Dr. Stephen Henson
fd13f0ee52
Make req seed the PRNG if signing with
...
an already existing DSA key.
Document the new smime options.
2000-07-12 23:55:30 +00:00
Richard Levitte
cb9c5dc571
Merge from main, all conflicts resolved.
...
(I do this far too seldom...)
2000-07-12 16:34:34 +00:00
Richard Levitte
a6f8bbcad9
Avoid the conflict between () and (void)
2000-07-12 15:14:12 +00:00
Richard Levitte
b364e5d27b
FAQ about ar "missing" on Solaris.
2000-07-11 21:44:53 +00:00
Bodo Möller
16ece03a2e
Add an early reference to BN_CTX_new so that the usage of BN_CTX_start
...
is easier to grasp.
2000-07-11 20:35:45 +00:00
Dr. Stephen Henson
094fe66d9f
Fix some typose in the i2d/d2i functions that
...
call the i2c/c2i (they were not using the
content length for the headers).
Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.
New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.
2000-07-10 18:33:05 +00:00
cvs2svn
9f10f9beeb
This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'.
2000-07-08 07:56:13 +00:00
Richard Levitte
27d7260075
Corrected small bug that could add ',L' when it shouldn't
2000-07-08 07:56:12 +00:00
Richard Levitte
a46229b43f
Add the possibility to use an engine as random byte generator.
2000-07-07 17:13:54 +00:00
Richard Levitte
c7a48d3d00
Cut'n'paste error corrected
2000-07-07 17:08:10 +00:00
Richard Levitte
9188480827
Handle the hwcrhk private key with a bit more consistency. Also, for the
...
random numbers generator, always return status 1 since the entropy is
already presumably there...
2000-07-07 17:04:44 +00:00
Richard Levitte
2b912846b9
Some error checking when loading keys
2000-07-07 17:02:21 +00:00
Richard Levitte
854067e8e4
API change.
2000-07-07 17:00:36 +00:00
Richard Levitte
eb2f937b93
Change the overall RAND routines to actually make use of engines.
...
This seems to work, but I'm a little unsure that I got it all right,
and would like this to be reviewed.
2000-07-07 16:57:16 +00:00
Dr. Stephen Henson
a338e21bd1
New ASN1 functions that just deal with
...
content octets, not tag+length.
2000-07-07 13:24:36 +00:00
Richard Levitte
64c4f5732d
Add the possibility to load prvate and public keys from an engine and
...
implement it for nCipher hardware. The interface in itself should be
clear enough, but the nCipher implementation is currently not the
best when it comes to getting a passphrase from the user. However,
getting it better is a little hard until a better user interaction
method is create.
Also, use the possibility in req, so we can start to create CSR's with
keys from the nForce box.
WARNING: I've made *no* tests yet, mostly because I didn't implement
this on the machine where I have an nForce box to play with. All I
know is that it compiles cleanly on Linux...
2000-07-06 18:40:10 +00:00
Richard Levitte
5789f8f780
More experiments show that you can set your data segment size soft
...
limit higher and thereby get through compilation of sha_dgst.c.
2000-07-05 17:46:58 +00:00
Richard Levitte
9b2961573a
Change the FAQ entry a bit, giving the details as I observed them.
2000-07-05 16:39:04 +00:00
Richard Levitte
f3052a9eee
Don't initialise the pointers to mutex functions directly in the structure.
...
This is correctly taken care of by hwcrhk_init(). While we're at it, give
this engine the official name of the library used (CHIL, for Cryptographic
Hardware Interface Library).
2000-07-05 16:00:18 +00:00
Richard Levitte
d5870bbe23
Document the change.
2000-07-05 02:52:47 +00:00
Richard Levitte
c2bbf9cf6c
I got sick and tired of having to keep track of NIDs when such a thing
...
could be done automagically, much like the numbering in libeay.num and
ssleay.num. The solution works as follows:
- New object identifiers are inserted in objects.txt, following the
syntax given in objects.README.
- objects.pl is used to process obj_mac.num and create a new
obj_mac.h.
- obj_dat.pl is used to create a new obj_dat.h, using the data in
obj_mac.h.
This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended. The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!). Additions are OK, as well as consistent name changes.
2000-07-05 02:45:36 +00:00
Richard Levitte
8f0d68fa27
Beautification
2000-07-05 02:23:55 +00:00
Richard Levitte
d54f8c8cf6
Add a blurb on how to solve the problem with failing compiltaion of sha_dgst.c on Alpha True64 Unix
2000-07-04 14:02:36 +00:00
Ulf Möller
e0b0dc11df
Add PRNGD link.
