Commit graph

4041 commits

Author SHA1 Message Date
Andy Polyakov
f774accdbf Fix rc4-ia64.S to pass more exhaustive regression tests. 2004-12-02 10:07:55 +00:00
Dr. Stephen Henson
8544a80776 Add couple of OIDs. Resync NIDs for consistency with 0.9.7. 2004-12-01 18:09:53 +00:00
Dr. Stephen Henson
2e1366366e Add two OIDs, make update 2004-12-01 17:55:07 +00:00
Andy Polyakov
fda344ece8 Complete backport of i386 RC4 assembler module from HEAD. 2004-12-01 15:45:34 +00:00
Andy Polyakov
280e3bd2c9 Downstream update from HEAD. 2004-12-01 15:30:50 +00:00
Andy Polyakov
7c69478064 I've introduced a bug to i386 RC4 assembler, which would emerge with
certain mix of calls to RC4 routine not covered by rc4test.c.
It's fixed now. In addition this patch inadvertently fixes minor
performance problem: in 0.9.7 context P4 was performing 12% slower
than the original implementation...
2004-12-01 15:28:18 +00:00
Dr. Stephen Henson
41191d14ce Perform partial comparison of different character types in X509_NAME_cmp(). 2004-12-01 01:45:57 +00:00
Dr. Stephen Henson
1862dae862 Perform partial comparison of different character types in X509_NAME_cmp(). 2004-12-01 01:45:30 +00:00
Andy Polyakov
62c19d2dd9 Back-port of RC4 assembler support for AMD64 from HEAD branch. 2004-11-30 18:00:33 +00:00
Andy Polyakov
2d1a37bc9f Downsync new and updated RC4 assembler modules from HEAD. 2004-11-30 17:53:44 +00:00
cvs2svn
24e85c3dee This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2004-11-30 15:46:47 +00:00
Andy Polyakov
b7b46c9a87 Add 0.9.7 specific comments to RC4 assembler modules. 2004-11-30 15:46:46 +00:00
Richard Levitte
5073ff0346 Split X509_check_ca() into a small self and an internal function
check_ca(), to resolve constness issue.  check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().
2004-11-30 12:18:55 +00:00
Richard Levitte
fa032a6941 Split X509_check_ca() into a small self and an internal function
check_ca(), to resolve constness issue.  check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().
2004-11-30 12:18:53 +00:00
Andy Polyakov
fc7fc5678f sha1_block_asm_data_order can't hash if message crosses 2GB boundary. 2004-11-29 21:19:56 +00:00
Andy Polyakov
7a3240e319 Final touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core. 2004-11-29 21:12:58 +00:00
Richard Levitte
30b415b076 Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)
2004-11-29 11:28:08 +00:00
Richard Levitte
cd52956357 Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)
2004-11-29 11:18:00 +00:00
Andy Polyakov
914c2a28c0 perlasm/x86[ms|nasm] update to accomodate updated RC4 assembler module. 2004-11-27 15:14:58 +00:00
Andy Polyakov
bc3e7fabe7 Engage RC4 IA-64 assembler module. 2004-11-26 15:12:17 +00:00
Andy Polyakov
d675c74d14 RC4 IA-64 assembler implementation. 2004-11-26 15:07:50 +00:00
cvs2svn
4443f44012 This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2004-11-25 18:21:27 +00:00
Dr. Stephen Henson
dfcf822c65 Check return code of EVP_CipherInit() in PKCS#12 code. 2004-11-24 01:21:57 +00:00
Dr. Stephen Henson
9d2996b82f Check return code of EVP_CipherInit() in PKCS#12 code. 2004-11-24 01:21:03 +00:00
Andy Polyakov
959f9b1158 linux-x86_64 didn't link after EM64T RC4 tune-up... 2004-11-23 09:06:12 +00:00
Andy Polyakov
376729e130 RC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's
apparently impossible to compose blended code with would perform
satisfactory on all x86 and x86_64 cores, an extra RC4_CHAR
code-path is introduced and P4 core is detected at run-time. This
way we keep original performance on non-P4 implementations and
turbo-charge P4 performance by factor of 2.8x (on 32-bit core).
2004-11-21 10:36:25 +00:00
Dr. Stephen Henson
ced27cc681 PR: 959
Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
2004-11-13 13:52:34 +00:00
Dr. Stephen Henson
f94481196c The use of "exp" as a variable name in a prototype causes a conflict with FC2
headers.
2004-11-11 01:18:57 +00:00
Andy Polyakov
68d9e764cb As was shown by Marc Bevand reordering of couple of load operations
results in even higher performance gain of 3.3x:-) At least on
Opteron...
2004-11-09 17:23:26 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Richard Levitte
a2617f727d Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:53:31 +00:00
Richard Levitte
ee478901b0 Make sure memmove() is defined, even on SunOS 4.1.4.
PR: 963
2004-11-01 07:58:43 +00:00
Richard Levitte
1a4b8e7cee Make sure memmove() is defined, even on SunOS 4.1.4.
PR: 963
2004-11-01 07:58:38 +00:00
Richard Levitte
871080b94b fips/dh was missing in mkfiles.pl.
make update
2004-10-26 12:17:25 +00:00
Dr. Stephen Henson
2f547d2c1c Change version numbers to 0.9.7f-dev 2004-10-25 11:31:28 +00:00
Dr. Stephen Henson
bfb7bac83b Updates for 0.9.7e release. 2004-10-25 11:24:39 +00:00
Dr. Stephen Henson
75f7141ab4 make update 2004-10-25 00:04:22 +00:00
Geoff Thorpe
58ae65cd1a Update ECDSA and ECDH for OPENSSL_NO_ENGINE.
Reported by: Maxim Masiutin
Submitted by: Nils Larsch
2004-10-21 00:06:14 +00:00
Richard Levitte
9e57ab615c Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up.  Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.
2004-10-14 05:49:01 +00:00
Richard Levitte
5b0f1f7d13 Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up.  Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.
2004-10-14 05:48:59 +00:00
Dr. Stephen Henson
70bfcc895e Oops.. 2004-10-04 17:28:57 +00:00
Dr. Stephen Henson
785e827323 Oops! 2004-10-04 17:28:31 +00:00
Dr. Stephen Henson
2f605e8d24 Fix race condition when CRL checking is enabled. 2004-10-04 16:30:12 +00:00
Dr. Stephen Henson
8de8bcbe2c Fix race condition when CRL checking is enabled. 2004-10-04 16:27:36 +00:00
Dr. Stephen Henson
175ac6811a Don't use C++ reserved work "explicit". 2004-10-01 11:21:53 +00:00
Andy Polyakov
07d488daf6 Fix Solaris 10_x86 shared build. -Bsymbolic is required to avoid
"remaining relocations" in assembler modules. The latter seems to
be new behaviour, elder as/ld managed to resolve this relocations
as internal. It's possible to address this problem differently,
but I settle for -Bsymbolic...
PR: 546
2004-09-28 20:45:10 +00:00
Richard Levitte
c38ff58b6b Move the declaration of alloca() so it's ony declared when really
necessary.
2004-09-27 21:59:44 +00:00
Andy Polyakov
c29ef588dc SHA1 asm Pentium tune-up. Performance loss is not as bad anymore. 2004-09-27 09:37:03 +00:00
Andy Polyakov
968c31bd84 sha256_block advances the input pointer double as fast sometimes. Fix the
bug and test that it's actually gone.
PR: 950
2004-09-27 09:35:59 +00:00
Geoff Thorpe
c743966156 Nils Larsch reported that this include is required. Strange that this had
gone unnoticed ...
2004-09-24 23:37:52 +00:00
Richard Levitte
bb09fd2bb6 Import changed files from LPlib. The changes are logged as follows
for LPdir_unix.c in LPlib.  For the other files, only the last log
entry applies.

