oweals/openssl.git
20 years agoTests have shown that setargv.obj isn't really needed (at least as far
Richard Levitte [Fri, 16 Apr 2004 10:39:33 +0000 (10:39 +0000)]
Tests have shown that setargv.obj isn't really needed (at least as far
as we can tell).  This is good, because it doesn't seem to exist on
some newer Windows installations.

20 years agomake update
Richard Levitte [Fri, 16 Apr 2004 09:53:22 +0000 (09:53 +0000)]
make update

20 years agoDon't use global variables. Instead, use a function that returns the
Richard Levitte [Fri, 16 Apr 2004 09:52:50 +0000 (09:52 +0000)]
Don't use global variables.  Instead, use a function that returns the
proper value.

There are a few more spots where FIPS makes use of global variables.
This is problematic on some non-Unix platforms.  I will deal with them
later.

20 years agoWrap with a check for OPENSSL_FIPS. We need that to have mkdef.pl
Richard Levitte [Fri, 16 Apr 2004 09:50:49 +0000 (09:50 +0000)]
Wrap with a check for OPENSSL_FIPS.  We need that to have mkdef.pl
work properly.
Add C++ protection.

20 years agoAdd the first half of the C++ protection :-).
Richard Levitte [Fri, 16 Apr 2004 09:49:41 +0000 (09:49 +0000)]
Add the first half of the C++ protection :-).

20 years agoAdd fips_rand.h among the header files to look at.
Richard Levitte [Thu, 15 Apr 2004 23:13:45 +0000 (23:13 +0000)]
Add fips_rand.h among the header files to look at.
Fix a silly warning.

20 years agoFix sign vs. unsigned warning.
Richard Levitte [Thu, 15 Apr 2004 20:50:08 +0000 (20:50 +0000)]
Fix sign vs. unsigned warning.

20 years agoMake sure mkdef.pl is called with optional "fips" as well.
Richard Levitte [Thu, 15 Apr 2004 20:49:46 +0000 (20:49 +0000)]
Make sure mkdef.pl is called with optional "fips" as well.

20 years agomake update
Richard Levitte [Thu, 15 Apr 2004 20:48:59 +0000 (20:48 +0000)]
make update

20 years agoLook at a few FIPS-related headers and process FIPS-related symbols
Richard Levitte [Thu, 15 Apr 2004 20:48:42 +0000 (20:48 +0000)]
Look at a few FIPS-related headers and process FIPS-related symbols
properly.

20 years agoMake the Windows/DOS build system understand "fips".
Richard Levitte [Thu, 15 Apr 2004 19:35:30 +0000 (19:35 +0000)]
Make the Windows/DOS build system understand "fips".

20 years agomake update
Richard Levitte [Thu, 15 Apr 2004 17:28:06 +0000 (17:28 +0000)]
make update

20 years agoNow that we look in fips/rsa, there's no need to erroneously exclude
Richard Levitte [Thu, 15 Apr 2004 17:27:54 +0000 (17:27 +0000)]
Now that we look in fips/rsa, there's no need to erroneously exclude
the functions RSA_PKCS1_SSLeay and RSA_generate_key.

20 years agoInclude fips/rsa among the directories to look in.
Richard Levitte [Thu, 15 Apr 2004 17:27:09 +0000 (17:27 +0000)]
Include fips/rsa among the directories to look in.

20 years agomake update
Richard Levitte [Thu, 15 Apr 2004 17:21:08 +0000 (17:21 +0000)]
make update

20 years agomake update
Richard Levitte [Thu, 15 Apr 2004 16:30:39 +0000 (16:30 +0000)]
make update

20 years agoSome platforms (Win32, it seems) do not have PATH_MAX, so let's define
Richard Levitte [Thu, 15 Apr 2004 16:29:44 +0000 (16:29 +0000)]
Some platforms (Win32, it seems) do not have PATH_MAX, so let's define
it with a generic value (1024) if it isn't already defined.

20 years agoRecognise the "platform" OPENSSL_FIPS.
Richard Levitte [Thu, 15 Apr 2004 16:28:54 +0000 (16:28 +0000)]
Recognise the "platform" OPENSSL_FIPS.

20 years agoUse OPENSSL_FIPS instead of just FIPS.
Richard Levitte [Thu, 15 Apr 2004 16:28:30 +0000 (16:28 +0000)]
Use OPENSSL_FIPS instead of just FIPS.

20 years agoMake fips_gettime work on Win32 (lets hope the Win32 function we use
Richard Levitte [Thu, 15 Apr 2004 16:28:05 +0000 (16:28 +0000)]
Make fips_gettime work on Win32 (lets hope the Win32 function we use
is OK with NIST.  Otherwise, we have a problem).

