openssl

Author	SHA1	Message	Date
Geoff Thorpe	0f814687b9	Deprecate the recursive includes of bn.h from various API headers (asn1.h, dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are already declared in ossl_typ.h. Add explicit includes for bn.h in those C files that need access to structure internals or API functions+macros.	2004-05-17 19:14:22 +00:00
Geoff Thorpe	298a2f9e58	Because of recent reductions in header interdependencies, these files need to include crypto.h directly.	2004-05-17 19:01:15 +00:00
Geoff Thorpe	ac0d0a5ecd	I can't verify this directly, but recent changes will probably require that the cryptodev implementation include bn.h directly (when building with OPENSSL_NO_DEPRECATED that is).	2004-05-17 18:58:47 +00:00
Geoff Thorpe	508999fa7d	Deprecate some recursive includes from the store.h API header, and put back required includes back via the internal header and str_lib.c.	2004-05-17 18:49:06 +00:00
Geoff Thorpe	210a21bc8d	Reduce dependencies on crypto.h by moving the opaque definition of CRYPTO_EX_DATA and the new/free/dup callback prototypes to ossl_typ.h.	2004-05-17 18:39:00 +00:00
Geoff Thorpe	678c1e025b	Moving opaque definitions to ossl_typ.h lets us reduce header dependencies. Deprecate inclusion of crypto.h from ui.h.	2004-05-17 18:01:28 +00:00
Andy Polyakov	1ab61a9179	Make reservations for FIPS code in HEAD branch, so that the moment FIPS comes in we have required macros in place.	2004-05-17 15:49:13 +00:00
Andy Polyakov	1f4eccaaa5	Make reservations in FIPS code for upcoming size_t-fication of OpenSSL API. And couple of bug-fixes in fips/rand code [return without lock release and incorrect return value in fips_rand_bytes].	2004-05-17 15:37:26 +00:00
Geoff Thorpe	d6dda126b7	Make some more API types opaquely available from ossl_typ.h, meaning the corresponding headers are only required for API functions or structure details. This now includes the bignum types and BUF_MEM. Subsequent commits will remove various dependencies on bn.h and buffer.h and update the makefile dependencies.	2004-05-15 18:32:08 +00:00
Geoff Thorpe	7771b6c5b5	This file implements various functions that have since been redefined as macros. I'm removing this from the NO_DEPRECATED build.	2004-05-15 18:26:15 +00:00
Ben Laurie	9ac9a29407	Fix self-tests, ban some things in FIPS mode, fix copyrights.	2004-05-15 17:51:26 +00:00
Andy Polyakov	9e0aad9fd6	size_t-fication of message digest APIs. We should size_t-fy more APIs...	2004-05-15 11:29:55 +00:00
Richard Levitte	1c7a0e2856	Reimplement old functions, so older software that link to libcrypto don't crash and burn.	2004-05-14 17:56:30 +00:00
Richard Levitte	bac2e26a9e	Reimplement old functions, so older software that link to libcrypto don't crash and burn.	2004-05-14 17:55:59 +00:00
Richard Levitte	dbf2ac31c9	Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable.	2004-05-13 22:40:08 +00:00
Richard Levitte	abd23881c1	Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable.	2004-05-13 22:39:56 +00:00
Andy Polyakov	c842261b1b	SHA-224/-256/-384/-512 implementation. This is just sheer code commit. Makefile modifications, make test, etc. will appear later...	2004-05-13 13:48:33 +00:00
Ben Laurie	72d75ee206	Blow up in people's faces if they don't reseed.	2004-05-12 14:11:10 +00:00
Richard Levitte	49bc4c1023	make update	2004-05-12 10:17:15 +00:00
Richard Levitte	0e92f7738a	Forgot to update the Makefile with the o_str stuff...	2004-05-12 10:17:02 +00:00
Richard Levitte	d529f2a8f7	The functions OPENSSL_strcasen?cmp() were forgotten when merging the FIPS branch into this. It's needed at least for certain OpenVMS versions, and should really be used in a more general way.	2004-05-12 10:09:00 +00:00
Richard Levitte	90cce79346	Makefile.ssl changed name to Makefile.	2004-05-12 08:28:00 +00:00
Ben Laurie	3642f632d3	Pull FIPS back into stable.	2004-05-11 12:46:24 +00:00
Andy Polyakov	1e6bccc240	SSE2 SHA512_Transform implementation. No, it's not used anywhere yet and is subject to change as C implementation is added...	2004-05-06 10:41:07 +00:00
Andy Polyakov	d3adc3d3ed	SSE2 accelerated bn_mul_add_words. Code is currently disabled till proper config and run-time support is added. PR: 788 Submitted by: <dean@arctic.org> Reviewed by: <appro> Obtained from: http://arctic.org/~dean/crypto/rsa.html	2004-05-06 10:36:49 +00:00
Andy Polyakov	10e7d6d526	Support for IA-32 SSE2 instruction set.	2004-05-06 10:31:09 +00:00
Richard Levitte	430d7afd80	When the pointer 'from' changes, it's stored length needs to change as well. Notified by Frank Kardel <kardel@acm.org> in PR 879.	2004-05-06 09:33:22 +00:00
Richard Levitte	3b8ba6b610	When the pointer 'from' changes, it's stored length needs to change as well. Notified by Frank Kardel <kardel@acm.org> in PR 879.	2004-05-06 09:31:31 +00:00
Geoff Thorpe	ca982e4870	Fix realloc usage in ec_curve.c Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-05-04 20:08:55 +00:00
Geoff Thorpe	08e1cbc62c	The new BN_CTX code makes this sort of abuse unnecessary.	2004-04-28 18:34:39 +00:00
Andy Polyakov	dd55880644	Improved PowerPC support. Proper ./config support for ppc targets, especially for AIX. But most important BIGNUM assembler implementation submitted by IBM. Submitted by: Peter Waltenberg <pwalten@au1.ibm.com> Reviewed by: appro	2004-04-27 22:05:50 +00:00
Dr. Stephen Henson	bd1640bb01	Make ASN1 code work again...	2004-04-27 18:33:40 +00:00
Geoff Thorpe	081991ac01	With the new dynamic BN_CTX implementation, there should be no need for additional contexts.	2004-04-27 13:24:51 +00:00
Geoff Thorpe	8a85c341fe	The problem of rsa key-generation getting stuck in a loop for (pointlessly) small key sizes seems to result from the code continually regenerating the same prime value once the range is small enough. From my tests, this change fixes the problem by setting an escape velocity of 3 repeats for the second of the two primes. PR: 874	2004-04-26 15:38:44 +00:00
Geoff Thorpe	bcfea9fb25	Allow RSA key-generation to specify an arbitrary public exponent. Jelte proposed the change and submitted the patch, I jiggled it slightly and adjusted the other parts of openssl that were affected. PR: 867 Submitted by: Jelte Jansen Reviewed by: Geoff Thorpe	2004-04-26 15:31:35 +00:00
Dr. Stephen Henson	f3f52d7f45	More ASN1 reformat/tidy.	2004-04-25 12:46:39 +00:00
Dr. Stephen Henson	8845420f4e	Reformat/tidy some of the ASN1 code.	2004-04-24 17:02:48 +00:00
Dr. Stephen Henson	d735c64905	Fix leak. PR:870	2004-04-22 12:37:16 +00:00
Dr. Stephen Henson	6e308baf5a	Fix memory leak. PR:870	2004-04-22 12:33:03 +00:00
Geoff Thorpe	688791b22b	Extend the index parameter checking from sk_value to sk_set(). Also tidy up some similar code elsewhere. Thanks to Francesco Petruzzi for bringing this to my attention.	2004-04-21 15:09:25 +00:00
Geoff Thorpe	8c521c7a34	Extend the index parameter checking from sk_value to sk_set(). Also tidy up some similar code elsewhere. Thanks to Francesco Petruzzi for bringing this to my attention.	2004-04-21 15:08:56 +00:00
Richard Levitte	863d2b196f	Print the debug thingies on stderr instead of stdout. If for nothing else then at least so bc doesn't have problems parsing the output from bntest :-).	2004-04-20 10:57:07 +00:00
Geoff Thorpe	c57bc2dc51	make update	2004-04-19 18:33:41 +00:00
Geoff Thorpe	28ded31b97	More updates for the header cleanups (and apologies, again, for not having consolidated these prior to committing).	2004-04-19 18:30:41 +00:00
Geoff Thorpe	60a938c6bc	(oops) Apologies all, that last header-cleanup commit was from the wrong tree. This further reduces header interdependencies, and makes some associated cleanups.	2004-04-19 18:09:28 +00:00
Geoff Thorpe	3a87a9b9db	Reduce header interdependencies, initially in engine.h (the rest of the changes are the fallout). As this could break source code that doesn't directly include headers for interfaces it uses, changes to recursive includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to define this when building and using openssl, and then adapt code where necessary - this is how to stay current. However the mechanism exists for the lethargic.	2004-04-19 17:46:04 +00:00
cvs2svn	462a286eeb	This commit was manufactured by cvs2svn to create branch 'OpenSSL_0_9_7-stable'.	2004-04-13 17:47:38 +00:00
Richard Levitte	a110d01771	Typo. "pa-rics2W" corrected to "pa-risc2W". PR: 868	2004-04-02 12:39:54 +00:00
Geoff Thorpe	7ef7a1b3de	Avoid undefined results when the parameter is out of range.	2004-04-02 06:25:53 +00:00
Geoff Thorpe	2749276b95	Avoid undefined results when the parameter is out of range.	2004-04-02 06:25:11 +00:00
Dr. Stephen Henson	b6a5fdb8a7	Don't use C++ reserved word.	2004-04-01 22:23:46 +00:00
Dr. Stephen Henson	ecf139917d	New function X509_POLICY_NODE_print()	2004-03-31 12:17:24 +00:00
Richard Levitte	ab23d5ffda	Add symbol hacks for some long names. make update	2004-03-29 08:13:49 +00:00
Andy Polyakov	1a979201d5	This is essentially Intel 32-bit compiler tune-up. To start with all available compiler versions generated bogus machine code trying to compile new crypto/des/cfb_enc.c. Secondly, 8th version defines __GNUC__ macro, but fails to compile some inline assembler correctly. Note that all versions of icc implement MSC-like _lrot[rl] intrinsic, which is used now instead of offensive asm. Finally, unnecessary linker dependencies are eliminated. Most notably dependency from libirc.a caused trouble at application start-up, if libcrypto.so is linked with -Bsymbolic (which it is).	2004-03-28 21:27:47 +00:00
Dr. Stephen Henson	216659eb87	Enhance EVP code to generate random symmetric keys of the appropriate form, for example correct DES parity. Update S/MIME code and EVP_SealInit to use new functions. PR: 700	2004-03-28 17:38:00 +00:00
Dr. Stephen Henson	5d6383c83f	Make {i2v,v2i}_ASN1_BIT_STRING global. make update	2004-03-28 12:40:11 +00:00
Dr. Stephen Henson	f36f469430	Obsolete files.	2004-03-28 12:29:53 +00:00
Dr. Stephen Henson	e07d3a021d	Remove obsolete files.	2004-03-28 12:29:05 +00:00
Dr. Stephen Henson	e1a27eb34a	Allow CRLs to be passed into X509_STORE_CTX. This is useful when the verified structure can contain its own CRLs (such as PKCS#7 signedData). Tidy up some of the verify code.	2004-03-27 22:49:28 +00:00
Dr. Stephen Henson	6446e0c3c8	Extend OID config module format.	2004-03-27 13:30:14 +00:00
Dr. Stephen Henson	beedea2fef	Free up BIO properly when using streaming S/MIME sign.	2004-03-26 00:24:38 +00:00