----------------------------
revision 1.11
date: 2004/09/23 22:07:22;  author: _cvs_levitte;  state: Exp;  lines: +20 -6
Define my own macro LP_ENTRY_SIZE to express the size of my own
buffering of directory entries, and make it depend on whichever comes
first of PATH_MAX and NAME_MAX.  As a fallback, make sure it's set to
255 if neither PATH_MAX or NAME_MAX were defined.  Also, if the size
given from PATH_MAX or NAME_MAX is less than 255, force LP_ENTRY_SIZE
to be 255.

It makes no harm whatsoever if LP_ENTRY_SIZE is larger than the
maximum local path name limit.  It does make a lot of harm if
LP_ENTRY_SIZE is smaller.  255 seemed like a fairly acceptable default
when nothing else is available.
----------------------------
revision 1.10
date: 2004/08/26 13:36:05;  author: _cvs_levitte;  state: Exp;  lines: +13 -13
License correction.  I am not REGENTS, just a COPYRIGHT HOLDER.
----------------------------
2004-09-23 22:11:39 +00:00
Geoff Thorpe
280eb33b59 Remove distracting comments and code. Thanks to Nils for picking up on the
outstanding ticket.

PR: 926
2004-09-19 04:55:15 +00:00
Geoff Thorpe
f79110c633 Two TODO comments taken care of. Nils pointed out that one of them had already
been done, and took care of the other one (which hadn't).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-09-19 04:43:46 +00:00
Geoff Thorpe
6ef2ff62fc Make -Werror happy again. 2004-09-18 01:32:32 +00:00
Dr. Stephen Henson
980aea7860 Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap(). 2004-09-15 23:47:25 +00:00
Dr. Stephen Henson
d06db8ad9e Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap(). 2004-09-15 23:38:45 +00:00
Dr. Stephen Henson
ffa8e7b74c Oops, forgot to reorder extension request nids. 2004-09-13 22:39:49 +00:00
Dr. Stephen Henson
bd9327baa9 Change values of MBSTRING_* to the form MBSTRING_FLAG|nbyte as assumed
in ASN1_STRING_to_UTF8().
2004-09-13 22:33:56 +00:00
Dr. Stephen Henson
85e8decc16 ASN1_STRING_to_UTF8() assumed that the MBSTRING_* flags were of
the form MBSTRING_FLAG|nbyte where "nbyte" is the number of
bytes per character.

Unfortunately this isn't so and we can't change the #defines because
this would break binary compatibility, so for 0.9.7X only translate
between the two.
2004-09-13 22:30:31 +00:00
Richard Levitte
6f9bafafa3 - There's no more need for the snprintf macro.
- Move the inclusion of malloc.h until after all other includes, so we
  can do proper tests of system macros.
- Make sure the correct header file is included to get the builtin
  "alloca" under VMS, and define a macro to map the symbol 'alloca' to
  it.
2004-09-13 09:15:06 +00:00
Richard Levitte
422a4a33a5 Synchronise with Unix build. 2004-09-12 13:02:04 +00:00
Dr. Stephen Henson
8f349c58f7 Stop warning. 2004-09-10 20:27:45 +00:00
Dr. Stephen Henson
cfafb6a73d When looking for request extensions in a certificate look first
for the PKCS#9 OID then the non standard MS OID.
2004-09-10 20:26:30 +00:00
Dr. Stephen Henson
58606421ae When looking for request extensions in a certificate look first
for the PKCS#9 OID then the non standard MS OID.
2004-09-10 20:20:54 +00:00
Richard Levitte
d813ff2ac1 make update 2004-09-10 10:30:33 +00:00
Andy Polyakov
36734b2bab Make VIA Padlock engine more platform friendly and eliminate compiler
warning.

Submitted by: Doug Kaufman <dkaufman@rahul.net>
2004-09-09 14:54:12 +00:00
Andy Polyakov
c85c5c408a x86 assembler updates: more instructions, new OPENSSL_instrument_halt
[for DJGPP]...
2004-09-09 14:50:32 +00:00
Richard Levitte
2c1677d703 Synchronise VMS build files with Unixly Makefiles. 2004-09-08 08:13:34 +00:00
Richard Levitte
72348cbb8d Another symbol longer than 31 characters... 2004-09-08 08:13:03 +00:00
Dr. Stephen Henson
5d7c222db8 New X509_VERIFY_PARAM structure and associated functionality.
This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.
2004-09-06 18:43:01 +00:00
Dr. Stephen Henson
d993addbed Stop compiler warnings. 2004-09-06 18:37:46 +00:00
Andy Polyakov
16760a3089 Proper support for OpenBSD-i386 shared build, including assember modules!
"Proper" means "compiles and passes test." Versioning is broken (I think).
2004-08-29 21:36:37 +00:00
Andy Polyakov
2b247cf81f OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a
symbol, but a macro expanded as (*(OPENSSL_ia32cap_loc())). The latter
is the only one to be exported to application.
2004-08-29 16:36:05 +00:00
Andy Polyakov
746fc2526f Fix compiler warnings in crypto/evp/bio_ok.c as pointed out by Geoff. 2004-08-29 16:19:27 +00:00
Andy Polyakov
a8c65b400c crypto/perlasm update primarily to unify Netware modules. Once it's verified
x86*_nw.pl will be deleted. In addition this update implements initseg
on several additional [in addition to ELF] platforms. Functions registered
with initseg are supposed to be called prior main().
2004-08-29 16:10:27 +00:00
Andy Polyakov
526975906b Minor VIA Padlock engine update: eliminate -Wunused warning when *not*
compiling the engine and inline memcpy in performance critical pathes.
2004-08-24 09:01:09 +00:00
Andy Polyakov
4157fae6fe Sync aes_ctr.c with HEAD. 2004-08-23 22:28:27 +00:00
Andy Polyakov
14fa6ad9f9 Make aes_ctr.c 64-bit savvy. 2004-08-23 22:19:51 +00:00
Richard Levitte
bb1a915c24 Basically, I wanted to be able to make a dump to a FILE*, and not have
to bother creating a BIO around it.  So here's a few more functions to
make it possible to make the dump using a printing callback, and to
print to a FILE* (based on the callback variant), done in the same
style as the functions in crypto/err/err_prn.c.
2004-08-11 21:13:57 +00:00
Dr. Stephen Henson
8c172bce1c Make ASN1_INTEGER_cmp() work as expected with negative integers. 2004-08-10 17:40:31 +00:00
Dr. Stephen Henson
e08aad1d14 Make ASN1_INTEGER_cmp() work as expected with negative integers. 2004-08-10 17:40:14 +00:00
Richard Levitte
1033449613 make update 2004-08-10 09:09:08 +00:00
Dr. Stephen Henson
bb82123707 Don't ignore return values of EVP_DigestInit_ex() in md BIOs and dgst. 2004-08-05 18:10:46 +00:00
Dr. Stephen Henson
c128bb0fa2 Don't ignore return value of EVP_DigestInit_ex() in md BIOs and dgst utility. 2004-08-05 18:09:50 +00:00
Andy Polyakov
b88606c28e Padlock engine update to fix a typo in MSC assembler and to address
potential corruption problem if user manages to inter-leave aligined
and misaligned requests [as well as some MSC-specific tweaks].
2004-08-04 12:58:26 +00:00
Richard Levitte
2ea6abf6e5 DJGPP has opendir() and friends, according to Gisle Vanem <giva@bgnett.no>. 2004-08-03 19:15:21 +00:00
Andy Polyakov
42096e05f7 Avoid a.out name table pollition. 2004-08-02 22:02:17 +00:00
Andy Polyakov
7d15a556f8 Minor clean-up to make Microsoft compiler shut up. 2004-08-02 21:54:40 +00:00
Andy Polyakov
5b17246324 VIA C3 processor extends IA-32 instruction set with instuctions
performing AES encryption in hardware, as well as one accessing
hardware RNG. As you surely imagine this engine access this
extended instruction set. Well, only AES for the moment, support
for RNG is to be added later on...
PR: 889
Submitted by: Michal Ludvig <michal@logix.cz>

