Commit Graph

1937 Commits

Author SHA1 Message Date
Dr. Stephen Henson
c2e45f6ddf Win32 fixes:
define LLONG properly for VC++.

stop compiler complaining about signed/unsigned mismatch in apps/engine.c
2001-04-29 16:30:59 +00:00
Geoff Thorpe
06cb0353e5 For some inexplicable reason, I'd (a) left the debugging irreversibly
turned on, and (b) left a somewhat curious debugging string in the output.
2001-04-27 00:31:21 +00:00
Geoff Thorpe
b41f836e5f Some fixes to the reference-counting in ENGINE code. First, there were a
few statements equivalent to "ENGINE_add(ENGINE_openssl())" etc. The inner
call to ENGINE_openssl() (as with other functions like it) orphans a
structural reference count. Second, the ENGINE_cleanup() function also
needs to clean up the functional reference counts held internally as the
list of "defaults" (ie. as used when RSA_new() requires an appropriate
ENGINE reference). So ENGINE_clear_defaults() was created and is called
from within ENGINE_cleanup(). Third, some of the existing code was
logically broken in its treatment of reference counts and locking (my
fault), so the necessary bits have been restructured and tidied up.

To test this stuff, compiling with ENGINE_REF_COUNT_DEBUG will cause every
reference count change (both structural and functional) to log a message to
'stderr'. Using with "openssl engine" for example shows this in action
quite well as the 'engine' sub-command cleans up after itself properly.

Also replaced some spaces with tabs.
2001-04-26 23:04:30 +00:00
Geoff Thorpe
0ce5f3e4f5 This adds 2 things to the ENGINE code.
* "ex_data" - a CRYPTO_EX_DATA structure in the ENGINE structure itself
   that allows an ENGINE to store its own information there rather than in
   global variables. It follows the declarations and implementations used
   in RSA code, for better or worse. However there's a problem when storing
   state with ENGINEs because, unlike related structure types in OpenSSL,
   there is no ENGINE-vs-ENGINE_METHOD separation. Because of what ENGINE
   is, it has method pointers as its structure elements ...  which leads
   to;

 * ENGINE_FLAGS_BY_ID_COPY - if an ENGINE should not be used just as a
   reference to an "implementation" (eg. to get to a hardware device), but
   should also be able to maintain state, then this flag can be set by the
   ENGINE implementation. The result is that any call to ENGINE_by_id()
   will not result in the existing ENGINE being returned (with its
   structural reference count incremented) but instead a new copy of the
   ENGINE will be returned that can maintain its own state independantly of
   any other copies returned in the past or future. Eg. key-generation
   might involve a series of ENGINE-specific control commands to set
   algorithms, sizes, module-keys, ids, ACLs, etc. A final command could
   generate the key. An ENGINE doing this would *have* to declare
   ENGINE_FLAGS_BY_ID_COPY so that the state of that process can be
   maintained "per-handle" and unaffected by other code having a reference
   to the same ENGINE structure.
2001-04-26 19:35:44 +00:00
Richard Levitte
a679116f6f Provide the possibility to clean up internal ENGINE structures. This
takes care of what would otherwise be seen as a memory leak.
2001-04-26 16:07:08 +00:00
Richard Levitte
3988bb34aa gcc warns when certain values of an enumeration aren't taken care of,
unless there's a default clause.
2001-04-26 15:53:42 +00:00
Richard Levitte
9e78e6c3f8 Check for OPENSSL_NO_RSA, OPENSSL_NO_DSA and OPENSSL_NO_DH and disable
appropriate code if any of them is defined.
2001-04-26 15:45:12 +00:00
Richard Levitte
3caff6092a engine.h includes all the needed header files, so don't do it again
here.
2001-04-26 15:04:22 +00:00
Richard Levitte
91dc71f98d User OPENSSL_UNISTD instead of <unistd.h>.
Spotted by Mark Crispin <MRC@Panda.COM>
2001-04-26 08:26:18 +00:00
Geoff Thorpe
b7b6c047ca This change to the "dl", "dlfcn", and "win32" DSO_METHODs adds the filename
or symbol name to the error stack in the event a load or bind operation
failed.
2001-04-25 22:40:55 +00:00
Dr. Stephen Henson
c962479bdf Fix ASN1 bug when decoding OTHER type.
Various S/MIME DSA related fixes.
2001-04-21 12:06:01 +00:00
Richard Levitte
0cd5866726 VMS was behind when it comes to OCSP. 2001-04-20 12:37:14 +00:00
Geoff Thorpe
e2f3ae1252 Some more tweaks to ENGINE code.
This change adds some basic control commands to the existing ENGINEs
(except the software 'openssl' engine). All these engines currently load
shared-libraries for hardware APIs, so they've all been given "SO_PATH"
commands that will configure the chosen ENGINE to load its shared library
from the given path. Eg. by calling;
    ENGINE_ctrl_cmd_string(e, "SO_PATH", <path>, 0).

