Commit graph

1242 commits

Author SHA1 Message Date
Dr. Stephen Henson
64674bcc8c Reduce chances of issuer and serial number duplication by use of random
initial serial numbers.

PR: 842
2004-04-20 12:05:26 +00:00
Geoff Thorpe
3a87a9b9db Reduce header interdependencies, initially in engine.h (the rest of the
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
2004-04-19 17:46:04 +00:00
Dr. Stephen Henson
bf5773fa2d Oops forgot CHANGES entry. 2004-03-31 12:55:33 +00:00
Dr. Stephen Henson
216659eb87 Enhance EVP code to generate random symmetric keys of the
appropriate form, for example correct DES parity.

Update S/MIME code and EVP_SealInit to use new functions.

PR: 700
2004-03-28 17:38:00 +00:00
Dr. Stephen Henson
e1a27eb34a Allow CRLs to be passed into X509_STORE_CTX. This is useful when the
verified structure can contain its own CRLs (such as PKCS#7 signedData).

Tidy up some of the verify code.
2004-03-27 22:49:28 +00:00
Dr. Stephen Henson
6446e0c3c8 Extend OID config module format. 2004-03-27 13:30:14 +00:00
Geoff Thorpe
5c98b2caf5 Replace the BN_CTX implementation with my current work. I'm leaving the
little TODO list in there as well as the debugging code (only enabled if
BN_CTX_DEBUG is defined).

I'd appreciate as much review and testing as can be spared for this. I'll
commit some changes to other parts of the bignum code shortly to make
better use of this implementation (no more fixed size limitations). Note
also that under identical optimisations, I'm seeing a noticable speed
increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
systems would also be most welcome.
2004-03-25 04:16:14 +00:00
Geoff Thorpe
46ef873f0b By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.

This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.
2004-03-25 02:52:04 +00:00
Dr. Stephen Henson
4acc3e907d Initial support for certificate policy checking and evaluation.
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
2004-03-23 14:14:35 +00:00
Geoff Thorpe
7f663ce430 Note my bignum hijinx in case app maintainers are using CHANGES for their
porting efforts. Also, add Richard's name to the prior change.
2004-03-17 18:30:47 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Geoff Thorpe
b6358c89a1 Convert openssl code not to assume the deprecated form of BN_zero().
Remove certain redundant BN_zero() initialisations, because BN_CTX_get(),
BN_init(), [etc] already initialise to zero.

Correct error checking in bn_sqr.c, and be less wishy-wash about how/why
the result's 'top' value is set (note also, 'max' is always > 0 at this
point).
2004-03-13 23:57:20 +00:00
Geoff Thorpe
9e051bac13 Document a change I'd already made, and at the same time, correct the
change to work properly; BN_zero() should set 'neg' to zero as well as
'top' to match the behaviour of BN_new().
2004-03-13 22:10:15 +00:00
Dr. Stephen Henson
edec614efd Support for inhibitAnyPolicy extension. 2004-03-08 13:56:31 +00:00
Dr. Stephen Henson
bc50157010 Various X509 fixes. Disable broken certificate workarounds
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
2004-03-05 17:16:35 +00:00
Dr. Stephen Henson
dc90f64d56 Use an OCTET STRING for the encoding of an OCSP nonce value.
The old raw format can't be handled by some implementations
and updates to RFC2560 will make this mandatory.
2004-02-19 18:16:38 +00:00
Dr. Stephen Henson
d4575825f1 Add flag to avoid continuous
memory allocate when calling EVP_MD_CTX_copy_ex().

Without this HMAC is several times slower than
< 0.9.7.
2004-02-01 13:39:51 +00:00
Dr. Stephen Henson
cd2e8a6f2d Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). 2003-11-10 01:37:23 +00:00
Geoff Thorpe
d870740cd7 Put the first stage of my bignum debugging adventures into CVS. This code
is itself experimental, and in addition may cause execution to break on
existing openssl "bugs" that previously were harmless or at least
invisible.
2003-11-04 22:54:49 +00:00
Geoff Thorpe
2ce90b9b74 BN_CTX is opaque and the static initialiser BN_CTX_init() is not used
except internally to the allocator BN_CTX_new(), as such this deprecates
the use of BN_CTX_init() in the API. Moreover, the structure definition of
BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.

