Bodo Möller [Thu, 30 Nov 2000 23:41:58 +0000 (23:41 +0000)]
COMP_zlib should always be declared, even if it is not functional.
Don't dump core in ssltest.
Bodo Möller [Thu, 30 Nov 2000 22:58:27 +0000 (22:58 +0000)]
Fix the recently introduced test that checks if the result is 0
Richard Levitte [Thu, 30 Nov 2000 22:53:34 +0000 (22:53 +0000)]
First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>
Bodo Möller [Thu, 30 Nov 2000 22:34:57 +0000 (22:34 +0000)]
Fix BN_rshift, which caused lots of trouble.
Bodo Möller [Thu, 30 Nov 2000 21:03:13 +0000 (21:03 +0000)]
Remove randomness from the test. These constants give me a segment
violation in test_kron on a 32 bit system.
Bodo Möller [Thu, 30 Nov 2000 20:03:24 +0000 (20:03 +0000)]
BN_mod_exp(r,a,p,m,ctx) should not be called with r == p.
But even if this is avoided, there are still segmentation violations
(during one of the BN_free()s at the end of test_kron
in some cases, in other cases during BN_kronecker, or
later in BN_sqrt; choosing a different exponentiation
algorithm in bntest.c appears to influence when the SIGSEGV
takes place).
Bodo Möller [Thu, 30 Nov 2000 19:35:51 +0000 (19:35 +0000)]
It's "#elif", not "#elsif".
Richard Levitte [Thu, 30 Nov 2000 17:41:01 +0000 (17:41 +0000)]
A few bug fixes for Windows.
Bodo Möller [Thu, 30 Nov 2000 17:35:17 +0000 (17:35 +0000)]
Changes to Lenka's Montgomery implementation.
Submitted by: Lenka Fibikova
Richard Levitte [Thu, 30 Nov 2000 13:04:14 +0000 (13:04 +0000)]
New format for the FAQ. We now have different sections for different
types of questions. Hopefully, that'll make them easier to spot, and
specially, easier to refer to.
Bodo Möller [Thu, 30 Nov 2000 12:53:53 +0000 (12:53 +0000)]
Corrections to the comments in BN_mod_inverse.
Richard Levitte [Thu, 30 Nov 2000 12:53:15 +0000 (12:53 +0000)]
The compression method may be undefined for some reason that has
generated errors. Therefore, print whatever error there may be...
Richard Levitte [Thu, 30 Nov 2000 12:22:35 +0000 (12:22 +0000)]
Simplify and provide the possibility to clean a compression method.
Richard Levitte [Thu, 30 Nov 2000 12:21:33 +0000 (12:21 +0000)]
comp_methods in a SSL_CTX points at an internal database. Do *not*
free that, since it's shared by all SSL_CTX's, present and future.
Richard Levitte [Thu, 30 Nov 2000 12:19:54 +0000 (12:19 +0000)]
Turn off memory checking when loading new compression algorithms.
Richard Levitte [Thu, 30 Nov 2000 12:18:10 +0000 (12:18 +0000)]
COMP_METHOD has a new argument since some time back...
Richard Levitte [Thu, 30 Nov 2000 11:57:31 +0000 (11:57 +0000)]
Make it possible to test SSL compression
Richard Levitte [Thu, 30 Nov 2000 11:56:00 +0000 (11:56 +0000)]
Change c_zlib further to allow loading a shared zlib on all operating
systems where such an operation is supported.
Bodo Möller [Thu, 30 Nov 2000 11:47:04 +0000 (11:47 +0000)]
BN_mod_exp problems ...
Richard Levitte [Thu, 30 Nov 2000 10:25:45 +0000 (10:25 +0000)]
Changes to c_zlib.c to make ZLIB.DLL dynamically loadable under
Windows. Really, this should probably be done on Unix as well, but
that will be a later story...
Bodo Möller [Thu, 30 Nov 2000 09:45:26 +0000 (09:45 +0000)]
Move reduction step from BN_mod_exp to BN_mod_exp_mont_word.
Fix BN_mod_exp_simple for a==0 (mod m).
Skip useless round in BN_mod_sqrt (1 is always a square, no need
to test BN_kronecker for it).
Geoff Thorpe [Thu, 30 Nov 2000 01:34:26 +0000 (01:34 +0000)]
* Fix a slight bug in the state-machine. This caused the client end of a
tunnel to not pro-actively close down when failing an SSL handshake.
