyakov	da2ee71de5	Typos and due casts. As for the latter. It's "safe" to cast as below, because "wrong" casts will either be optimized away or never performed.	2004-07-25 16:48:28 +00:00
Andy Polyakov	33c3ecf741	Build-n-link new IA-64 modules on Linux and HP-UX.	2004-07-23 23:27:10 +00:00
Andy Polyakov	5bd4c26057	Various IA-64 assembler fix-ups.	2004-07-23 22:54:18 +00:00
Andy Polyakov	afe67fb28e	Adapt rc4-amd64.pl for Win64/AMD64 assembler.	2004-07-23 17:51:17 +00:00
Richard Levitte	f744f92adb	From LPlib: Apparently, the length including the NUL byte should be used. Contributed by Andy Polyakov <appro@fy.chalmers.se>	2004-07-22 18:34:06 +00:00
Richard Levitte	75f134c077	From LPlib: Make a nicer comment, as we don't really know for sure that it's really needed, and just want to play on the safe side. Suggest by Andy Polyakov <appro@fy.chalmers.se>	2004-07-22 13:00:14 +00:00
Andy Polyakov	f1bdf1d518	#include <limits.h> is required at least on HP-UX and IRIX. And what's with HP-UX offering 14 for NAME_MAX?	2004-07-22 10:53:26 +00:00
Andy Polyakov	d58caee734	EVP_Digest is size_t-fied, clean up test programs accordingly.	2004-07-22 10:25:52 +00:00
Andy Polyakov	e39c2548f5	Run SHA-256/-512 tests through EVP...	2004-07-22 10:21:13 +00:00
Andy Polyakov	8169dd73f9	All SIXTY_FOUR_BIT platforms (mind the difference between SIXTY_FOUR_BIT and SIXTY_FOUR_BIT_LONG) were failing to pass 'cd test; make test_bn'.	2004-07-22 09:32:11 +00:00
Richard Levitte	765e231a7c	From LPlib: Some code beautification. Change the macro CP_THREAD_ACP to CP_ACP, because the latter is more widely defined. Add a conditional macro definition in case FindFirstFile and FindNextFile aren't properly defined (might happen on WinCE). Suggested by Andy Polyakov <appro@fy.chalmers.se>	2004-07-21 21:16:21 +00:00
Andy Polyakov	89c53672c2	Make rand_win.c UNICODE savvy.	2004-07-21 17:17:30 +00:00
Richard Levitte	64ba6cf222	From LPlib: Windows changes that detects if multibyte characters are available and deals with them properly. Contributed by Andy Polyakov <appro@fy.chalmers.se>	2004-07-20 21:24:43 +00:00
Richard Levitte	210a4f78ae	Imported from LPlib, making sure the entry name (at least on Unix) is NUL-teminated at all times, and that we don't make unneeded calls to free().	2004-07-19 16:36:28 +00:00
Richard Levitte	334ef04949	Since version 7.0, The C RTL in VMS handles time in terms of UTC instead of local time.	2004-07-19 07:50:43 +00:00
Andy Polyakov	859ceeeb51	Anchor AES and SHA-256/-512 assembler from C.	2004-07-18 17:26:01 +00:00
Andy Polyakov	d0590fe6b2	Add anchors for AES, SHA-256/-512 assembler modules and SSE2 code pathes. I also used this opportunity to clean up some out-of-date targets and re-group targets by OS.	2004-07-18 16:19:34 +00:00
Andy Polyakov	2232b10f5a	Add licensing terms.	2004-07-17 13:24:58 +00:00
Andy Polyakov	e34794dd1b	IA-64 is intolerant to misaligned access. It was a problem on Win64 as we were mislead by _MSC_VER macro, which is defined by all Windows Microsoft compilers.	2004-07-17 12:55:55 +00:00
Geoff Thorpe	0210065bbd	Quick fix. Submitted by: Nils Larsch	2004-07-16 03:24:51 +00:00
Geoff Thorpe	7f5b4dd1e8	Using Horner's algorithm to evaluate the ec polynomial (suggested by Adam Young <ayoung@cigital.com>) Submitted by: Nils Larsch	2004-07-16 03:24:19 +00:00
Richard Levitte	5906e8d5fe	I think it could be a good thing to know what went wrong with the tests...	2004-07-12 12:25:54 +00:00
Richard Levitte	2b002273f3	'SSL_add_dir_cert_subjects_to_stack' is longer than 31 characters. Lucky me, I had prepared for this :-).	2004-07-11 20:22:37 +00:00
Richard Levitte	15d155e45a	o_dir needs to be compiler with the warnings about dollar signs in identities disabled.	2004-07-11 20:21:56 +00:00
Richard Levitte	b0841348b6	In some cases, EVMSERR isn't visible (that's fairly new...). Don't have a constant that you're going to assign to, that's just plain stupid (I was the stupidhead here...).	2004-07-11 20:21:19 +00:00
Andy Polyakov	090e81d4aa	Integration of RC4 AMD64 module.	2004-07-11 16:49:09 +00:00