Richard Levitte	0020502a07	SSL_COMP_get_compression_method is a typo (a missing 's' at the end of the symbol name).	2004-03-25 21:32:30 +00:00
Richard Levitte	b7e3c73d7c	Wrap code starting with a definition. PR: 854	2004-03-25 20:01:08 +00:00
Richard Levitte	fd9fa844e2	Wrap code starting with a definition. PR: 854	2004-03-25 20:01:01 +00:00
Richard Levitte	482c2acf02	Make prototypes for some callback pointers.	2004-03-25 16:21:42 +00:00
Richard Levitte	a481b4b52c	A couple more cases where RAND_add() gets an integer instead of a doule as last argument.	2004-03-25 16:04:02 +00:00
Richard Levitte	a87228031f	RAND_add() wants a double as it's last argument.	2004-03-25 15:52:43 +00:00
Dr. Stephen Henson	b79c82eaab	Fix loads of warnings in policy code. I'll remember to try to compile this with warnings enabled next time :-)	2004-03-25 13:45:58 +00:00
Dr. Stephen Henson	69d1d5e6ce	Fix ASN1 warnings.	2004-03-25 13:37:02 +00:00
Geoff Thorpe	c86f2054f3	Adjust various bignum functions to use BN_CTX for variables instead of locally initialising their own. NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of these functions, and that may be a major part of the performance improvements we're seeing. The "free" part can be removed because we're using BN_CTX. The "clear" part OTOH can be removed because BN_CTX destruction automatically performs this task, so performing it inside functions that may be called repeatedly is wasteful. This is currently safe within openssl due to the fact that BN_CTX objects are never created for longer than a single high-level operation. However, that is only because there's currently no mechanism in openssl for thread-local storage. Beyond that, this might be an issue for applications using the bignum API directly and caching their own BN_CTX objects. The solution is to introduce a flag to BN_CTX_start() that allows its variables to be automatically sanitised on release during BN_CTX_end(). This way any higher-level function (and perhaps the application) can specify this flag in its own BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions specifying the flag to be ignored so that sanitisation is handled only once back out at the higher level. I will be implementing this in the near future.	2004-03-25 04:32:24 +00:00
Geoff Thorpe	5c98b2caf5	Replace the BN_CTX implementation with my current work. I'm leaving the little TODO list in there as well as the debugging code (only enabled if BN_CTX_DEBUG is defined). I'd appreciate as much review and testing as can be spared for this. I'll commit some changes to other parts of the bignum code shortly to make better use of this implementation (no more fixed size limitations). Note also that under identical optimisations, I'm seeing a noticable speed increase over openssl-0.9.7 - so any feedback to confirm/deny this on other systems would also be most welcome.	2004-03-25 04:16:14 +00:00
Geoff Thorpe	5148710994	Adds warnings about two curves and fixes the "seed" value for two other curves. Submitted by: Nils Larsch	2004-03-25 03:03:52 +00:00
Geoff Thorpe	ea77fc3380	... and this should likewise fix up those RSA implementations that weren't already built and tested.	2004-03-25 02:55:17 +00:00
Geoff Thorpe	46ef873f0b	By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key operations no longer require two distinct BN_CTX structures. This may put more "strain" on the current BN_CTX implementation (which has a fixed limit to the number of variables it will hold), but so far this limit is not triggered by any of the tests pass and I will be changing BN_CTX in the near future to avoid this problem anyway. This also changes the default RSA implementation code to use the BN_CTX in favour of initialising some of its variables locally in each function.	2004-03-25 02:52:04 +00:00
Geoff Thorpe	2d2a5ba32a	Damn, I was a bit hasty with my fix and hadn't spotted the linker dependency from asn1.	2004-03-25 02:41:35 +00:00
Geoff Thorpe	2bd4e3379f	Remove some warnings.	2004-03-25 02:24:38 +00:00
Geoff Thorpe	032c3ecb18	Protect against gcc's "warning: cast does not match function type".	2004-03-25 02:19:42 +00:00
Dr. Stephen Henson	a0cac0ff75	Make S/MIME encrypt work again.	2004-03-25 00:57:23 +00:00
Richard Levitte	817089b66d	Don't define fd for platforms that do not use it, as some may not declare fileno() properly	2004-03-24 10:55:50 +00:00
Richard Levitte	e703b46598	Don't define fd for platforms that do not use it, as some may not declare fileno() properly	2004-03-24 10:55:48 +00:00
Richard Levitte	0fa793bc7b	Correct constness problems.	2004-03-24 10:50:42 +00:00
Richard Levitte	5c42f62e48	Only build the PKCS#7 test applications if "pkcs7" is present in SDIRS.	2004-03-24 10:48:50 +00:00
Richard Levitte	a08e05d1be	Add store.h among the exported headers on VMS.	2004-03-24 09:52:16 +00:00
Richard Levitte	a0b5ebeac6	Typo...	2004-03-24 09:40:59 +00:00
Richard Levitte	8ee18dd520	Make sure toupper() is properly declared.	2004-03-24 09:40:23 +00:00
Richard Levitte	e725a9660b	make update	2004-03-23 15:06:33 +00:00
Richard Levitte	d7eed1929b	Sync the VMS build with Unix.	2004-03-23 14:50:16 +00:00
Dr. Stephen Henson	4acc3e907d	Initial support for certificate policy checking and evaluation. This is currently very experimental and needs to be more fully integrated with the main verification code.	2004-03-23 14:14:35 +00:00
Richard Levitte	27bf518087	Remove a warning for conversion double->long. This has impacts on Windows. PR: 849	2004-03-21 22:39:59 +00:00
Richard Levitte	ec5d8a54e9	Remove a warning for conversion double->long. This has impacts on Windows. PR: 849	2004-03-21 22:39:52 +00:00
Richard Levitte	96a99d63c2	Make sure fd is defined where it should. PR: 849	2004-03-21 22:36:30 +00:00
Richard Levitte	18a6333180	Make sure fd is defined where it should. PR: 849	2004-03-21 22:36:27 +00:00
Geoff Thorpe	e042540f6b	Variety of belt-tightenings in the bignum code. (Please help test this!) - Remove some unnecessary "+1"-like fudges. Sizes should be handled exactly, as enlarging size parameters causes needless bloat and may just make bugs less likely rather than fixing them: bn_expand() macro, bn_expand_internal(), and BN_sqr(). - Deprecate bn_dup_expand() - it's new since 0.9.7, unused, and not that useful. - Remove unnecessary zeroing of unused bytes in bn_expand2(). - Rewrite BN_set_word() - it should be much simpler, the previous complexities probably date from old mismatched type issues. - Add missing bn_check_top() macros in bn_word.c - Improve some degenerate case handling in BN_[add\|sub]_word(), add comments, and avoid a bignum expansion if an overflow isn't possible.	2004-03-17 17:36:54 +00:00
Mark J. Cox	494593845c	After tagging	2004-03-17 12:03:38 +00:00
Mark J. Cox	82d63d3028	Fix null-pointer assignment in do_change_cipher_spec() revealed by using the Codenomicon TLS Test Tool (CAN-2004-0079) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites (CAN-2004-0112) Ready for 0.9.7d build Submitted by: Steven Henson Reviewed by: Joe Orton Approved by: Mark Cox	2004-03-17 12:01:19 +00:00
Richard Levitte	875a644a90	Constify d2i, s2i, c2i and r2i functions and other associated functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.	2004-03-15 23:15:26 +00:00
Richard Levitte	95475b1c7a	As in 0.9.8-dev, make sure we use unsigned constants, or some compilers may complain.	2004-03-15 23:06:59 +00:00
Richard Levitte	ec37635c94	It was just pointed out to me that it's better to cast to double...	2004-03-15 23:02:55 +00:00
Richard Levitte	fd836aeee0	Make sure that the last argument to RAND_add() is a float, or some compilers may complain.	2004-03-15 22:37:08 +00:00
Richard Levitte	560f7abb7e	Make sure we use unsigned constants, or come compilers may complain.	2004-03-15 22:33:19 +00:00
Geoff Thorpe	b6358c89a1	Convert openssl code not to assume the deprecated form of BN_zero(). Remove certain redundant BN_zero() initialisations, because BN_CTX_get(), BN_init(), [etc] already initialise to zero. Correct error checking in bn_sqr.c, and be less wishy-wash about how/why the result's 'top' value is set (note also, 'max' is always > 0 at this point).	2004-03-13 23:57:20 +00:00
Geoff Thorpe	5d735465d1	The efforts to eliminate the dual-representation of zero and to ensure bignums are passed in and out of functions and APIs in a consistent form has highlighted that zero-valued bignums don't need any allocated word data. The use of BN_set_word() to initialise a bignum to zero causes needless allocation and gives it a return value that must be checked. This change converts BN_zero() to a self-contained macro that has no return/expression value and does not cause any expansion of bignum data. Note, it would be tempting to rewrite the deprecated version as a success-valued comma expression, such as; #define BN_zero(a) ((a)->top = (a)->neg = 0, 1) However, this evaluates 'a' twice and would confuse initialisation loops (eg. while(..) { BN_zero(bn++) } ). As such, the deprecated version continues to use BN_set_word().	2004-03-13 23:04:15 +00:00
Geoff Thorpe	9e051bac13	Document a change I'd already made, and at the same time, correct the change to work properly; BN_zero() should set 'neg' to zero as well as 'top' to match the behaviour of BN_new().	2004-03-13 22:10:15 +00:00
Geoff Thorpe	93825dddad	static	2004-03-10 01:20:26 +00:00
Geoff Thorpe	a8aa764d3c	Minimise the amount of code dependent on BN_DEBUG_RAND. In particular, redefine bn_clear_top2max() to be a NOP in the non-debugging case, and remove some unnecessary usages in bn_nist.c. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe, Ulf Möller	2004-03-09 03:53:40 +00:00
Geoff Thorpe	e7716b7a19	More changes coming out of the bignum auditing. BN_CTX_get() should ideally return a "zero" bignum as BN_new() does - so reset 'top'. During BN_CTX_end(), released bignums should be consistent so enforce this in debug builds. Also, reduce the number of wasted BN_clear_free() calls from BN_CTX_end() (typically by 75% or so). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe, Ulf Möller	2004-03-09 03:47:35 +00:00
Dr. Stephen Henson	a4e3150f00	Fix policy constraints syntax.	2004-03-08 18:15:32 +00:00
Dr. Stephen Henson	edec614efd	Support for inhibitAnyPolicy extension.	2004-03-08 13:56:31 +00:00
Dr. Stephen Henson	5fa5eb71a4	Cleanup ASN1 OID module when it exits.	2004-03-05 23:47:56 +00:00
Dr. Stephen Henson	931a031916	Cleanup ASN1 OID module when it exits.	2004-03-05 23:47:39 +00:00
Dr. Stephen Henson	216ad9ef58	Memory leak fix.	2004-03-05 23:39:42 +00:00