NDEBUG should probably only be "forced" in the top-level configuration, but
until it is I will avoid removing it from bn_ctx.c which might surprise
people with massive slow-downs in their keygens. So I've left it in
bn_ctx.c but tidied up the preprocessor logic a touch and made it more
tolerant of debugging efforts.
2003-10-29 18:04:37 +00:00
Geoff Thorpe
8dc344ccbf Relax some over-zealous constification that gave some lhash-based code no
choice but to have to cast away "const" qualifiers from their prototypes.
This does not remove constification restrictions from hash/compare
callbacks, but allows destructor commands to be run over a tables' elements
without bad casts.
2003-10-29 04:57:05 +00:00
Geoff Thorpe
0991f07034 For whatever reason (compiler or header bugs), at least one commonly-used
linux system (namely mine) chokes on our definitions and uses of the "HZ"
symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast"
(when in fact there is no function casting involved at all). In both cases,
it is easily worked around by not defining a cast into the macro and
jiggling the expressions slightly.

In addition - this highlights some cruft in openssl that needs sorting out.
The tmdiff.h header is exported as part of the openssl API despite the fact
that it is ugly as the driven sludge and not used anywhere in the library,
applications, or utilities. More weird still, almost identical code exists
in apps/speed.c though it looks to be slightly tweaked - so either tmdiff
should be updated and used by speed.c, or it should be dumped because it's
obviously not useful enough.

Rather than removing it for now, I've changed the API for tmdiff to at
least make sense. This involves taking the object type (MS_TM) from the
implementation and using it in the header rather than using "char *" in the
API and casting mercilessly in the code (ugh). If someone doesn't like
"MS_TM" and the "ms_time_***" naming, by all means change it. This should
be a harmless improvement, because the existing API is clearly not very
useful (eg. we reimplement it rather than using it in our own utils).

However, someone still needs to take a hack at consolidating speed.c and
tmdiff.[ch] somehow.
2003-10-29 04:40:13 +00:00
Geoff Thorpe
2aaec9cced Update any code that was using deprecated functions so that everything builds
and links with OPENSSL_NO_DEPRECATED defined.
2003-10-29 04:14:08 +00:00
Geoff Thorpe
9d473aa2e4 When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should
be) precompiled out in the API headers. This change is to ensure that if
it is defined when compiling openssl, the deprecated functions aren't
implemented either.
2003-10-29 04:06:50 +00:00
Dr. Stephen Henson
c5a5546389 Add support for digested data PKCS#7 type. 2003-10-11 22:11:45 +00:00
Dr. Stephen Henson
8d9086dfa2 New function to initialize a PKCS7 structure of type other. 2003-10-10 23:40:47 +00:00
Dr. Stephen Henson
caf044cb3e Retrieve correct content to sign when the
type is "other".
2003-10-10 23:25:43 +00:00
Dr. Stephen Henson
2990244980 ASN1 parse fix and release file changes. 2003-09-30 16:47:33 +00:00
Ralf S. Engelschall
6bd27f8644 Fix prime generation loop in crypto/bn/bn_prime.pl by making
sure the loop does correctly stop and breaking ("division by zero")
modulus operations are not performed. The (pre-generated) prime
table crypto/bn/bn_prime.h was already correct, but it could not be
re-generated on some platforms because of the "division by zero"
situation in the script.
2003-09-25 13:57:58 +00:00
Bodo Möller
a907751350 certain changes have to be listed twice in this file because OpenSSL
0.9.6h forked into 0.9.6i and 0.9.7 ...
2003-09-04 12:52:56 +00:00
Dr. Stephen Henson
560dfd2a02 New -ignore_err option in ocsp application to stop the server
exiting on the first error in a request.
2003-09-03 23:56:01 +00:00
Dr. Stephen Henson
14f3d7c5cc Only accept a client certificate if the server requests
one, as required by SSL/TLS specs.
2003-09-03 23:47:34 +00:00
Bodo Möller
968766cad8 updates for draft-ietf-tls-ecc-03.txt
Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller
2003-07-22 12:34:21 +00:00
Bodo Möller
652ae06bad add test for secp160r1
add code for kP+lQ timings

