Dr. Stephen Henson [Wed, 19 May 2004 17:08:05 +0000 (17:08 +0000)]
Delete unused function from libeay.num, replace with one
that does exist.
Dr. Stephen Henson [Wed, 19 May 2004 17:05:02 +0000 (17:05 +0000)]
Delete obsolete and unimplemented function.
Dr. Stephen Henson [Wed, 19 May 2004 17:03:59 +0000 (17:03 +0000)]
Add SHA256 and SHA512 algorithms to mkdef.pl.
Fix mkdef.pl script to avoid infinite loop when
parsing sha.h.
Richard Levitte [Wed, 19 May 2004 14:19:51 +0000 (14:19 +0000)]
X509_policy_lib_init is declared but not defined, so it raises havoc
when trying to build a shared library on VMS or Windows...
Geoff Thorpe [Mon, 17 May 2004 19:26:06 +0000 (19:26 +0000)]
After the latest round of header-hacking, regenerate the dependencies in
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
Geoff Thorpe [Mon, 17 May 2004 19:14:22 +0000 (19:14 +0000)]
Deprecate the recursive includes of bn.h from various API headers (asn1.h,
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
Geoff Thorpe [Mon, 17 May 2004 19:05:32 +0000 (19:05 +0000)]
Remove some unnecessary recursive includes from the internal apps.h header,
and include bn.h in those C files that need bignum functionality.
Geoff Thorpe [Mon, 17 May 2004 19:01:15 +0000 (19:01 +0000)]
Because of recent reductions in header interdependencies, these files need
to include crypto.h directly.
Geoff Thorpe [Mon, 17 May 2004 18:58:47 +0000 (18:58 +0000)]
I can't verify this directly, but recent changes will probably require that
the cryptodev implementation include bn.h directly (when building with
OPENSSL_NO_DEPRECATED that is).
Geoff Thorpe [Mon, 17 May 2004 18:56:15 +0000 (18:56 +0000)]
The inclusion of bn.h from the engine.h API header has been deprecated, so
the engine implementations need to include bn.h to manipulate bignums.
Geoff Thorpe [Mon, 17 May 2004 18:53:47 +0000 (18:53 +0000)]
Deprecate quite a few recursive includes from the ssl.h API header and
remove some unnecessary includes from the internal header ssl_locl.h. This
then requires adding includes for bn.h in four C files.
Geoff Thorpe [Mon, 17 May 2004 18:49:06 +0000 (18:49 +0000)]
Deprecate some recursive includes from the store.h API header, and put back
required includes back via the internal header and str_lib.c.
Geoff Thorpe [Mon, 17 May 2004 18:39:00 +0000 (18:39 +0000)]
Reduce dependencies on crypto.h by moving the opaque definition of
CRYPTO_EX_DATA and the new/free/dup callback prototypes to ossl_typ.h.
Geoff Thorpe [Mon, 17 May 2004 18:01:28 +0000 (18:01 +0000)]
Moving opaque definitions to ossl_typ.h lets us reduce header dependencies.
Deprecate inclusion of crypto.h from ui.h.
Andy Polyakov [Mon, 17 May 2004 15:49:13 +0000 (15:49 +0000)]
Make reservations for FIPS code in HEAD branch, so that the moment FIPS
comes in we have required macros in place.
Geoff Thorpe [Sat, 15 May 2004 18:32:08 +0000 (18:32 +0000)]
Make some more API types opaquely available from ossl_typ.h, meaning the
corresponding headers are only required for API functions or structure
details. This now includes the bignum types and BUF_MEM. Subsequent commits
will remove various dependencies on bn.h and buffer.h and update the
makefile dependencies.
Geoff Thorpe [Sat, 15 May 2004 18:26:15 +0000 (18:26 +0000)]
This file implements various functions that have since been redefined as
macros. I'm removing this from the NO_DEPRECATED build.
Dr. Stephen Henson [Sat, 15 May 2004 17:55:07 +0000 (17:55 +0000)]
Fixes so alerts are sent properly in s3_pkt.c
PR: 851
Andy Polyakov [Sat, 15 May 2004 11:29:55 +0000 (11:29 +0000)]
size_t-fication of message digest APIs. We should size_t-fy more APIs...