Avoid depending on 32-bit longs.

Provided by Dr Stephen Henson <shenson@drh-consultancy.co.uk>

20 years agoInclude string.h to get a proper declaration of memcmp()
Richard Levitte [Thu, 15 Apr 2004 16:25:32 +0000 (16:25 +0000)]
Include string.h to get a proper declaration of memcmp()

20 years agoMake sure this script works with shared library builds as well.
Richard Levitte [Thu, 15 Apr 2004 16:24:44 +0000 (16:24 +0000)]
Make sure this script works with shared library builds as well.

20 years agoAllow the possibility to say no-fips, and make Ben build his debug
Richard Levitte [Thu, 15 Apr 2004 16:21:53 +0000 (16:21 +0000)]
Allow the possibility to say no-fips, and make Ben build his debug
variant properly :-).

20 years agoAdd corruptors so KATs can be made to fail.
Ben Laurie [Wed, 14 Apr 2004 17:58:54 +0000 (17:58 +0000)]
Add corruptors so KATs can be made to fail.

20 years ago2-key 3DES KAT.
Ben Laurie [Tue, 13 Apr 2004 19:46:13 +0000 (19:46 +0000)]
2-key 3DES KAT.

20 years agoAdd some root CAs.
Dr. Stephen Henson [Tue, 13 Apr 2004 17:50:20 +0000 (17:50 +0000)]
Add some root CAs.

20 years agoThis commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
cvs2svn [Tue, 13 Apr 2004 17:47:39 +0000 (17:47 +0000)]
This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
0_9_7-stable'.

20 years agoThis commit was manufactured by cvs2svn to create branch
cvs2svn [Tue, 13 Apr 2004 17:47:38 +0000 (17:47 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.

20 years agoAdd some root CAs.
Dr. Stephen Henson [Tue, 13 Apr 2004 17:47:37 +0000 (17:47 +0000)]
Add some root CAs.

20 years agoFingerprint SHA-1 asm.
Ben Laurie [Sun, 11 Apr 2004 16:53:43 +0000 (16:53 +0000)]
Fingerprint SHA-1 asm.

20 years agoAdd SHA-1 assembler.
Ben Laurie [Sun, 11 Apr 2004 15:59:57 +0000 (15:59 +0000)]
Add SHA-1 assembler.

20 years agoRemove crib and sabotage.
Ben Laurie [Sun, 11 Apr 2004 12:32:43 +0000 (12:32 +0000)]
Remove crib and sabotage.

20 years agoFix memory leak.
Dr. Stephen Henson [Fri, 9 Apr 2004 22:14:57 +0000 (22:14 +0000)]
Fix memory leak.

20 years agoStop warnings:
Dr. Stephen Henson [Fri, 9 Apr 2004 21:56:14 +0000 (21:56 +0000)]
Stop warnings:

Signed/unsigned mismatches.
Unused functions.
C++ style coments.

20 years agoAdd x86 assembler.
Ben Laurie [Fri, 9 Apr 2004 15:48:50 +0000 (15:48 +0000)]
Add x86 assembler.

20 years agoUse HMAC instead of straight SHA-1.
Ben Laurie [Fri, 9 Apr 2004 14:55:43 +0000 (14:55 +0000)]
Use HMAC instead of straight SHA-1.

20 years agoDon't make, $(MAKE).
Ben Laurie [Fri, 9 Apr 2004 11:18:13 +0000 (11:18 +0000)]
Don't make, $(MAKE).

20 years agoDo HMAC.
Ben Laurie [Sun, 4 Apr 2004 18:59:33 +0000 (18:59 +0000)]
Do HMAC.

20 years agoSignature verification test. Enable all tests.
Ben Laurie [Sun, 4 Apr 2004 14:16:29 +0000 (14:16 +0000)]
Signature verification test. Enable all tests.

20 years agoSigGen test.
Ben Laurie [Sat, 3 Apr 2004 20:05:33 +0000 (20:05 +0000)]
SigGen test.

20 years agoKey pair test.
Ben Laurie [Sat, 3 Apr 2004 17:24:40 +0000 (17:24 +0000)]
Key pair test.

20 years agoNew style PQGGen test.
Ben Laurie [Sat, 3 Apr 2004 17:01:51 +0000 (17:01 +0000)]
New style PQGGen test.

20 years agoRecent changes from 0.9.7-stable.
Richard Levitte [Sat, 3 Apr 2004 11:54:59 +0000 (11:54 +0000)]
Recent changes from 0.9.7-stable.