Dr. Stephen Henson	ef3565aed2	Memory leak fix.	2004-03-05 23:39:12 +00:00
Dr. Stephen Henson	bc50157010	Various X509 fixes. Disable broken certificate workarounds when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions.	2004-03-05 17:16:35 +00:00
Dr. Stephen Henson	01fc051e8a	Various X509 fixes. Disable broken certificate workarounds when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions.	2004-03-05 17:16:06 +00:00
Dr. Stephen Henson	91180d45f9	Typos. Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>	2004-03-04 21:44:39 +00:00
Dr. Stephen Henson	0902c559fb	Typos. Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>	2004-03-04 21:41:59 +00:00
Richard Levitte	4d6b383680	Avoid a memory leak in OCSP_parse_url(). Notified by Paul Siegel <psiegel@corestreet.com>	2004-03-01 14:58:25 +00:00
Richard Levitte	4cfa4ae820	Avoid a memory leak in OCSP_parse_url(). Notified by Paul Siegel <psiegel@corestreet.com>	2004-03-01 14:58:22 +00:00
Richard Levitte	ee121033dc	Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also. PR: 833	2004-02-26 22:07:47 +00:00
Richard Levitte	f727266ae8	Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also. PR: 833	2004-02-26 22:07:45 +00:00
Geoff Thorpe	c6700d2746	A cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-02-22 19:32:53 +00:00
Geoff Thorpe	1b06804491	When adding positive elements, we can use BN_uadd() instead of BN_add(). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2004-02-22 19:30:41 +00:00
Dr. Stephen Henson	33ad6eca7a	Use an OCTET STRING for the encoding of an OCSP nonce value. The old raw format can't be handled by some implementations and updates to RFC2560 will make the OCTET STRING mandatory.	2004-02-19 18:17:35 +00:00
Dr. Stephen Henson	dc90f64d56	Use an OCTET STRING for the encoding of an OCSP nonce value. The old raw format can't be handled by some implementations and updates to RFC2560 will make this mandatory.	2004-02-19 18:16:38 +00:00
Geoff Thorpe	6c43032121	minor signed/unsigned warning fixes	2004-02-10 18:46:10 +00:00
Andy Polyakov	1751034669	Typo in crypto/bn/asm/x86_64.c, bn_div_words(). PR: 821	2004-02-07 09:51:28 +00:00
Andy Polyakov	ad55502092	Typo in crypto/bn/asm/x86_64.c, bn_div_words(). PR: 821	2004-02-07 09:46:47 +00:00
Dr. Stephen Henson	d4575825f1	Add flag to avoid continuous memory allocate when calling EVP_MD_CTX_copy_ex(). Without this HMAC is several times slower than < 0.9.7.	2004-02-01 13:39:51 +00:00
Dr. Stephen Henson	31edde3edc	Add flag to avoid continuous memory allocate when calling EVP_MD_CTX_copy_ex(). Without this HMAC is several times slower than < 0.9.7.	2004-02-01 13:37:56 +00:00
Andy Polyakov	d04b1b4656	Typo in PA-RISC 2 rules in crypto/bn/Makefile.ssl	2004-01-30 05:41:23 +00:00
Andy Polyakov	1247092776	HP/UX PA-RISC 2 targets update.	2004-01-29 22:16:08 +00:00
Richard Levitte	381a693c39	make update	2004-01-29 10:23:54 +00:00
Richard Levitte	86cb571e28	Have the declarations match the definitions.	2004-01-29 09:41:01 +00:00
Richard Levitte	319a2c5f65	Typo	2004-01-29 02:55:47 +00:00
Richard Levitte	61a88c31c0	Typo	2004-01-29 02:55:43 +00:00
Richard Levitte	9d0e895120	Make n unsigned, to avoid signed vs. unsigned conflicts.	2004-01-29 00:05:54 +00:00
Richard Levitte	5922128732	0.9.7-stable is in freeze. That means we do bug fixes only, not new functionality. Therefore, I'm backing out most of the "CFB DES sync-up with FIPS branch" commit (I'm keeping the corrections of DES_cfb_encrypt()).	2004-01-28 23:31:20 +00:00
Richard Levitte	e5886a2388	make update	2004-01-28 19:07:41 +00:00
Richard Levitte	8d1ebe0bd1	Add the missing parts for DES CFB1 and CFB8. Add the corresponding AES parts while I'm at it. make update	2004-01-28 19:05:35 +00:00
Richard Levitte	1fb724449d	make update	2004-01-28 18:38:33 +00:00
Richard Levitte	cb37947a71	Unsigned vs. signed problem removed	2004-01-28 08:48:15 +00:00
Richard Levitte	721a5e83f9	Unsigned vs. signed problem removed	2004-01-28 08:48:11 +00:00
Andy Polyakov	6df617a59d	#undef _POSIX_C_SOURCE in ui_openssl.c ruined IRIX builds. Comment on why _POSIX_C_SOURCE needed in first place.	2004-01-27 22:06:48 +00:00
Andy Polyakov	8c6336b0aa	CFB DES sync-up with FIPS branch.	2004-01-27 21:47:35 +00:00
Andy Polyakov	4668056fc9	CFB DES sync-up with FIPS branch.	2004-01-27 21:46:19 +00:00
Richard Levitte	87203dc99a	Avoid signed vs. unsigned warnings (which are treated like errors on Windows).	2004-01-27 01:16:38 +00:00
Richard Levitte	de23af982a	Avoid signed vs. unsigned warnings (which are treated like errors on Windows).	2004-01-27 01:16:09 +00:00
Richard Levitte	3a5a176ea0	S_IFBLK and S_IFCHR may not exist in some places (like Windows), so let's check for those macros, and if they aren't defined, let's assume there aren't Unixly devices on this platform.	2004-01-26 23:46:03 +00:00
Richard Levitte	4de65cbc06	S_IFBLK and S_IFCHR may not exist in some places (like Windows), so let's check for those macros, and if they aren't defined, let's assume there aren't Unixly devices on this platform.	2004-01-26 23:45:32 +00:00
Andy Polyakov	27b2b78f90	Even though C specification explicitly says that constant type "stretches" automatically to accomodate the value, some compilers fail to do so. Most notably 0x0123456789ABCDEF should come out as long long in 32-bit context, but HP compiler truncates it to 32-bit value. Which in turn breaks GF(2^m) arithmetics in hpux-parisc2-cc build. Therefore this fix...	2004-01-25 10:53:43 +00:00
Andy Polyakov	7f24b1c3e9	Get rid of bogus warning when compiling with Sun vendor compiler.	2004-01-24 16:31:21 +00:00
Richard Levitte	a5e8bcfb7b	We're passed p, so let's use p instead of making assumptions.	2004-01-24 01:16:02 +00:00
Richard Levitte	a1d37a96df	Typo...	2004-01-22 22:36:48 +00:00
Richard Levitte	9d5c3c1939	Typo...	2004-01-22 22:36:46 +00:00
Andy Polyakov	d435752b0a	Proper support for HP-UX64 gcc build. PR: 772	2004-01-21 09:58:18 +00:00
Andy Polyakov	c8b14ca177	SHA-1 assembler tune-up for Intel P4	2004-01-21 08:19:36 +00:00
Andy Polyakov	30cb9ec715	SHA-1 assembler tune-up for Intel P4	2004-01-21 08:17:08 +00:00
Richard Levitte	af6dab9b00	Adding a slash between the directoryt and the file is a problem with VMS. The C RTL can handle it well if the "directory" is a logical name with no colon, therefore ending being 'logname/file'. However, if the given logical names actually has a colon, or if you use a full VMS-syntax directory, you end up with 'logname:/file' or 'dev:[dir1.dir2]/file', and that isn't handled in any good way. So, on VMS, we need to check if the directory string ends with a separator (one of ':', ']' or '>' (< and > can be used instead [ and ])), and handle that by not inserting anything between the directory spec and the file name. In all other cases, it's assumed the directory spec is a logical name, so we need to place a colon between it and the file. Notified by Kevin Greaney <kevin.greaney@hp.com>.	2004-01-10 18:04:38 +00:00
Richard Levitte	8ba5c63de9	Adding a slash between the directoryt and the file is a problem with VMS. The C RTL can handle it well if the "directory" is a logical name with no colon, therefore ending being 'logname/file'. However, if the given logical names actually has a colon, or if you use a full VMS-syntax directory, you end up with 'logname:/file' or 'dev:[dir1.dir2]/file', and that isn't handled in any good way. So, on VMS, we need to check if the directory string ends with a separator (one of ':', ']' or '>' (< and > can be used instead [ and ])), and handle that by not inserting anything between the directory spec and the file name. In all other cases, it's assumed the directory spec is a logical name, so we need to place a colon between it and the file. Notified by Kevin Greaney <kevin.greaney@hp.com>.	2004-01-10 18:04:36 +00:00
cvs2svn	7f36acd8fe	This commit was manufactured by cvs2svn to create branch 'OpenSSL_0_9_7-stable'.	2004-01-04 18:59:15 +00:00
Lutz Jänicke	09d7c42a7c	Update URI Submitted by: Gertjan van Oosten <gertjan@West.NL> PR: #804	2004-01-04 18:06:51 +00:00
Lutz Jänicke	c0017a5a65	Update URI Submitted by: Gertjan van Oosten <gertjan@West.NL> PR: #804	2004-01-04 18:05:50 +00:00
Richard Levitte	075521725d	Fix Perl problems on sparc64. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 16:13:18 +00:00
Richard Levitte	faa9c5cbdc	Fix Perl problems on sparc64. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 16:13:16 +00:00
Richard Levitte	f28e8bd300	Only use environment variables if uid and gid are the same as euid and egid. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 16:07:20 +00:00
Richard Levitte	3e786f4b0d	Only use environment variables if uid and gid are the same as euid and egid. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 16:07:18 +00:00
Richard Levitte	de02ec2767	Check if a random "file" is really a device file, and treat it specially if it is. Add a few OpenBSD-specific cases. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 16:02:22 +00:00
Richard Levitte	4b66e713de	Check if a random "file" is really a device file, and treat it specially if it is. Add a few OpenBSD-specific cases. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 16:01:52 +00:00
Richard Levitte	90dd4d34bb	Correct documentation typos. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 15:05:26 +00:00
Richard Levitte	112341031b	Correct documentation typos. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 15:04:54 +00:00
Richard Levitte	7cf803230b	OpenBSD-internal changes. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 15:02:56 +00:00
Richard Levitte	2d6452cdf9	OpenBSD-internal changes. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 15:02:54 +00:00
Richard Levitte	cc056d6395	Use sh explicitely to run point.sh This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 15:00:24 +00:00
Richard Levitte	79b42e7654	Use sh explicitely to run point.sh This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 14:59:07 +00:00
Richard Levitte	f0c5db92f7	Include strings.h so strcasecmp() and strncasecmp() get properly declared.	2003-12-27 14:54:48 +00:00
Richard Levitte	394178c94c	Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 14:40:57 +00:00
Richard Levitte	d420ac2c7d	Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 14:40:17 +00:00
Richard Levitte	ec2a595627	Change 'exp' to something else, as 'exp' is predefined by GNU C. This was already done in HEAD, but not in this branch (I wonder why...).	2003-12-27 14:24:20 +00:00