* Change the cert-chain callback - originally this was the same one used in
s_client and s_server but the output's as ugly as sin, so I've prettied
tunala's copy output up a bit (and made the output level configurable).
* Remove the superfluous "errors" from the SSL state callback - these are just
non-blocking side-effects.
Bodo Möller [Thu, 30 Nov 2000 00:43:41 +0000 (00:43 +0000)]
bn_modfs.c is no longer needed, a BN_sqrt implementation
exists in bn_sqrt.c now
Bodo Möller [Thu, 30 Nov 2000 00:37:49 +0000 (00:37 +0000)]
Fix bntest.c problem -- one of the primes got lost
Bodo Möller [Thu, 30 Nov 2000 00:33:18 +0000 (00:33 +0000)]
Handle special cases correctly in exponentation functions.
test_bn still fails in the BN_sqrt test because
small primes appear to turn into zero for no
obvious reason, leading to "div by zero" errors.
Bodo Möller [Thu, 30 Nov 2000 00:20:20 +0000 (00:20 +0000)]
BN_mod_sqrt
Bodo Möller [Thu, 30 Nov 2000 00:18:19 +0000 (00:18 +0000)]
BN_sqrt
Ulf Möller [Wed, 29 Nov 2000 22:37:14 +0000 (22:37 +0000)]
Add a warning about the usage of the montgomery functions (if the inputs
are not reduced modulo m, the outputs won't be either).
Geoff Thorpe [Wed, 29 Nov 2000 20:02:00 +0000 (20:02 +0000)]
Amend the original CHANGES log entry. The ex_data handling has been
similarly modified now on DH and DSA.
Bodo Möller [Wed, 29 Nov 2000 19:59:59 +0000 (19:59 +0000)]
BN_legendre is no longer needed now that OpenSSL has BN_kronecker.
Geoff Thorpe [Wed, 29 Nov 2000 19:59:45 +0000 (19:59 +0000)]
Do to DH and DSA what has already been done to RSA. This involves moving
the initialisation and cleanup of "ex_data" elements to before an init()
handler and after a finish() handler respectively.
Bodo Möller [Wed, 29 Nov 2000 19:29:47 +0000 (19:29 +0000)]
mark a bug
Bodo Möller [Wed, 29 Nov 2000 19:26:33 +0000 (19:26 +0000)]
Fix BN_kronecker so that it works correctly if 'a' is negative
(we need the two's complement of BN_lsw then).
Geoff Thorpe [Wed, 29 Nov 2000 19:22:54 +0000 (19:22 +0000)]
More little changes to the tunala demo;
* A little bit of code-cleanup
* Reformat the usage string (not so wide)
* Allow adding an alternative (usually DSA) cert/key pair (a la s_server)
* Allow control over cert-chain verify depth
Bodo Möller [Wed, 29 Nov 2000 18:08:24 +0000 (18:08 +0000)]
BN_to_montgomery expects its inputs to be in the interval 0 .. modulus-1,
so we have to reduce the random numbers used in test_mont.
Before this change, test_mont failed in [debug-]solaris-sparcv9-gcc
configurations ("Montgomery multiplication test failed!" because
the multiplication result obtained with Montgomery multiplication
differed from the result obtained by BN_mod_mul).
Substituing the old version of bn_gcd.c (BN_mod_inverse) did not avoid
the problem.
The strange thing is that it I did not observe any problems
when using debug-solaris-sparcv8-gcc and solaris-sparcv9-cc,
as well as when compiling OpenSSL 0.9.6 in the solaric-sparcv9-gcc
configuration on the same system.
Lutz Jänicke [Wed, 29 Nov 2000 18:06:18 +0000 (18:06 +0000)]
Log security relevant change.
Ulf Möller [Wed, 29 Nov 2000 16:43:50 +0000 (16:43 +0000)]
fix for Borland C
Bodo Möller [Wed, 29 Nov 2000 16:43:03 +0000 (16:43 +0000)]
add missing braces
Lutz Jänicke [Wed, 29 Nov 2000 16:04:38 +0000 (16:04 +0000)]
Store verify_result with sessions to avoid potential security hole.
For the server side this was already done one year ago :-(
Bodo Möller [Wed, 29 Nov 2000 13:40:08 +0000 (13:40 +0000)]
Fix warnings in expspeed.c (but the segmentation fault remains)
Improve readability of bn_shift.c.