20 years agoType. "pa-rics2W" -> "pa-risc2W"
Richard Levitte [Sat, 3 Apr 2004 09:42:16 +0000 (09:42 +0000)]
Type.  "pa-rics2W" -> "pa-risc2W"

20 years agoTypo. "pa-rics2W" corrected to "pa-risc2W".
Richard Levitte [Fri, 2 Apr 2004 12:39:54 +0000 (12:39 +0000)]
Typo.  "pa-rics2W" corrected to "pa-risc2W".
PR: 868

20 years agoAvoid undefined results when the parameter is out of range.
Geoff Thorpe [Fri, 2 Apr 2004 06:25:53 +0000 (06:25 +0000)]
Avoid undefined results when the parameter is out of range.

20 years agoAvoid undefined results when the parameter is out of range.
Geoff Thorpe [Fri, 2 Apr 2004 06:25:11 +0000 (06:25 +0000)]
Avoid undefined results when the parameter is out of range.

20 years agoDon't use C++ reserved word.
Dr. Stephen Henson [Thu, 1 Apr 2004 22:23:46 +0000 (22:23 +0000)]
Don't use C++ reserved word.

20 years agoOops forgot CHANGES entry.
Dr. Stephen Henson [Wed, 31 Mar 2004 12:55:33 +0000 (12:55 +0000)]
Oops forgot CHANGES entry.

20 years agoNew function X509_POLICY_NODE_print()
Dr. Stephen Henson [Wed, 31 Mar 2004 12:17:24 +0000 (12:17 +0000)]
New function X509_POLICY_NODE_print()

20 years agoRecent changes from 0.9.7-stable
Richard Levitte [Tue, 30 Mar 2004 16:58:44 +0000 (16:58 +0000)]
Recent changes from 0.9.7-stable

Since we have changed from using Makefile instead of Makefile.ssl, we
need to complete the work by changing all references.

make update

20 years agoAdd symbol hacks for some long names.
Richard Levitte [Mon, 29 Mar 2004 08:13:49 +0000 (08:13 +0000)]
Add symbol hacks for some long names.
make update

20 years agoThis is essentially Intel 32-bit compiler tune-up. To start with all
Andy Polyakov [Sun, 28 Mar 2004 21:27:47 +0000 (21:27 +0000)]
This is essentially Intel 32-bit compiler tune-up. To start with all
available compiler versions generated bogus machine code trying to
compile new crypto/des/cfb_enc.c. Secondly, 8th version defines
__GNUC__ macro, but fails to compile *some* inline assembler correctly.
Note that all versions of icc implement MSC-like _lrot[rl] intrinsic,
which is used now instead of offensive asm. Finally, unnecessary linker
dependencies are eliminated. Most notably dependency from libirc.a
caused trouble at application start-up, if libcrypto.so is linked with
-Bsymbolic (which it is).

20 years agoEnhance EVP code to generate random symmetric keys of the
Dr. Stephen Henson [Sun, 28 Mar 2004 17:38:00 +0000 (17:38 +0000)]
Enhance EVP code to generate random symmetric keys of the
appropriate form, for example correct DES parity.

Update S/MIME code and EVP_SealInit to use new functions.

PR: 700

20 years agoMake {i2v,v2i}_ASN1_BIT_STRING global.
Dr. Stephen Henson [Sun, 28 Mar 2004 12:40:11 +0000 (12:40 +0000)]
Make {i2v,v2i}_ASN1_BIT_STRING global.

make update

20 years agoObsolete files
Dr. Stephen Henson [Sun, 28 Mar 2004 12:30:34 +0000 (12:30 +0000)]
Obsolete files

20 years agoObsolete files.
Dr. Stephen Henson [Sun, 28 Mar 2004 12:29:53 +0000 (12:29 +0000)]
Obsolete files.

20 years agoRemove obsolete files.
Dr. Stephen Henson [Sun, 28 Mar 2004 12:29:05 +0000 (12:29 +0000)]
Remove obsolete files.

20 years agoAllow CRLs to be passed into X509_STORE_CTX. This is useful when the
Dr. Stephen Henson [Sat, 27 Mar 2004 22:49:28 +0000 (22:49 +0000)]
Allow CRLs to be passed into X509_STORE_CTX. This is useful when the
verified structure can contain its own CRLs (such as PKCS#7 signedData).

Tidy up some of the verify code.

20 years agoExtend OID config module format.
Dr. Stephen Henson [Sat, 27 Mar 2004 13:30:14 +0000 (13:30 +0000)]
Extend OID config module format.

