Dr. Stephen Henson
3f791ca818
Assing check_{cert,crl}_time to 'ok' variable so it returns errors on
...
expiry.
2005-05-27 13:19:25 +00:00
Bodo Möller
0ebfcc8f92
make sure DSA signing exponentiations really are constant-time
2005-05-26 04:40:52 +00:00
Bodo Möller
c61f571ce0
check BN_copy() return value
2005-05-26 04:30:49 +00:00
Richard Levitte
85991994df
It seems like mkdef.pl couldn't quite understand that #ifdef OPENSSL_NO_SHA512
...
was still active when it came down to the functions. mkdef.pl should really
be corrected, but that'll be another day...
2005-05-24 03:39:08 +00:00
Richard Levitte
b172dec864
DEC C complains about bad subscript, but we know better, so let's shut it up.
2005-05-24 03:22:53 +00:00
Andy Polyakov
61391e2314
Be more consistent with OPENSSL_NO_SHA256.
2005-05-22 10:27:59 +00:00
Andy Polyakov
4b23506594
OPENSSL_NO_SHA512 to mask even SHA512_CTX declaration. This is done to
...
make no-sha512 more effective on platforms, which don't support 64-bit
integer type of *any* kind.
2005-05-22 08:55:15 +00:00
Andy Polyakov
82d3dda8a1
Still SEGV trouble in .init segment under Solaris x86...
2005-05-21 17:49:10 +00:00
Richard Levitte
fe8bf9560d
When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in
...
http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html .
Notified by David Wolfe <dwolfe5272@yahoo.com>
2005-05-21 17:39:43 +00:00
Ben Laurie
fe977f7512
Propagate BUILDENV into subdirectories.
2005-05-21 16:13:36 +00:00
Andy Polyakov
e476f94212
Move _WIN32_WINNT definition from command line to e_os.h. The change is
...
inspired by VC6 failure report. In addition abstain from taking screen
snapshots when running in NT service context.
2005-05-21 13:19:27 +00:00
Nils Larsch
bbbd67108f
fix typo, add prototype
2005-05-20 22:55:10 +00:00
Nils Larsch
7f246621b5
fix potential memory leak
...
Submitted by: Goetz Babin-Ebell
2005-05-19 22:10:40 +00:00
Nils Larsch
3f4657d131
fix "dereferencing type-punned pointer will break strict-aliasing rules"
...
warning when using gcc 4.0
2005-05-19 12:01:51 +00:00
Nils Larsch
67ffa18cce
make the type parameter const when ID2_OF_const() is used
2005-05-18 22:30:38 +00:00
Andy Polyakov
c50226594d
Don't emit SSE2 instructions unless were asked to.
...
PR: 1073
2005-05-18 08:42:08 +00:00
Andy Polyakov
51ff6bde38
Engage Applink in mingw. Note that application-side module is not
...
compiled into *our* aplpications. That's because mingw is always
consistent with itself. Having library-side code linked into .dll
makes it possible to deploy the .dll with user-code compiled with
another compiler [which is pretty much the whole point behind Applink].
2005-05-18 08:16:46 +00:00
Richard Levitte
c800a070b5
I just branched 0.9.8, so HEAD needs to be bumped to 0.9.9-dev.
...
The 0.9.8 branch is called OpenSSL_0_9_8-stable.
2005-05-18 03:58:34 +00:00
Andy Polyakov
53d8996764
Engage Applink for VC builds.
2005-05-17 16:50:46 +00:00
Nils Larsch
8712009778
simplify EC_KEY_dup
2005-05-17 12:23:16 +00:00
Bodo Möller
f468e3824a
fix memory leak (BIO_free_all needs pointer to first BIO)
...
PR: 1070
2005-05-17 05:52:24 +00:00
Andy Polyakov
ea1b02db6a
OPENSSL_Applink update.
2005-05-17 00:08:28 +00:00
Andy Polyakov
25a66ee3cb
Move cryptlib.h prior bio.h. Actually it makes sense to include cryptlib.h
...
first everywhere in crypto and skip stdio.h and string.h [because it
includes them].
2005-05-17 00:01:48 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Andy Polyakov
7abbffc3fb
Further BUILDENV clean-up, 'make depend' is operational again.
2005-05-16 14:24:45 +00:00
Nils Larsch
9dd8405341
ecc api cleanup; summary:
...
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Bodo Möller
46a643763d
Implement fixed-window exponentiation to mitigate hyper-threading
...
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Bodo Möller
10cde5010d
make update
2005-05-16 00:27:37 +00:00
Andy Polyakov
734540f887
Consolidate BUILDENV [idea is to keep all variables in one place].
2005-05-15 23:53:34 +00:00
Andy Polyakov
804515425a
+20% performance improvement of P4-specific RC4_CHAR loop.
2005-05-15 22:43:00 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
b6995add5c
Make -CSP option work again in pkcs12 utility by checking for
...
attribute in EVP_PKEY structure.