Richard Levitte [Fri, 14 May 2004 17:56:30 +0000 (17:56 +0000)]
Reimplement old functions, so older software that link to libcrypto
don't crash and burn.
Richard Levitte [Thu, 13 May 2004 22:39:56 +0000 (22:39 +0000)]
Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable.
Richard Levitte [Thu, 13 May 2004 21:38:47 +0000 (21:38 +0000)]
make update
Richard Levitte [Thu, 13 May 2004 21:38:26 +0000 (21:38 +0000)]
Let's make life easier and have the VMS version of the configuration be
generated from the Unixly configuration file.
Andy Polyakov [Thu, 13 May 2004 13:58:44 +0000 (13:58 +0000)]
CHANGES to mention improved PowerPC platform support.
Andy Polyakov [Thu, 13 May 2004 13:48:33 +0000 (13:48 +0000)]
SHA-224/-256/-384/-512 implementation. This is just sheer code commit.
Makefile modifications, make test, etc. will appear later...
Dr. Stephen Henson [Wed, 12 May 2004 18:20:37 +0000 (18:20 +0000)]
Make self signing option of 'x509' use random serial numbers too.
Andy Polyakov [Thu, 6 May 2004 10:41:07 +0000 (10:41 +0000)]
SSE2 SHA512_Transform implementation. No, it's not used anywhere yet and
is subject to change as C implementation is added...
Andy Polyakov [Thu, 6 May 2004 10:36:49 +0000 (10:36 +0000)]
SSE2 accelerated bn_mul_add_words. Code is currently disabled till proper
config and run-time support is added.
PR: 788
Submitted by: <dean@arctic.org>
Reviewed by: <appro>
Obtained from: http://arctic.org/~dean/crypto/rsa.html
Andy Polyakov [Thu, 6 May 2004 10:31:09 +0000 (10:31 +0000)]
Support for IA-32 SSE2 instruction set.
Richard Levitte [Thu, 6 May 2004 09:46:41 +0000 (09:46 +0000)]
Remove the creation of $(INSTALL_PREFIX)$(OPENSSLDIR)/lib, since we don't
use it.
Notified by Frédéric L. W. Meunier <0@pervalidus.tk> in PR 713
Richard Levitte [Thu, 6 May 2004 09:33:22 +0000 (09:33 +0000)]
When the pointer 'from' changes, it's stored length needs to change as
well.
Notified by Frank Kardel <kardel@acm.org> in PR 879.
Geoff Thorpe [Tue, 4 May 2004 20:08:55 +0000 (20:08 +0000)]
Fix realloc usage in ec_curve.c
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
Bodo Möller [Tue, 4 May 2004 01:15:48 +0000 (01:15 +0000)]
- update from current 0.9.6-stable CHANGES file
- update from current 0.9.7-stable CHANGES file:
Now here we have "CHANGES between 0.9.7e and 0.9.8", and I hope
that all patches mentioned for 0.9.7d and 0.9.7e actually are
in the CVS HEAD, i.e. what is to become 0.9.8.
I have rewritten the 'openssl ca -create_serial' entry (0.9.8)
so that it explains the earlier change that is now listed (0.9.7e).
The ENGINE_set_default typo bug entry has been moved from 0.9.8
to 0.9.7b, which is where it belongs.
Geoff Thorpe [Wed, 28 Apr 2004 18:34:39 +0000 (18:34 +0000)]
The new BN_CTX code makes this sort of abuse unnecessary.
Andy Polyakov [Tue, 27 Apr 2004 22:17:25 +0000 (22:17 +0000)]
Oops! Typo in ./config...
Andy Polyakov [Tue, 27 Apr 2004 22:05:50 +0000 (22:05 +0000)]
Improved PowerPC support. Proper ./config support for ppc targets,
especially for AIX. But most important BIGNUM assembler implementation
submitted by IBM.
Submitted by: Peter Waltenberg <pwalten@au1.ibm.com>
Reviewed by: appro
Dr. Stephen Henson [Tue, 27 Apr 2004 18:33:40 +0000 (18:33 +0000)]
Make ASN1 code work again...