Andy Polyakov	e4528e48e3	RC4 tune-up for AMD64. Performance improvement of 2.22x is measured for linux-x86_64 target.	2004-07-11 16:44:07 +00:00
Richard Levitte	a2400fcab8	Copy a few files from LPlib (a new project of mine), add a wrapper. Now we have directory reading capabilities for VMS as well, and all of it in a fairly general manner.	2004-07-10 13:16:02 +00:00
Richard Levitte	dc56eb5079	o_str.c: Windows doesn't have <strings.h>, and since we use _strnicmp() and _stricmp() on that platform, use the appropriate header file for it, <string.h>. o_str.h: we only want to get size_t, which is defined in <stddef.h>. Philippe Bougeret <philippe.bougeret@freesbee.fr> notified us about Windows not having a <strings.h>	2004-07-08 08:32:48 +00:00
Dr. Stephen Henson	637ff35ef6	Delta CRL support in extension code.	2004-07-06 17:16:40 +00:00
Geoff Thorpe	ace3ebd661	Improve error handling if decompression of an ec point fails, and cleanup ec_curve.c (unify comments, etc). Submitted by: Nils Larsch Reviewed by: Bodo Moeller, Geoff Thorpe	2004-07-06 15:50:04 +00:00
Dr. Stephen Henson	eea674567c	Delete non-POSIX header file.	2004-07-04 16:48:27 +00:00
Dr. Stephen Henson	c39c32dd65	PKCS#8 fixes from stable branch.	2004-07-04 16:44:52 +00:00
Andy Polyakov	80bbc9ceaf	Minor (+12% on P4) performance tweak for sha512_block_sse2.	2004-07-01 11:29:00 +00:00
Andy Polyakov	51ce5230cd	AES assembler implementation for IA-64. Note that there is no anchor from C code yet...	2004-07-01 11:15:23 +00:00
Andy Polyakov	b6d8ba11e9	New SHA algorithms assembler implementation for IA-64. Note that despite module name both SHA-256 and SHA-512 are supported.	2004-07-01 11:13:44 +00:00
Andy Polyakov	e2f2a9af2c	New scalable bn_mul_add_words loop, which provides up to >20% overall performance improvement. Make module more gcc friendly and clarify copyright issues for division routine.	2004-07-01 11:10:38 +00:00
Richard Levitte	28a8003467	Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>. PR: 499	2004-06-28 22:01:37 +00:00
Richard Levitte	47c1735acd	NetWare fixes provided by Verdon Walker for OpenSSL 0.9.8-dev. The changes have been mailed to <crypt@bis.doc.gov> as well. PR: 903	2004-06-28 11:55:28 +00:00
Geoff Thorpe	d459e39012	Tidy up, including; - Remove unused and unuseful debug cruft. - Remove unnecessary 'top' fudging from BN_copy(). - Fix a potential memory leak and simplify the expansion logic in BN_bin2bn(). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-06-20 04:16:12 +00:00
Geoff Thorpe	340f5856ec	Incomplete initial sweep over the engine code. Mainly reducing some comment-noise to managable levels and inverting the sense of the "uptodate" boolean (which was counter-intuitive the way I'd left it).	2004-06-19 03:58:42 +00:00
Geoff Thorpe	df11e1e921	Deprecate unused cruft, and "make update".	2004-06-17 23:50:25 +00:00
Geoff Thorpe	1275c4569e	Minor change to group like functions together.	2004-06-17 23:35:45 +00:00
Geoff Thorpe	afbe74d386	Actually, that last change to BN_get_word() was a little too simple.	2004-06-17 22:05:40 +00:00
Geoff Thorpe	f18ea6cae9	Get rid of signed/unsigned warnings, and teach CVS about new things to ignore.	2004-06-17 20:28:28 +00:00
Geoff Thorpe	9088d5f24f	As Nils put it; Yet another question: some time ago you changed BN_set_word. Why didn't you change BN_get_word as well? Quite. I'm also removing the older commented-out implementations to improve readability. This complex stuff seems to date from a time when the types didn't match up well. Submitted by: Nils Larsch, Geoff Thorpe	2004-06-17 20:13:50 +00:00
Geoff Thorpe	cf9056cfda	BN_div_word() was breaking when called from BN_bn2dec() (actually, this is the only function that uses it) because it would trip up an assertion in bn_div_words() when first invoked. This also adds BN_div_word() testing to bntest. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-06-17 20:03:56 +00:00
Richard Levitte	f7fc4ca1dd	Making some values explicitely unsigned was derived from ongoing work that isn't yet committed. It wasn't meant to be committed already, so I'm removing it for now.	2004-06-15 12:52:26 +00:00
Richard Levitte	132fc53223	Typo, setting the first element of nids[] to NULL instead of setting *cnids.	2004-06-15 11:45:42 +00:00