Add comment in bn_lib.c (why zero data between top and max?)
Change bntest.c output for BN_kronecker test
Bodo Möller [Wed, 29 Nov 2000 12:53:41 +0000 (12:53 +0000)]
BN_bin2bn did *not* contain an off-by-one error;
I'm still investigating what caused the segementation fault
(maybe "make clean; make" will cure it ...).
But BN_bin2bn should always reset ret->neg.
Bodo Möller [Wed, 29 Nov 2000 12:32:10 +0000 (12:32 +0000)]
Expand expspeed.c to make BN_kronecker timings.
This caused a segmentation fault in calls to malloc, so I cleaned up
bn_lib.c a little so that it is easier to see what is going on.
The bug turned out to be an off-by-one error in BN_bin2bn.
Bodo Möller [Wed, 29 Nov 2000 11:06:50 +0000 (11:06 +0000)]
Implement BN_kronecker test.
Modify "CHANGES" entry for BN_mod_inverse (it's not just avoiding BN_div
that increases performance, avoiding BN_mul also helps)
Bodo Möller [Wed, 29 Nov 2000 11:04:31 +0000 (11:04 +0000)]
avoid segmentation fault
Bodo Möller [Wed, 29 Nov 2000 09:57:13 +0000 (09:57 +0000)]
Make BN_mod_inverse a little faster
Bodo Möller [Wed, 29 Nov 2000 09:41:19 +0000 (09:41 +0000)]
Improve BN_mod_inverse performance.
Get the BN_mod_exp_mont bugfix (for handling negative inputs) correct
this time.
Richard Levitte [Wed, 29 Nov 2000 09:36:48 +0000 (09:36 +0000)]
Copy and paste error... bn_add_part_words() should of course call
bn_add_words(), not bn_sub_words()...
Geoff Thorpe [Wed, 29 Nov 2000 01:29:08 +0000 (01:29 +0000)]
Make s_client/s_server-style cert verification output configurable by
command line, and make the peer-authentication similarly configurable.
Ulf Möller [Wed, 29 Nov 2000 00:07:07 +0000 (00:07 +0000)]
use standard C
Geoff Thorpe [Tue, 28 Nov 2000 23:27:23 +0000 (23:27 +0000)]
Minor tweaks and improvements to the tunala demo.
- Add "-cipher" and "-out_state" command line arguments to control SSL
cipher-suites and handshake debug output respectively.
- Implemented error handling for SSL handshakes that break down. This uses
a cheat - storing a non-NULL pointer as "app_data" in the SSL structure
when the SSL should be killed.
Geoff Thorpe [Tue, 28 Nov 2000 19:09:58 +0000 (19:09 +0000)]
A typo and a couple of logic errors fixed. I think there may still be one
or two kinks lurking around, but it now appears to deal with the basic
test cases ok.
Bodo Möller [Tue, 28 Nov 2000 11:49:12 +0000 (11:49 +0000)]
Use BN_pseudo_rand instead of BN_rand
Bodo Möller [Tue, 28 Nov 2000 11:47:51 +0000 (11:47 +0000)]
Timings.
Bodo Möller [Tue, 28 Nov 2000 11:13:06 +0000 (11:13 +0000)]
Note that SSL_peek has been disabled.
Richard Levitte [Tue, 28 Nov 2000 10:20:02 +0000 (10:20 +0000)]
Addapt to added files in the BIGNUM section
Bodo Möller [Tue, 28 Nov 2000 07:53:35 +0000 (07:53 +0000)]
Correct a bug in BN_kronecker.
Sketch the test for BN_kronecker.
Bodo Möller [Tue, 28 Nov 2000 06:58:22 +0000 (06:58 +0000)]
Comments on SSL_peek deficiencies
Bodo Möller [Tue, 28 Nov 2000 06:48:36 +0000 (06:48 +0000)]
Disable SSL_peek until it is fixed.
Bodo Möller [Tue, 28 Nov 2000 06:41:05 +0000 (06:41 +0000)]
Add test_kron function, which will contain a test for BN_kronecker.
Bodo Möller [Tue, 28 Nov 2000 06:37:43 +0000 (06:37 +0000)]
Add bn_kron.c (BN_kronecker), which I forgot in the previous commit.