20 years agoFree up BIO properly when using streaming S/MIME sign.
Dr. Stephen Henson [Fri, 26 Mar 2004 00:24:38 +0000 (00:24 +0000)]
Free up BIO properly when using streaming S/MIME sign.

20 years agoRemove BN_CTX debug from debug-steve
Dr. Stephen Henson [Thu, 25 Mar 2004 23:32:06 +0000 (23:32 +0000)]
Remove BN_CTX debug from debug-steve

20 years agoSSL_COMP_get_compression_method is a typo (a missing 's' at the end of
Richard Levitte [Thu, 25 Mar 2004 21:32:30 +0000 (21:32 +0000)]
SSL_COMP_get_compression_method is a typo (a missing 's' at the end of
the symbol name).

20 years agoMove the definition of Win32_rename(), since the macro rename gets undefined
Richard Levitte [Thu, 25 Mar 2004 20:09:02 +0000 (20:09 +0000)]
Move the definition of Win32_rename(), since the macro rename gets undefined
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853

20 years agoMove the definition of Win32_rename(), since the macro rename gets undefined
Richard Levitte [Thu, 25 Mar 2004 20:09:00 +0000 (20:09 +0000)]
Move the definition of Win32_rename(), since the macro rename gets undefined
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853

20 years agoWrap code starting with a definition.
Richard Levitte [Thu, 25 Mar 2004 20:01:08 +0000 (20:01 +0000)]
Wrap code starting with a definition.
PR: 854

20 years agoWrap code starting with a definition.
Richard Levitte [Thu, 25 Mar 2004 20:01:01 +0000 (20:01 +0000)]
Wrap code starting with a definition.
PR: 854

20 years agoChange spaces to symbols in names.
Richard Levitte [Thu, 25 Mar 2004 19:52:36 +0000 (19:52 +0000)]
Change spaces to symbols in names.
PR: 856

20 years agoChange spaces to symbols in names.
Richard Levitte [Thu, 25 Mar 2004 19:52:34 +0000 (19:52 +0000)]
Change spaces to symbols in names.
PR: 856

20 years agoMake prototypes for some callback pointers.
Richard Levitte [Thu, 25 Mar 2004 16:21:42 +0000 (16:21 +0000)]
Make prototypes for some callback pointers.

20 years agoA couple more cases where RAND_add() gets an integer instead of a
Richard Levitte [Thu, 25 Mar 2004 16:04:02 +0000 (16:04 +0000)]
A couple more cases where RAND_add() gets an integer instead of a
doule as last argument.

20 years agoRAND_add() wants a double as it's last argument.
Richard Levitte [Thu, 25 Mar 2004 15:52:43 +0000 (15:52 +0000)]
RAND_add() wants a double as it's last argument.

20 years agoFix loads of warnings in policy code.
Dr. Stephen Henson [Thu, 25 Mar 2004 13:45:58 +0000 (13:45 +0000)]
Fix loads of warnings in policy code.

I'll remember to try to compile this with warnings enabled next time :-)

20 years agoFix ASN1 warnings.
Dr. Stephen Henson [Thu, 25 Mar 2004 13:37:02 +0000 (13:37 +0000)]
Fix ASN1 warnings.

20 years agoAdjust various bignum functions to use BN_CTX for variables instead of
Geoff Thorpe [Thu, 25 Mar 2004 04:32:24 +0000 (04:32 +0000)]
Adjust various bignum functions to use BN_CTX for variables instead of
locally initialising their own.

NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near
future.

20 years agoReplace the BN_CTX implementation with my current work. I'm leaving the
Geoff Thorpe [Thu, 25 Mar 2004 04:16:14 +0000 (04:16 +0000)]
Replace the BN_CTX implementation with my current work. I'm leaving the
little TODO list in there as well as the debugging code (only enabled if
BN_CTX_DEBUG is defined).

I'd appreciate as much review and testing as can be spared for this. I'll
commit some changes to other parts of the bignum code shortly to make
better use of this implementation (no more fixed size limitations). Note
also that under identical optimisations, I'm seeing a noticable speed
increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
systems would also be most welcome.

20 years agoAdds warnings about two curves and fixes the "seed" value for two other
Geoff Thorpe [Thu, 25 Mar 2004 03:03:52 +0000 (03:03 +0000)]
Adds warnings about two curves and fixes the "seed" value for two other
curves.

Submitted by: Nils Larsch

20 years ago... and this should likewise fix up those RSA implementations that weren't
Geoff Thorpe [Thu, 25 Mar 2004 02:55:17 +0000 (02:55 +0000)]
... and this should likewise fix up those RSA implementations that weren't
already built and tested.