The nCipher 'chil' ENGINE has also had "FORK_CHECK" and "THREAD_LOCKING"
commands added so these settings could be handled via application-level
configuration rather than in application source code.

Changes to "openssl engine" to test and examine these control commands will
be made shortly. It will also provide the necessary tips to application
programs wanting to support these dynamic control commands.
2001-04-19 01:45:40 +00:00
Geoff Thorpe
40fcda292f Some BIG tweaks to ENGINE code.
This change adds some new functionality to the ENGINE code and API to
make it possible for ENGINEs to describe and implement their own control
commands that can be interrogated and used by calling applications at
run-time. The source code includes numerous comments explaining how it all
works and some of the finer details. But basically, an ENGINE will normally
declare an array of ENGINE_CMD_DEFN entries in its ENGINE - and the various
new ENGINE_CTRL_*** command types take care of iterating through this list
of definitions, converting command numbers to names, command names to
numbers, getting descriptions, getting input flags, etc. These
administrative commands are handled directly in the base ENGINE code rather
than in each ENGINE's ctrl() handler, unless they specify the
ENGINE_FLAGS_MANUAL_CMD_CTRL flag (ie. if they're doing something clever or
dynamic with the command definitions).

There is also a new function, ENGINE_cmd_is_executable(), that will
determine if an ENGINE control command is of an "executable" type that
can be used in another new function, ENGINE_ctrl_cmd_string(). If not, the
control command is not supposed to be exposed out to user/config level
access - eg. it could involve the exchange of binary data, returning
results to calling code, etc etc. If the command is executable then
ENGINE_ctrl_cmd_string() can be called using a name/arg string pair. The
control command's input flags will be used to determine necessary
conversions before the control command is called, and commands of this
form will always return zero or one (failure or success, respectively).
This is set up so that arbitrary applications can support control commands
in a consistent way so that tweaking particular ENGINE behaviour is
specific to the ENGINE and the host environment, and independant of the
application or OpenSSL.

Some code demonstrating this stuff in action will applied shortly to the
various ENGINE implementations, as well as "openssl engine" support for
executing arbitrary control commands before and/or after initialising
various ENGINEs.
2001-04-19 00:41:55 +00:00
Geoff Thorpe
59bc3126c5 Some more tweaks to ENGINE code.
The existing ENGINEs (including the default 'openssl' software engine) were
static, declared inside the source file for each engine implementation. The
reason this was not going boom was that all the ENGINEs had reference
counts that never hit zero (once linked into the internal list, each would
always have at least 1 lasting structural reference).

To fix this so it will stay standing when an "unload" function is added to
match ENGINE_load_builtin_engines(), the "constructor" functions for each
ENGINE implementation have been changed to dynamically allocate and
construct their own ENGINEs using API functions. The other benefit of this
is that no ENGINE implementation has to include the internal "engine_int.h"
header file any more.
2001-04-18 21:46:00 +00:00
Bodo Möller
6e6d04e29a fix md_rand.c locking bugs 2001-04-18 15:07:35 +00:00
Geoff Thorpe
48ff225300 Make the shared library name and function symbol for the "nuron" ENGINE
static data where they could be parameterised by ctrl() commands.
2001-04-18 04:47:01 +00:00
Geoff Thorpe
a4a9d97a3e Some more tweaks from ENGINE code.
Previously RAND_get_rand_method was returning a non-const pointer, but it
should be const. As with all other such cases, METHOD pointers are stored and
returned as "const". The only methods one should be able to alter are methods
"local" to the relevant code, in which case a non-const handle to the methods
should already exist.