2005-05-15 00:54:45 +00:00
Dr. Stephen Henson
8ccd06c66c
openssl_fcast should always be defined, not just with DEBUG_SAFESTACK
2005-05-14 12:58:20 +00:00
Dr. Stephen Henson
fe86616c72
Some C compilers produce warnings or compilation errors if an attempt
...
is made to directly cast a function of one type to what it considers and
incompatible type. In particular gcc 3.4.2.
Add new openssl_fcast macro to place functions into a form where the compiler
will allow them to be cast.
The current version achives this by casting to: void function(void).
2005-05-12 23:01:44 +00:00
Dr. Stephen Henson
ba2ba27008
Avoid warnings.
2005-05-12 22:40:19 +00:00
Dr. Stephen Henson
c596c795bf
Typo.
2005-05-12 17:28:53 +00:00
Ben Laurie
4b26fe30de
There must be an explicit way to build the .o!
2005-05-11 16:39:05 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Nils Larsch
8b15c74018
give EC_GROUP_new_by_nid a more meanigful name:
...
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Andy Polyakov
e19e549041
Comply with optimization manual (no data should share cache-line with code).
2005-05-09 21:48:01 +00:00
Andy Polyakov
d7561ac576
Allow for 64-bit cache-line alignments in code segment.
2005-05-09 21:27:40 +00:00
Bodo Möller
fbeaa3c47d
Update util/ck_errf.pl script, and have it run automatically
...
during "make errors" and thus during "make update".
Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
2005-05-09 00:27:37 +00:00
Bodo Möller
b0ac0a8ef8
improve comment readability
2005-05-09 00:06:54 +00:00
Nils Larsch
7dc17a6cf0
give EC_GROUP_*_nid functions a more meaningful name
...
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
EC_GROUP_set_nid -> EC_GROUP_set_curve_name
2005-05-08 22:09:12 +00:00
Andy Polyakov
b6223d2f70
Eliminate "statement with no effect" warning when OPENSSL_assert macro
...
is used with constant assertion.
2005-05-08 19:54:33 +00:00
Andy Polyakov
5d0d60e2f5
x86_64 assembler translator update.
2005-05-07 08:13:51 +00:00
Andy Polyakov
57ee007035
Fix constants.
...
PR: 1059
2005-05-07 08:11:50 +00:00
Richard Levitte
82e8cb403a
Since BN_LLONG will only be defined for Alpha/VMS and not VAX/VMS,
...
there's no need to undefine it here. Then, let's get a bit paranoid
and not define BN_ULLONG on THIRTY_TWO_BIT machines when BN_LLONG
isn't defined.
2005-05-06 13:34:35 +00:00
Nils Larsch
2c288b2a7e
fix compiler warning; pow10 is also in math.h
2005-05-05 20:57:37 +00:00
Andy Polyakov
0ee883650d
Commentary update motivating code update in 0.9.7.
2005-05-04 14:51:38 +00:00
Andy Polyakov
70cf309517
x86_64 assembler translator update.
2005-05-04 08:42:47 +00:00
Andy Polyakov
8b5bf52ac2
Cvs missed adapted module itself, here it goes...
2005-05-03 23:03:31 +00:00
Andy Polyakov
73a9485081
Engage md5-x86_64 assembler module.
2005-05-03 22:59:17 +00:00
Andy Polyakov
d37a65bc81
Throw in md5-x86_64 assembler.
2005-05-03 22:56:15 +00:00
Andy Polyakov
34c7ff6dc9
Cygwin doesn't expose Win32 [not "officially"].
2005-05-03 21:20:17 +00:00
Andy Polyakov
647907918d
Commentary update.
2005-05-03 21:16:42 +00:00
Andy Polyakov
cee73df3bd
Cpuid modules updates.
2005-05-03 21:05:06 +00:00
Nils Larsch
f15c448a72
remove BN_ncopy, it was only used in bn_nist.c and wasn't particular
...
useful anyway
2005-05-03 20:27:00 +00:00
Nils Larsch
fcb41c0ee8
rewrite of bn_nist.c, disable support for some curves on 64 bit platforms
...
for now (it was broken anyway)
2005-05-03 20:23:33 +00:00
Andy Polyakov
5f1841cdca
Rename amd64 modules to x86_64 and update RC4 implementation.
2005-05-03 15:42:05 +00:00
Andy Polyakov
4b45051902
x86_64 assembler translator update.
2005-05-03 15:35:14 +00:00
Dr. Stephen Henson
05338b58ce
Support for smime-type MIME parameter.
2005-05-01 12:46:57 +00:00
Andy Polyakov
405d9761a5
Allow for ./config no-sha0 [from stable].
2005-04-30 21:51:41 +00:00
Dr. Stephen Henson
98a2fd32a0
Typo.
2005-04-30 18:07:30 +00:00
Dr. Stephen Henson
7bdeeb64ac
Don't attempt to parse nested ASN1 strings by default.
2005-04-30 18:02:54 +00:00
Dr. Stephen Henson
e1cc0671ac
Use more efficient way to locate end of an ASN1 structure.