Geoff Thorpe	b3b6720944	Correct the return codes for ecdsatest. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-06-14 23:37:32 +00:00
Andy Polyakov	385c8e89f4	SHA fails to compile on x86_64 if compiled with custom flags, without recommended -DMD32_REG_T=int in particular. PR: 893 Submitted by: Michal Ludvig <michal-list@logix.cz>	2004-06-11 17:50:57 +00:00
Geoff Thorpe	9081980565	This fixes the installation target for dynamic engines, which was trying to install to a different location than it had created. (BTW, VMS will need a matching fix in eng_list.c.) Note, these aren't ssl-specific, so I'm putting "engines/" into the libs directory rather than at the "--prefix" level or inside "ssl/".	2004-06-01 03:18:58 +00:00
Andy Polyakov	057cfaf2f8	Extend HMAC_MAX_MD_CBLOCK to accomodate SHA-512.	2004-05-31 13:28:23 +00:00
Richard Levitte	914d36ba19	make update	2004-05-31 13:16:08 +00:00
Andy Polyakov	31c2ac1cdc	EVP bindings to new SHA algorithms.	2004-05-31 13:14:08 +00:00
Andy Polyakov	6bca8e3886	objects.txt update for SHA-224/-256/-384/-512. SHA-224 ids still appear "draft," but we have to start somewhere... Submitted by: Nils Larsch <nlarsch@compuserve.de>	2004-05-31 13:07:19 +00:00
Andy Polyakov	31e9b9b2e9	Typo in commentary section.	2004-05-31 12:30:41 +00:00
Andy Polyakov	7997b13aa3	Final SHA-256/-512 touches. Extra md_len field in SHA[256\|512]_CTX reserves for truncated hash function output mode and makes SHA224 thread-safe. Next stop is integration with EVP and we're done...	2004-05-31 12:26:18 +00:00
Andy Polyakov	a2eb9688a4	Kill unused macro and reimplement it for that single context it can actually be used, namely x86* platforms [because they don't bomb on unaligned access]. This resulted in 30-40% [depending on message length] improvement for SHA-256 compiled with gcc and running on P4. In the lack of assembler implementation I give the compiler all the help it can possibly get:-)	2004-05-31 12:06:27 +00:00
Richard Levitte	af2bf07404	SHA224_Update() and SHA224_Final() aren't implemented, and since SHA224() uses SHA256_Update() and SHA256_Final() instead, let's just create aliases in form of macros. make update	2004-05-30 16:58:33 +00:00
Andy Polyakov	8d9fb0f04a	gcc -Wcast-qual clean-up.	2004-05-29 19:11:29 +00:00
Andy Polyakov	674ee8b72d	Make sure we return 0 if test passed.	2004-05-28 21:42:40 +00:00
Andy Polyakov	1809e858bb	Eliminate compiler warnings and throw in performance table.	2004-05-28 10:15:58 +00:00
Andy Polyakov	da8348e938	SHA-224 test vectors added.	2004-05-27 19:46:07 +00:00
Richard Levitte	ef16f45081	Since num is now a size_t, it's not necssary to check for less than 0, AND it avoids warnings on certain systems.	2004-05-27 09:20:42 +00:00
Richard Levitte	4d692e1ba0	Synchronise VMS with the Unixly Malefiles.	2004-05-26 17:05:51 +00:00
Richard Levitte	f2bfbcef76	make update	2004-05-25 09:41:00 +00:00
Andy Polyakov	63077bd40c	SHA-256/-512 update. A bug fix, SHA-512 tune-up for AMD64, hook for SSE2 code, Makefile update.	2004-05-20 21:24:41 +00:00
Andy Polyakov	df364f1b00	Stress collector/padding function.	2004-05-20 21:20:19 +00:00
Andy Polyakov	bc767216d9	Final API adaptation. Final, "all openssl" performance numbers [not mixture of different implementations]. Real-life performance improvement is rated at 2-3x, not 6x as preliminary announced.	2004-05-20 21:18:09 +00:00
Dr. Stephen Henson	eda52e175a	Delete obsolete and unimplemented function.	2004-05-19 17:05:02 +00:00
Richard Levitte	c4fc8b5bf4	X509_policy_lib_init is declared but not defined, so it raises havoc when trying to build a shared library on VMS or Windows...	2004-05-19 14:19:51 +00:00
Geoff Thorpe	9c52d2cc75	After the latest round of header-hacking, regenerate the dependencies in the Makefiles. NB: this commit is probably going to generate a huge posting and it is highly uninteresting to read.	2004-05-17 19:26:06 +00:00
Geoff Thorpe	0f814687b9	Deprecate the recursive includes of bn.h from various API headers (asn1.h, dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are already declared in ossl_typ.h. Add explicit includes for bn.h in those C files that need access to structure internals or API functions+macros.	2004-05-17 19:14:22 +00:00