This change has been forced by the constifying of the ENGINE code (before
which RAND_METHOD was the only method pointer in an ENGINE structure that was
not constant).
2001-04-18 04:18:16 +00:00
Geoff Thorpe
404f952aa3 Some more tweaks to ENGINE code.
ENGINE handler functions should take the ENGINE structure as a parameter -
this is because ENGINE structures can be copied, and like other
structure/method setups in OpenSSL, it should be possible for init(),
finish(), ctrl(), etc to adjust state inside the ENGINE structures rather
than globally. This commit includes the dependant changes in the ENGINE
implementations.
2001-04-18 03:57:05 +00:00
Geoff Thorpe
dcd87618ab Some more tweaks to ENGINE code.
Previous changes permanently removed the commented-out old code for where
it was possible to create and use an ENGINE statically, and this code gets
rid of the ENGINE_FLAGS_MALLOCED flag that supported the distinction with
dynamically allocated ENGINEs. It also moves the area for ENGINE_FLAGS_***
values from engine_int.h to engine.h - because it should be possible to
declare ENGINEs just from declarations in exported headers.
2001-04-18 03:03:16 +00:00
Geoff Thorpe
d54bf14559 Some more tweaks to ENGINE code.
* Constify the get/set functions, and add some that functions were missing.

* Add a new 'ENGINE_cpy()' function that will produce a new ENGINE based
  copied from an original (except for the references, ie. the new copy will
  be like an ENGINE returned from 'ENGINE_new()' - a structural reference).

* Removed the "null parameter" checking in the get/set functions - it is
  legitimate to set NULL values as a way of *changing* an ENGINE (ie.
  removing a handler that previously existed). Also, passing a NULL pointer
  for an ENGINE is obviously wrong for these functions, so don't bother
  checking for it. The result is a number of error codes and strings could
  be removed.
2001-04-18 02:01:36 +00:00
Geoff Thorpe
ea3a429efe Structural references should never be decremented directly - so leave that
to ENGINE_free(). Also, remove "#if 0" code that has no useful future.
2001-04-18 01:07:28 +00:00
Geoff Thorpe
e3f1223fe4 This moves string constants out of vendor headers and into C files. 2001-04-18 00:43:23 +00:00
Geoff Thorpe
7ef6e3fe2f 'make update' 2001-04-17 23:53:58 +00:00
Ben Laurie
4f19a0672b Fix warning. 2001-04-16 03:00:57 +00:00
Lutz Jänicke
854e076df8 Constify (Jason Molenda <jason@molenda.com>) 2001-04-14 14:50:02 +00:00
Richard Levitte
c9fd77e9dd Make it possible to move the emailAddress object to the subjectAltName
extension instead of just copying it.  That makes a certificate comply
even more with PKIX recommendations according to RFC 2459.
2001-04-11 12:55:06 +00:00
Bodo Möller
1f224bf029 Adjust BN_mod_inverse algorithm selection according to experiments on
Ultra-Sparcs (both 32-bit and 64-bit compilations)
2001-04-09 09:28:24 +00:00
Bodo Möller
ac0f1d0b14 comment 2001-04-08 18:47:23 +00:00
Bodo Möller
124d8cf701 code documentation 2001-04-08 18:41:35 +00:00
Bodo Möller
7d0d0996aa binary algorithm for modular inversion 2001-04-08 18:23:44 +00:00
Richard Levitte
77dd9c1850 Add the possibility to have AES removed in Windows as well.
Spotted by Harald Koch <chk@pobox.com>
2001-04-08 04:35:58 +00:00
Bodo Möller
83d968df60 Don't use 'tt' uninitialized when reporting an error
(we don't have an ASN1_TEMPLATE to complain about at this stage,
so  errtt == NULL  should be OK)
2001-04-05 11:40:16 +00:00
Richard Levitte
4ac881ede3 Fix couple of memory leaks in PKCS7_dataDecode().
(provided by Stephen)
2001-04-05 10:19:12 +00:00
Richard Levitte
26c7750827 Since vms.mar handles 32-bit integers, do not use it on Alpha, that's
just a slowdown.
2001-04-04 13:52:56 +00:00
Bodo Möller
413a4a0461 Fix warnings. 2001-04-03 14:03:47 +00:00
Bodo Möller
a95d2c5133 Make sure OPENSSL_SYS_... is defined when we need it. 2001-04-03 14:03:19 +00:00
Richard Levitte
4e2a08ddd4 Plug a memory leak. Spotted by "Shijin" <shijin@comex.com> 2001-04-03 09:42:36 +00:00
Richard Levitte
e56b54a376 libfisdef.h and LIB do not exist on older VMS versions 2001-04-03 08:31:39 +00:00
Geoff Thorpe
69443d0da0 ENGINE_load_[private|public]_key had error handling that could return
without releasing a lock. This is the same fix as applied to
OpenSSL-engine-0_9_6-stable, minus the ENGINE_ctrl() change - the HEAD
already had that fixed.
2001-04-02 17:47:16 +00:00
Geoff Thorpe
e4dc18d7e5 Actually there were two error cases that could return without releasing the
lock - stupidly, my last change addressed only one of them.
2001-04-02 17:21:36 +00:00
Geoff Thorpe
3f86a2b147 Don't return an error until the global lock is released. 2001-04-02 17:06:36 +00:00
Dr. Stephen Henson
722ca2781c Rewrite CHOICE field setting code to properly handle
combine in CHOICE options.