Obtained from: http://www.logix.cz/michal/devel/padlock/
2004-08-02 21:48:11 +00:00
Richard Levitte
eb7bb58471 Let's lock a write lock when changing values, shall we?
Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk> for making
me aware of this error.
2004-08-02 14:15:07 +00:00
Andy Polyakov
c77094415f Cygwin fix-up for shared build. 2004-08-01 21:24:34 +00:00
Andy Polyakov
34413fca84 OpenBSD fix-up for new a.out targets. OpenBSD .s.o rule is busted... 2004-08-01 21:16:26 +00:00
Andy Polyakov
ec38ddc765 Clean-up GAS targets: get rid of "cpp" stuff and replace it with "purified"
COFF and a.out targets [similar to ELF targets]. You might notice some
rudementary support for shared mingw builds under cygwin. It works (it
produces cryptoeay32.dll and ssleay32.dll with everything exported by
name), but it's primarily for testing/debugging purposes, at least for
now...
2004-08-01 17:33:58 +00:00
Andy Polyakov
8aae01e223 Deprecate cpp and gaswin targets. New coff fills in for gaswin, but cpp is
going out...
2004-08-01 17:03:50 +00:00
Andy Polyakov
00555c2f2f DLLEntryPoint is a collective name, not what linker looks for. However,
if we explicitly intruct the linker to set entry point, then we become
obliged to initialize run-time library. Instead we can pick name run-time
will call and such name is DllMain. Note that this applies to both
"native" Win32 environment and Cygwin:-)
2004-08-01 14:27:43 +00:00
Richard Levitte
7f9c37457a To protect FIPS-related global variables, add locking mechanisms
around them.

NOTE: because two new locks are added, this adds potential binary
incompatibility with earlier versions in the 0.9.7 series.  However,
those locks will only ever be touched when FIPS_mode_set() is called
and after, thanks to a variable that's only changed from 0 to 1 once
(when FIPS_mode_set() is called).  So basically, as long as FIPS mode
hasn't been engaged explicitely by the calling application, the new
locks are treated as if they didn't exist at all, thus not becoming a
problem.  Applications that are built or rebuilt to use FIPS
functionality will need to be recompiled in any case, thus not being a
problem either.
2004-07-30 14:38:02 +00:00
Richard Levitte
88a8ae6aee We build the crypto stuff, not the ssl stuff, in this command procedure... 2004-07-29 22:26:03 +00:00
Richard Levitte
07d80f6f35 We build the crypto stuff, not the ssl stuff, in this command procedure... 2004-07-29 22:25:59 +00:00
Dr. Stephen Henson
e4c1c03c5b Add FIPS name to error library. 2004-07-27 00:20:41 +00:00
Dr. Stephen Henson
a25aca2943 Oops, wrong version... 2004-07-27 00:19:58 +00:00
Dr. Stephen Henson
48c524827b Add FIPS library name to error routines. 2004-07-27 00:19:18 +00:00
Andy Polyakov
ebaec63e3e This is so to say "damage control" for jumbo "cpuid" patch, see
http://cvs.openssl.org/chngview?cn=12493. Now all platform should
be operational, while SSE2 code pathes get engaged on ELF platforms
only.
2004-07-26 22:01:50 +00:00
Andy Polyakov
14e21f863a Add framework for yet another assembler module dubbed "cpuid." Idea
is to have a placeholder to small routines, which can be written only
in assembler. In IA-32 case this includes processor capability
identification and access to Time-Stamp Counter. As discussed earlier
OPENSSL_ia32cap is introduced to control recently added SSE2 code
pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the
code is operational on ELF platforms only. I haven't checked it yet,
but I have all reasons to believe that Windows build should fail to
link too. I'll be looking into it shortly...
2004-07-26 20:18:55 +00:00
Andy Polyakov
f10725a6e1 Zero key-length for HMAC is apparently OK. 2004-07-25 20:24:49 +00:00
Andy Polyakov
0f71b77d5c Make bio_ok.c Microsoft compiler savvy. 2004-07-25 20:13:30 +00:00
Andy Polyakov
d6bb6a88be Typos, typos... 2004-07-25 20:09:56 +00:00
Andy Polyakov
3205db2bfe Make bio_ok.c 64-bit savvy. 2004-07-25 19:37:41 +00:00
Andy Polyakov
6f86850eec Stricter boundary condition check in HMAC_Init_ex. 2004-07-25 19:25:05 +00:00
Andy Polyakov
16ab8a93bc Minor 64-bit md32_common.h update and minor unsignification of digests. 2004-07-25 19:10:43 +00:00
Andy Polyakov
fbf96849e9 Make SHA-256/-512 optional. Note that no-sha switches off *all* SHA. 2004-07-25 18:25:24 +00:00
Andy Polyakov
d70e2507f8 Some compilers are just too whiny. Nothing makes Microsoft compiler
stop complaining about loss of precision, but explicit cast.
2004-07-25 17:00:56 +00:00
Andy Polyakov
2fcf435d73 Some compilers are just too whiny. DEC C doesn't like long long... 2004-07-25 16:54:08 +00:00
Andy Polyakov
da2ee71de5 Typos and due casts. As for the latter. It's "safe" to cast as below,
because "wrong" casts will either be optimized away or never performed.
2004-07-25 16:48:28 +00:00
Andy Polyakov
33c3ecf741 Build-n-link new IA-64 modules on Linux and HP-UX. 2004-07-23 23:27:10 +00:00
Andy Polyakov
5bd4c26057 Various IA-64 assembler fix-ups. 2004-07-23 22:54:18 +00:00
Andy Polyakov
afe67fb28e Adapt rc4-amd64.pl for Win64/AMD64 assembler. 2004-07-23 17:51:17 +00:00
Richard Levitte
f744f92adb From LPlib:
Apparently, the length *including* the NUL byte should be used.