Geoff Thorpe	298a2f9e58	Because of recent reductions in header interdependencies, these files need to include crypto.h directly.	2004-05-17 19:01:15 +00:00
Geoff Thorpe	ac0d0a5ecd	I can't verify this directly, but recent changes will probably require that the cryptodev implementation include bn.h directly (when building with OPENSSL_NO_DEPRECATED that is).	2004-05-17 18:58:47 +00:00
Geoff Thorpe	508999fa7d	Deprecate some recursive includes from the store.h API header, and put back required includes back via the internal header and str_lib.c.	2004-05-17 18:49:06 +00:00
Geoff Thorpe	210a21bc8d	Reduce dependencies on crypto.h by moving the opaque definition of CRYPTO_EX_DATA and the new/free/dup callback prototypes to ossl_typ.h.	2004-05-17 18:39:00 +00:00
Geoff Thorpe	678c1e025b	Moving opaque definitions to ossl_typ.h lets us reduce header dependencies. Deprecate inclusion of crypto.h from ui.h.	2004-05-17 18:01:28 +00:00
Andy Polyakov	1ab61a9179	Make reservations for FIPS code in HEAD branch, so that the moment FIPS comes in we have required macros in place.	2004-05-17 15:49:13 +00:00
Geoff Thorpe	d6dda126b7	Make some more API types opaquely available from ossl_typ.h, meaning the corresponding headers are only required for API functions or structure details. This now includes the bignum types and BUF_MEM. Subsequent commits will remove various dependencies on bn.h and buffer.h and update the makefile dependencies.	2004-05-15 18:32:08 +00:00
Geoff Thorpe	7771b6c5b5	This file implements various functions that have since been redefined as macros. I'm removing this from the NO_DEPRECATED build.	2004-05-15 18:26:15 +00:00
Andy Polyakov	9e0aad9fd6	size_t-fication of message digest APIs. We should size_t-fy more APIs...	2004-05-15 11:29:55 +00:00
Richard Levitte	1c7a0e2856	Reimplement old functions, so older software that link to libcrypto don't crash and burn.	2004-05-14 17:56:30 +00:00
Richard Levitte	abd23881c1	Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable.	2004-05-13 22:39:56 +00:00
Andy Polyakov	c842261b1b	SHA-224/-256/-384/-512 implementation. This is just sheer code commit. Makefile modifications, make test, etc. will appear later...	2004-05-13 13:48:33 +00:00
Andy Polyakov	1e6bccc240	SSE2 SHA512_Transform implementation. No, it's not used anywhere yet and is subject to change as C implementation is added...	2004-05-06 10:41:07 +00:00
Andy Polyakov	d3adc3d3ed	SSE2 accelerated bn_mul_add_words. Code is currently disabled till proper config and run-time support is added. PR: 788 Submitted by: <dean@arctic.org> Reviewed by: <appro> Obtained from: http://arctic.org/~dean/crypto/rsa.html	2004-05-06 10:36:49 +00:00
Andy Polyakov	10e7d6d526	Support for IA-32 SSE2 instruction set.	2004-05-06 10:31:09 +00:00
Richard Levitte	430d7afd80	When the pointer 'from' changes, it's stored length needs to change as well. Notified by Frank Kardel <kardel@acm.org> in PR 879.	2004-05-06 09:33:22 +00:00
Geoff Thorpe	ca982e4870	Fix realloc usage in ec_curve.c Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-05-04 20:08:55 +00:00
Geoff Thorpe	08e1cbc62c	The new BN_CTX code makes this sort of abuse unnecessary.	2004-04-28 18:34:39 +00:00
Andy Polyakov	dd55880644	Improved PowerPC support. Proper ./config support for ppc targets, especially for AIX. But most important BIGNUM assembler implementation submitted by IBM. Submitted by: Peter Waltenberg <pwalten@au1.ibm.com> Reviewed by: appro	2004-04-27 22:05:50 +00:00
Dr. Stephen Henson	bd1640bb01	Make ASN1 code work again...	2004-04-27 18:33:40 +00:00
Geoff Thorpe	081991ac01	With the new dynamic BN_CTX implementation, there should be no need for additional contexts.	2004-04-27 13:24:51 +00:00
Geoff Thorpe	8a85c341fe	The problem of rsa key-generation getting stuck in a loop for (pointlessly) small key sizes seems to result from the code continually regenerating the same prime value once the range is small enough. From my tests, this change fixes the problem by setting an escape velocity of 3 repeats for the second of the two primes. PR: 874	2004-04-26 15:38:44 +00:00