Richard Levitte	ffe966b0fa	To figure out if we're going outside the buffer, use the size of the buffer, not the size of the integer used to index in said buffer. PR: 794 Notified by: Rhett Garber <rhett_garber@hp.com>	2003-12-11 18:01:06 +00:00
Richard Levitte	a2b0de98af	To figure out if we're going outside the buffer, use the size of the buffer, not the size of the integer used to index in said buffer. PR: 794 Notified by: Rhett Garber <rhett_garber@hp.com>	2003-12-11 18:01:03 +00:00
Ulf Möller	380e145daf	Add "dif" variable to clean up the loop implementations. Submitted by: Nils Larsch	2003-12-06 11:55:46 +00:00
Ulf Möller	a9f2330f43	Skip a curve with generator of non-prime order. Submitted by: Nils Larsch	2003-12-06 11:41:22 +00:00
Ulf Möller	ce38bb1a8c	Avoid segfault if ret==0. Submitted by: Nils Larsch	2003-12-06 11:39:37 +00:00
Lutz Jänicke	919f8bcd21	Restructure make targets to allow parallel make. Submitted by: Witold Filipczyk <witekfl@poczta.gazeta.pl> PR: #513	2003-12-03 16:29:41 +00:00
Lutz Jänicke	325829a9bc	Restructure make targets to allow parallel make. Submitted by: Witold Filipczyk <witekfl@poczta.gazeta.pl> PR: #513	2003-12-03 16:29:16 +00:00
Geoff Thorpe	2bfd2c74d2	Incremental cleanups to bn_lib.c. - Add missing bn_check_top() calls and relocate some others - Use BN_is_zero() where appropriate - Remove assert()s that bn_check_top() is already covering - Simplify the code in places (esp. bn_expand2()) - Only keep ambiguous zero handling if BN_STRICT isn't defined - Remove some white-space and make some other aesthetic tweaks	2003-12-02 20:01:30 +00:00
Geoff Thorpe	82b2f57e30	Use the BN_is_odd() macro in place of code that (inconsistently) does much the same thing. Also, I have some stuff on the back-burner related to some BN_CTX notes from Peter Gutmann about his cryptlib hacks to the bignum code. The BN_CTX comments are there to remind me of some relevant points in the code.	2003-12-02 03:28:24 +00:00
Geoff Thorpe	2ae1ea3788	BN_FLG_FREE is of extremely dubious usefulness, and is only referred to once in the source (where it is set for the benefit of no other code whatsoever). I've deprecated the declaration in the header and likewise made the use of the flag conditional in bn_lib.c. Note, this change also NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated.	2003-12-02 03:16:56 +00:00
Geoff Thorpe	34066d741a	Declare the static BIGNUM "BN_value_one()" more carefully.	2003-12-01 23:13:17 +00:00
Geoff Thorpe	b74cc0776b	Add missing bn_check_top()s to bn_kron.c, remove some miscellaneous white-space, and include extra headers to satisfy debugging builds.	2003-12-01 23:11:45 +00:00
Geoff Thorpe	e7e5fe4705	Add missing bn_check_top()s to bn_gf2m.c and remove some miscellaneous white-space.	2003-12-01 23:10:21 +00:00
Geoff Thorpe	998ae048e7	The bn_set_max() macro is only "used" by the bn_set_[low\|high]() macros which, in turn, are used nowhere at all. This is a good thing because bn_set_max() would currently generate code that wouldn't compile (BIGNUM has no 'max' element). The only apparent use for bn_set_[low\|high] would be for implementing windowing algorithms, and all of openssl's seem to use bn_***_words() helpers instead (including the BN_div() that Nils fixed recently, which had been using independently-coded versions of what these unused macros are intended for). I'm therefore consigning these macros to cvs oblivion in the name of readability.	2003-12-01 22:11:08 +00:00
Geoff Thorpe	e65c2b9872	bn_fix_top() exists for compatibility's sake and is mapped to bn_correct_top() or bn_check_top() depending on debug settings. For internal source, all bn_fix_top()s should be converted one way or the other depending on whether the use of bn_correct_top() is justified. For BN_div_recp(), these cases should not require correction if the other bignum functions are doing their jobs properly, so convert to bn_check_top().	2003-12-01 21:59:40 +00:00
Richard Levitte	b0ea8b160c	It was pointed out to me that if the requested size is 0, we shouldn't ty to allocate anything at all. This will allow eNULL to still work. PR: 751 Notified by: Lutz Jaenicke	2003-12-01 13:25:39 +00:00
Richard Levitte	2fe9ab8e20	It was pointed out to me that if the requested size is 0, we shouldn't ty to allocate anything at all. This will allow eNULL to still work. PR: 751 Notified by: Lutz Jaenicke	2003-12-01 13:25:37 +00:00
Richard Levitte	bb569f97b9	Check that OPENSSL_malloc() really returned some memory. PR: 751 Notified by: meder@mcs.anl.gov Reviewed by: Lutz Jaenicke, Richard Levitte	2003-12-01 12:11:57 +00:00
Richard Levitte	1145e03870	Check that OPENSSL_malloc() really returned some memory. PR: 751 Notified by: meder@mcs.anl.gov Reviewed by: Lutz Jaenicke, Richard Levitte	2003-12-01 12:11:55 +00:00
Richard Levitte	31670c94bc	CRYPTO_malloc(), CRYPTO_realloc() and variants of them should return NULL if the give size is 0. This is a thought that came up in PR 751.	2003-12-01 12:06:19 +00:00
Richard Levitte	6781efb92f	CRYPTO_malloc(), CRYPTO_realloc() and variants of them should return NULL if the give size is 0. This is a thought that came up in PR 751.	2003-12-01 12:06:15 +00:00
Lutz Jänicke	0bf1c1d80d	Some more ASFLAGS settings required PR: #735 Submitted by: Tim Rice <tim@multitalents.net>	2003-12-01 08:12:47 +00:00
Lutz Jänicke	67e5d33dd7	Some more ASFLAGS settings required PR: #735 Submitted by: Tim Rice <tim@multitalents.net>	2003-12-01 08:12:01 +00:00
Geoff Thorpe	6ed474ca66	Add more debugging to my Configure target, and "make update" to incorporate this and a few other changes.	2003-11-30 23:29:27 +00:00
Geoff Thorpe	46cb8d3689	If BN_STRICT is defined, don't accept an ambiguous representation of zero (ie. where top may be zero, or it may be one if the corresponding word is set to zero). Note, this only affects the macros in bn.h, there are probably similar corrections required in some c files. Also, clarify the audit-related macros at the top of the header. Mental note: I must not forget to clean all this out before 0.9.8 is released ...	2003-11-30 22:23:12 +00:00
Geoff Thorpe	23fc5ac646	Improve a couple of the bignum macros. Note, this doesn't eliminate tolerance of ambiguous zero-representation, it just improves BN_abs_is_word() and simplifies other macros that depend on it.	2003-11-30 22:02:10 +00:00
Geoff Thorpe	5734bebe05	Make BN_DEBUG_RAND less painfully slow by only consuming one byte of pseudo-random data for each bn_pollute().	2003-11-30 21:21:30 +00:00
Geoff Thorpe	657a919598	This improves the placement of check_top() macros in a couple of bn_lib functions.	2003-11-29 20:34:07 +00:00
Richard Levitte	b64614adfe	We're getting a clash with C++ because it has a type called 'list'. Therefore, change all instances of the symbol 'list' to something else. PR: 758 Submitted by: Frédéric Giudicelli <groups@newpki.org>	2003-11-29 10:25:42 +00:00
Richard Levitte	3822740ce3	We're getting a clash with C++ because it has a type called 'list'. Therefore, change all instances of the symbol 'list' to something else. PR: 758 Submitted by: Frédéric Giudicelli <groups@newpki.org>	2003-11-29 10:25:37 +00:00
Richard Levitte	0d78bc3356	Add IPSec/IKE/Oakley curves. PR: 768 Submitted by: Vadim Fedukovich <vf@unity.net>	2003-11-29 09:25:59 +00:00
Richard Levitte	d87b79bf31	Damnit, I'm sick of having to do something special every time a module that gets built before objects barfs all over the place because it uses a new NID that hasn't had a chance of getting defined yet (in this case, it was about a couple of new EC curves, and therefore a couple of new corresponding NIDs). I'm placing objects first in SDIRS! There.	2003-11-29 09:19:12 +00:00
Richard Levitte	753cbc2857	1024 is the export key bits limit according to current regulations, not 512. PR: 771 Submitted by: c zhang <czhang2005@hotmail.com>	2003-11-28 22:39:23 +00:00
Richard Levitte	b727907ae8	1024 is the export key bits limit according to current regulations, not 512. PR: 771 Submitted by: c zhang <czhang2005@hotmail.com>	2003-11-28 22:39:19 +00:00
Geoff Thorpe	444c3a8492	Get rid of some signed/unsigned comparison warnings.	2003-11-28 16:39:16 +00:00
Richard Levitte	4d8743f490	Netware-specific changes, PR: 780 Submitted by: Verdon Walker <VWalker@novell.com> Reviewed by: Richard Levitte	2003-11-28 13:10:58 +00:00
Richard Levitte	04dc4edb44	If dynamically-loadable ENGINEs are linked against a shared-library version of libcrypto, then it is possible that when they are loaded they will share the same static data as the loading application/library. This means it will be too late to set memory/ERR/ex_data/[etc] callbacks, but entirely unnecessary to try. This change (and a great part of this comment) was implemented in 0.9.8-dev a long time ago, but slightly differently. In 0.9.8-dev, a specific function that just returns a pointer to some static object is used. For 0.9.7x, we couldn't do that, since the way we handle feature freezes is, among other, to not add any more non-static functions. Instead, we use the function ERR_get_implementation() and compare the returned value with fns->err_fns, a member of fns that already is there, and which therefore can safely be used in this manner. What happens is that if the loaded ENGINE's return value from this function matches the loading application/library's return value - they share static data. If they don't match, the loaded ENGINE has its own copy of libcrypto's static data and so the callbacks need to be set.	2003-11-27 16:41:26 +00:00
Geoff Thorpe	81ba5f6713	Due to recent debugging bursts, openssl should be more or less solid against inconsistent BIGNUMs coming out of any of its API functions. So this change no longer "fixes" the bn_print.c functions, but it makes for cleaner code. This patch was a part of ticket 697. PR: 697 Submitted by: Otto Moerbeek Reviewed by: Geoff Thorpe	2003-11-25 21:07:59 +00:00
Geoff Thorpe	6defae04f3	Fix some handling in bn_word. This also resolves the issues observed in ticket 697 (though uses a different solution than the proposed one). This problem was initially raised by Otto Moerbeek. PR: 697 Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2003-11-25 20:39:19 +00:00
Geoff Thorpe	e1064adfd3	Some changes for bn_gf2m.c: better error checking plus some minor optimizations. Submitted by: Nils Larsch	2003-11-25 03:41:20 +00:00
Lutz Jänicke	d7559f16cd	Free "engine" resource in case of failure to prevent memory leak PR: #778 Submitted by: George Mitchell <george@m5p.com>	2003-11-24 16:48:52 +00:00