2005-04-30 13:06:45 +00:00
Nils Larsch
c1a8a5de13
don't let BN_CTX_free(NULL) segfault
2005-04-29 21:20:31 +00:00
Nils Larsch
6a50d0a422
hide the definition of ECDSA_METHOD and ECDSA_DATA (and mutatis mutandis
...
for ecdh)
2005-04-29 15:56:06 +00:00
Nils Larsch
1897c89302
avoid warnings when building on systems where sizeof(void *) > sizeof(int)
2005-04-29 14:26:59 +00:00
Andy Polyakov
3cc54008eb
Pointer to BN_MONT_CTX could be used uninitialized.
2005-04-28 08:49:01 +00:00
Richard Levitte
ff8bcccdd4
Synchronise with Unix build system.
2005-04-28 04:55:28 +00:00
Dr. Stephen Henson
a93b01be57
Increase offset for BIO_f_enc() to avoid problems with overlapping buffers
...
when decrypting data.
2005-04-28 00:21:29 +00:00
Dr. Stephen Henson
6c61726b2a
Lots of Win32 fixes for DTLS.
...
1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.
2005-04-27 16:27:14 +00:00
Nils Larsch
df9e0bf507
add missing parentheses
2005-04-27 07:57:50 +00:00
Dr. Stephen Henson
879b19801a
Change method_mont_p from (char *) to (BN_MONT_CTX *) and remove several
...
casts.
2005-04-27 00:04:59 +00:00
Dr. Stephen Henson
6ec8e63af6
Port BN_MONT_CTX_set_locked() from stable branch.
...
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
2005-04-26 23:58:54 +00:00
Dr. Stephen Henson
465b9f6b26
Stop unused variable warning.
2005-04-26 23:45:49 +00:00
Dr. Stephen Henson
2deadf1672
Port from stable branch.
2005-04-26 23:21:49 +00:00
Nils Larsch
800e400de5
some updates for the blinding code; summary:
...
- possibility of re-creation of the blinding parameters after a
fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
are present (see bug report #785 )
- improve the performance when if one rsa structure is shared by
more than a thread (see bug report #555 )
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
2005-04-26 22:31:48 +00:00
Dr. Stephen Henson
667aef4c6a
Port from stable branch.
2005-04-26 22:07:17 +00:00
Bodo Möller
aa4ce7315f
Fix various incorrect error function codes.
...
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Bodo Möller
0d5ea7613e
make update
2005-04-26 18:09:21 +00:00
Ben Laurie
36d16f8ee0
Add DTLS support.
2005-04-26 16:02:40 +00:00
Bodo Möller
2e7245f5a3
Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
...
PR: 959
2005-04-25 23:09:00 +00:00
Andy Polyakov
3d5fd31280
Avoid L1 cache aliasing even between key and S-boxes.
2005-04-24 21:09:20 +00:00
Nils Larsch
9edf4e8157
make asn.1 field names const
2005-04-23 13:45:49 +00:00
Nils Larsch
965a1cb92e
change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible
2005-04-23 10:11:16 +00:00
Ben Laurie
e9ad6665a5
Add debug target, remove cast, note possible bug.
2005-04-23 06:05:24 +00:00
Ben Laurie
b5855b2f32
Add prototypes.
2005-04-22 23:57:46 +00:00
Nils Larsch
a0bee97e55
more const
2005-04-22 21:57:36 +00:00
Nils Larsch
ff22e913a3
- use BN_set_negative and BN_is_negative instead of BN_set_sign
...
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Andy Polyakov
04d0d0accf
Avoid aliasing between stack frames and S-boxes. Compress prefetch code.
2005-04-22 11:49:32 +00:00
Richard Levitte
630e4a6e59
Provide a default OPENSSL_ia32cap_loc for non-Intel platforms where
...
util/libeay.num is important when building shared libraries, like
VMS.
2005-04-21 09:10:19 +00:00
Dr. Stephen Henson
2c45bf2bc9
Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts.
...
Remove more bogus shadow warnings.
2005-04-20 21:48:06 +00:00
Dr. Stephen Henson
836ec0c764
Stop compiler warnings about deprecated lvalue casts.
2005-04-20 21:39:13 +00:00
Dr. Stephen Henson
5e72fb063a
Stop bogus shadowing warning.
2005-04-20 21:34:29 +00:00
Richard Levitte
a74286d636
Make sure id2_func is properly cast as well...
2005-04-20 13:17:42 +00:00
Richard Levitte
254cfe878e
signed vs. unsigned.
2005-04-20 13:12:33 +00:00
Richard Levitte
ed824195a1
Avoid compiler complaint about mismatched function signatures
...
(void * != char *)
2005-04-20 13:09:46 +00:00
Richard Levitte
22c3600e4c
Resolve signed vs. unsigned.
2005-04-20 12:55:15 +00:00
Richard Levitte
49f386578e
Type mismatch detected by DEC C compiler. void* != void**
2005-04-20 12:53:50 +00:00
Richard Levitte
7c671508bd
Avoid compiler complaint about mismatched function signatures
...
(void * != RSA *)
2005-04-20 10:02:16 +00:00
Dr. Stephen Henson
987bebaf8c
New "algorithm define" OPENSSL_NO_GMP. Update mkdef.pl and Configure script
...
to use it.