Contributed by Andy Polyakov <appro@fy.chalmers.se>
2004-07-22 18:34:06 +00:00
Richard Levitte
75f134c077 From LPlib:
Make a nicer comment, as we don't really know for sure that it's
really needed, and just want to play on the safe side.

Suggest by Andy Polyakov <appro@fy.chalmers.se>
2004-07-22 13:00:14 +00:00
Andy Polyakov
f1bdf1d518 #include <limits.h> is required at least on HP-UX and IRIX. And what's
with HP-UX offering 14 for NAME_MAX?
2004-07-22 10:53:26 +00:00
Andy Polyakov
d58caee734 EVP_Digest is size_t-fied, clean up test programs accordingly. 2004-07-22 10:25:52 +00:00
Andy Polyakov
e39c2548f5 Run SHA-256/-512 tests through EVP... 2004-07-22 10:21:13 +00:00
Andy Polyakov
8169dd73f9 All SIXTY_FOUR_BIT platforms (mind the difference between SIXTY_FOUR_BIT and
SIXTY_FOUR_BIT_LONG) were failing to pass 'cd test; make test_bn'.
2004-07-22 09:32:11 +00:00
Richard Levitte
765e231a7c From LPlib:
Some code beautification.

Change the macro CP_THREAD_ACP to CP_ACP, because the latter is more
widely defined.

Add a conditional macro definition in case FindFirstFile and
FindNextFile aren't properly defined (might happen on WinCE).

Suggested by Andy Polyakov <appro@fy.chalmers.se>
2004-07-21 21:16:21 +00:00
Dr. Stephen Henson
43894f9c0d When in FIPS mode write private keys in PKCS#8 and PBES2 format to
avoid use of prohibited MD5 algorithm.
2004-07-21 17:41:26 +00:00
Andy Polyakov
c6e27dcf31 Make rand_win.c UNICODE savvy. "Backport" from HEAD. 2004-07-21 17:18:53 +00:00
Andy Polyakov
89c53672c2 Make rand_win.c UNICODE savvy. 2004-07-21 17:17:30 +00:00
Richard Levitte
64ba6cf222 From LPlib:
Windows changes that detects if multibyte characters are available and
deals with them properly.

Contributed by Andy Polyakov <appro@fy.chalmers.se>
2004-07-20 21:24:43 +00:00
Richard Levitte
210a4f78ae Imported from LPlib, making sure the entry name (at least on Unix) is
NUL-teminated at all times, and that we don't make unneeded calls to
free().
2004-07-19 16:36:28 +00:00
Richard Levitte
334ef04949 Since version 7.0, The C RTL in VMS handles time in terms of UTC
instead of local time.
2004-07-19 07:50:43 +00:00
Richard Levitte
a47e836efe Since version 7.0, The C RTL in VMS handles time in terms of UTC
instead of local time.
2004-07-19 07:49:47 +00:00
Andy Polyakov
859ceeeb51 Anchor AES and SHA-256/-512 assembler from C. 2004-07-18 17:26:01 +00:00
Andy Polyakov
d0590fe6b2 Add anchors for AES, SHA-256/-512 assembler modules and SSE2 code pathes.
I also used this opportunity to clean up some out-of-date targets and
re-group targets by OS.
2004-07-18 16:19:34 +00:00
Andy Polyakov
370358dfb4 Sync with HEAD. Up to >20% overall performance improvement. 2004-07-17 13:27:38 +00:00
Andy Polyakov
2232b10f5a Add licensing terms. 2004-07-17 13:24:58 +00:00
Andy Polyakov
e34794dd1b IA-64 is intolerant to misaligned access. It was a problem on Win64 as
we were mislead by _MSC_VER macro, which is defined by *all* Windows
Microsoft compilers.
2004-07-17 12:55:55 +00:00
Andy Polyakov
a77b16abd4 IA-64 is intolerant to misaligned access. It was a problem on Win64 as
we were mislead by _MSC_VER macro, which is defined by *all* Windows
Microsoft compilers.
2004-07-17 12:54:54 +00:00
Geoff Thorpe
0210065bbd Quick fix.
Submitted by: Nils Larsch
2004-07-16 03:24:51 +00:00
Geoff Thorpe
7f5b4dd1e8 Using Horner's algorithm to evaluate the ec polynomial
(suggested by Adam Young <ayoung@cigital.com>)

Submitted by: Nils Larsch
2004-07-16 03:24:19 +00:00
Richard Levitte
901959c945 I think it could be a good thing to know what went wrong with the tests... 2004-07-12 12:25:56 +00:00
Richard Levitte
5906e8d5fe I think it could be a good thing to know what went wrong with the tests... 2004-07-12 12:25:54 +00:00
Richard Levitte
2b002273f3 'SSL_add_dir_cert_subjects_to_stack' is longer than 31 characters.
Lucky me, I had prepared for this :-).
2004-07-11 20:22:37 +00:00
Richard Levitte
15d155e45a o_dir needs to be compiler with the warnings about dollar signs in
identities disabled.
2004-07-11 20:21:56 +00:00
Richard Levitte
b0841348b6 In some cases, EVMSERR isn't visible (that's fairly new...).
Don't have a constant that you're going to assign to, that's just
plain stupid (I was the stupidhead here...).
2004-07-11 20:21:19 +00:00
Andy Polyakov
090e81d4aa Integration of RC4 AMD64 module. 2004-07-11 16:49:09 +00:00
Andy Polyakov
e4528e48e3 RC4 tune-up for AMD64. Performance improvement of 2.22x is measured for
linux-x86_64 target.
2004-07-11 16:44:07 +00:00
Richard Levitte
a2400fcab8 Copy a few files from LPlib (a new project of mine), add a wrapper.
Now we have directory reading capabilities for VMS as well, and all
of it in a fairly general manner.
2004-07-10 13:16:02 +00:00
Richard Levitte
5358bc44f4 o_str.c: Windows doesn't have <strings.h>, and since we use _strnicmp() and
_stricmp() on that platform, use the appropriate header file for it,
<string.h>.
o_str.h: we only want to get size_t, which is defined in <stddef.h>.