Lutz Jänicke	d161f5a9b2	Free "engine" resource in case of failure to prevent memory leak PR: #778 Submitted by: George Mitchell <george@m5p.com>	2003-11-24 16:47:44 +00:00
Geoff Thorpe	9e989810ba	BN_div() cleanup: replace the use of BN_sub and BN_add with bn_sub_words and bn_add_words to avoid using fake bignums to window other bignums that can lead to corruption. This change allows all bignum tests to pass with BN_DEBUG and BN_DEBUG_RAND debugging and valgrind. NB: This should be tested on a few different architectures and configuration targets, as the bignum code this deals with is quite preprocessor (and assembly) sensitive. Submitted by: Nils Narsch Reviewed by: Geoff Thorpe, Ulf Moeller	2003-11-22 20:23:41 +00:00
Ulf Möller	28474e26f4	bn_sub_part_words() is unused in 0.9.7. Spotted by Markus Friedl.	2003-11-22 10:42:33 +00:00
Geoff Thorpe	ec2179cf81	Fix a small bug in str_copy: if more than one variable is replaced, make sure the current length is used to calculate the new buffer length instead of using the old length (prior to any variable substitution). Submitted by: Nils Larsch	2003-11-21 21:42:35 +00:00
Dr. Stephen Henson	a8287a90ea	Give CRLDP its standard name. Max req -x509 use V1 if extensions section absent.	2003-11-20 22:45:06 +00:00
Dr. Stephen Henson	85421c7148	Give CRLDP its standard name. Max req -x509 use V1 if extensions section absent.	2003-11-20 22:43:28 +00:00
Geoff Thorpe	77cc150b61	Remove duplicate prototypes have already been (correctly) added to rsa.h, as this is already included by x509.h anyway.	2003-11-19 05:18:54 +00:00
Ulf Möller	31182ad39b	re-enable the test, keeping the original method for RAND_pseudo_bytes which is used by BN_DEBUG_RAND Submitted by: Nils Larsch	2003-11-16 19:33:31 +00:00
Lutz Jänicke	fda5e38551	Provide ASFLAGS in the subdirectories handling assembler code. Submitted by: Tim Rice <tim@multitalents.net> PR: #735, #765	2003-11-16 14:38:34 +00:00
Lutz Jänicke	a601df36f3	Provide ASFLAGS in the subdirectories handling assembler code. Submitted by: Tim Rice <tim@multitalents.net> PR: #735, #765	2003-11-16 14:37:48 +00:00
Ulf Möller	ac9c6e10a4	The x9.62 tests replace the PRNG with specific numbers, so don't run them if BN_DEBUG_RAND is defined. Also, fix another small bug. Submitted by: Nils Larsch	2003-11-16 12:24:45 +00:00
Ulf Möller	1a01733047	BN_set_bit() etc should use "unsigned int". Keep it as is to avoid an API change, but check for negativ values. Submitted by: Nils Larsch	2003-11-15 08:37:50 +00:00
Geoff Thorpe	9dde17e8b4	This rewrites two "for" loops in BN_rshift() - equality with zero is generally a more efficient comparison than comparing two integers, and the first of these two loops was off-by-one (copying one too many values). This change also removes a superfluous assignment that would set an unused word to zero (and potentially allow an overrun in some cases). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2003-11-13 15:03:14 +00:00
Geoff Thorpe	37af03d311	General improvements to the ec_asn1.c code. This squashes at least one bug (where it was impossible to create an EC certificate with a compressed public key), and has some style improvements based on some comments from Steve Henson about use of the ASN1 macros. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2003-11-10 18:09:18 +00:00
Geoff Thorpe	f7a397cc8d	Avoid possible memory leaks in error-handling. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2003-11-10 18:05:22 +00:00
Dr. Stephen Henson	cd2e8a6f2d	Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().	2003-11-10 01:37:23 +00:00
Dr. Stephen Henson	2d4b834926	Oops!	2003-11-10 01:29:27 +00:00
Dr. Stephen Henson	c22e6753ef	Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().	2003-11-10 01:25:11 +00:00
Geoff Thorpe	f75abcefed	This extends the debugging macros to use "pollution" during bn_correct_top(), previously only bn_check_top() did this.	2003-11-06 23:24:44 +00:00
Geoff Thorpe	18f62d4b82	Add debug-screening of input parameters to some functions I'd missed before.	2003-11-06 23:13:04 +00:00
Geoff Thorpe	5c0c22803e	Put more debug screening in BN_div() and correct a comment.	2003-11-06 23:11:07 +00:00
Geoff Thorpe	0ef85c7f45	This is a revert of my previous commit to "improve" the declaration of constant BIGNUMs. It turns out that this trips up different but equally useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness it created. (Thanks to Ulf for the forehead-slap.)	2003-11-05 19:30:29 +00:00
Ulf Möller	078dd1a0f9	typo in comment	2003-11-05 17:28:59 +00:00
Ulf Möller	2b96c95197	cleanup as discussed with Geoff	2003-11-05 17:28:25 +00:00
Geoff Thorpe	d870740cd7	Put the first stage of my bignum debugging adventures into CVS. This code is itself experimental, and in addition may cause execution to break on existing openssl "bugs" that previously were harmless or at least invisible.	2003-11-04 22:54:49 +00:00
Geoff Thorpe	d8ec0dcf45	Avoid some shadowed variable names. Submitted by: Nils Larsch	2003-11-04 00:51:32 +00:00
Geoff Thorpe	c465e7941e	This is the least unacceptable way I've found for declaring the bignum data and structures as constant without having to cast away const at any point. There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy, but crypto/bn/ is now ok. Purists are welcome to suggest alternatives.	2003-11-04 00:29:09 +00:00
Geoff Thorpe	a9fd78f9da	bn_div() does some pretty nasty things with temporary variables, constructing BIGNUM structures with pointers offset into other bignums (among other things). This corrects some of it that is too plainly insane, and tries to ensure that bignums are normalised when passed to other functions.	2003-10-31 01:35:16 +00:00
Geoff Thorpe	5f747c7f4b	When a BN_CTX is used for temporary workspace, the variables are sometimes left in an inconsistent state when they are released for later reuse. This change resets the BIGNUMs when they are released back to the context.	2003-10-30 01:07:56 +00:00
Geoff Thorpe	c4db1a8b5c	This fixes a couple of cases where an inconsistent BIGNUM could be passed as input to a function.	2003-10-30 01:03:31 +00:00
Geoff Thorpe	aca95e0b2f	Remove a line that was causing redundant declarations. Obtained from: Stephen Henson <steve@openssl.org>	2003-10-29 22:55:19 +00:00
Geoff Thorpe	06e4024d98	Oops, this file already had the "empty source file" workaround but it requires -DPEDANTIC and was hidden at the bottom of the file. This moves it to the top and removes the redundant declaration.	2003-10-29 22:25:04 +00:00
Geoff Thorpe	8087d8f7ea	Make md32_common.h friendlier to compiler warnings. Obtained from: Andy Polyakov <appro@openssl.org>	2003-10-29 20:55:03 +00:00
Geoff Thorpe	31166ec8f3	Some provisional bignum debugging has begun to detect inconsistent BIGNUM structures being passed in to or out of API functions, and this corrects a couple of cases found so far. Also, lop off a couple of bytes of white-space.	2003-10-29 20:47:49 +00:00
Geoff Thorpe	2754597013	A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.	2003-10-29 20:24:15 +00:00
Geoff Thorpe	2ce90b9b74	BN_CTX is opaque and the static initialiser BN_CTX_init() is not used except internally to the allocator BN_CTX_new(), as such this deprecates the use of BN_CTX_init() in the API. Moreover, the structure definition of BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself. NDEBUG should probably only be "forced" in the top-level configuration, but until it is I will avoid removing it from bn_ctx.c which might surprise people with massive slow-downs in their keygens. So I've left it in bn_ctx.c but tidied up the preprocessor logic a touch and made it more tolerant of debugging efforts.	2003-10-29 18:04:37 +00:00
Richard Levitte	db5b10fab5	Removing those memcpy()s also took away the possibility for in and out to be the same. Therefore, the removed memcpy()s need to be restored.	2003-10-29 06:21:25 +00:00
Richard Levitte	4e952ae4fc	Removing those memcpy()s also took away the possibility for in and out to be the same. Therefore, the removed memcpy()s need to be restored.	2003-10-29 06:21:22 +00:00
Geoff Thorpe	db59141467	remove accidentally committed debugging cruft.	2003-10-29 05:35:31 +00:00
Geoff Thorpe	8a66d17899	Remove an unnecessary cast that causes certain compilers (eg. mine) some confusion. Also silence a couple of signed/unsigned warnings.	2003-10-29 05:00:57 +00:00
Geoff Thorpe	2eeaa0261e	Remove redundant declaration.	2003-10-29 04:58:23 +00:00
Geoff Thorpe	8dc344ccbf	Relax some over-zealous constification that gave some lhash-based code no choice but to have to cast away "const" qualifiers from their prototypes. This does not remove constification restrictions from hash/compare callbacks, but allows destructor commands to be run over a tables' elements without bad casts.	2003-10-29 04:57:05 +00:00
Geoff Thorpe	6bcd3f903a	Comments out some unimplemented functions instead of redeclaring them.	2003-10-29 04:42:29 +00:00
Geoff Thorpe	40f935f5b4	Avoid "empty source file" warnings.	2003-10-29 04:41:19 +00:00
Geoff Thorpe	0991f07034	For whatever reason (compiler or header bugs), at least one commonly-used linux system (namely mine) chokes on our definitions and uses of the "HZ" symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast" (when in fact there is no function casting involved at all). In both cases, it is easily worked around by not defining a cast into the macro and jiggling the expressions slightly. In addition - this highlights some cruft in openssl that needs sorting out. The tmdiff.h header is exported as part of the openssl API despite the fact that it is ugly as the driven sludge and not used anywhere in the library, applications, or utilities. More weird still, almost identical code exists in apps/speed.c though it looks to be slightly tweaked - so either tmdiff should be updated and used by speed.c, or it should be dumped because it's obviously not useful enough. Rather than removing it for now, I've changed the API for tmdiff to at least make sense. This involves taking the object type (MS_TM) from the implementation and using it in the header rather than using "char " in the API and casting mercilessly in the code (ugh). If someone doesn't like "MS_TM" and the "ms_time_**" naming, by all means change it. This should be a harmless improvement, because the existing API is clearly not very useful (eg. we reimplement it rather than using it in our own utils). However, someone still needs to take a hack at consolidating speed.c and tmdiff.[ch] somehow.	2003-10-29 04:40:13 +00:00