2005-04-19 13:24:44 +00:00
Dr. Stephen Henson
f68854b4c3
Various Win32 and other fixes for warnings and compilation errors.
...
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
2005-04-19 00:12:36 +00:00
Andy Polyakov
1cfd258ed6
Throw in x86_64 AT&T to MASM assembler converter to facilitate development
...
of dual-ABI Unix/Win64 modules.
2005-04-17 21:05:57 +00:00
Richard Levitte
2906dc8601
Synchronise with ec/Makefile.
2005-04-17 09:07:37 +00:00
Andy Polyakov
c8d5c71af5
Mitigate cache-timing attack in CBC mode. This is done by implementing
...
compressed tables (2x compression factor) and by pre-fetching them into
processor cache prior every CBC en-/decryption pass. One can argue why
just CBC? Well, it's commonly used mode in real-life applications and
API allows us to amortize the prefetch costs for larger data chunks...
2005-04-16 15:23:21 +00:00
Dr. Stephen Henson
fbe6ba81e9
Check return values of <Digest>_Init functions in low level digest calls.
2005-04-14 22:58:44 +00:00
Andy Polyakov
2b85e23d2e
Prototype mnemonics in padlock_verify_context for better portability
...
[read support for Solaris assembler].
2005-04-14 07:47:10 +00:00
Andy Polyakov
026bb0b96a
Fix for bug emerged in openvpn conext.
2005-04-14 07:41:29 +00:00
Andy Polyakov
e62991a07c
Zap OPENSSL_EXTERN on symbols, which are not meant to be local to DLL.
2005-04-13 20:51:42 +00:00
Andy Polyakov
1bf955920a
Fix typos.
2005-04-13 15:41:11 +00:00
Andy Polyakov
51d28013db
Introduce OPENSSL_NONPIC_relocated to denote relocated DLLs.
2005-04-13 08:46:35 +00:00
Andy Polyakov
9e88c82703
Minor cryptlib.c update: compiler warnings in OPENSSL_showfatal and
...
OPENSSL_stderr stub.
2005-04-13 06:55:42 +00:00
Dr. Stephen Henson
ad0db060b1
More overwritten stuff...
2005-04-12 16:36:36 +00:00
Dr. Stephen Henson
3547478fc8
Replace overwritten lines before error codes.
2005-04-12 16:17:53 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Dr. Stephen Henson
bc3cae7e7d
Include error library value in C error source files instead of fixing up
...
at runtime.
2005-04-12 13:31:14 +00:00
Nils Larsch
37942fab51
include limits.h for UINT_MAX etc.
2005-04-11 20:59:58 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Dr. Stephen Henson
b392e52050
Move allow_proxy_certs declaration to start of function.
2005-04-10 23:41:09 +00:00
Richard Levitte
d9bfe4f97c
Added restrictions on the use of proxy certificates, as they may pose
...
a security threat on unexpecting applications. Document and test.
2005-04-09 16:07:12 +00:00
Nils Larsch
f763e0b5ae
make sure error queue is totally emptied
...
PR: 359
2005-04-07 22:53:35 +00:00
Andy Polyakov
9f2027e56d
Implement OPENSSL_showfatal and make it Win32 GUI and service aware
...
[meaning that it will detect in which context application is running
and either write message to stderr, post a dialog or log an event].
2005-04-07 18:39:45 +00:00
Andy Polyakov
e1d51de41f
Harmonize cygwin/mingw and VC targets.
2005-04-07 15:51:55 +00:00
Andy Polyakov
81ee80ab88
+45% RC4 performance boost on Intel EM64T core. Unrolled loop providing
...
further +35% will follow...
Submitted by: Zou Nanhai
2005-04-06 09:45:42 +00:00
Nils Larsch
70f34a5841
some const fixes and cleanup
2005-04-05 10:29:43 +00:00
Nils Larsch
c2e40d0f9a
remove unused recp method
2005-04-04 18:15:59 +00:00
Andy Polyakov
0abfd60604
Extend Solaris x86 support to amd64.
2005-04-04 17:10:53 +00:00
Andy Polyakov
e5dbccc182
Solaris x86 linker erroneously pads .init segment with zeros instead of
...
nops, which causes SEGV at startup. So I don't align anymore.
2005-04-04 17:07:16 +00:00
Andy Polyakov
f8fa22d826
Some non-GNU compilers (such as Sun C) define __i386.
2005-04-04 17:05:06 +00:00
Andy Polyakov
60fd574cdf
Make bn/asm/x86_64-gcc.c gcc4 savvy. +r is likely to be initially
...
introduced for a reason [like bug in initial gcc port], but proposed
=&r is treated correctly by senior 3.2, so we can assume it's safe now.
PR: 1031
2005-04-03 18:53:29 +00:00
Ben Laurie
73705abc34
If input is bad, we still need to clear the buffer.
2005-04-03 16:38:22 +00:00
Dr. Stephen Henson
7bdf8eed69
Typo
2005-04-01 21:56:15 +00:00
Ben Laurie
8bb826ee53
Consistency.