Philippe Bougeret <philippe.bougeret@freesbee.fr> notified us about Windows
not having a <strings.h>
2004-07-08 08:32:51 +00:00
Richard Levitte
dc56eb5079 o_str.c: Windows doesn't have <strings.h>, and since we use _strnicmp() and
_stricmp() on that platform, use the appropriate header file for it,
<string.h>.
o_str.h: we only want to get size_t, which is defined in <stddef.h>.

Philippe Bougeret <philippe.bougeret@freesbee.fr> notified us about Windows
not having a <strings.h>
2004-07-08 08:32:48 +00:00
Dr. Stephen Henson
a7f14cb4c6 Delta CRL support in extension code. 2004-07-06 17:26:33 +00:00
Dr. Stephen Henson
531b538df5 Ooops, missed part of PKCS#8 patch. 2004-07-06 17:25:11 +00:00
Dr. Stephen Henson
637ff35ef6 Delta CRL support in extension code. 2004-07-06 17:16:40 +00:00
Geoff Thorpe
ace3ebd661 Improve error handling if decompression of an ec point fails, and cleanup
ec_curve.c (unify comments, etc).

Submitted by: Nils Larsch
Reviewed by: Bodo Moeller, Geoff Thorpe
2004-07-06 15:50:04 +00:00
Dr. Stephen Henson
eea674567c Delete non-POSIX header file. 2004-07-04 16:48:27 +00:00
Dr. Stephen Henson
c39c32dd65 PKCS#8 fixes from stable branch. 2004-07-04 16:44:52 +00:00
Dr. Stephen Henson
49ede900fa Fix memory leak. 2004-07-04 16:36:58 +00:00
Andy Polyakov
80bbc9ceaf Minor (+12% on P4) performance tweak for sha512_block_sse2. 2004-07-01 11:29:00 +00:00
Andy Polyakov
51ce5230cd AES assembler implementation for IA-64. Note that there is no anchor from
C code yet...
2004-07-01 11:15:23 +00:00
Andy Polyakov
b6d8ba11e9 New SHA algorithms assembler implementation for IA-64. Note that despite
module name both SHA-256 and SHA-512 are supported.
2004-07-01 11:13:44 +00:00
Andy Polyakov
e2f2a9af2c New scalable bn_mul_add_words loop, which provides up to >20% overall
performance improvement. Make module more gcc friendly and clarify
copyright issues for division routine.
2004-07-01 11:10:38 +00:00
Richard Levitte
28a8003467 Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>.
PR: 499
2004-06-28 22:01:37 +00:00
Richard Levitte
83f22920c2 Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>.
PR: 499
2004-06-28 22:01:07 +00:00
Richard Levitte
47c1735acd NetWare fixes provided by Verdon Walker for OpenSSL 0.9.8-dev.
The changes have been mailed to <crypt@bis.doc.gov> as well.

PR: 903
2004-06-28 11:55:28 +00:00
Dr. Stephen Henson
fee38dcb9a Return an error if an attempt is made to encode or decode
cipher ASN1 parameters and the cipher doesn't support it.
2004-06-24 12:31:48 +00:00
Geoff Thorpe
d459e39012 Tidy up, including;
- Remove unused and unuseful debug cruft.
- Remove unnecessary 'top' fudging from BN_copy().
- Fix a potential memory leak and simplify the expansion logic in
  BN_bin2bn().

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-06-20 04:16:12 +00:00
Ben Laurie
b5e4469150 The version that was actually submitted for FIPS testing. 2004-06-19 13:15:35 +00:00
Geoff Thorpe
340f5856ec Incomplete initial sweep over the engine code. Mainly reducing some
comment-noise to managable levels and inverting the sense of the "uptodate"
boolean (which was counter-intuitive the way I'd left it).
2004-06-19 03:58:42 +00:00
Geoff Thorpe
df11e1e921 Deprecate unused cruft, and "make update". 2004-06-17 23:50:25 +00:00
Geoff Thorpe
1275c4569e Minor change to group like functions together. 2004-06-17 23:35:45 +00:00
Geoff Thorpe
afbe74d386 Actually, that last change to BN_get_word() was a little too simple. 2004-06-17 22:05:40 +00:00
Geoff Thorpe
f18ea6cae9 Get rid of signed/unsigned warnings, and teach CVS about new things to
ignore.
2004-06-17 20:28:28 +00:00
Geoff Thorpe
9088d5f24f As Nils put it;
Yet another question: some time ago you changed BN_set_word.
    Why didn't you change BN_get_word as well?

Quite. I'm also removing the older commented-out implementations to improve
readability. This complex stuff seems to date from a time when the types
didn't match up well.

Submitted by: Nils Larsch, Geoff Thorpe
2004-06-17 20:13:50 +00:00
Geoff Thorpe
cf9056cfda BN_div_word() was breaking when called from BN_bn2dec() (actually, this is
the only function that uses it) because it would trip up an assertion in
bn_div_words() when first invoked. This also adds BN_div_word() testing to
bntest.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-06-17 20:03:56 +00:00
Richard Levitte
f7fc4ca1dd Making some values explicitely unsigned was derived from ongoing work
that isn't yet committed.  It wasn't meant to be committed already, so
I'm removing it for now.
2004-06-15 12:52:26 +00:00
Richard Levitte
3e00d6c4bb Typo, setting the first element of nids[] to NULL instead of setting
*cnids.
2004-06-15 11:46:06 +00:00
Richard Levitte
132fc53223 Typo, setting the first element of nids[] to NULL instead of setting
*cnids.
2004-06-15 11:45:42 +00:00
Geoff Thorpe
b3b6720944 Correct the return codes for ecdsatest.
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-06-14 23:37:32 +00:00
Andy Polyakov
385c8e89f4 SHA fails to compile on x86_64 if compiled with custom flags, without
recommended -DMD32_REG_T=int in particular.
PR: 893
Submitted by: Michal Ludvig <michal-list@logix.cz>
2004-06-11 17:50:57 +00:00
Geoff Thorpe
9081980565 This fixes the installation target for dynamic engines, which was trying to
install to a different location than it had created. (BTW, VMS will need a
matching fix in eng_list.c.) Note, these aren't ssl-specific, so I'm
putting "engines/" into the libs directory rather than at the "--prefix"
level or inside "ssl/".
2004-06-01 03:18:58 +00:00
Andy Polyakov
057cfaf2f8 Extend HMAC_MAX_MD_CBLOCK to accomodate SHA-512. 2004-05-31 13:28:23 +00:00
Richard Levitte
914d36ba19 make update 2004-05-31 13:16:08 +00:00
Andy Polyakov
31c2ac1cdc EVP bindings to new SHA algorithms. 2004-05-31 13:14:08 +00:00
Andy Polyakov
6bca8e3886 objects.txt update for SHA-224/-256/-384/-512. SHA-224 ids still appear
"draft," but we have to start somewhere...