This was causing d2i_DSAPublicKey() to misbehave.
2001-04-02 00:59:19 +00:00
Richard Levitte
9946491fcc Complete the des_encrypt to des_encrypt1 rename in the main
development line as well.
2001-03-30 07:26:54 +00:00
Richard Levitte
ae6dfff5bf One des_encrypt to des_encrypt1 I forgot to commit... 2001-03-29 20:30:23 +00:00
Richard Levitte
080b8cadfa Since there has been reports of clashes between OpenSSL's
des_encrypt() and des_encrypt() defined on some systems (Solaris and
Unixware and maybe others), we rename des_encrypt() to des_encrypt1().
This should have very little impact on external software unless
someone has written a mode of DES, since that's all des_encrypt() is
meant for.
2001-03-29 07:45:37 +00:00
Ulf Möller
7d7672f119 check CRT 2001-03-28 05:10:38 +00:00
Ulf Möller
6a5b52efa0 check CRT 2001-03-28 04:56:58 +00:00
Andy Polyakov
500230ee94 The IRIX fix. Asm recap and corresponding declation.
Submitted by:
Reviewed by:
PR:
2001-03-27 22:30:46 +00:00
Richard Levitte
347177e052 Include bn.h so we get BN_LLONG properly defined. Otherwise, we can forget things like %lld 2001-03-27 18:34:04 +00:00
Richard Levitte
812cb5638c make update 2001-03-24 12:39:59 +00:00
Richard Levitte
5238fccc15 Use stdlib.h to get size_t. 2001-03-21 18:43:12 +00:00
Richard Levitte
8a2908a24a Since they aren't implemented yet, EC_GFp_{recp,nist}_method() need to
be "#if 0"'d, or they will (re)appear as existing functions in
util/libeay.num.
2001-03-21 12:34:34 +00:00
Richard Levitte
271da5a2e0 avoid linking problems when OpenSSL is built with no-dsa. Spotted by Hellan,Kim KHE <khe@kmd.dk> 2001-03-20 15:36:59 +00:00
Bodo Möller
26fbabf3d1 Increase boundaries in EC_window_bits_for_scalar_size table. 2001-03-20 11:16:12 +00:00
Bodo Möller
37cdcb4d8a Table for window sizes. 2001-03-19 22:38:24 +00:00
Richard Levitte
8bf49ea170 New cofiguration for Unixwre and SCO,with slightly better granularity. Contributed by Tim Rice <tim@multitalents.net> 2001-03-18 14:25:01 +00:00
Dr. Stephen Henson
02ee8626fb Fix PKCS#12 key generation bug. 2001-03-18 02:11:42 +00:00
Dr. Stephen Henson
535d79da63 Overhaul the display of certificate details in
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.