2005-03-31 13:57:54 +00:00
Ben Laurie
45d10efc35
Simplicate and add lightness.
2005-03-31 10:55:55 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Nils Larsch
fea4280a8b
fix header
2005-03-30 21:38:29 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Ben Laurie
0821bcd4de
Constification.
2005-03-30 10:26:02 +00:00
Nils Larsch
c01d2b974e
when building with OPENSSL_NO_DEPRECATED defined BN_zero is a macro
...
which cannot be evaluated in an if statement
2005-03-28 15:06:29 +00:00
Ulf Möller
7a8c728860
undo Cygwin change
2005-03-24 00:14:59 +00:00
Nils Larsch
41e455bfc4
test, remove unnecessary const cast
2005-03-22 17:55:18 +00:00
Ulf Möller
130db968b8
Use Windows randomness code on Cygwin
2005-03-19 11:39:17 +00:00
Ulf Möller
8d274837e5
fix breakage for Perl versions that do boolean operations on long words
2005-03-19 11:13:30 +00:00
Bodo Möller
9f6715d4bb
"make depend". This takes into account the algorithms that are now
...
disabled by default (MDC2 and RC5), which until now were skipped
by "make links" and yet supposedly required by some of the Makefiles,
meaning that the recent snapshots failed to compile.
Problem reported by Nils Larsch.
2005-03-13 19:49:47 +00:00
Andy Polyakov
1642000707
Cygwin to use DSO_FLFCN and mingw to use DSO_WIN32.
2005-03-12 11:28:41 +00:00
Andy Polyakov
f7f2125522
Avoid re-build avalanches with HP-UX make.
2005-03-12 09:12:44 +00:00
Bodo Möller
2b61034b0b
fix potential memory leak when allocation fails
...
PR: 801
Submitted by: Nils Larsch
2005-03-11 09:01:24 +00:00
Bodo Möller
80c808b90b
Fix typo
...
PR: 1017
Submitted by: ciresh@yahoo.com
Reviewed by: Nils Larsch
2005-03-09 19:08:02 +00:00
Lutz Jänicke
f69a8aebab
Fix hang in EGD/PRNGD query when communication socket is closed
...
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
2005-02-19 10:19:07 +00:00
Dr. Stephen Henson
9d10b15ef9
Fix possible memory leak.
2005-02-14 21:53:24 +00:00
Andy Polyakov
da30c74a27
Remove unused assembler modules.
2005-02-06 13:43:02 +00:00
Andy Polyakov
67ea999d4a
This patch was "ignited" by OpenBSD 3>=4 support. They've switched to ELF
...
and GNU binutils, but kept BSD make... And I took the opportunity to
unify other targets to this common least denominator...
2005-02-06 13:23:34 +00:00
Richard Levitte
8c3c570134
The first argument to load_iv should really be a char ** instead of an
...
unsigned char **, since it points at text.
Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out
the inelegance of our code :-)
2005-01-27 11:42:28 +00:00
Richard Levitte
bf746f0f46
Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
...
cause a segfault... This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
2005-01-27 01:49:25 +00:00
Richard Levitte
a229e3038e
Get rid if the annoying warning
2005-01-27 01:47:31 +00:00
Andy Polyakov
fbdce13e5a
Please BSD make...
2005-01-25 22:09:11 +00:00
Andy Polyakov
e532a6c449
FreeBSD 5 refuses to #include <malloc.h>. Fix compiler warning after
...
http://cvs.openssl.org/chngview?cn=12843 .
2005-01-25 22:07:22 +00:00
Andy Polyakov
8359421d90
Default to AES u32 being unsinged int and not long. This improves cache
...
locality on 64-bit platforms (and fixes IA64 assembler-empowered build:-).
The choice is guarded by newly introduced AES_LONG macro, which needs
to be defined only on 16-bit platforms which we don't support (not that
I know of). Meaning that one could as well skip long option altogether.
2005-01-24 14:22:05 +00:00
Andy Polyakov
efde5230f1
Improve ECB performance (48+14*rounds -> 18+13*rounds) and reserve for
...
hand-coded zero-copy AES_cbc_encrypt.
2005-01-24 14:14:53 +00:00
Andy Polyakov
bac252a5e3
Bug-fix in CBC encrypt tail processing and commentary section update.
2005-01-20 10:33:37 +00:00
Andy Polyakov
addb6e16a8
Throw in AES CBC assembler, up to +40% on aes-128-cbc benchmark.
2005-01-18 01:04:41 +00:00
Andy Polyakov
ed65fab910
Reserve for AES CBC assembler implementation...
2005-01-18 00:43:32 +00:00
Andy Polyakov
90cc40911b
Don't zap AES CBC IV, when decrypting truncated content in place.
2005-01-18 00:26:52 +00:00
Richard Levitte
a7201e9a1b
Changes concering RFC 3820 (proxy certificates) integration:
...
- Enforce that there should be no policy settings when the language
is one of id-ppl-independent or id-ppl-inheritAll.
- Add functionality to ssltest.c so that it can process proxy rights
and check that they are set correctly. Rights consist of ASCII
letters, and the condition is a boolean expression that includes
letters, parenthesis, &, | and ^.