Submitted by: Nils Larsch <nlarsch@compuserve.de>
2004-05-31 13:07:19 +00:00
Andy Polyakov
31e9b9b2e9 Typo in commentary section. 2004-05-31 12:30:41 +00:00
Andy Polyakov
7997b13aa3 Final SHA-256/-512 touches. Extra md_len field in SHA[256|512]_CTX
reserves for truncated hash function output mode and makes SHA224
thread-safe. Next stop is integration with EVP and we're done...
2004-05-31 12:26:18 +00:00
Andy Polyakov
a2eb9688a4 Kill unused macro and reimplement it for that single context it can
actually be used, namely x86* platforms [because they don't bomb on
unaligned access]. This resulted in 30-40% [depending on message
length] improvement for SHA-256 compiled with gcc and running on P4.
In the lack of assembler implementation I give the compiler all the
help it can possibly get:-)
2004-05-31 12:06:27 +00:00
Richard Levitte
af2bf07404 SHA224_Update() and SHA224_Final() aren't implemented, and since
SHA224() uses SHA256_Update() and SHA256_Final() instead, let's just
create aliases in form of macros.

make update
2004-05-30 16:58:33 +00:00
Andy Polyakov
8d9fb0f04a gcc -Wcast-qual clean-up. 2004-05-29 19:11:29 +00:00
Andy Polyakov
674ee8b72d Make sure we return 0 if test passed. 2004-05-28 21:42:40 +00:00
Andy Polyakov
1809e858bb Eliminate compiler warnings and throw in performance table. 2004-05-28 10:15:58 +00:00
Andy Polyakov
da8348e938 SHA-224 test vectors added. 2004-05-27 19:46:07 +00:00
Richard Levitte
ef16f45081 Since num is now a size_t, it's not necssary to check for less than 0,
AND it avoids warnings on certain systems.
2004-05-27 09:20:42 +00:00
Richard Levitte
4d692e1ba0 Synchronise VMS with the Unixly Malefiles. 2004-05-26 17:05:51 +00:00
Richard Levitte
f2bfbcef76 make update 2004-05-25 09:41:00 +00:00
Andy Polyakov
63077bd40c SHA-256/-512 update. A bug fix, SHA-512 tune-up for AMD64, hook for SSE2
code, Makefile update.
2004-05-20 21:24:41 +00:00
Andy Polyakov
df364f1b00 Stress collector/padding function. 2004-05-20 21:20:19 +00:00
Andy Polyakov
bc767216d9 Final API adaptation. Final, "all openssl" performance numbers [not mixture
of different implementations]. Real-life performance improvement is rated
at 2-3x, not 6x as preliminary announced.
2004-05-20 21:18:09 +00:00
Dr. Stephen Henson
eda52e175a Delete obsolete and unimplemented function. 2004-05-19 17:05:02 +00:00
Richard Levitte
c4fc8b5bf4 X509_policy_lib_init is declared but not defined, so it raises havoc
when trying to build a shared library on VMS or Windows...
2004-05-19 14:19:51 +00:00
Richard Levitte
5affe206e1 Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation for
size_t-ification of those algorithms in future version of OpenSSL...
2004-05-19 14:16:33 +00:00
Geoff Thorpe
9c52d2cc75 After the latest round of header-hacking, regenerate the dependencies in
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
0f814687b9 Deprecate the recursive includes of bn.h from various API headers (asn1.h,
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Geoff Thorpe
298a2f9e58 Because of recent reductions in header interdependencies, these files need
to include crypto.h directly.
2004-05-17 19:01:15 +00:00
Geoff Thorpe
ac0d0a5ecd I can't verify this directly, but recent changes will probably require that
the cryptodev implementation include bn.h directly (when building with
OPENSSL_NO_DEPRECATED that is).
2004-05-17 18:58:47 +00:00
Geoff Thorpe
508999fa7d Deprecate some recursive includes from the store.h API header, and put back
required includes back via the internal header and str_lib.c.
2004-05-17 18:49:06 +00:00
Geoff Thorpe
210a21bc8d Reduce dependencies on crypto.h by moving the opaque definition of
CRYPTO_EX_DATA and the new/free/dup callback prototypes to ossl_typ.h.
2004-05-17 18:39:00 +00:00
Geoff Thorpe
678c1e025b Moving opaque definitions to ossl_typ.h lets us reduce header dependencies.
Deprecate inclusion of crypto.h from ui.h.
2004-05-17 18:01:28 +00:00
Andy Polyakov
1ab61a9179 Make reservations for FIPS code in HEAD branch, so that the moment FIPS
comes in we have required macros in place.
2004-05-17 15:49:13 +00:00
Andy Polyakov
1f4eccaaa5 Make reservations in FIPS code for upcoming size_t-fication of OpenSSL API.
And couple of bug-fixes in fips/rand code [return without lock release and
incorrect return value in fips_rand_bytes].
2004-05-17 15:37:26 +00:00
Geoff Thorpe
d6dda126b7 Make some more API types opaquely available from ossl_typ.h, meaning the
corresponding headers are only required for API functions or structure
details. This now includes the bignum types and BUF_MEM. Subsequent commits
will remove various dependencies on bn.h and buffer.h and update the
makefile dependencies.
2004-05-15 18:32:08 +00:00
Geoff Thorpe
7771b6c5b5 This file implements various functions that have since been redefined as
macros. I'm removing this from the NO_DEPRECATED build.
2004-05-15 18:26:15 +00:00
Ben Laurie
9ac9a29407 Fix self-tests, ban some things in FIPS mode, fix copyrights. 2004-05-15 17:51:26 +00:00
Andy Polyakov
9e0aad9fd6 size_t-fication of message digest APIs. We should size_t-fy more APIs... 2004-05-15 11:29:55 +00:00
Richard Levitte
1c7a0e2856 Reimplement old functions, so older software that link to libcrypto
don't crash and burn.
2004-05-14 17:56:30 +00:00
Richard Levitte
bac2e26a9e Reimplement old functions, so older software that link to libcrypto
don't crash and burn.
2004-05-14 17:55:59 +00:00
Richard Levitte
dbf2ac31c9 Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable. 2004-05-13 22:40:08 +00:00
Richard Levitte
abd23881c1 Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable. 2004-05-13 22:39:56 +00:00
Andy Polyakov
c842261b1b SHA-224/-256/-384/-512 implementation. This is just sheer code commit.
Makefile modifications, make test, etc. will appear later...
2004-05-13 13:48:33 +00:00
Ben Laurie
72d75ee206 Blow up in people's faces if they don't reseed. 2004-05-12 14:11:10 +00:00
Richard Levitte
49bc4c1023 make update 2004-05-12 10:17:15 +00:00
Richard Levitte
0e92f7738a Forgot to update the Makefile with the o_str stuff... 2004-05-12 10:17:02 +00:00
Richard Levitte
d529f2a8f7 The functions OPENSSL_strcasen?cmp() were forgotten when merging the
FIPS branch into this.  It's needed at least for certain OpenVMS
versions, and should really be used in a more general way.
2004-05-12 10:09:00 +00:00
Richard Levitte
90cce79346 Makefile.ssl changed name to Makefile. 2004-05-12 08:28:00 +00:00
Ben Laurie
3642f632d3 Pull FIPS back into stable. 2004-05-11 12:46:24 +00:00
Andy Polyakov
1e6bccc240 SSE2 SHA512_Transform implementation. No, it's not used anywhere yet and
is subject to change as C implementation is added...
2004-05-06 10:41:07 +00:00
Andy Polyakov
d3adc3d3ed SSE2 accelerated bn_mul_add_words. Code is currently disabled till proper
config and run-time support is added.
PR: 788
Submitted by: <dean@arctic.org>
Reviewed by: <appro>