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
Reviewed by: Bodo Moeller
2003-07-22 10:39:10 +00:00
Bodo Möller
ddc38679ce tolerate extra data at end of client hello for SSL 3.0
PR: 659
2003-07-21 15:17:46 +00:00
Bodo Möller
02e0559477 fix: 0.9.7 is based on 0.9.6h, not on 0.9.6k
typo in 0.9.6k section
2003-07-21 15:08:01 +00:00
Richard Levitte
cf9a88cad7 Document the last change.
PR: 587
2003-06-19 19:04:13 +00:00
Richard Levitte
4f1cd8324c Prepare for changes in the 0.9.6 branch 2003-06-19 19:01:05 +00:00
Richard Levitte
ed7f1d0bc6 Prepare for changes in the 0.9.6 branch 2003-06-19 18:59:27 +00:00
Richard Levitte
e666c4599f Add the possibility to have symbols loaded globally with DSO. 2003-06-11 22:42:28 +00:00
Richard Levitte
54f6451670 Add functionality to set marks on the error stack and to pop all errors to the next mark. 2003-06-11 20:49:58 +00:00
Richard Levitte
a069460015 Document the AES_cbc_encrypt() change 2003-06-10 04:42:38 +00:00
Dr. Stephen Henson
63b815583b Update CHANGES to reflect base64 fix added to 0.9.7 2003-06-03 00:16:47 +00:00
Dr. Stephen Henson
beab098d53 Various S/MIME bug and compatibility fixes. 2003-06-01 20:51:58 +00:00
Richard Levitte
3bbb0212f3 Add STORE support in ENGINE. 2003-05-01 03:57:46 +00:00
Richard Levitte
a5db6fa576 Define a STORE type. For documentation, read the entry in CHANGES,
crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h.
2003-05-01 03:53:12 +00:00
Richard Levitte
535fba4907 Define the OPENSSL_ITEM structure. 2003-05-01 03:45:18 +00:00
Richard Levitte
1ae0a83bdd Add BUF_strndup() and BUF_memdup(). Not currently used, but I've code
that uses them that I'll commit in a few days.
2003-04-29 22:08:57 +00:00
Richard Levitte
9d6c32d6d1 Correct documentation. sk_find_ex() doesn't return a pointer, it
returns an index.
2003-04-29 20:31:58 +00:00
Richard Levitte
ea5240a5ed Add an extended variant of OBJ_bsearch() that can be given a few
flags.
2003-04-29 20:25:21 +00:00
Bodo Möller
7a04fdd87f include 'Changes between 0.9.6i and 0.9.6j' 2003-04-11 15:03:12 +00:00
Richard Levitte
16b1b03543 Implement self-signing in 'openssl ca'. This makes it easier to have
the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.
2003-04-03 22:33:59 +00:00
Richard Levitte
e6526fbf4d Add functionality to help making self-signed certificate. 2003-04-03 22:27:24 +00:00
Richard Levitte
f85b68cd49 Make it possible to have multiple active certificates with the same
subject.
2003-04-03 16:33:03 +00:00
Bodo Möller
5679bcce07 make RSA blinding thread-safe 2003-04-02 09:50:22 +00:00
Dr. Stephen Henson
1a15c89988 Multi valued AVA support. 2003-03-30 01:51:16 +00:00
Dr. Stephen Henson
520b76ffd9 Support for name constraints. 2003-03-24 17:04:44 +00:00
Dr. Stephen Henson
f80153e20b Support for policy constraints. 2003-03-21 16:26:20 +00:00
Bodo Möller
c554155b58 make sure RSA blinding works when the PRNG is not properly seeded;
enable it automatically for the built-in engine
2003-03-20 17:31:30 +00:00
Dr. Stephen Henson
a1d12daed2 Support for policyMappings 2003-03-20 17:26:44 +00:00
Bodo Möller
02da5bcd83 countermeasure against new Klima-Pokorny-Rosa atack 2003-03-19 19:19:53 +00:00
Geoff Thorpe
bba2cb3ada Fix a bone-head bug. This warrants a CHANGES entry because it could affect
applications if they were passing a bogus 'flags' parameter yet having
things work as they wanted anyway.
2003-03-13 20:28:42 +00:00
Geoff Thorpe
879650b866 The default implementation of DSA_METHOD has an interdependence on the
dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and
dsa_sign_setup(). When another DSA_METHOD implementation does not define
these lower-level handlers, it becomes impossible to do a fallback to
software on errors using a simple DSA_OpenSSL()->fn(key).