Geoff Thorpe	2aaec9cced	Update any code that was using deprecated functions so that everything builds and links with OPENSSL_NO_DEPRECATED defined.	2003-10-29 04:14:08 +00:00
Geoff Thorpe	9d473aa2e4	When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should be) precompiled out in the API headers. This change is to ensure that if it is defined when compiling openssl, the deprecated functions aren't implemented either.	2003-10-29 04:06:50 +00:00
Geoff Thorpe	6145b0b183	The "cryptodev" engine preprocessor logic used undefined symbols in comparisons. It's better not to allow this, because it gives false positives when using compiler warnings that detect mistyped symbols.	2003-10-29 04:00:14 +00:00
Geoff Thorpe	66b82f5aad	make update	2003-10-28 22:10:47 +00:00
Geoff Thorpe	12bdceac8a	Ignore derived file.	2003-10-28 17:26:46 +00:00
Geoff Thorpe	8ad7e3ad2a	Remove duplicate prototypes have already been (correctly) added to rsa.h, as this is already included by x509.h anyway.	2003-10-24 16:17:11 +00:00
Richard Levitte	fa5846e58b	Correct serious bug in AES-CBC decryption when the message length isn't a multiple of AES_BLOCK_SIZE. Optimize decryption of all complete blocks in AES-CBC by removing an unnecessary memcpy(). The error was notified by James Fernandes <jf210032@exchange.DAYTONOH.NCR.com>. The unnecessary memcpy() was found as an effect of investigating that error.	2003-10-15 09:00:18 +00:00
Richard Levitte	0b6956b474	Correct serious bug in AES-CBC decryption when the message length isn't a multiple of AES_BLOCK_SIZE. Optimize decryption of all complete blocks in AES-CBC by removing an unnecessary memcpy(). The error was notified by James Fernandes <jf210032@exchange.DAYTONOH.NCR.com>. The unnecessary memcpy() was found as an effect of investigating that error.	2003-10-15 09:00:14 +00:00
Richard Levitte	0bb6187e71	The object file is o_str.o, not o_str.c. Thanks to Peter Sylvester <Peter.Sylvester@EdelWeb.fr> for the notification.	2003-10-13 11:34:40 +00:00
Dr. Stephen Henson	c5a5546389	Add support for digested data PKCS#7 type.	2003-10-11 22:11:45 +00:00
Dr. Stephen Henson	79e4022a33	Simplify cipher and digest lookup in PKCS#7 code.	2003-10-11 16:47:44 +00:00
Dr. Stephen Henson	77fe058c10	Simplify cipher and digest lookup in PKCS#7 code.	2003-10-11 16:46:40 +00:00
Dr. Stephen Henson	8d9086dfa2	New function to initialize a PKCS7 structure of type other.	2003-10-10 23:40:47 +00:00
Dr. Stephen Henson	0602abf5bd	Initialize digested data type in PKCS7_set_type().	2003-10-10 23:31:53 +00:00
Dr. Stephen Henson	caf044cb3e	Retrieve correct content to sign when the type is "other".	2003-10-10 23:25:43 +00:00
Dr. Stephen Henson	80986c9ced	Retrieve correct content to sign when the type is "other".	2003-10-10 23:24:10 +00:00
Richard Levitte	ede7c28eb7	In realloc, don't destroy the old memory area if a new one couldn't be allocated. Notified by Daniel Lucq <daniel@lucq.org>	2003-10-07 12:09:42 +00:00
Richard Levitte	83eb412da8	In realloc, don't destroy the old memory area if a new one couldn't be allocated. Notified by Daniel Lucq <daniel@lucq.org>	2003-10-07 12:09:39 +00:00
Richard Levitte	8242354952	Make sure int SSL_COMP_add_compression_method() checks if a certain compression identity is already present among the registered compression methods, and if so, reject the addition request. Declare SSL_COMP_get_compression_method() so it can be used properly. Change ssltest.c so it checks what compression methods are available and enumerates them. As a side-effect, built-in compression methods will be automagically loaded that way. Additionally, change the identities for ZLIB and RLE to be conformant to draft-ietf-tls-compression-05.txt. Finally, make update. Next on my list: have the built-in compression methods added "automatically" instead of requiring that the author call SSL_COMP_add_compression_method() or SSL_COMP_get_compression_methods().	2003-10-06 11:00:15 +00:00
Richard Levitte	c40b9bdefb	Setting the ex_data index is unsafe in a threaded environment, so let's wrap it with a lock.	2003-10-06 09:09:44 +00:00
Richard Levitte	6895cca89d	Remove unused code, don't use zlib functions that are really macros and provide missing prototypes.	2003-10-04 09:09:19 +00:00
Richard Levitte	cf89b40584	Include e_os.h to get a proper definition of memmove on the platforms that do not have it.	2003-10-01 20:43:03 +00:00
Richard Levitte	d680c13060	Include e_os.h to get a proper definition for memmove() for the platforms that don't have it.	2003-10-01 20:41:49 +00:00
Dr. Stephen Henson	2990244980	ASN1 parse fix and release file changes.	2003-09-30 16:47:33 +00:00
Dr. Stephen Henson	0c6fa13fee	In order to get the expected self signed error when calling X509_verify_cert() in x509.c the cert should not be added to the trusted store.	2003-09-30 13:10:48 +00:00
Dr. Stephen Henson	68f0bcfbc3	Changes for release	2003-09-30 12:08:23 +00:00
Dr. Stephen Henson	662ede2370	Fix for ASN1 parsing bugs.	2003-09-30 12:05:44 +00:00
Dr. Stephen Henson	c93f908f7f	Fix to make it compile under Win32.	2003-09-29 17:10:01 +00:00
Richard Levitte	057a04398d	Synchronise util/libeay.num with the 0.9.7-stable one. make update	2003-09-28 09:34:50 +00:00
Richard Levitte	71583fb0d7	Uhmm, It seem to have forgotten one file when I committed the MSDOS change yesterday. PR: 669	2003-09-28 07:11:37 +00:00
Richard Levitte	7f3ba9428f	Uhmm, It seem to have forgotten one file when I committed the MSDOS change yesterday. PR: 669	2003-09-28 07:11:33 +00:00
Richard Levitte	058f86e9e0	Change the indentation from 12 to indent+4. PR: 657	2003-09-27 22:48:36 +00:00
Richard Levitte	3c02e24bb3	Change the indentation from 12 to indent+4. PR: 657	2003-09-27 22:48:33 +00:00
Richard Levitte	4509102cb9	Make MD5 assembler code able to handle messages larger than 2GB on 32-bit systems and above. PR: 664	2003-09-27 22:14:47 +00:00
Richard Levitte	1be02dd842	Make MD5 assembler code able to handle messages larger than 2GB on 32-bit systems and above. PR: 664	2003-09-27 22:14:39 +00:00
Richard Levitte	732d1bf43a	Add reference counting around the thread state hash table. Unfortunately, this means that the dynamic ENGINE version just went up, and isn't backward compatible. PR: 678	2003-09-27 20:29:11 +00:00
Richard Levitte	11171f3c74	Add reference counting around the thread state hash table. Unfortunately, this means that the dynamic ENGINE version just went up, and isn't backward compatible. PR: 678	2003-09-27 20:29:05 +00:00
Ralf S. Engelschall	6bd27f8644	Fix prime generation loop in crypto/bn/bn_prime.pl by making sure the loop does correctly stop and breaking ("division by zero") modulus operations are not performed. The (pre-generated) prime table crypto/bn/bn_prime.h was already correct, but it could not be re-generated on some platforms because of the "division by zero" situation in the script.	2003-09-25 13:57:58 +00:00
Dr. Stephen Henson	82384690e2	Typos.	2003-09-09 23:44:39 +00:00
Richard Levitte	e6fa67fa93	Generalise the definition of strcasecmp() and strncasecmp() for platforms that don't (necessarely) have it. In the case of VMS, this means moving a couple of functions from apps/ to crypto/ and make them general (although only used privately).	2003-09-09 14:48:36 +00:00
Dr. Stephen Henson	510dc1ecd0	outlen should be int * in out_utf8.	2003-08-21 12:32:12 +00:00
Dr. Stephen Henson	3b07c32fe7	outlen should be int * in out_utf8.	2003-08-21 12:31:17 +00:00
Richard Levitte	05a1f76093	make update	2003-08-11 09:53:24 +00:00
Richard Levitte	4ed9388e5d	A new branch for FIPS-related changes has been created with the name OpenSSL-fips-0_9_7-stable. Since the 0.9.7-stable branch is supposed to be in freeze and should only contain bug corrections, this change removes the FIPS changes from that branch.	2003-08-11 09:37:17 +00:00
Richard Levitte	88401ed449	Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>: 1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error. 2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot, not CloseHandle.	2003-08-07 11:57:42 +00:00
Richard Levitte	30e4269241	Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>: 1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error. 2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot, not CloseHandle.	2003-08-07 11:57:21 +00:00
Bodo Möller	59315df637	add OpenSSL license fix typo	2003-08-06 10:38:37 +00:00
Bodo Möller	3aa8d3a7f1	add OpenSSL license fix typo	2003-08-06 10:36:25 +00:00
Richard Levitte	98c1a4900c	Inclusion of openssl/engine.h should always be wrapped with a check that OPENSSL_NO_ENGINE is not defined.	2003-08-04 10:12:38 +00:00
Richard Levitte	5b6e7c8c65	Inclusion of openssl/engine.h should always be wrapped with a check that OPENSSL_NO_ENGINE is not defined.	2003-08-04 10:12:36 +00:00
Dr. Stephen Henson	6b063f32d9	Make the EFB NIDs have empty OIDs aliased to the real EFB OID.	2003-08-01 17:06:48 +00:00
Ben Laurie	afab06d3f5	DES CFB8 test.	2003-08-01 10:31:25 +00:00
Ben Laurie	8fb97c9acd	Fix DES CFB-r.	2003-08-01 10:25:58 +00:00
Ben Laurie	c5f070d5d5	Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.	2003-07-30 18:30:18 +00:00
Ben Laurie	f3b2ea53e2	AES CFB8.	2003-07-29 17:05:16 +00:00
Ben Laurie	c473d53898	The rest of the keysizes for CFB1, working AES AVS test for CFB1.	2003-07-29 13:24:27 +00:00
Ben Laurie	e8f8249319	Working CFB1 and test vectors.	2003-07-29 10:56:56 +00:00
Ben Laurie	e2ced802b4	Add support for partial CFB modes, make tests work, update dependencies.	2003-07-28 15:08:00 +00:00
Ben Laurie	75622f1ece	Unfinished FIPS stuff for review/improvement.	2003-07-27 17:00:51 +00:00
Ben Laurie	a052dd6532	Add untested CFB-r mode. Will be tested soon.	2003-07-27 13:46:57 +00:00
Dr. Stephen Henson	f96d1af449	Avoid clashes with Win32 names in WinCrypt.h	2003-07-23 00:10:43 +00:00
Bodo Möller	968766cad8	updates for draft-ietf-tls-ecc-03.txt Submitted by: Douglas Stebila Reviewed by: Bodo Moeller	2003-07-22 12:34:21 +00:00
Bodo Möller	652ae06bad	add test for secp160r1 add code for kP+lQ timings Submitted by: Douglas Stebila <douglas.stebila@sun.com> Reviewed by: Bodo Moeller	2003-07-22 10:39:10 +00:00
Bodo Möller	ada0e717fa	new function EC_GROUP_cmp() (used by EVP_PKEY_cmp()) Submitted by: Nils Larsch	2003-07-21 13:43:28 +00:00
Richard Levitte	f9d183c209	Replace CCITT with ITU-T. Keep CCITT around as an alias. make update PR: 80	2003-07-04 15:45:04 +00:00