Geoff Thorpe	bcfea9fb25	Allow RSA key-generation to specify an arbitrary public exponent. Jelte proposed the change and submitted the patch, I jiggled it slightly and adjusted the other parts of openssl that were affected. PR: 867 Submitted by: Jelte Jansen Reviewed by: Geoff Thorpe	2004-04-26 15:31:35 +00:00
Dr. Stephen Henson	f3f52d7f45	More ASN1 reformat/tidy.	2004-04-25 12:46:39 +00:00
Dr. Stephen Henson	8845420f4e	Reformat/tidy some of the ASN1 code.	2004-04-24 17:02:48 +00:00
Dr. Stephen Henson	d735c64905	Fix leak. PR:870	2004-04-22 12:37:16 +00:00
Geoff Thorpe	8c521c7a34	Extend the index parameter checking from sk_value to sk_set(). Also tidy up some similar code elsewhere. Thanks to Francesco Petruzzi for bringing this to my attention.	2004-04-21 15:08:56 +00:00
Richard Levitte	863d2b196f	Print the debug thingies on stderr instead of stdout. If for nothing else then at least so bc doesn't have problems parsing the output from bntest :-).	2004-04-20 10:57:07 +00:00
Geoff Thorpe	c57bc2dc51	make update	2004-04-19 18:33:41 +00:00
Geoff Thorpe	28ded31b97	More updates for the header cleanups (and apologies, again, for not having consolidated these prior to committing).	2004-04-19 18:30:41 +00:00
Geoff Thorpe	60a938c6bc	(oops) Apologies all, that last header-cleanup commit was from the wrong tree. This further reduces header interdependencies, and makes some associated cleanups.	2004-04-19 18:09:28 +00:00
Geoff Thorpe	3a87a9b9db	Reduce header interdependencies, initially in engine.h (the rest of the changes are the fallout). As this could break source code that doesn't directly include headers for interfaces it uses, changes to recursive includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to define this when building and using openssl, and then adapt code where necessary - this is how to stay current. However the mechanism exists for the lethargic.	2004-04-19 17:46:04 +00:00
Geoff Thorpe	2749276b95	Avoid undefined results when the parameter is out of range.	2004-04-02 06:25:11 +00:00
Dr. Stephen Henson	b6a5fdb8a7	Don't use C++ reserved word.	2004-04-01 22:23:46 +00:00
Dr. Stephen Henson	ecf139917d	New function X509_POLICY_NODE_print()	2004-03-31 12:17:24 +00:00
Richard Levitte	ab23d5ffda	Add symbol hacks for some long names. make update	2004-03-29 08:13:49 +00:00
Andy Polyakov	1a979201d5	This is essentially Intel 32-bit compiler tune-up. To start with all available compiler versions generated bogus machine code trying to compile new crypto/des/cfb_enc.c. Secondly, 8th version defines __GNUC__ macro, but fails to compile some inline assembler correctly. Note that all versions of icc implement MSC-like _lrot[rl] intrinsic, which is used now instead of offensive asm. Finally, unnecessary linker dependencies are eliminated. Most notably dependency from libirc.a caused trouble at application start-up, if libcrypto.so is linked with -Bsymbolic (which it is).	2004-03-28 21:27:47 +00:00
Dr. Stephen Henson	216659eb87	Enhance EVP code to generate random symmetric keys of the appropriate form, for example correct DES parity. Update S/MIME code and EVP_SealInit to use new functions. PR: 700	2004-03-28 17:38:00 +00:00
Dr. Stephen Henson	5d6383c83f	Make {i2v,v2i}_ASN1_BIT_STRING global. make update	2004-03-28 12:40:11 +00:00
Dr. Stephen Henson	e07d3a021d	Remove obsolete files.	2004-03-28 12:29:05 +00:00
Dr. Stephen Henson	e1a27eb34a	Allow CRLs to be passed into X509_STORE_CTX. This is useful when the verified structure can contain its own CRLs (such as PKCS#7 signedData). Tidy up some of the verify code.	2004-03-27 22:49:28 +00:00
Dr. Stephen Henson	6446e0c3c8	Extend OID config module format.	2004-03-27 13:30:14 +00:00
Dr. Stephen Henson	beedea2fef	Free up BIO properly when using streaming S/MIME sign.	2004-03-26 00:24:38 +00:00
Richard Levitte	0020502a07	SSL_COMP_get_compression_method is a typo (a missing 's' at the end of the symbol name).	2004-03-25 21:32:30 +00:00
Richard Levitte	fd9fa844e2	Wrap code starting with a definition. PR: 854	2004-03-25 20:01:01 +00:00