Also add the next file in advance so that I can't forget this one :-)
Bodo Möller [Mon, 27 Nov 2000 21:22:45 +0000 (21:22 +0000)]
Undo previous commit, which was an accident.
Bodo Möller [Mon, 27 Nov 2000 21:17:20 +0000 (21:17 +0000)]
Fix BN_is_... macros.
Fix BN_gcd.
Analyze BN_mod_inverse.
Add BN_kronecker.
"make update".
Bodo Möller [Sun, 26 Nov 2000 19:20:56 +0000 (19:20 +0000)]
Change submitted files so that they compile (in particular,
use BN_CTX_start/get/end instead of accessing ctx->tos).
Change indentation to "EAY" style.
Bodo Möller [Sun, 26 Nov 2000 19:13:52 +0000 (19:13 +0000)]
Change submitted files so that they compile (in particular,
use BN_CTX_start/get/end instead of accessing ctx->tos).
Change indentation to "EAY" style.
Geoff Thorpe [Sun, 26 Nov 2000 18:39:27 +0000 (18:39 +0000)]
It was a small change, but it *could* conceivably affect people - so I'm
making a note in the CHANGES file.
Geoff Thorpe [Sun, 26 Nov 2000 18:34:45 +0000 (18:34 +0000)]
Ensure that the "ex_data" member of an RSA structure is initialised before
the RSA_METHOD's "init()" handler is called, and is cleaned up after the
RSA_METHOD's "finish()" handler is called. Custom RSA_METHODs may wish to
initialise contexts and other specifics in the RSA structure upon creation
and that was previously not possible - "ex_data" is where that stuff
should go and it was being initialised too late for it to be used.
Bodo Möller [Sun, 26 Nov 2000 18:31:32 +0000 (18:31 +0000)]
More BN_mod_... functions.
Bodo Möller [Sun, 26 Nov 2000 16:46:57 +0000 (16:46 +0000)]
Add bn_mod.c (should have happend in the previous commit ...).
BN_swap manual page.
Bodo Möller [Sun, 26 Nov 2000 16:42:38 +0000 (16:42 +0000)]
modular arithmetics
"make update"
Bodo Möller [Sun, 26 Nov 2000 12:55:19 +0000 (12:55 +0000)]
Remove CR at line ends.
Bodo Möller [Sun, 26 Nov 2000 12:12:35 +0000 (12:12 +0000)]
Elliptic curves over GF(p), new BIGNUM functions, Montgomery re-implementation.
These new files will not be included literally in OpenSSL, but I intend
to integrate most of their contents. Most file names will change,
and when the integration is done, the superfluous files will be deleted.
Submitted by: Lenka Fibikova <fibikova@exp-math.uni-essen.de>
Richard Levitte [Wed, 22 Nov 2000 18:20:31 +0000 (18:20 +0000)]
Correct a number of syntax errors.
Richard Levitte [Wed, 22 Nov 2000 18:17:16 +0000 (18:17 +0000)]
Addapt the VMS scripts to the changes in the Makefiles.
Ulf Möller [Wed, 22 Nov 2000 16:52:29 +0000 (16:52 +0000)]
Remove RSAREF (not used).
You can still get the code using tag "rsaref".
Richard Levitte [Wed, 22 Nov 2000 04:54:06 +0000 (04:54 +0000)]
Addapt the VMS scripts to the changes in the Makefiles.
Richard Levitte [Tue, 21 Nov 2000 23:32:38 +0000 (23:32 +0000)]
Reimplement bn_div_words, bn_add_words and bn_sub_words for VAX.
I'm a little bit nervous about bn_div_words, as I don't know what it's
supposed to return on overflow. For now, I trust the rest of the
system to give it numbers that will not cause any overflow...
Richard Levitte [Tue, 21 Nov 2000 23:29:55 +0000 (23:29 +0000)]
Avoid getting warnings about unary - being used on unsigned integer.
Ben Laurie [Tue, 21 Nov 2000 21:37:48 +0000 (21:37 +0000)]
Oops! Read a full buffer instead of some spurious number from elswhere.
Richard Levitte [Mon, 20 Nov 2000 21:30:43 +0000 (21:30 +0000)]
'echo on' works better all over than 'echo=on'. We had the same
problem in some other file, but I can't recall which.