Richard Levitte	61f00386ab	The counter is big-endian. Since it comes as an array of char, there's absolutely no need to special-case it on little-endian machines. Notified by Thierry Boivin <Thierry.Boivin@celsecat.com>	2003-07-04 11:37:50 +00:00
Richard Levitte	5f24adda77	Oops, I forgot to replace 'counter' with 'ivec' when used...	2003-07-03 20:50:46 +00:00
Richard Levitte	2ae0352b0f	Oops, I forgot to replace 'counter' with 'ivec' when used...	2003-07-03 20:50:44 +00:00
Richard Levitte	ba64c2cc8f	The 'counter' is really the IV.	2003-07-03 06:42:45 +00:00
Richard Levitte	da6c44fc97	The 'counter' is really the IV.	2003-07-03 06:42:43 +00:00
Richard Levitte	29e62e487f	Change AES-CTR to increment the IV by 1 instead of 2^64.	2003-07-03 06:41:33 +00:00
Richard Levitte	da0d33560f	Change AES-CTR to increment the IV by 1 instead of 2^64.	2003-07-03 06:41:30 +00:00
Richard Levitte	eb3d68c454	Nils Larsch told me I could remove that variable entirely.	2003-06-26 11:52:23 +00:00
Richard Levitte	c89f31def0	make update	2003-06-26 10:27:11 +00:00
Richard Levitte	ed5fae580e	Implement missing functions. Have the f parameter to _ctrl functions have the prototype ()(void) rather than ()(), for the sake of C++ compilers. Disable unimplemented functionality.	2003-06-26 10:26:42 +00:00
Richard Levitte	d55141ed7a	"Remove" unused variable	2003-06-26 10:23:00 +00:00
Richard Levitte	dfc3151925	The definition of dynamic_ctrl() should change along with the declaration :-).	2003-06-26 07:03:49 +00:00
Bodo Möller	0fbffe7a71	implement PKCS #8 / SEC1 private key format for ECC Submitted by: Nils Larsch	2003-06-25 21:35:05 +00:00
Dr. Stephen Henson	00dc2d7551	Return EOF when an S/MIME part have been read.	2003-06-24 17:12:22 +00:00
Dr. Stephen Henson	037f6e73f1	Return EOF when an S/MIME part have been read.	2003-06-24 17:11:44 +00:00
Richard Levitte	4aae637f6c	We set the export flag for 512 bit keys, not 512 byte ones. PR: 587	2003-06-19 18:55:56 +00:00
Richard Levitte	f6b9cd7f82	We set the export flag for 512 bit keys, not 512 byte ones. PR: 587	2003-06-19 18:55:50 +00:00
Richard Levitte	834ac33a37	dynamic_ctrl() didn't have exactly the same prototype as defined by ENGINE_CTRL_FUNC_PTR.	2003-06-19 16:57:38 +00:00
Richard Levitte	4e9023f4d2	Unsigned vs. signed fixed.	2003-06-19 16:56:48 +00:00
Richard Levitte	0bd71d3b7e	Add the application data type to the README.	2003-06-18 07:14:52 +00:00
Richard Levitte	d97322f0e6	Missing string and potential memory leaks. Notified by Goetz Babin-Ebell <goetz@shomitefo.de>	2003-06-18 07:12:28 +00:00
Richard Levitte	b52d512dfa	Slightly better check of attributes. Now, mem_list_next can actually stop when the searched for key doesn't have it's attributes within the range of the checked key.	2003-06-12 21:32:54 +00:00
Richard Levitte	a3a2ff4cd9	Beautify	2003-06-12 18:13:27 +00:00
Richard Levitte	8c2786fff7	Do not try to use non-existent gmtime_r() on SunOS4. PR: 585	2003-06-12 00:57:27 +00:00
Richard Levitte	8645c415cf	Do not try to use non-existent gmtime_r() on SunOS4. PR: 585	2003-06-12 00:57:25 +00:00
Richard Levitte	1b9f21fdc8	Make sure DSO-dlfcn works properly on SunOS4. PR: 585	2003-06-12 00:51:59 +00:00
Richard Levitte	54bbde3c3f	Make sure DSO-dlfcn works properly on SunOS4. PR: 585	2003-06-12 00:51:54 +00:00
Richard Levitte	e666c4599f	Add the possibility to have symbols loaded globally with DSO.	2003-06-11 22:42:28 +00:00
Richard Levitte	c78b4f1d3d	Remove unused variable	2003-06-11 21:47:21 +00:00
Richard Levitte	6e260c4093	Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[]. PR: 617	2003-06-11 21:22:34 +00:00
Richard Levitte	33862b90bb	Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[]. PR: 617	2003-06-11 21:22:30 +00:00
Richard Levitte	54f6451670	Add functionality to set marks on the error stack and to pop all errors to the next mark.	2003-06-11 20:49:58 +00:00
Richard Levitte	25a1259911	Make sure to NUL-terminate the string on end-of-file (and error) PR: 643	2003-06-11 18:43:49 +00:00
Richard Levitte	606c8048a0	Make sure to NUL-terminate the string on end-of-file (and error) PR: 643	2003-06-11 18:43:45 +00:00
Richard Levitte	4eebab0d22	The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting	2003-06-10 04:11:46 +00:00
Richard Levitte	55b12f8641	The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting	2003-06-10 04:11:42 +00:00
Geoff Thorpe	bc63a2ee0e	This memset() in the ubsec ENGINE is a bug. Zeroing out the result array should not be necessary in any case, but more importantly the result and input BIGNUMs could be the same, in which case this is clearly a problem. Submitted by: Jonathan Hersch Reviewed by: Joe Orton Approved by: Geoff Thorpe	2003-06-06 17:53:24 +00:00
Richard Levitte	2ee67f1dad	Make sure the sigaction structure and fileno function are properly declared with an ANSI compiler on Solaris (and possibly others).	2003-06-04 09:13:19 +00:00
Richard Levitte	4af3184662	Remove extra ;	2003-06-04 09:11:44 +00:00
Richard Levitte	e31047744a	Make sure the function definitions match their declaration.	2003-06-04 09:11:15 +00:00
Richard Levitte	f6eba601b0	Make sure that size_t matches size_t.	2003-06-04 09:10:43 +00:00
Dr. Stephen Henson	476f09712c	Really get X509_CRL_CHECK_ALL right this time...	2003-06-04 00:40:47 +00:00
Dr. Stephen Henson	50078051bd	Really get X509_CRL_CHECK_ALL right this time...	2003-06-04 00:40:05 +00:00
Dr. Stephen Henson	16c9148220	Move the base64 BIO fixes to 0.9.7-stable	2003-06-03 00:11:37 +00:00
Dr. Stephen Henson	ca82ac1fee	Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect results if CR+LF straddles the line buffer.	2003-06-02 17:53:42 +00:00
Dr. Stephen Henson	9d92486cfb	Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect results if CR+LF straddles the line buffer.	2003-06-02 17:52:19 +00:00
Dr. Stephen Henson	aff0542844	Stop checking for CRLF when start of buffer is reached. Add rest of long line fix which got missed before	2003-06-02 01:12:01 +00:00
Dr. Stephen Henson	bb41fdb5ec	Stop checking for CRLF when start of buffer is reached.	2003-06-02 01:03:08 +00:00
Dr. Stephen Henson	beab098d53	Various S/MIME bug and compatibility fixes.	2003-06-01 20:51:58 +00:00
Dr. Stephen Henson	3410aa1aa8	Various S/MIME bug and compatibility fixes.	2003-06-01 20:45:44 +00:00
Richard Levitte	2a948bd306	Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration macros get properly defined.	2003-05-29 22:22:34 +00:00
Richard Levitte	c4d471552f	Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration macros get properly defined.	2003-05-29 22:22:30 +00:00
Richard Levitte	d4e35514ba	Have ASFLAGS be defined the same way as CFLAGS	2003-05-29 22:20:57 +00:00
Richard Levitte	01fc834bc9	Have ASFLAGS be defined the same way as CFLAGS	2003-05-29 22:20:47 +00:00
Richard Levitte	f7f8d82aaa	PR: 630 Avoid looking outside the key_data array.	2003-05-29 20:59:38 +00:00
Richard Levitte	3fd6b9f6d4	PR: 630 Avoid looking outside the key_data array.	2003-05-29 20:59:30 +00:00
Lutz Jänicke	83b4f49c0a	Move header file inclusion to prevent irritation of users forgetting to call "make depend" after enabling or disabling ciphers... Submitted by: Tal Mozes <talm@cyber-ark.com> PR: #628	2003-05-28 19:56:46 +00:00
Lutz Jänicke	828ce10ce7	Move header file inclusion to prevent irritation of users forgetting to call "make depend" after enabling or disabling ciphers... Submitted by: Tal Mozes <talm@cyber-ark.com> PR: #628	2003-05-28 19:56:04 +00:00
Dr. Stephen Henson	8939adbad9	PR: 627 Allocate certificatePolicies correctly if CPS field is absent. Fix various memory leaks in certificatePolicies.	2003-05-28 17:28:42 +00:00
Dr. Stephen Henson	60790aff6f	PR: 627 Allocate certificatePolicies correctly if CPS field is absent. Fix various memory leaks in certificatePolicies.	2003-05-28 17:28:11 +00:00
Dr. Stephen Henson	ff160dba54	PR: 631 Submitted by: Doug Sauder <dws+001@hunnysoft.com> Fix bug in X509V3_get_d2i() when idx in not NULL.	2003-05-28 16:57:22 +00:00
Dr. Stephen Henson	e19d0ef068	PR: 631 Submitted by: Doug Sauder <dws+001@hunnysoft.com> Fix bug in X509V3_get_d2i() when idx in not NULL.	2003-05-28 16:57:08 +00:00
Richard Levitte	f5f7dffdd1	Make sure to compare unsigned against unsigned.	2003-05-28 10:34:29 +00:00
Richard Levitte	fb5b7317a7	Make sure to compare unsigned against unsigned.	2003-05-28 10:34:04 +00:00
Richard Levitte	457f692eab	Fix sign bugs. PR: 621	2003-05-21 14:29:33 +00:00
Richard Levitte	83743ad039	Fix sign bugs. PR: 621	2003-05-21 14:29:13 +00:00
Richard Levitte	163f5b236c	Correct signedness	2003-05-21 14:21:26 +00:00
Richard Levitte	e077b5452f	Make sure EC_window_bits_for_scalar_size() returns a size_t	2003-05-21 08:40:18 +00:00
Richard Levitte	513c01a591	Make sure EC_window_bits_for_scalar_size() returns a size_t	2003-05-21 08:40:06 +00:00
Richard Levitte	d9a2a89a17	I have no idea how I cut away that piece of text...	2003-05-21 06:50:51 +00:00
Richard Levitte	31939f1544	I don't remember what my thinking was with str_compat.h. Maybe it'll come back to me...	2003-05-20 09:00:59 +00:00
Richard Levitte	9acef3bbd7	Misspelled functions.	2003-05-20 08:50:18 +00:00
Richard Levitte	164bc7dae8	Some misspelled function names.	2003-05-20 08:49:12 +00:00
Richard Levitte	f59c941950	Make the function STORE_new_engine() public.	2003-05-19 23:06:09 +00:00
Richard Levitte	0239876511	Remove certain functions	2003-05-19 23:03:43 +00:00
Dr. Stephen Henson	727ef76ebd	Add correct DN entry for serialNumber.	2003-05-07 23:20:58 +00:00
Dr. Stephen Henson	22e6c2524e	Add correct DN entry for serialNumber.	2003-05-07 23:20:41 +00:00
Richard Levitte	bca52f7d4e	Define the two authentication parameter types for passphrase and Kerberos 5 authentications.	2003-05-07 21:17:30 +00:00
Richard Levitte	48c36fdb2a	Add the possibility to hand execution parameters (for example authentication material) to the STORE functions. Suggested by Götz Babin-Ebell <babin-ebell@trustcenter.de>.	2003-05-07 21:06:15 +00:00
Richard Levitte	54a7ea6f36	DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function called downstream that need it to be non-const. The fact that the RSA_METHOD functions take the RSA* as a const doesn't matter, it just expresses that they won't touch it. PR: 602	2003-05-07 11:38:13 +00:00
Richard Levitte	816d785721	DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function called downstream that need it to be non-const. The fact that the RSA_METHOD functions take the RSA* as a const doesn't matter, it just expresses that they won't touch it. PR: 602	2003-05-07 11:38:10 +00:00