- Change the proxy certificate configurations so they get proxy
rights that are understood by ssltest.c.
- Add a script that tests proxy certificates with SSL operations.
Other changes:
- Change the copyright end year in mkerr.pl.
- make update.
2005-01-17 17:06:58 +00:00
Dr. Stephen Henson
fcd5cca418
PKCS7_verify() performance optimization. When the content is large and a
...
memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots
of slow memory copies from the memory BIO by saving the content in a
temporary read only memory BIO.
2005-01-14 17:52:24 +00:00
Andy Polyakov
e6d27baf52
Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX
...
environments.
2005-01-13 15:46:09 +00:00
Andy Polyakov
e7e1150706
"Monolithic" x86 assembler replacement for aes_core.c. Up to +15% better
...
performance on recent microarchitectures.
2005-01-13 15:35:44 +00:00
Andy Polyakov
5d727078ac
Fix an "oops" typo! Well, it was a debugging left-over...
2005-01-13 15:25:30 +00:00
Andy Polyakov
108159ffcc
O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.
...
PR: 998
2005-01-13 15:20:42 +00:00
Richard Levitte
b15a93a9c5
Correct a faulty address assignment, and add a length check (not
...
really needed now, but may be needed in the future, who knows?).
2005-01-12 09:53:20 +00:00
Andy Polyakov
7de4b5b060
Permit "monolithic" AES assembler implementations, i.e. such which would
...
replace *whole* aes_core.c, not only AES_[de|en]crypt routines.
2005-01-09 16:01:58 +00:00
Andy Polyakov
02a00bb054
DJGPP update.
...
PR: 989
Submitted by: Doug Kaufman
2005-01-04 10:28:38 +00:00
Andy Polyakov
3b4de6e4cc
Borrow #include <string[s].h> from e_os.h.
2004-12-31 00:00:05 +00:00
Andy Polyakov
bdbc9b4d1a
Make whiny compilers stop complaining about missing prototype.
2004-12-30 23:40:31 +00:00
Andy Polyakov
25866e3982
Commentary update for AES IA-64 assembler module.
2004-12-30 10:55:02 +00:00
Andy Polyakov
3b3df98ca6
Minor AES x86 assembler tune-up.
2004-12-30 10:46:03 +00:00
Andy Polyakov
2e4a99f38b
AES-CFB[18] 2x optimization. Well, I bet nobody cares about AES-CFB1
...
performance, but anyway...
2004-12-30 10:43:33 +00:00
Andy Polyakov
f1ce306f30
Oops-kind typos in aes-ia64.S...
2004-12-28 17:10:42 +00:00
Richard Levitte
37b11ca78e
iv needs to be const because it sometimes takes it's value from a
...
const.
2004-12-28 10:35:13 +00:00
Richard Levitte
a17af9e277
Forgot to synchronise the VMS build scripts.
2004-12-28 10:22:00 +00:00
Richard Levitte
6951c23afd
Add functionality needed to process proxy certificates.
2004-12-28 00:21:35 +00:00
Andy Polyakov
de421076a5
Minor cygwin update.
...
PR: 949
2004-12-27 21:27:46 +00:00
Andy Polyakov
9850f7f6b2
Remove yet another redundant memcpy. Not at least performance critical,
...
essentially cosmetic modification...
2004-12-26 13:05:40 +00:00
Andy Polyakov
131e064e4a
Eliminate redundant memcpy of IV material. Performance improvement varies
...
from platform to platform and can be as large as 20%.
2004-12-26 12:31:37 +00:00
Andy Polyakov
556b8f3f77
Engage AES x86 assembler module for COFF and a.out targets.
2004-12-26 10:58:39 +00:00
Andy Polyakov
045d3285e2
Engage AES x86 assembler module on ELF platforms.
2004-12-23 21:44:28 +00:00
Andy Polyakov
d1df5b4339
x86 perlasm update to accomodate aes-586.pl.
2004-12-23 21:43:25 +00:00
Andy Polyakov
25558bf743
Eliminate copies of TeN and TdN, use those found in assembler module.
2004-12-23 21:40:23 +00:00
Andy Polyakov
713147109c
AES x86 assembler implementation.
2004-12-23 21:32:34 +00:00
Andy Polyakov
76ef6ac956
Refine PowerPC platform support.
2004-12-20 13:44:34 +00:00
Dr. Stephen Henson
a842df6659
Remove unused buffer 'buf'.
2004-12-20 00:49:36 +00:00
Richard Levitte
fbf218b8c3
make update (oops, missed this file)
2004-12-13 22:57:39 +00:00
Richard Levitte
3c97bd833b
Change libeay.num so it's synchronised with additions in 0.9.7-stable.
...
make update
2004-12-13 22:57:08 +00:00
Dr. Stephen Henson
5e8904f289
Remove duplicate lines.
2004-12-12 13:15:49 +00:00
Andy Polyakov
0c0788ba0a
Solaris x86 perlasm update.
2004-12-10 11:24:42 +00:00
Andy Polyakov
905fd45b36
Engage SHA1 IA64 assembler on IA64 platforms.