20 years agoBy adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
Geoff Thorpe [Thu, 25 Mar 2004 02:52:04 +0000 (02:52 +0000)]
By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.

This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.

20 years agoDamn, I was a bit hasty with my fix and hadn't spotted the linker
Geoff Thorpe [Thu, 25 Mar 2004 02:41:35 +0000 (02:41 +0000)]
Damn, I was a bit hasty with my fix and hadn't spotted the linker
dependency from asn1.

20 years agoRemove some warnings.
Geoff Thorpe [Thu, 25 Mar 2004 02:24:38 +0000 (02:24 +0000)]
Remove some warnings.

20 years agoProtect against gcc's "warning: cast does not match function type".
Geoff Thorpe [Thu, 25 Mar 2004 02:19:42 +0000 (02:19 +0000)]
Protect against gcc's "warning: cast does not match function type".

20 years agoMake S/MIME encrypt work again.
Dr. Stephen Henson [Thu, 25 Mar 2004 00:58:59 +0000 (00:58 +0000)]
Make S/MIME encrypt work again.

20 years agoMake S/MIME encrypt work again.
Dr. Stephen Henson [Thu, 25 Mar 2004 00:57:23 +0000 (00:57 +0000)]
Make S/MIME encrypt work again.

20 years agoDon't define fd for platforms that do not use it, as some may not declare fileno...
Richard Levitte [Wed, 24 Mar 2004 10:55:50 +0000 (10:55 +0000)]
Don't define fd for platforms that do not use it, as some may not declare fileno() properly

20 years agoDon't define fd for platforms that do not use it, as some may not declare fileno...
Richard Levitte [Wed, 24 Mar 2004 10:55:48 +0000 (10:55 +0000)]
Don't define fd for platforms that do not use it, as some may not declare fileno() properly

20 years agoCorrect constness problems.
Richard Levitte [Wed, 24 Mar 2004 10:50:42 +0000 (10:50 +0000)]
Correct constness problems.

20 years agoMake it easier to buld test applications...
Richard Levitte [Wed, 24 Mar 2004 10:50:25 +0000 (10:50 +0000)]
Make it easier to buld test applications...

20 years agoOnly build the PKCS#7 test applications if "pkcs7" is present in
Richard Levitte [Wed, 24 Mar 2004 10:48:50 +0000 (10:48 +0000)]
Only build the PKCS#7 test applications if "pkcs7" is present in
SDIRS.

20 years agoAdd store.h among the exported headers on VMS.
Richard Levitte [Wed, 24 Mar 2004 09:52:16 +0000 (09:52 +0000)]
Add store.h among the exported headers on VMS.

20 years agoo_str.h isn't a public header file, so make sure it will still be
Richard Levitte [Wed, 24 Mar 2004 09:43:03 +0000 (09:43 +0000)]
o_str.h isn't a public header file, so make sure it will still be
included.

20 years agoo_str.h isn't a public header file.
Richard Levitte [Wed, 24 Mar 2004 09:41:33 +0000 (09:41 +0000)]
o_str.h isn't a public header file.

20 years agoTypo...
Richard Levitte [Wed, 24 Mar 2004 09:40:59 +0000 (09:40 +0000)]
Typo...

20 years agoMake sure toupper() is properly declared.
Richard Levitte [Wed, 24 Mar 2004 09:40:23 +0000 (09:40 +0000)]
Make sure toupper() is properly declared.

20 years agoMake it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa)
Richard Levitte [Tue, 23 Mar 2004 21:01:42 +0000 (21:01 +0000)]
Make it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa)

20 years agoMake it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa)
Richard Levitte [Tue, 23 Mar 2004 21:01:34 +0000 (21:01 +0000)]
Make it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa)

20 years agomake update
Richard Levitte [Tue, 23 Mar 2004 17:52:25 +0000 (17:52 +0000)]
make update

20 years agomake update
Richard Levitte [Tue, 23 Mar 2004 15:31:30 +0000 (15:31 +0000)]
make update

20 years agoMakefile.ssl is no more. We generate Makefile directly.
Richard Levitte [Tue, 23 Mar 2004 15:28:21 +0000 (15:28 +0000)]
Makefile.ssl is no more.  We generate Makefile directly.

20 years agoIt's a mistake to commit the generated Makefile
Richard Levitte [Tue, 23 Mar 2004 15:24:31 +0000 (15:24 +0000)]
It's a mistake to commit the generated Makefile