Richard Levitte	742b139f54	Add the possibility to store arbitrary data in a STORE. Suggested by Götz Babin-Ebell <babin-ebell@trustcenter.de>.	2003-05-06 08:02:14 +00:00
Richard Levitte	0e2f5ec2d2	Constify RSA_sign() and RSA_verify(). PR: 602	2003-05-05 13:55:23 +00:00
Richard Levitte	3b30121bd9	Constify RSA_sign() and RSA_verify(). PR: 602	2003-05-05 13:55:18 +00:00
Richard Levitte	9ee789e6c3	Yeah, right, an object file ending with .c, that'll work!	2003-05-03 06:58:08 +00:00
Dr. Stephen Henson	8c5e375c8e	Typo.	2003-05-02 11:42:17 +00:00
Dr. Stephen Henson	b9d2d20086	Make DER option work again. Fix typo.	2003-05-02 11:41:40 +00:00
Richard Levitte	b9d7ca9748	It's usually best if the function name matches everywhere...	2003-05-02 07:25:54 +00:00
Richard Levitte	5b194dfbd5	STORE was created 2003, darnit!	2003-05-01 20:44:20 +00:00
Richard Levitte	7f6af7d9db	Get the year right...	2003-05-01 20:15:35 +00:00
Richard Levitte	42b2b6a2d5	Provide some extra comments about the STORE_Memory STORE method.	2003-05-01 04:31:12 +00:00
Richard Levitte	d1465bac90	make update	2003-05-01 04:10:32 +00:00
Richard Levitte	3bbb0212f3	Add STORE support in ENGINE.	2003-05-01 03:57:46 +00:00
Richard Levitte	a5db6fa576	Define a STORE type. For documentation, read the entry in CHANGES, crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h.	2003-05-01 03:53:12 +00:00
Richard Levitte	9236b5b013	Define a STORE lock (the STORE type will be committed later).	2003-05-01 03:46:10 +00:00
Richard Levitte	535fba4907	Define the OPENSSL_ITEM structure.	2003-05-01 03:45:18 +00:00
Richard Levitte	1ae0a83bdd	Add BUF_strndup() and BUF_memdup(). Not currently used, but I've code that uses them that I'll commit in a few days.	2003-04-29 22:08:57 +00:00
Richard Levitte	7ae46c6761	make update	2003-04-29 21:35:28 +00:00
Richard Levitte	d584fd6b66	Include objects.h to get a correct declaration of OBJ_bsearch_ex(), not to mention the OBJ_BSEARCH_* macros.	2003-04-29 20:46:32 +00:00
Richard Levitte	54dbdd9837	Some variables were uninitialised...	2003-04-29 20:45:36 +00:00
Richard Levitte	26851b6b42	Add an extended variant of sk_find() which returns a non-NULL pointer even if an exact match wasn't found.	2003-04-29 20:30:55 +00:00
Richard Levitte	ea5240a5ed	Add an extended variant of OBJ_bsearch() that can be given a few flags.	2003-04-29 20:25:21 +00:00
Bodo Möller	ce8a202831	fix typo Submitted by: Nils Larsch	2003-04-22 12:44:58 +00:00
Bodo Möller	eec7968f18	fix typo Submitted by: Nils Larsch	2003-04-22 08:29:21 +00:00
Richard Levitte	7f0f9f1934	Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances. Memory leak fix: RSA_blinding_on() would leave a dangling pointer in rsa->blinding under certain circumstances. Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.	2003-04-16 06:25:29 +00:00
Richard Levitte	040c687ce4	Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances. Memory leak fix: RSA_blinding_on() would leave a dangling pointer in rsa->blinding under certain circumstances. Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.	2003-04-16 06:25:21 +00:00
Richard Levitte	8f09a154e3	Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()	2003-04-15 13:01:50 +00:00
Richard Levitte	cd1226bc6a	Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()	2003-04-15 13:01:37 +00:00
Richard Levitte	fba1cfa06d	The release is tagged, time to work on 0.9.7c.	2003-04-10 20:40:19 +00:00
Richard Levitte	27f7d430ce	Forgot to code the status bits for release. This file will be retagged.	2003-04-10 20:29:08 +00:00
Richard Levitte	5964e95c0a	Time to release 0.9.7b. The tag will be OpenSSL_0_9_7b.	2003-04-10 20:22:15 +00:00
Richard Levitte	1a0c1f9052	make update	2003-04-10 20:11:09 +00:00
Richard Levitte	f78ae9c0f2	make update.	2003-04-10 20:10:22 +00:00
Dr. Stephen Henson	88ec5a637f	Only call redirected rsa_sign or rsa_verify if the pointer is set. This allows, for example, a smart card to redirect rsa_sign and keep the default rsa_verify.	2003-04-10 01:13:37 +00:00
Dr. Stephen Henson	0b1c00abeb	Typo.	2003-04-10 00:04:02 +00:00
Dr. Stephen Henson	75fcbb43a7	Typo.	2003-04-10 00:03:22 +00:00
Richard Levitte	0ae4ad9e9f	Include rand.h, so RAND_status() and friends get properly declared.	2003-04-08 11:07:13 +00:00
Richard Levitte	721688c2f8	Include rand.h, so RAND_status() and friends get properly declared.	2003-04-08 11:07:05 +00:00
Richard Levitte	1ed3815650	We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in form of unneeded direct calls through the engine pointer..	2003-04-08 06:02:00 +00:00
Richard Levitte	0b55368306	We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in form of unneeded direct calls through the engine pointer..	2003-04-08 06:01:55 +00:00
Richard Levitte	27310553b1	We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form of unneeded includes of openssl/engine.h.	2003-04-08 06:00:17 +00:00
Richard Levitte	43eb3b0130	We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form of unneeded includes of openssl/engine.h.	2003-04-08 06:00:05 +00:00
Richard Levitte	78490b9cc2	RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function pointers should be used. It doesn't necessarely mean it should go through the ENGINE framework.	2003-04-07 19:15:29 +00:00
Richard Levitte	0a861ab7f3	RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function pointers should be used. It doesn't necessarely mean it should go through the ENGINE framework.	2003-04-07 19:15:25 +00:00
Richard Levitte	7b36590b17	What was I smoking? EVP_PKEY_cmp() should return with 0 if EVP_PKEY_cmp_parameters() returned 0, otherwise it should go on processing the public key component. Thia has nothing to do with the proper handling of EC parameters or not.	2003-04-07 10:15:32 +00:00
Richard Levitte	a8b728445c	Correct a typo. Have EVP_PKEY_cmp() call EVP_PKEY_cmp_parameters(), and make a note about the lack of parameter comparison for EC.	2003-04-07 10:09:44 +00:00
Richard Levitte	af0f0f3e8f	Constify	2003-04-06 15:31:18 +00:00
Richard Levitte	86ccb91ddb	Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined. PR: 564	2003-04-05 21:21:29 +00:00
Richard Levitte	8d570498a2	Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined. PR: 564	2003-04-05 21:21:26 +00:00
Richard Levitte	3ae70939ba	Correct a lot of printing calls. Remove extra arguments...	2003-04-03 23:39:48 +00:00
Richard Levitte	d5157a6244	Make %p and %# work properly, at least with pointers and floats.	2003-04-03 23:35:16 +00:00
Richard Levitte	c433d72593	Make %p and %# work properly, at least with pointers and floats.	2003-04-03 23:35:14 +00:00
Richard Levitte	68b42986cb	Add GCC attributes when compiled with gcc. This helps find out if we're using the printing functions correctly or not. I used the corresponding attributes found in the header files of my Linux installation.	2003-04-03 23:06:05 +00:00
Richard Levitte	e6526fbf4d	Add functionality to help making self-signed certificate.	2003-04-03 22:27:24 +00:00
Richard Levitte	8382ec5d37	Reindent for readability.	2003-04-03 19:10:32 +00:00
Bodo Möller	46b695d850	make RSA blinding thread-safe	2003-04-02 09:50:55 +00:00
Bodo Möller	5679bcce07	make RSA blinding thread-safe	2003-04-02 09:50:22 +00:00
Richard Levitte	54e73364f1	Don't feil when indent is 0. PR: 559	2003-03-31 13:24:04 +00:00
Richard Levitte	6dd6da6005	Don't feil when indent is 0. PR: 559	2003-03-31 13:24:02 +00:00
Dr. Stephen Henson	1a15c89988	Multi valued AVA support.	2003-03-30 01:51:16 +00:00
Richard Levitte	a47789e849	Update VMS building system	2003-03-26 14:34:38 +00:00
Dr. Stephen Henson	81bd0446a9	make update	2003-03-24 17:06:25 +00:00
Dr. Stephen Henson	520b76ffd9	Support for name constraints.	2003-03-24 17:04:44 +00:00
Dr. Stephen Henson	1e2b14e9ca	Get X509_V_FLAG_CRL_CHECK_ALL logic the right way round. PR:544	2003-03-24 16:58:01 +00:00
Dr. Stephen Henson	4fe70c7812	Get X509_V_FLAG_CRL_CHECK_ALL logic the right way round. PR:544	2003-03-24 16:57:08 +00:00
Dr. Stephen Henson	1c2d141238	Name Constraints OID.	2003-03-24 00:56:09 +00:00
Dr. Stephen Henson	5cc5ec1bba	make update	2003-03-21 16:28:29 +00:00
Dr. Stephen Henson	f80153e20b	Support for policy constraints.	2003-03-21 16:26:20 +00:00
Richard Levitte	9b94f215b1	Define COMP method function prototypes properly.	2003-03-21 00:05:14 +00:00
Richard Levitte	8b5bcef798	Make sure to declare mem*() properly.	2003-03-21 00:04:14 +00:00
Richard Levitte	ea17e1f00f	make update	2003-03-20 23:54:33 +00:00
Richard Levitte	be9bec9bc7	Make sure we get the definition of OPENSSL_NO_RSA.	2003-03-20 23:34:28 +00:00
Richard Levitte	9c35452842	Make sure we get the definition of OPENSSL_NO_HMAC and OPENSSL_NO_SHA.	2003-03-20 23:34:08 +00:00
Richard Levitte	69104cdf34	Make sure we get the definition of OPENSSL_NO_SHA.	2003-03-20 23:32:16 +00:00
Richard Levitte	dfefdb41f7	Make sure we get the definition of OPENSSL_NO_RIPEMD.	2003-03-20 23:31:56 +00:00
Richard Levitte	cd6ab56da0	Make sure we get the definition of OPENSSL_NO_MDC2.	2003-03-20 23:31:44 +00:00
Richard Levitte	c988c9b839	Make sure we get the definition of OPENSSL_NO_MD5.	2003-03-20 23:31:34 +00:00
Richard Levitte	bff8e1dddb	Make sure we get the definition of OPENSSL_NO_MD4.	2003-03-20 23:31:24 +00:00
Richard Levitte	641e6ef2cb	Make sure we get the definition of OPENSSL_NO_MD2.	2003-03-20 23:30:04 +00:00
Richard Levitte	9e9e8cb6a8	Make sure we get the definition of OPENSSL_NO_DES.	2003-03-20 23:29:38 +00:00
Richard Levitte	f118514501	Make sure we get the definition of OPENSSL_NO_RC5.	2003-03-20 23:29:26 +00:00
Richard Levitte	39c4b7092c	Make sure we get the definition of OPENSSL_NO_RC4.	2003-03-20 23:29:17 +00:00
Richard Levitte	c7e7fc3ee4	Make sure we get the definition of OPENSSL_NO_RC2.	2003-03-20 23:29:06 +00:00
Richard Levitte	786b0075d5	Make sure we get the definition of OPENSSL_NO_IDEA.	2003-03-20 23:28:55 +00:00
Richard Levitte	fb10590910	Make sure we get the definition of OPENSSL_NO_CAST.	2003-03-20 23:28:27 +00:00
Richard Levitte	abf21308d2	Make sure we get the definition of OPENSSL_NO_BF.	2003-03-20 23:28:16 +00:00
Richard Levitte	8c84b677e2	Make sure we get the definition of OPENSSL_NO_AES.	2003-03-20 23:28:03 +00:00
Richard Levitte	d5ef144222	Make sure we get the definition of a number of OPENSSL_NO_* macros.	2003-03-20 23:27:17 +00:00
Richard Levitte	741dae576f	Make sure we get the definition of OPENSSL_NO_BIO.	2003-03-20 23:26:46 +00:00
Richard Levitte	59ade20500	Include e_os.h correctly.	2003-03-20 23:26:32 +00:00
Richard Levitte	c11b9af75e	Make sure we get the definition of OPENSSL_NO_MD2.	2003-03-20 23:24:59 +00:00

... 8 9 10 11 12 ...

4041 commits