This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
2001-03-15 19:13:40 +00:00
Bodo Möller
4f69172d25 Completely remove mont2 stuff.
It does not appear to be faster than the current Montgomery code
except for very small moduli (somewhere between 192 and 224 bits
in a 64-bit Sun environment, and even less than 192 bits
on 32 bit systems).
2001-03-15 18:17:40 +00:00
Bodo Möller
63c43dcc59 avoid infinite loop 2001-03-15 11:31:37 +00:00
Bodo Möller
8562801137 error codes are longs, not ints 2001-03-15 11:30:55 +00:00
Bodo Möller
5d8094143e More error_data memory leaks 2001-03-15 11:30:10 +00:00
Dr. Stephen Henson
0a3ea5d34a Document the -certopt option to the x509 utility.
Add no_issuer option.

Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.
2001-03-15 01:15:54 +00:00
Bodo Möller
a5e4c0bb9e The former ULTRASPARC preprocessor symbol is now called
OPENSSL_SYSNAME_ULTRASPARC, so we'd better check for that one
2001-03-14 14:02:10 +00:00
Richard Levitte
37a92e9ce4 make update. 2001-03-13 21:47:23 +00:00
Bodo Möller
d3ee37c5d9 Use err_clear_data macro 2001-03-13 07:02:59 +00:00
Bodo Möller
f51cf14b85 fix memory leak in err.c 2001-03-12 18:07:20 +00:00
Bodo Möller
194dd04699 Rename function EC_GROUP_precompute to EC_GROUP_precompute_mult,
which indicate its purpose more clearly.
2001-03-12 07:26:23 +00:00
Bodo Möller
14f7ee4916 Add various X9.62 OIDs. (GF(2^n) mostly left out.) 2001-03-11 21:54:51 +00:00
Bodo Möller
5b054c6955 EC_METHOD based on bn_mont2 (not used in the library) 2001-03-11 17:43:07 +00:00
Bodo Möller
10654d3a74 Forcibly enable memory leak checking during "make test" 2001-03-11 14:49:46 +00:00
Bodo Möller
6017e604f8 Timings are not supposed to be enabled by default ... 2001-03-11 12:30:52 +00:00
Bodo Möller
3837491174 Add functions EC_POINT_mul and EC_GROUP_precompute.
The latter does nothing for now, but its existence means
that applications can request precomputation when appropriate.
2001-03-11 12:27:24 +00:00
Bodo Möller
86a921af06 handle negative scalars correctly when doing point multiplication 2001-03-11 08:44:50 +00:00
Bodo Möller
616df35633 use fflush 2001-03-11 08:27:11 +00:00
Bodo Möller
e44fcedadf Change timing output: We don't have "exponents" here, curves are
considered additive
2001-03-10 23:49:06 +00:00
Bodo Möller
6f8f443170 comment and error code update 2001-03-10 23:37:52 +00:00
Bodo Möller
d18af3f37e Remove files from Lenka's EC implementation. 2001-03-10 23:26:41 +00:00
Bodo Möller
48fe4d6233 More EC stuff, including EC_POINTs_mul() for simultaneous scalar
multiplication of an arbitrary number of points.
2001-03-10 23:18:35 +00:00
Dr. Stephen Henson
24a93e6cdd In crypto/ec #if 0 out structures which reference (currently)
non existent functions because this breaks shared libraries.
2001-03-10 12:37:01 +00:00
Dr. Stephen Henson
40e15f9d78 Typo. 2001-03-10 01:57:38 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Dr. Stephen Henson
1358835050 Change the EVP_somecipher() and EVP_somedigest()
functions to return constant EVP_MD and EVP_CIPHER
pointers.