2004-12-09 15:39:55 +00:00
Dr. Stephen Henson
c162b132eb
Automatically mark the CRL cached encoding as invalid when some operations
...
are performed.
2004-12-09 13:35:06 +00:00
Andy Polyakov
b4e0ce5165
SHA1 assembler for IA-64.
2004-12-09 11:57:38 +00:00
Andy Polyakov
17f0e916db
Extend RC4 test.
2004-12-07 11:55:56 +00:00
Dr. Stephen Henson
41c70d47d7
Remaing bits of PR:620 relevant to 0.9.8.
2004-12-05 01:50:56 +00:00
Dr. Stephen Henson
a0e7c8eede
Add lots of checks for memory allocation failure, error codes to indicate
...
failure and freeing up memory if a failure occurs.
PR:620
2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
3e66ee9f01
In by_file.c check last error for no start line, not first error.
2004-12-04 21:25:51 +00:00
Dr. Stephen Henson
8f284faaec
V1 certificates that aren't self signed can't be accepted as CAs.
2004-12-03 00:10:34 +00:00
Andy Polyakov
f774accdbf
Fix rc4-ia64.S to pass more exhaustive regression tests.
2004-12-02 10:07:55 +00:00
Dr. Stephen Henson
8544a80776
Add couple of OIDs. Resync NIDs for consistency with 0.9.7.
2004-12-01 18:09:53 +00:00
Andy Polyakov
7c69478064
I've introduced a bug to i386 RC4 assembler, which would emerge with
...
certain mix of calls to RC4 routine not covered by rc4test.c.
It's fixed now. In addition this patch inadvertently fixes minor
performance problem: in 0.9.7 context P4 was performing 12% slower
than the original implementation...
2004-12-01 15:28:18 +00:00
Dr. Stephen Henson
1862dae862
Perform partial comparison of different character types in X509_NAME_cmp().
2004-12-01 01:45:30 +00:00
Andy Polyakov
b7b46c9a87
Add 0.9.7 specific comments to RC4 assembler modules.
2004-11-30 15:46:46 +00:00
Richard Levitte
5073ff0346
Split X509_check_ca() into a small self and an internal function
...
check_ca(), to resolve constness issue. check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().
2004-11-30 12:18:55 +00:00
Andy Polyakov
fc7fc5678f
sha1_block_asm_data_order can't hash if message crosses 2GB boundary.
2004-11-29 21:19:56 +00:00
Andy Polyakov
7a3240e319
Final touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core.
2004-11-29 21:12:58 +00:00
Richard Levitte
30b415b076
Make an explicit check during certificate validation to see that the
...
CA setting in each certificate on the chain is correct. As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
given)
2004-11-29 11:28:08 +00:00
Andy Polyakov
914c2a28c0
perlasm/x86[ms|nasm] update to accomodate updated RC4 assembler module.
2004-11-27 15:14:58 +00:00
Andy Polyakov
bc3e7fabe7
Engage RC4 IA-64 assembler module.
2004-11-26 15:12:17 +00:00
Andy Polyakov
d675c74d14
RC4 IA-64 assembler implementation.
2004-11-26 15:07:50 +00:00
Dr. Stephen Henson
9d2996b82f
Check return code of EVP_CipherInit() in PKCS#12 code.
2004-11-24 01:21:03 +00:00
Andy Polyakov
959f9b1158
linux-x86_64 didn't link after EM64T RC4 tune-up...
2004-11-23 09:06:12 +00:00
Andy Polyakov
376729e130
RC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's
...
apparently impossible to compose blended code with would perform
satisfactory on all x86 and x86_64 cores, an extra RC4_CHAR
code-path is introduced and P4 core is detected at run-time. This
way we keep original performance on non-P4 implementations and
turbo-charge P4 performance by factor of 2.8x (on 32-bit core).
2004-11-21 10:36:25 +00:00
Andy Polyakov
68d9e764cb
As was shown by Marc Bevand reordering of couple of load operations
...
results in even higher performance gain of 3.3x:-) At least on
Opteron...
2004-11-09 17:23:26 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Richard Levitte
1a4b8e7cee
Make sure memmove() is defined, even on SunOS 4.1.4.
...
PR: 963
2004-11-01 07:58:38 +00:00
Geoff Thorpe
58ae65cd1a
Update ECDSA and ECDH for OPENSSL_NO_ENGINE.
...
Reported by: Maxim Masiutin
Submitted by: Nils Larsch
2004-10-21 00:06:14 +00:00
Richard Levitte
5b0f1f7d13
Because libraries on Windows lack useful version information, the zlib
...
guys had to change the name to differentiate with older versions when
a backward incompatibility came up. Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.
2004-10-14 05:48:59 +00:00
Dr. Stephen Henson
785e827323
Oops!
2004-10-04 17:28:31 +00:00
Dr. Stephen Henson
2f605e8d24
Fix race condition when CRL checking is enabled.
2004-10-04 16:30:12 +00:00
Dr. Stephen Henson
175ac6811a
Don't use C++ reserved work "explicit".