Geoff Thorpe [Tue, 27 Apr 2004 13:24:51 +0000 (13:24 +0000)]
With the new dynamic BN_CTX implementation, there should be no need for
additional contexts.
Geoff Thorpe [Mon, 26 Apr 2004 15:38:44 +0000 (15:38 +0000)]
The problem of rsa key-generation getting stuck in a loop for (pointlessly)
small key sizes seems to result from the code continually regenerating the
same prime value once the range is small enough. From my tests, this change
fixes the problem by setting an escape velocity of 3 repeats for the second
of the two primes.
PR: 874
Geoff Thorpe [Mon, 26 Apr 2004 15:31:35 +0000 (15:31 +0000)]
Allow RSA key-generation to specify an arbitrary public exponent. Jelte
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.
PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
Dr. Stephen Henson [Sun, 25 Apr 2004 12:46:39 +0000 (12:46 +0000)]
More ASN1 reformat/tidy.
Dr. Stephen Henson [Sat, 24 Apr 2004 17:02:48 +0000 (17:02 +0000)]
Reformat/tidy some of the ASN1 code.
Dr. Stephen Henson [Thu, 22 Apr 2004 12:37:16 +0000 (12:37 +0000)]
Fix leak.
PR:870
Geoff Thorpe [Wed, 21 Apr 2004 15:12:20 +0000 (15:12 +0000)]
As far as I can tell, the bugfix this comment refers to was committed to
0.9.7-stable as well as HEAD (and doesn't apply to the 0.9.6-engine
variant).
Geoff Thorpe [Wed, 21 Apr 2004 15:08:56 +0000 (15:08 +0000)]
Extend the index parameter checking from sk_value to sk_set(). Also tidy up
some similar code elsewhere.
Thanks to Francesco Petruzzi for bringing this to my attention.
Dr. Stephen Henson [Wed, 21 Apr 2004 12:46:20 +0000 (12:46 +0000)]
New option to 'x509' -next_serial. This outputs the certificate
serial number plus 1 to the output file. Its purpose is to allow
serial number files to be initialized when random serial numbers
are used.
Dr. Stephen Henson [Wed, 21 Apr 2004 12:43:21 +0000 (12:43 +0000)]
Use X509_get_serialNumber() instead of accessing internals in x509.c
Dr. Stephen Henson [Tue, 20 Apr 2004 12:05:26 +0000 (12:05 +0000)]
Reduce chances of issuer and serial number duplication by use of random
initial serial numbers.
PR: 842
Richard Levitte [Tue, 20 Apr 2004 11:53:33 +0000 (11:53 +0000)]
Whooaaaaa, the BN_CTX_DEBUG macro really produces output these
days... A little too much for my tests, currently...
Richard Levitte [Tue, 20 Apr 2004 10:57:07 +0000 (10:57 +0000)]
Print the debug thingies on stderr instead of stdout. If for nothing
else then at least so bc doesn't have problems parsing the output from
bntest :-).
Geoff Thorpe [Mon, 19 Apr 2004 18:33:41 +0000 (18:33 +0000)]
make update
Geoff Thorpe [Mon, 19 Apr 2004 18:32:19 +0000 (18:32 +0000)]
"make update" noticed a new function.
Geoff Thorpe [Mon, 19 Apr 2004 18:30:41 +0000 (18:30 +0000)]
More updates for the header cleanups (and apologies, again, for not having
consolidated these prior to committing).
Geoff Thorpe [Mon, 19 Apr 2004 18:19:24 +0000 (18:19 +0000)]
When generating dependencies in the makefiles, generate the reduced
dependencies of the OPENSSL_NO_DEPRECATED mode. This prevents dependencies
being reproduced for "deprecated" header behaviour when a developer doesn't
define the symbol (with the subsequent CVS wars that can ensue).
Geoff Thorpe [Mon, 19 Apr 2004 18:13:07 +0000 (18:13 +0000)]
header cleanup in apps/
Geoff Thorpe [Mon, 19 Apr 2004 18:09:28 +0000 (18:09 +0000)]
(oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.