Richard Levitte	482c2acf02	Make prototypes for some callback pointers.	2004-03-25 16:21:42 +00:00
Richard Levitte	a481b4b52c	A couple more cases where RAND_add() gets an integer instead of a doule as last argument.	2004-03-25 16:04:02 +00:00
Richard Levitte	a87228031f	RAND_add() wants a double as it's last argument.	2004-03-25 15:52:43 +00:00
Dr. Stephen Henson	b79c82eaab	Fix loads of warnings in policy code. I'll remember to try to compile this with warnings enabled next time :-)	2004-03-25 13:45:58 +00:00
Dr. Stephen Henson	69d1d5e6ce	Fix ASN1 warnings.	2004-03-25 13:37:02 +00:00
Geoff Thorpe	c86f2054f3	Adjust various bignum functions to use BN_CTX for variables instead of locally initialising their own. NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of these functions, and that may be a major part of the performance improvements we're seeing. The "free" part can be removed because we're using BN_CTX. The "clear" part OTOH can be removed because BN_CTX destruction automatically performs this task, so performing it inside functions that may be called repeatedly is wasteful. This is currently safe within openssl due to the fact that BN_CTX objects are never created for longer than a single high-level operation. However, that is only because there's currently no mechanism in openssl for thread-local storage. Beyond that, this might be an issue for applications using the bignum API directly and caching their own BN_CTX objects. The solution is to introduce a flag to BN_CTX_start() that allows its variables to be automatically sanitised on release during BN_CTX_end(). This way any higher-level function (and perhaps the application) can specify this flag in its own BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions specifying the flag to be ignored so that sanitisation is handled only once back out at the higher level. I will be implementing this in the near future.	2004-03-25 04:32:24 +00:00
Geoff Thorpe	5c98b2caf5	Replace the BN_CTX implementation with my current work. I'm leaving the little TODO list in there as well as the debugging code (only enabled if BN_CTX_DEBUG is defined). I'd appreciate as much review and testing as can be spared for this. I'll commit some changes to other parts of the bignum code shortly to make better use of this implementation (no more fixed size limitations). Note also that under identical optimisations, I'm seeing a noticable speed increase over openssl-0.9.7 - so any feedback to confirm/deny this on other systems would also be most welcome.	2004-03-25 04:16:14 +00:00
Geoff Thorpe	5148710994	Adds warnings about two curves and fixes the "seed" value for two other curves. Submitted by: Nils Larsch	2004-03-25 03:03:52 +00:00
Geoff Thorpe	ea77fc3380	... and this should likewise fix up those RSA implementations that weren't already built and tested.	2004-03-25 02:55:17 +00:00
Geoff Thorpe	46ef873f0b	By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key operations no longer require two distinct BN_CTX structures. This may put more "strain" on the current BN_CTX implementation (which has a fixed limit to the number of variables it will hold), but so far this limit is not triggered by any of the tests pass and I will be changing BN_CTX in the near future to avoid this problem anyway. This also changes the default RSA implementation code to use the BN_CTX in favour of initialising some of its variables locally in each function.	2004-03-25 02:52:04 +00:00
Geoff Thorpe	2d2a5ba32a	Damn, I was a bit hasty with my fix and hadn't spotted the linker dependency from asn1.	2004-03-25 02:41:35 +00:00
Geoff Thorpe	2bd4e3379f	Remove some warnings.	2004-03-25 02:24:38 +00:00
Geoff Thorpe	032c3ecb18	Protect against gcc's "warning: cast does not match function type".	2004-03-25 02:19:42 +00:00
Richard Levitte	e703b46598	Don't define fd for platforms that do not use it, as some may not declare fileno() properly	2004-03-24 10:55:48 +00:00
Richard Levitte	0fa793bc7b	Correct constness problems.	2004-03-24 10:50:42 +00:00
Richard Levitte	5c42f62e48	Only build the PKCS#7 test applications if "pkcs7" is present in SDIRS.	2004-03-24 10:48:50 +00:00