Update docs.
2001-03-09 02:51:02 +00:00
Richard Levitte
754d494bef Bug fixes. 2001-03-09 01:13:23 +00:00
Bodo Möller
42909e3968 Fix ec_GFp_simple_cmp.
Use example group from Annex I of X9.62 in ectest.c.
2001-03-08 22:52:49 +00:00
Bodo Möller
156e85578d Implement EC_GFp_mont_method. 2001-03-08 20:55:16 +00:00
Bodo Möller
b28ec12420 Fixes to make 'no-ec' work (it should not turn 'objects' into 'objts' for example) 2001-03-08 19:34:14 +00:00
Bodo Möller
bb62a8b0c5 More method functions for elliptic curves,
and an ectest.c that actually tests something.
2001-03-08 19:14:52 +00:00
Richard Levitte
0e99546424 Some EC function names are really long. Make aliases for VMS on VAX. 2001-03-08 17:20:31 +00:00
Bodo Möller
ff612904d2 Comment 2001-03-08 16:53:30 +00:00
Ulf Möller
429cf462d0 old MSVC versions don't have rdtsc
use _emit instead

Pointed out by Jeremy Cooper <jeremy@baymoo.org>
2001-03-08 16:46:23 +00:00
Bodo Möller
c62b26fdc6 Hide BN_CTX structure details.
Incease the number of BIGNUMs in a BN_CTX.
2001-03-08 15:56:15 +00:00
Richard Levitte
e0a9ba9c3c VMS catches up on the EC modifications. 2001-03-08 14:40:20 +00:00
Dr. Stephen Henson
2dc769a1c1 Make EVP_Digest*() routines return a value.
TODO: update docs, and make soe other routines
which use EVP_Digest*() check return codes.
2001-03-08 14:04:22 +00:00
Bodo Möller
4f98cbabde avoid compiler warning 2001-03-08 14:02:28 +00:00
Bodo Möller
98499135d7 Constify BN_value_one. 2001-03-08 13:58:09 +00:00
Bodo Möller
3285076c8e Integrate ec_err.[co].
"make depend"
2001-03-08 12:30:12 +00:00
Bodo Möller
de10f6900d Sort openssl.ec, the configuration file for mkerr.pl.
Change mkerr.pl so that it puts the ERR_load_..._strings()
prototype in header files that it writes.
2001-03-08 12:14:25 +00:00
Bodo Möller
adfe54b7be Integrate ectest.c (which does not yet do anything). 2001-03-08 11:59:48 +00:00
Bodo Möller
b576337e8b Order ERR_load_... calls like the stuff in err.h. 2001-03-08 11:59:03 +00:00
Bodo Möller
4de633dd5f Get rid of '#define ERR_file_name __FILE__', which is unnecessary indirection.
(It cannot possibly help to avoid duplicate 'name of file' strings
in object files because the preprocessor does not work at object file
level.)
2001-03-08 11:45:44 +00:00
Bodo Möller
91f29a38a0 Let EC_POINT_copy do nothing if dest==src 2001-03-08 11:18:06 +00:00
Bodo Möller
1d5bd6cf71 More 'TODO' items. 2001-03-08 11:16:33 +00:00
Bodo Möller
226cc7ded4 More method functions for EC_GFp_simple_method. 2001-03-08 01:23:28 +00:00
Bodo Möller
e869d4bd32 More method functions. 2001-03-07 20:56:48 +00:00
Bodo Möller
60428dbf0a Some actual method functions (not enough yet to use the EC library, though),
including EC arithmetics derived from Lenka Fibikova's code (with some
additional optimizations).
2001-03-07 19:54:35 +00:00
Richard Levitte
70d70a3c81 Code for better build under Darwin (MacOS X).
Submitted by Brad Dominy <jdominy@darwinuser.org>
2001-03-07 10:04:00 +00:00
Bodo Möller
f1f25544e0 ..._init functions are method-specific too
(they can't do much useful, but they will have to set pointers
to NULL)
2001-03-07 09:53:41 +00:00
Bodo Möller
2e0db07627 Optimized EC_METHODs need specific 'set_curve' and 'free' functions. 2001-03-07 09:48:38 +00:00
Bodo Möller
58fc62296f The next bunch of vaporware. 2001-03-07 09:29:45 +00:00
Bodo Möller
df9cc1535e extra_data 'mixin'.
(This will be used for Lim/Lee precomputation data.)
2001-03-07 09:03:32 +00:00
Bodo Möller
c4b36ff474 Oops ... 2001-03-07 01:41:20 +00:00
Bodo Möller
f418f8c17c In clear_free, clear the complete structure just in case
the method misses something.
2001-03-07 01:37:54 +00:00
Bodo Möller
5277d7cb7c Fix ERR_R_... problems. 2001-03-07 01:19:07 +00:00
Bodo Möller
0657bf9c14 Implement dispatcher for EC_GROUP and EC_POINT method functions.
Initial EC_GROUP_new_curve_GFp implementation.
2001-03-07 01:17:05 +00:00
Bodo Möller
5b438e9b0f Add a few 'const's 2001-03-06 22:30:03 +00:00
Bodo Möller
1d00800e88 Change obj_... generation so that it does not generate rubbish or
abort with errors if no name is defined for some object, which was the
case for 'pilotAttributeType 27'.