This change allows the default DSA_METHOD to function in such circumstances
by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist,
otherwise using BIGNUM implementations directly (which is what those
handlers did before this change). There should be no noticable difference
for the software case, or indeed any custom case that didn't already
segfault, except perhaps that there is now one less level of indirection in
all cases.

PR: 507
2003-03-11 01:49:21 +00:00
Bodo Möller
176f31ddec - new ECDH_compute_key interface (KDF is no longer a fixed built-in)
- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary
2003-02-28 15:37:10 +00:00
Dr. Stephen Henson
f0dc08e656 Support for dirName from config files in GeneralName extensions. 2003-02-27 01:54:11 +00:00
Dr. Stephen Henson
e9ec63961b Fix indefinite length encoding so EOC correctly updates
the buffer pointer.

Rename PKCS7_PARTSIGN to PKCS7_STREAM.

Guess what that's for :-)
2003-02-25 19:03:31 +00:00
Ulf Möller
63ff3e83fc Add instructions for building the MinGW target in Cygwin, and
rearrange some of the other text for better readability.
2003-02-22 23:03:42 +00:00
Richard Levitte
132eaa59da Allow building applications against static libraries with Makefile.shared. 2003-02-22 14:41:34 +00:00
Dr. Stephen Henson
5562cfaca4 Base64 bio fixes. The base64 bio was seriously broken
when reading from a non blocking BIO.

It would incorrectly interpret retries as EOF, incorrectly
buffer initial data and have no buffering at all after initial
data (data would be sent one byte at a time to EVP_DecodeUpdate).
2003-02-22 02:12:52 +00:00
Richard Levitte
5b0b0e98ce Security fix: Vaudenay timing attack on CBC.
An advisory will be posted to the web.  Expect a release within the hour.
2003-02-19 12:03:59 +00:00
Richard Levitte
758f942b88 Make the no-err option work properly 2003-02-18 12:14:57 +00:00
Dr. Stephen Henson
27068df7e0 Single pass processing to cleartext S/MIME signing. 2003-02-15 00:50:55 +00:00
Richard Levitte
b7bbac72c4 Add support for IA64.
PR: 454
2003-02-14 13:30:35 +00:00
Richard Levitte
2d3de726c5 Add full support for -rpath/-R, both in shared libraries and
applications, at least on the platforms where it's known how
to do it.

Note: this has only been tested on GNU-based platforms (Linux), and
needs to be tested on all others.  Additionally, it's not yet
supported on the following platforms, for lack of information:

Darwin (MacOS X)
Cygwin
OSF1/Alpha
SVR3
ReliantUNIX

Please help out with testing and the platforms we don't yet know well
enough.
2003-02-13 23:52:54 +00:00
Richard Levitte
9ec1d35f29 Adjust DES_cbc_cksum() so the returned value is the same as MIT's
mit_des_cbc_cksum().  The difference was first observed, then verified by
looking at the MIT source.
2003-02-12 17:20:39 +00:00
Dr. Stephen Henson
cf56663fb7 Option to disable SSL auto chain build 2003-02-12 17:06:02 +00:00
Bodo Möller
8537943e8b first section is now "Changes between 0.9.7a and 0.9.8", not "... 0.9.7 and 0.9.8" 2003-02-11 16:42:30 +00:00
Bodo Möller
24893ca999 typo 2003-02-06 19:32:06 +00:00
Bodo Möller
37c660ff9b implement fast point multiplication with precomputation
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2003-02-06 19:25:12 +00:00
Dr. Stephen Henson
4e5d3a7f98 IPv6 display and input support for extensions usingh GeneralName. 2003-02-05 00:34:31 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:39:26 +00:00
Geoff Thorpe
96f7065f63 Summarise the last couple of commits. 2003-01-30 15:52:40 +00:00
Bodo Möller
c1862f9136 consistency 2003-01-24 22:28:32 +00:00
Dr. Stephen Henson
d3b5cb5343 Check return value of gmtime() and add error codes
where it fails in ASN1_TIME_set().

Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.

Clear error queue in req.c if *_min or *_max is absent.
2003-01-24 01:12:01 +00:00
Lutz Jänicke
a74333f905 Fix initialization sequence to prevent freeing of unitialized objects.
Submitted by: Nils Larsch <nla@trustcenter.de>

PR: 459
2003-01-15 14:54:59 +00:00
Lutz Jänicke
8ec16ce711 Really fix SSLv2 session ID handling
PR: 377
2003-01-15 09:51:22 +00:00
Geoff Thorpe
0e4aa0d2d2 As with RSA, which was modified recently, this change makes it possible to
override key-generation implementations by placing handlers in the methods
for DSA and DH. Also, parameter generation for DSA and DH is possible by
another new handler for each method.
2003-01-15 02:01:55 +00:00
Richard Levitte
04aff67de4 Merge from 0.9.7-stable. 2003-01-13 17:16:25 +00:00
Bodo Möller
9d5390a049 document BN_GENCB API by adding an example 2003-01-13 13:44:20 +00:00
Richard Levitte
afd41c9fc7 Add better support for FreeBSD on non-x86 machines.
Add specific support for FreeBSD on sparc64.
PR: 427
2003-01-12 04:43:44 +00:00
Richard Levitte
4a9476dd8d When preparing a separate build tree, don't make softlinks to softlinks.
Add instructions in INSTALL, for easy access.
PR: 437
2003-01-10 10:56:14 +00:00
Richard Levitte
7a1c6aa2a3 It's rather silly to believe we'd release 0.9.7a in 2002 :-).
It's even more silly to pretend we know which year 0.9.8 will be
released.
2002-12-31 01:00:06 +00:00
Richard Levitte
948dcdb81b Merge in changes from 0.9.7-stable. 2002-12-31 00:02:10 +00:00
Richard Levitte
08101d72ce Merge in changes from 0.9.7-stable. 2002-12-30 23:56:09 +00:00
Lutz Jänicke
21cde7a41c Fix wrong handling of session ID in SSLv2 client code.
PR: 377
2002-12-29 20:59:35 +00:00
Richard Levitte
9cd16b1dea We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies,
and then didn't support it very well.  And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
2002-12-19 22:10:12 +00:00
Richard Levitte
a1457874c6 OK, there's at least one application author who has provided dynamic locking
callbacks
2002-12-13 07:30:53 +00:00
Richard Levitte
14676ffcd6 Document the modifications in 0.9.7 that will make the hw_ncipher.c
engine work properly even in bad situations.
2002-12-12 17:40:15 +00:00
Richard Levitte
fdaea9ed2e Since it's defined in draft-ietf-tls-compression-04.txt, let's make
ZLIB a known compression method, with the identity 1.
2002-12-08 09:31:41 +00:00
Geoff Thorpe
e9224c7177 This is a first-cut at improving the callback mechanisms used in
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
2002-12-08 05:24:31 +00:00