Richard Levitte	a08e05d1be	Add store.h among the exported headers on VMS.	2004-03-24 09:52:16 +00:00
Richard Levitte	a0b5ebeac6	Typo...	2004-03-24 09:40:59 +00:00
Richard Levitte	8ee18dd520	Make sure toupper() is properly declared.	2004-03-24 09:40:23 +00:00
Richard Levitte	e725a9660b	make update	2004-03-23 15:06:33 +00:00
Richard Levitte	d7eed1929b	Sync the VMS build with Unix.	2004-03-23 14:50:16 +00:00
Dr. Stephen Henson	4acc3e907d	Initial support for certificate policy checking and evaluation. This is currently very experimental and needs to be more fully integrated with the main verification code.	2004-03-23 14:14:35 +00:00
Richard Levitte	ec5d8a54e9	Remove a warning for conversion double->long. This has impacts on Windows. PR: 849	2004-03-21 22:39:52 +00:00
Richard Levitte	18a6333180	Make sure fd is defined where it should. PR: 849	2004-03-21 22:36:27 +00:00
Geoff Thorpe	e042540f6b	Variety of belt-tightenings in the bignum code. (Please help test this!) - Remove some unnecessary "+1"-like fudges. Sizes should be handled exactly, as enlarging size parameters causes needless bloat and may just make bugs less likely rather than fixing them: bn_expand() macro, bn_expand_internal(), and BN_sqr(). - Deprecate bn_dup_expand() - it's new since 0.9.7, unused, and not that useful. - Remove unnecessary zeroing of unused bytes in bn_expand2(). - Rewrite BN_set_word() - it should be much simpler, the previous complexities probably date from old mismatched type issues. - Add missing bn_check_top() macros in bn_word.c - Improve some degenerate case handling in BN_[add\|sub]_word(), add comments, and avoid a bignum expansion if an overflow isn't possible.	2004-03-17 17:36:54 +00:00
Richard Levitte	875a644a90	Constify d2i, s2i, c2i and r2i functions and other associated functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.	2004-03-15 23:15:26 +00:00
Richard Levitte	ec37635c94	It was just pointed out to me that it's better to cast to double...	2004-03-15 23:02:55 +00:00
Richard Levitte	fd836aeee0	Make sure that the last argument to RAND_add() is a float, or some compilers may complain.	2004-03-15 22:37:08 +00:00
Richard Levitte	560f7abb7e	Make sure we use unsigned constants, or come compilers may complain.	2004-03-15 22:33:19 +00:00
Geoff Thorpe	b6358c89a1	Convert openssl code not to assume the deprecated form of BN_zero(). Remove certain redundant BN_zero() initialisations, because BN_CTX_get(), BN_init(), [etc] already initialise to zero. Correct error checking in bn_sqr.c, and be less wishy-wash about how/why the result's 'top' value is set (note also, 'max' is always > 0 at this point).	2004-03-13 23:57:20 +00:00
Geoff Thorpe	5d735465d1	The efforts to eliminate the dual-representation of zero and to ensure bignums are passed in and out of functions and APIs in a consistent form has highlighted that zero-valued bignums don't need any allocated word data. The use of BN_set_word() to initialise a bignum to zero causes needless allocation and gives it a return value that must be checked. This change converts BN_zero() to a self-contained macro that has no return/expression value and does not cause any expansion of bignum data. Note, it would be tempting to rewrite the deprecated version as a success-valued comma expression, such as; #define BN_zero(a) ((a)->top = (a)->neg = 0, 1) However, this evaluates 'a' twice and would confuse initialisation loops (eg. while(..) { BN_zero(bn++) } ). As such, the deprecated version continues to use BN_set_word().	2004-03-13 23:04:15 +00:00
Geoff Thorpe	9e051bac13	Document a change I'd already made, and at the same time, correct the change to work properly; BN_zero() should set 'neg' to zero as well as 'top' to match the behaviour of BN_new().	2004-03-13 22:10:15 +00:00
Geoff Thorpe	93825dddad	static	2004-03-10 01:20:26 +00:00
Geoff Thorpe	a8aa764d3c	Minimise the amount of code dependent on BN_DEBUG_RAND. In particular, redefine bn_clear_top2max() to be a NOP in the non-debugging case, and remove some unnecessary usages in bn_nist.c. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe, Ulf Möller	2004-03-09 03:53:40 +00:00