Also avoid this very situation by assigning the name
'pilotAttributeType27'.
2001-03-06 08:58:38 +00:00
Bodo Möller
774530f412 'is_at_infinity' tests don't need a BN_CTX. 2001-03-06 08:55:33 +00:00
Bodo Möller
fb171e534e New function declarations. 2001-03-06 07:01:51 +00:00
Bodo Möller
7d7db13e67 Add BN_CTX arguments where appropriate.
Rename 'EC_GROUP_set'-related functions to names similar to 'EC_GROUP_set_curve'
because they don't care about the generator.

Add new functions.
2001-03-06 06:20:20 +00:00
Bodo Möller
24b8dc9a55 Add EC_GROUP_new_GFp prototype. 2001-03-05 22:29:57 +00:00
Bodo Möller
d8c79c7f72 Change comments. 2001-03-05 21:59:03 +00:00
Bodo Möller
3a12ce0137 Some declarations that outline what I intend to implement. 2001-03-05 21:54:39 +00:00
Richard Levitte
9bd35f6376 Update the VMS build scripts for EC 2001-03-05 21:17:08 +00:00
Bodo Möller
62763f682b Another file I had forgotten to add. 2001-03-05 20:32:41 +00:00
Bodo Möller
38e3c5815c Add yet another (still empty) source code file that I forgot. 2001-03-05 20:31:49 +00:00
Bodo Möller
f8fe20e0d9 Add more EC vaporware (empty source code files I missed in my
previous commit).
2001-03-05 20:14:00 +00:00
Bodo Möller
65e8167079 Move ec.h to ec2.h because it is not compatible with what we will use.
Add EC vaporware: change relevant Makefiles and add some empty source
files.

"make update".
2001-03-05 20:13:37 +00:00
Bodo Möller
bad4058574 New option '-subj arg' for 'openssl req' and 'openssl ca'. This
sets the subject name for a new request or supersedes the
subject name in a given request.

Add options '-batch' and '-verbose' to 'openssl req'.

Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller
2001-03-05 11:09:43 +00:00
Bodo Möller
786e0c2424 EC_set_half and the 'h' component of struct bn_ec_struct are unnecessary.
The computations for which h was used can be done more efficiently
by using BN_rshift1.
2001-03-03 15:31:34 +00:00
Richard Levitte
f3a3106807 Spelling corrected. 2001-03-02 10:57:54 +00:00
Richard Levitte
62dc5aad06 Introduce the possibility to access global variables through
functions on platform were that's the best way to handle exporting
global variables in shared libraries.  To enable this functionality,
one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
"OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
is normally done by Configure or something similar).

To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
in the source file (foo.c) like this:

	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
	OPENSSL_IMPLEMENT_GLOBAL(double,bar);

To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:

	OPENSSL_DECLARE_GLOBAL(int,foo);
	#define foo OPENSSL_GLOBAL_REF(foo)
	OPENSSL_DECLARE_GLOBAL(double,bar);
	#define bar OPENSSL_GLOBAL_REF(bar)

The #defines are very important, and therefore so is including the
header file everywere where the defined globals are used.