Obtained from: http://arctic.org/~dean/crypto/rsa.html
2004-05-06 10:36:49 +00:00
Andy Polyakov
10e7d6d526 Support for IA-32 SSE2 instruction set. 2004-05-06 10:31:09 +00:00
Richard Levitte
430d7afd80 When the pointer 'from' changes, it's stored length needs to change as
well.

Notified by Frank Kardel <kardel@acm.org> in PR 879.
2004-05-06 09:33:22 +00:00
Richard Levitte
3b8ba6b610 When the pointer 'from' changes, it's stored length needs to change as
well.

Notified by Frank Kardel <kardel@acm.org> in PR 879.
2004-05-06 09:31:31 +00:00
Geoff Thorpe
ca982e4870 Fix realloc usage in ec_curve.c
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-05-04 20:08:55 +00:00
Geoff Thorpe
08e1cbc62c The new BN_CTX code makes this sort of abuse unnecessary. 2004-04-28 18:34:39 +00:00
Andy Polyakov
dd55880644 Improved PowerPC support. Proper ./config support for ppc targets,
especially for AIX. But most important BIGNUM assembler implementation
submitted by IBM.

Submitted by: Peter Waltenberg <pwalten@au1.ibm.com>
Reviewed by: appro
2004-04-27 22:05:50 +00:00
Dr. Stephen Henson
bd1640bb01 Make ASN1 code work again... 2004-04-27 18:33:40 +00:00
Geoff Thorpe
081991ac01 With the new dynamic BN_CTX implementation, there should be no need for
additional contexts.
2004-04-27 13:24:51 +00:00
Geoff Thorpe
8a85c341fe The problem of rsa key-generation getting stuck in a loop for (pointlessly)
small key sizes seems to result from the code continually regenerating the
same prime value once the range is small enough. From my tests, this change
fixes the problem by setting an escape velocity of 3 repeats for the second
of the two primes.

PR: 874
2004-04-26 15:38:44 +00:00
Geoff Thorpe
bcfea9fb25 Allow RSA key-generation to specify an arbitrary public exponent. Jelte
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
2004-04-26 15:31:35 +00:00
Dr. Stephen Henson
f3f52d7f45 More ASN1 reformat/tidy. 2004-04-25 12:46:39 +00:00
Dr. Stephen Henson
8845420f4e Reformat/tidy some of the ASN1 code. 2004-04-24 17:02:48 +00:00
Dr. Stephen Henson
d735c64905 Fix leak.
PR:870
2004-04-22 12:37:16 +00:00
Dr. Stephen Henson
6e308baf5a Fix memory leak.
PR:870
2004-04-22 12:33:03 +00:00
Geoff Thorpe
688791b22b Extend the index parameter checking from sk_value to sk_set(). Also tidy up
some similar code elsewhere.

Thanks to Francesco Petruzzi for bringing this to my attention.
2004-04-21 15:09:25 +00:00
Geoff Thorpe
8c521c7a34 Extend the index parameter checking from sk_value to sk_set(). Also tidy up
some similar code elsewhere.

Thanks to Francesco Petruzzi for bringing this to my attention.
2004-04-21 15:08:56 +00:00
Richard Levitte
863d2b196f Print the debug thingies on stderr instead of stdout. If for nothing
else then at least so bc doesn't have problems parsing the output from
bntest :-).
2004-04-20 10:57:07 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Geoff Thorpe
28ded31b97 More updates for the header cleanups (and apologies, again, for not having
consolidated these prior to committing).
2004-04-19 18:30:41 +00:00
Geoff Thorpe
60a938c6bc (oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Geoff Thorpe
3a87a9b9db Reduce header interdependencies, initially in engine.h (the rest of the
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
2004-04-19 17:46:04 +00:00
cvs2svn
462a286eeb This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2004-04-13 17:47:38 +00:00
Richard Levitte
a110d01771 Typo. "pa-rics2W" corrected to "pa-risc2W".
PR: 868
2004-04-02 12:39:54 +00:00
Geoff Thorpe
7ef7a1b3de Avoid undefined results when the parameter is out of range. 2004-04-02 06:25:53 +00:00
Geoff Thorpe
2749276b95 Avoid undefined results when the parameter is out of range. 2004-04-02 06:25:11 +00:00
Dr. Stephen Henson
b6a5fdb8a7 Don't use C++ reserved word. 2004-04-01 22:23:46 +00:00
Dr. Stephen Henson
ecf139917d New function X509_POLICY_NODE_print() 2004-03-31 12:17:24 +00:00
Richard Levitte
ab23d5ffda Add symbol hacks for some long names.
make update
2004-03-29 08:13:49 +00:00
Andy Polyakov
1a979201d5 This is essentially Intel 32-bit compiler tune-up. To start with all
available compiler versions generated bogus machine code trying to
compile new crypto/des/cfb_enc.c. Secondly, 8th version defines
__GNUC__ macro, but fails to compile *some* inline assembler correctly.
Note that all versions of icc implement MSC-like _lrot[rl] intrinsic,
which is used now instead of offensive asm. Finally, unnecessary linker
dependencies are eliminated. Most notably dependency from libirc.a
caused trouble at application start-up, if libcrypto.so is linked with
-Bsymbolic (which it is).
2004-03-28 21:27:47 +00:00
Dr. Stephen Henson
216659eb87 Enhance EVP code to generate random symmetric keys of the
appropriate form, for example correct DES parity.

Update S/MIME code and EVP_SealInit to use new functions.

PR: 700
2004-03-28 17:38:00 +00:00
Dr. Stephen Henson
5d6383c83f Make {i2v,v2i}_ASN1_BIT_STRING global.
make update
2004-03-28 12:40:11 +00:00
Dr. Stephen Henson
f36f469430 Obsolete files. 2004-03-28 12:29:53 +00:00
Dr. Stephen Henson
e07d3a021d Remove obsolete files. 2004-03-28 12:29:05 +00:00
Dr. Stephen Henson
e1a27eb34a Allow CRLs to be passed into X509_STORE_CTX. This is useful when the
verified structure can contain its own CRLs (such as PKCS#7 signedData).