Geoff Thorpe [Mon, 19 Apr 2004 17:46:04 +0000 (17:46 +0000)]
Reduce header interdependencies, initially in engine.h (the rest of the
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
Dr. Stephen Henson [Thu, 15 Apr 2004 00:32:19 +0000 (00:32 +0000)]
Clear error if unique_subject lookup fails.
Dr. Stephen Henson [Tue, 13 Apr 2004 17:47:37 +0000 (17:47 +0000)]
Add some root CAs.
Geoff Thorpe [Fri, 2 Apr 2004 06:25:11 +0000 (06:25 +0000)]
Avoid undefined results when the parameter is out of range.
Dr. Stephen Henson [Thu, 1 Apr 2004 22:23:46 +0000 (22:23 +0000)]
Don't use C++ reserved word.
Dr. Stephen Henson [Wed, 31 Mar 2004 12:55:33 +0000 (12:55 +0000)]
Oops forgot CHANGES entry.
Dr. Stephen Henson [Wed, 31 Mar 2004 12:17:24 +0000 (12:17 +0000)]
New function X509_POLICY_NODE_print()
Richard Levitte [Mon, 29 Mar 2004 08:13:49 +0000 (08:13 +0000)]
Add symbol hacks for some long names.
make update
Andy Polyakov [Sun, 28 Mar 2004 21:27:47 +0000 (21:27 +0000)]
This is essentially Intel 32-bit compiler tune-up. To start with all
available compiler versions generated bogus machine code trying to
compile new crypto/des/cfb_enc.c. Secondly, 8th version defines
__GNUC__ macro, but fails to compile *some* inline assembler correctly.
Note that all versions of icc implement MSC-like _lrot[rl] intrinsic,
which is used now instead of offensive asm. Finally, unnecessary linker
dependencies are eliminated. Most notably dependency from libirc.a
caused trouble at application start-up, if libcrypto.so is linked with
-Bsymbolic (which it is).
Dr. Stephen Henson [Sun, 28 Mar 2004 17:38:00 +0000 (17:38 +0000)]
Enhance EVP code to generate random symmetric keys of the
appropriate form, for example correct DES parity.
Update S/MIME code and EVP_SealInit to use new functions.
PR: 700
Dr. Stephen Henson [Sun, 28 Mar 2004 12:40:11 +0000 (12:40 +0000)]
Make {i2v,v2i}_ASN1_BIT_STRING global.
make update
Dr. Stephen Henson [Sun, 28 Mar 2004 12:29:05 +0000 (12:29 +0000)]
Remove obsolete files.
Dr. Stephen Henson [Sat, 27 Mar 2004 22:49:28 +0000 (22:49 +0000)]
Allow CRLs to be passed into X509_STORE_CTX. This is useful when the
verified structure can contain its own CRLs (such as PKCS#7 signedData).
Tidy up some of the verify code.
Dr. Stephen Henson [Sat, 27 Mar 2004 13:30:14 +0000 (13:30 +0000)]
Extend OID config module format.
Dr. Stephen Henson [Fri, 26 Mar 2004 00:24:38 +0000 (00:24 +0000)]
Free up BIO properly when using streaming S/MIME sign.
Dr. Stephen Henson [Thu, 25 Mar 2004 23:32:06 +0000 (23:32 +0000)]
Remove BN_CTX debug from debug-steve
Richard Levitte [Thu, 25 Mar 2004 21:32:30 +0000 (21:32 +0000)]
SSL_COMP_get_compression_method is a typo (a missing 's' at the end of
the symbol name).
Richard Levitte [Thu, 25 Mar 2004 20:09:00 +0000 (20:09 +0000)]
Move the definition of Win32_rename(), since the macro rename gets undefined
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853
Richard Levitte [Thu, 25 Mar 2004 20:01:01 +0000 (20:01 +0000)]
Wrap code starting with a definition.
PR: 854
Richard Levitte [Thu, 25 Mar 2004 19:52:34 +0000 (19:52 +0000)]
Change spaces to symbols in names.
PR: 856
Richard Levitte [Thu, 25 Mar 2004 16:21:42 +0000 (16:21 +0000)]
Make prototypes for some callback pointers.