Ben Laurie [Mon, 20 Nov 2000 04:14:19 +0000 (04:14 +0000)]
Better handling of EVP names, add EVP to speed.
Richard Levitte [Sun, 19 Nov 2000 14:14:52 +0000 (14:14 +0000)]
Make sure bs is assigned NULL when it's free'd, or there will be an
(incorrect) attempt to free it once more...
Richard Levitte [Sun, 19 Nov 2000 14:11:03 +0000 (14:11 +0000)]
I wonder if I do too much...
Richard Levitte [Sun, 19 Nov 2000 14:10:07 +0000 (14:10 +0000)]
Add news items early. Please fill in with what I have forgotten.
Richard Levitte [Sat, 18 Nov 2000 22:58:26 +0000 (22:58 +0000)]
Remove two bn_wexpand() from BN_mul(), which is a step toward getting
BN_mul() correctly constified, avoids two realloc()'s that aren't
really necessary and saves memory to boot. This required a small
change in bn_mul_part_recursive() and the addition of variants of
bn_cmp_words(), bn_add_words() and bn_sub_words() that can take arrays
with differing sizes.
The test results show a performance that very closely matches the
original code from before my constification. This may seem like a
very small win from a performance point of view, but if one remembers
that the variants of bn_cmp_words(), bn_add_words() and bn_sub_words()
are not at all optimized for the moment (and there's no corresponding
assembler code), and that their use may be just as non-optimal, I'm
pretty confident there are possibilities...
This code needs reviewing!
Richard Levitte [Sat, 18 Nov 2000 20:52:14 +0000 (20:52 +0000)]
Remove a declaration for a function that does not exist.
Richard Levitte [Sat, 18 Nov 2000 20:49:02 +0000 (20:49 +0000)]
Make the definition of bn_add_words() match the definition.
Richard Levitte [Sat, 18 Nov 2000 20:44:25 +0000 (20:44 +0000)]
I might want to debug the assembler modules...
Bodo Möller [Fri, 17 Nov 2000 14:42:49 +0000 (14:42 +0000)]
Increase permissible ClientKeyExchange message length.
Bodo Möller [Fri, 17 Nov 2000 13:08:57 +0000 (13:08 +0000)]
include 'err' label only when it is actually used
Richard Levitte [Fri, 17 Nov 2000 12:01:55 +0000 (12:01 +0000)]
Make sure BN_DIV2W is not defining when defining it, and remove the
declarations of bn_add_part_words() and bn_sub_part_words() since they
do not exist.
Bodo Möller [Fri, 17 Nov 2000 11:49:29 +0000 (11:49 +0000)]
tag SSL_peek bugs
Bodo Möller [Fri, 17 Nov 2000 10:25:46 +0000 (10:25 +0000)]
Documentation on using the SSL library with non-blocking I/O.
Bodo Möller [Fri, 17 Nov 2000 09:03:02 +0000 (09:03 +0000)]
Improve usability of 'openssl passwd' by including
password verification where it makes sense.
Bodo Möller [Fri, 17 Nov 2000 08:36:10 +0000 (08:36 +0000)]
Constify bn_dump1 implementation so that it matches the prototype
in bn.h
Richard Levitte [Thu, 16 Nov 2000 22:43:32 +0000 (22:43 +0000)]
More constification of the BN library.
Richard Levitte [Thu, 16 Nov 2000 22:42:39 +0000 (22:42 +0000)]
Make sure to print the BN counting (BN_COUNT) to stderr instead of
stdout. bc gets so confused by bean counts.
Richard Levitte [Thu, 16 Nov 2000 22:41:26 +0000 (22:41 +0000)]
Oops, when I clean, I should do it thoroughly.
Richard Levitte [Thu, 16 Nov 2000 21:35:41 +0000 (21:35 +0000)]
I've checked again and again. There really is no need to expand a to
4 times it's size when bn_sqr_recursive() won't look farther than the
original length. Thereby, constification is no longer a problem.
Richard Levitte [Thu, 16 Nov 2000 18:59:02 +0000 (18:59 +0000)]
/proc/cpuinfo can have several lines containing the word "type". We want the one that is "type", plain and simple. Caught by Raoul Borenius <borenius@shuttle.de>
Geoff Thorpe [Thu, 16 Nov 2000 00:17:11 +0000 (00:17 +0000)]
I have no idea how this comment got there, but it's certainly not
applicable to ENGINE_ctrl()