Tidy up some of the verify code.
2004-03-27 22:49:28 +00:00
Dr. Stephen Henson
6446e0c3c8 Extend OID config module format. 2004-03-27 13:30:14 +00:00
Dr. Stephen Henson
beedea2fef Free up BIO properly when using streaming S/MIME sign. 2004-03-26 00:24:38 +00:00
Richard Levitte
0020502a07 SSL_COMP_get_compression_method is a typo (a missing 's' at the end of
the symbol name).
2004-03-25 21:32:30 +00:00
Richard Levitte
b7e3c73d7c Wrap code starting with a definition.
PR: 854
2004-03-25 20:01:08 +00:00
Richard Levitte
fd9fa844e2 Wrap code starting with a definition.
PR: 854
2004-03-25 20:01:01 +00:00
Richard Levitte
482c2acf02 Make prototypes for some callback pointers. 2004-03-25 16:21:42 +00:00
Richard Levitte
a481b4b52c A couple more cases where RAND_add() gets an integer instead of a
doule as last argument.
2004-03-25 16:04:02 +00:00
Richard Levitte
a87228031f RAND_add() wants a double as it's last argument. 2004-03-25 15:52:43 +00:00
Dr. Stephen Henson
b79c82eaab Fix loads of warnings in policy code.
I'll remember to try to compile this with warnings enabled next time :-)
2004-03-25 13:45:58 +00:00
Dr. Stephen Henson
69d1d5e6ce Fix ASN1 warnings. 2004-03-25 13:37:02 +00:00
Geoff Thorpe
c86f2054f3 Adjust various bignum functions to use BN_CTX for variables instead of
locally initialising their own.

NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near
future.
2004-03-25 04:32:24 +00:00
Geoff Thorpe
5c98b2caf5 Replace the BN_CTX implementation with my current work. I'm leaving the
little TODO list in there as well as the debugging code (only enabled if
BN_CTX_DEBUG is defined).

I'd appreciate as much review and testing as can be spared for this. I'll
commit some changes to other parts of the bignum code shortly to make
better use of this implementation (no more fixed size limitations). Note
also that under identical optimisations, I'm seeing a noticable speed
increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
systems would also be most welcome.
2004-03-25 04:16:14 +00:00
Geoff Thorpe
5148710994 Adds warnings about two curves and fixes the "seed" value for two other
curves.

Submitted by: Nils Larsch
2004-03-25 03:03:52 +00:00
Geoff Thorpe
ea77fc3380 ... and this should likewise fix up those RSA implementations that weren't
already built and tested.
2004-03-25 02:55:17 +00:00
Geoff Thorpe
46ef873f0b By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.

This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.
2004-03-25 02:52:04 +00:00
Geoff Thorpe
2d2a5ba32a Damn, I was a bit hasty with my fix and hadn't spotted the linker
dependency from asn1.
2004-03-25 02:41:35 +00:00
Geoff Thorpe
2bd4e3379f Remove some warnings. 2004-03-25 02:24:38 +00:00
Geoff Thorpe
032c3ecb18 Protect against gcc's "warning: cast does not match function type". 2004-03-25 02:19:42 +00:00
Dr. Stephen Henson
a0cac0ff75 Make S/MIME encrypt work again. 2004-03-25 00:57:23 +00:00
Richard Levitte
817089b66d Don't define fd for platforms that do not use it, as some may not declare fileno() properly 2004-03-24 10:55:50 +00:00
Richard Levitte
e703b46598 Don't define fd for platforms that do not use it, as some may not declare fileno() properly 2004-03-24 10:55:48 +00:00
Richard Levitte
0fa793bc7b Correct constness problems. 2004-03-24 10:50:42 +00:00
Richard Levitte
5c42f62e48 Only build the PKCS#7 test applications if "pkcs7" is present in
SDIRS.
2004-03-24 10:48:50 +00:00
Richard Levitte
a08e05d1be Add store.h among the exported headers on VMS. 2004-03-24 09:52:16 +00:00
Richard Levitte
a0b5ebeac6 Typo... 2004-03-24 09:40:59 +00:00
Richard Levitte
8ee18dd520 Make sure toupper() is properly declared. 2004-03-24 09:40:23 +00:00
Richard Levitte
e725a9660b make update 2004-03-23 15:06:33 +00:00
Richard Levitte
d7eed1929b Sync the VMS build with Unix. 2004-03-23 14:50:16 +00:00
Dr. Stephen Henson
4acc3e907d Initial support for certificate policy checking and evaluation.
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
2004-03-23 14:14:35 +00:00
Richard Levitte
27bf518087 Remove a warning for conversion double->long. This has impacts on Windows.
PR: 849
2004-03-21 22:39:59 +00:00
Richard Levitte
ec5d8a54e9 Remove a warning for conversion double->long. This has impacts on Windows.
PR: 849
2004-03-21 22:39:52 +00:00
Richard Levitte
96a99d63c2 Make sure fd is defined where it should.
PR: 849
2004-03-21 22:36:30 +00:00
Richard Levitte
18a6333180 Make sure fd is defined where it should.
PR: 849
2004-03-21 22:36:27 +00:00
Geoff Thorpe
e042540f6b Variety of belt-tightenings in the bignum code. (Please help test this!)
- Remove some unnecessary "+1"-like fudges. Sizes should be handled
  exactly, as enlarging size parameters causes needless bloat and may just
  make bugs less likely rather than fixing them: bn_expand() macro,
  bn_expand_internal(), and BN_sqr().
- Deprecate bn_dup_expand() - it's new since 0.9.7, unused, and not that
  useful.
- Remove unnecessary zeroing of unused bytes in bn_expand2().
- Rewrite BN_set_word() - it should be much simpler, the previous
  complexities probably date from old mismatched type issues.
- Add missing bn_check_top() macros in bn_word.c
- Improve some degenerate case handling in BN_[add|sub]_word(), add
  comments, and avoid a bignum expansion if an overflow isn't possible.
2004-03-17 17:36:54 +00:00
Mark J. Cox
494593845c After tagging 2004-03-17 12:03:38 +00:00
Mark J. Cox
82d63d3028 Fix null-pointer assignment in do_change_cipher_spec() revealed
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
(CAN-2004-0112)
Ready for 0.9.7d build

Submitted by: Steven Henson
Reviewed by: Joe Orton
Approved by: Mark Cox
2004-03-17 12:01:19 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Richard Levitte
95475b1c7a As in 0.9.8-dev, make sure we use unsigned constants, or some
compilers may complain.
2004-03-15 23:06:59 +00:00
Richard Levitte
ec37635c94 It was just pointed out to me that it's better to cast to double... 2004-03-15 23:02:55 +00:00
Richard Levitte
fd836aeee0 Make sure that the last argument to RAND_add() is a float, or some
compilers may complain.
2004-03-15 22:37:08 +00:00
Richard Levitte
560f7abb7e Make sure we use unsigned constants, or come compilers may complain. 2004-03-15 22:33:19 +00:00