Richard Levitte [Thu, 25 Mar 2004 16:04:02 +0000 (16:04 +0000)]
A couple more cases where RAND_add() gets an integer instead of a
doule as last argument.
Richard Levitte [Thu, 25 Mar 2004 15:52:43 +0000 (15:52 +0000)]
RAND_add() wants a double as it's last argument.
Dr. Stephen Henson [Thu, 25 Mar 2004 13:45:58 +0000 (13:45 +0000)]
Fix loads of warnings in policy code.
I'll remember to try to compile this with warnings enabled next time :-)
Dr. Stephen Henson [Thu, 25 Mar 2004 13:37:02 +0000 (13:37 +0000)]
Fix ASN1 warnings.
Geoff Thorpe [Thu, 25 Mar 2004 04:32:24 +0000 (04:32 +0000)]
Adjust various bignum functions to use BN_CTX for variables instead of
locally initialising their own.
NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near
future.
Geoff Thorpe [Thu, 25 Mar 2004 04:16:14 +0000 (04:16 +0000)]
Replace the BN_CTX implementation with my current work. I'm leaving the
little TODO list in there as well as the debugging code (only enabled if
BN_CTX_DEBUG is defined).
I'd appreciate as much review and testing as can be spared for this. I'll
commit some changes to other parts of the bignum code shortly to make
better use of this implementation (no more fixed size limitations). Note
also that under identical optimisations, I'm seeing a noticable speed
increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
systems would also be most welcome.
Geoff Thorpe [Thu, 25 Mar 2004 03:03:52 +0000 (03:03 +0000)]
Adds warnings about two curves and fixes the "seed" value for two other
curves.
Submitted by: Nils Larsch
Geoff Thorpe [Thu, 25 Mar 2004 02:55:17 +0000 (02:55 +0000)]
... and this should likewise fix up those RSA implementations that weren't
already built and tested.
Geoff Thorpe [Thu, 25 Mar 2004 02:52:04 +0000 (02:52 +0000)]
By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.
This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.
Geoff Thorpe [Thu, 25 Mar 2004 02:41:35 +0000 (02:41 +0000)]
Damn, I was a bit hasty with my fix and hadn't spotted the linker
dependency from asn1.
Geoff Thorpe [Thu, 25 Mar 2004 02:24:38 +0000 (02:24 +0000)]
Remove some warnings.
Geoff Thorpe [Thu, 25 Mar 2004 02:19:42 +0000 (02:19 +0000)]
Protect against gcc's "warning: cast does not match function type".
Richard Levitte [Wed, 24 Mar 2004 10:55:48 +0000 (10:55 +0000)]
Don't define fd for platforms that do not use it, as some may not declare fileno() properly
Richard Levitte [Wed, 24 Mar 2004 10:50:42 +0000 (10:50 +0000)]
Correct constness problems.
Richard Levitte [Wed, 24 Mar 2004 10:50:25 +0000 (10:50 +0000)]
Make it easier to buld test applications...
Richard Levitte [Wed, 24 Mar 2004 10:48:50 +0000 (10:48 +0000)]
Only build the PKCS#7 test applications if "pkcs7" is present in
SDIRS.
Richard Levitte [Wed, 24 Mar 2004 09:52:16 +0000 (09:52 +0000)]
Add store.h among the exported headers on VMS.
Richard Levitte [Wed, 24 Mar 2004 09:43:03 +0000 (09:43 +0000)]
o_str.h isn't a public header file, so make sure it will still be
included.
Richard Levitte [Wed, 24 Mar 2004 09:41:33 +0000 (09:41 +0000)]
o_str.h isn't a public header file.
Richard Levitte [Wed, 24 Mar 2004 09:40:59 +0000 (09:40 +0000)]
Typo...
Richard Levitte [Wed, 24 Mar 2004 09:40:23 +0000 (09:40 +0000)]
Make sure toupper() is properly declared.
Richard Levitte [Tue, 23 Mar 2004 21:01:34 +0000 (21:01 +0000)]
Make it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa)
Richard Levitte [Tue, 23 Mar 2004 15:06:33 +0000 (15:06 +0000)]
make update