Geoff Thorpe	e7716b7a19	More changes coming out of the bignum auditing. BN_CTX_get() should ideally return a "zero" bignum as BN_new() does - so reset 'top'. During BN_CTX_end(), released bignums should be consistent so enforce this in debug builds. Also, reduce the number of wasted BN_clear_free() calls from BN_CTX_end() (typically by 75% or so). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe, Ulf Möller	2004-03-09 03:47:35 +00:00
Dr. Stephen Henson	a4e3150f00	Fix policy constraints syntax.	2004-03-08 18:15:32 +00:00
Dr. Stephen Henson	edec614efd	Support for inhibitAnyPolicy extension.	2004-03-08 13:56:31 +00:00
Dr. Stephen Henson	5fa5eb71a4	Cleanup ASN1 OID module when it exits.	2004-03-05 23:47:56 +00:00
Dr. Stephen Henson	216ad9ef58	Memory leak fix.	2004-03-05 23:39:42 +00:00
Dr. Stephen Henson	bc50157010	Various X509 fixes. Disable broken certificate workarounds when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions.	2004-03-05 17:16:35 +00:00
Dr. Stephen Henson	91180d45f9	Typos. Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>	2004-03-04 21:44:39 +00:00
Richard Levitte	4cfa4ae820	Avoid a memory leak in OCSP_parse_url(). Notified by Paul Siegel <psiegel@corestreet.com>	2004-03-01 14:58:22 +00:00
Richard Levitte	f727266ae8	Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also. PR: 833	2004-02-26 22:07:45 +00:00
Geoff Thorpe	c6700d2746	A cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-02-22 19:32:53 +00:00
Geoff Thorpe	1b06804491	When adding positive elements, we can use BN_uadd() instead of BN_add(). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-02-22 19:30:41 +00:00
Dr. Stephen Henson	dc90f64d56	Use an OCTET STRING for the encoding of an OCSP nonce value. The old raw format can't be handled by some implementations and updates to RFC2560 will make this mandatory.	2004-02-19 18:16:38 +00:00
Geoff Thorpe	6c43032121	minor signed/unsigned warning fixes	2004-02-10 18:46:10 +00:00
Andy Polyakov	1751034669	Typo in crypto/bn/asm/x86_64.c, bn_div_words(). PR: 821	2004-02-07 09:51:28 +00:00
Dr. Stephen Henson	d4575825f1	Add flag to avoid continuous memory allocate when calling EVP_MD_CTX_copy_ex(). Without this HMAC is several times slower than < 0.9.7.	2004-02-01 13:39:51 +00:00
Andy Polyakov	d04b1b4656	Typo in PA-RISC 2 rules in crypto/bn/Makefile.ssl	2004-01-30 05:41:23 +00:00
Andy Polyakov	1247092776	HP/UX PA-RISC 2 targets update.	2004-01-29 22:16:08 +00:00
Richard Levitte	61a88c31c0	Typo	2004-01-29 02:55:43 +00:00
Richard Levitte	e5886a2388	make update	2004-01-28 19:07:41 +00:00
Richard Levitte	8d1ebe0bd1	Add the missing parts for DES CFB1 and CFB8. Add the corresponding AES parts while I'm at it. make update	2004-01-28 19:05:35 +00:00
Richard Levitte	1fb724449d	make update	2004-01-28 18:38:33 +00:00
Richard Levitte	721a5e83f9	Unsigned vs. signed problem removed	2004-01-28 08:48:11 +00:00
Andy Polyakov	6df617a59d	#undef _POSIX_C_SOURCE in ui_openssl.c ruined IRIX builds. Comment on why _POSIX_C_SOURCE needed in first place.	2004-01-27 22:06:48 +00:00
Andy Polyakov	8c6336b0aa	CFB DES sync-up with FIPS branch.	2004-01-27 21:47:35 +00:00
Richard Levitte	87203dc99a	Avoid signed vs. unsigned warnings (which are treated like errors on Windows).	2004-01-27 01:16:38 +00:00
Richard Levitte	4de65cbc06	S_IFBLK and S_IFCHR may not exist in some places (like Windows), so let's check for those macros, and if they aren't defined, let's assume there aren't Unixly devices on this platform.	2004-01-26 23:45:32 +00:00
Andy Polyakov	27b2b78f90	Even though C specification explicitly says that constant type "stretches" automatically to accomodate the value, some compilers fail to do so. Most notably 0x0123456789ABCDEF should come out as long long in 32-bit context, but HP compiler truncates it to 32-bit value. Which in turn breaks GF(2^m) arithmetics in hpux-parisc2-cc build. Therefore this fix...	2004-01-25 10:53:43 +00:00
Andy Polyakov	7f24b1c3e9	Get rid of bogus warning when compiling with Sun vendor compiler.	2004-01-24 16:31:21 +00:00

... 7 8 9 10 11 ...

3812 commits