2000-07-03 17:26:51 +00:00
Dr. Stephen Henson
75c4f7e097
Update STATUS.
2000-07-02 21:11:11 +00:00
Bodo Möller
904cb691f3
Return bignum '0' when BN_rand is asked for a 0 bit random number.
2000-07-02 19:42:19 +00:00
Bodo Möller
3f2599d97d
Fix code structure (if ... else if ... where both parts
...
may be disabled by preprocessor symbols)
2000-07-02 19:40:44 +00:00
Bodo Möller
186a6f4876
Don't dereference NULL pointers.
...
Submitted by: bowe@chip.ma.certco.com
2000-07-02 18:16:38 +00:00
Ben Laurie
69b5d3c51f
Don't let top go below zero!
2000-07-01 16:30:27 +00:00
Ben Laurie
2bfb4dbce4
Use up-to-date functions.
2000-07-01 16:25:20 +00:00
Richard Levitte
e1e9ead6fb
Merge in the latest changes from the main trunk, and extra in apps/speed.c
2000-06-30 17:52:33 +00:00
Richard Levitte
4e74239cca
Give the user the option to measure real time instead of user CPU time.
2000-06-30 17:16:46 +00:00
Richard Levitte
5ac85984ec
Check for missing engine name, and also, do not count up the number of given algorithms when an engine is given
2000-06-30 15:58:37 +00:00
Richard Levitte
e11b297730
p_CSwift_AttachKeyParam actually returns more than one kind of error. Detect the input size error, treat any that are not specially checked as 'request failed', not as 'provide parameters', and for those, add the actual status code to the error message
2000-06-30 15:54:48 +00:00
Richard Levitte
48555cf0fc
Cryptoswitch actually has a few more statuses than SW_OK. Let's provide the possibility for a better granularity in error checking
2000-06-30 15:52:07 +00:00
Richard Levitte
ae02fc5348
Make it possible to turn off compilation of hardware support through
...
the configuration parameter 'no-hw'.
2000-06-30 11:02:02 +00:00
Richard Levitte
93e147dd32
`make update'
2000-06-29 21:26:46 +00:00
Richard Levitte
3257904c56
It makes much more sense and is much more consistent with the rest of
...
OpenSSL to have to opt out hardware support instead of having to opt
it in. And since the hardware support modules are self-contained and
actually check that the vendor stuff is loadable, it still works as
expected, or at least, so I think...
2000-06-29 21:20:14 +00:00
Richard Levitte
2a7619d762
Give the programmer of extra engines the possibility to actually make
...
it functional :-).
2000-06-29 16:33:59 +00:00
Richard Levitte
70d03c4f59
Make the use of logstream thread-safe.
2000-06-29 16:32:34 +00:00
Richard Levitte
5971d37400
Use the new control to add a log stream.
2000-06-29 16:17:28 +00:00
Richard Levitte
d813a428a7
When closing the hwcrhk engine, also remove the reference to the
...
logstream.
2000-06-29 16:16:50 +00:00
Richard Levitte
3b2972d8d9
Add the possibility to control some engine internals.
2000-06-29 14:26:07 +00:00
Richard Levitte
2165d91196
Rename 'hwcrhk' to 'ncipher' in all public symbols. Redo the logging function so it takes a BIO. Make module-local functions static
2000-06-29 13:00:07 +00:00
Richard Levitte
fc99c92835
The error ENGINE_R_HWCRYPTOHOOK_REPORTS should never have been used
2000-06-29 12:58:52 +00:00
Richard Levitte
f365611ca3
Undo the changes I just made. I'm not sure what I was thinking of.
...
The message to everyone is "Do not hack OpenSSL when stressed"...
2000-06-28 16:47:45 +00:00
Richard Levitte
523c83ec9a
Document my latest changes.
2000-06-28 16:24:29 +00:00
Richard Levitte
20d242b0de
Make it possible for users of the openssl applications to specify the
...
EGD should be used as seeding input, and where the named socket is.
2000-06-28 16:10:56 +00:00
Richard Levitte
dffd72f171
Make it possible for people to tell where the EGD socket is through
...
the RANDEGD environment variable.
2000-06-28 16:09:54 +00:00
Richard Levitte
3b3bc455d0
That's it, I've seen questions about this one time too many for
...
today. Time to add extra info so the poor users know where to
go with their troubles.
2000-06-28 14:32:12 +00:00