2004-10-01 11:21:53 +00:00
Andy Polyakov
07d488daf6
Fix Solaris 10_x86 shared build. -Bsymbolic is required to avoid
...
"remaining relocations" in assembler modules. The latter seems to
be new behaviour, elder as/ld managed to resolve this relocations
as internal. It's possible to address this problem differently,
but I settle for -Bsymbolic...
PR: 546
2004-09-28 20:45:10 +00:00
Richard Levitte
c38ff58b6b
Move the declaration of alloca() so it's ony declared when really
...
necessary.
2004-09-27 21:59:44 +00:00
Andy Polyakov
c29ef588dc
SHA1 asm Pentium tune-up. Performance loss is not as bad anymore.
2004-09-27 09:37:03 +00:00
Andy Polyakov
968c31bd84
sha256_block advances the input pointer double as fast sometimes. Fix the
...
bug and test that it's actually gone.
PR: 950
2004-09-27 09:35:59 +00:00
Geoff Thorpe
c743966156
Nils Larsch reported that this include is required. Strange that this had
...
gone unnoticed ...
2004-09-24 23:37:52 +00:00
Richard Levitte
bb09fd2bb6
Import changed files from LPlib. The changes are logged as follows
...
for LPdir_unix.c in LPlib. For the other files, only the last log
entry applies.
----------------------------
revision 1.11
date: 2004/09/23 22:07:22; author: _cvs_levitte; state: Exp; lines: +20 -6
Define my own macro LP_ENTRY_SIZE to express the size of my own
buffering of directory entries, and make it depend on whichever comes
first of PATH_MAX and NAME_MAX. As a fallback, make sure it's set to
255 if neither PATH_MAX or NAME_MAX were defined. Also, if the size
given from PATH_MAX or NAME_MAX is less than 255, force LP_ENTRY_SIZE
to be 255.
It makes no harm whatsoever if LP_ENTRY_SIZE is larger than the
maximum local path name limit. It does make a lot of harm if
LP_ENTRY_SIZE is smaller. 255 seemed like a fairly acceptable default
when nothing else is available.
----------------------------
revision 1.10
date: 2004/08/26 13:36:05; author: _cvs_levitte; state: Exp; lines: +13 -13
License correction. I am not REGENTS, just a COPYRIGHT HOLDER.
----------------------------
2004-09-23 22:11:39 +00:00
Geoff Thorpe
280eb33b59
Remove distracting comments and code. Thanks to Nils for picking up on the
...
outstanding ticket.
PR: 926
2004-09-19 04:55:15 +00:00
Geoff Thorpe
f79110c633
Two TODO comments taken care of. Nils pointed out that one of them had already
...
been done, and took care of the other one (which hadn't).
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-09-19 04:43:46 +00:00
Geoff Thorpe
6ef2ff62fc
Make -Werror happy again.
2004-09-18 01:32:32 +00:00
Dr. Stephen Henson
980aea7860
Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap().
2004-09-15 23:47:25 +00:00
Dr. Stephen Henson
bd9327baa9
Change values of MBSTRING_* to the form MBSTRING_FLAG|nbyte as assumed
...
in ASN1_STRING_to_UTF8().
2004-09-13 22:33:56 +00:00
Richard Levitte
6f9bafafa3
- There's no more need for the snprintf macro.
...
- Move the inclusion of malloc.h until after all other includes, so we
can do proper tests of system macros.
- Make sure the correct header file is included to get the builtin
"alloca" under VMS, and define a macro to map the symbol 'alloca' to
it.
2004-09-13 09:15:06 +00:00
Richard Levitte
422a4a33a5
Synchronise with Unix build.
2004-09-12 13:02:04 +00:00
Dr. Stephen Henson
58606421ae
When looking for request extensions in a certificate look first
...
for the PKCS#9 OID then the non standard MS OID.
2004-09-10 20:20:54 +00:00
Richard Levitte
d813ff2ac1
make update
2004-09-10 10:30:33 +00:00
Andy Polyakov
36734b2bab
Make VIA Padlock engine more platform friendly and eliminate compiler
...
warning.
Submitted by: Doug Kaufman <dkaufman@rahul.net>
2004-09-09 14:54:12 +00:00
Andy Polyakov
c85c5c408a
x86 assembler updates: more instructions, new OPENSSL_instrument_halt
...
[for DJGPP]...
2004-09-09 14:50:32 +00:00
Richard Levitte
2c1677d703
Synchronise VMS build files with Unixly Makefiles.
2004-09-08 08:13:34 +00:00
Richard Levitte
72348cbb8d
Another symbol longer than 31 characters...
2004-09-08 08:13:03 +00:00
Dr. Stephen Henson
5d7c222db8
New X509_VERIFY_PARAM structure and associated functionality.
...
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
2004-09-06 18:43:01 +00:00
Dr. Stephen Henson
d993addbed
Stop compiler warnings.
2004-09-06 18:37:46 +00:00
Andy Polyakov
16760a3089
Proper support for OpenBSD-i386 shared build, including assember modules!
...
"Proper" means "compiles and passes test." Versioning is broken (I think).
2004-08-29 21:36:37 +00:00