The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
of ASN.1 items, but that structure is a bt different.

The largest change is in util/mkdef.pl which has been enhanced with
better and easier to understand logic to choose which symbols should
go into the Windows .def files as well as a number of fixes and code
cleanup (among others, algorithm keywords are now sorted
lexicographically to avoid constant rewrites).
2001-03-02 10:38:19 +00:00
Dr. Stephen Henson
f23478c314 Fix bug in copy_email() which would not
find emailAddress at start of subject name.
2001-03-01 13:32:11 +00:00
Dr. Stephen Henson
3d2e469cfa Fix a bug which caused BN_div to produce the
wrong result if rm==num and num < 0.
2001-02-28 00:51:48 +00:00
Ulf Möller
bf401a2aef %f conversion bug fix
Submitted by: Henrik Eriksson <henrik.eriksson@axis.com>
2001-02-27 23:59:18 +00:00
Dr. Stephen Henson
d7bbd31efe Typo in comment. 2001-02-26 23:34:14 +00:00
Dr. Stephen Henson
fafc7f9875 Enhance OCSP_request_verify() so it finds the signers certificate
properly and supports several flags.
2001-02-26 14:17:58 +00:00
Richard Levitte
d88a26c489 make update
Note that all *_it variables are suddenly non-existant according to
libeay.num.  This is a bug that will be corrected.  Please be patient.
2001-02-26 10:54:08 +00:00
Richard Levitte
64b48877fa Add the CCITT pilot directory OIDs. 2001-02-26 10:27:41 +00:00
Dr. Stephen Henson
b31cc2d9f7 Trap an invalid ASN1_ITEM construction and print out
the errant field for more ASN1 error conditions.
2001-02-25 14:11:31 +00:00
Dr. Stephen Henson
f196522159 New function and options to check OCSP response validity. 2001-02-24 13:50:06 +00:00
Dr. Stephen Henson
4ff18c8c3e Print out OID of unknown signature or public key
algorithms.
2001-02-24 01:42:21 +00:00
Dr. Stephen Henson
db4a465974 Stop PKCS7_verify() core dumping with unknown public
key algorithms and leaking if the signature verify
fails.
2001-02-24 01:38:56 +00:00
Dr. Stephen Henson
d7c06e9ec7 Make OCSP cert id code tolerate a missing issuer certificate
or serial number.
2001-02-23 13:04:24 +00:00
Dr. Stephen Henson
d339187b1a Get rid of ASN1_ITEM_FUNCTIONS dummy function
prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;
2001-02-23 12:47:06 +00:00
Richard Levitte
61fca8b69b make depend. 2001-02-23 11:57:35 +00:00
Dr. Stephen Henson
bb5ea36b96 Initial support for ASN1_ITEM_FUNCTION option to
change the way ASN1 modules are exported.

Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
2001-02-23 03:16:09 +00:00
Richard Levitte
48bf4aae24 Define the right macro for Linux and other GNU-based systems to get a correct declaration of strdup() 2001-02-22 18:03:30 +00:00
Richard Levitte
6231576088 e_os.h defines Getenv() 2001-02-22 17:59:55 +00:00
Richard Levitte
4270144b39 CONF_METHOD is one of the few places where you find MS_FAR. I can't
really see why we need to define these function pointers with MS_FAR
if it's not done cosistently everywhere.

If we decide to support MS_FAR modifiers, it's better to have the
named something more unique for OpenSSL and to define them in e_os2.h.
2001-02-22 17:41:15 +00:00
Bodo Möller
a2cf08cc23 undo previous change: "e_os.h" is now the official name for the file
to include (but the OpenSSL_0_9_6-stable branche still has
inconsistencies)
2001-02-22 15:08:30 +00:00
Bodo Möller
d3a73875e2 include e_os.h as "openssl/e_os.h" (as elsewhere) 2001-02-22 14:58:38 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
627774fd87 Since RAND_file_name() uses strlen, make sure the number that's
compared to it has the type size_t.  Included the needed headers to
make that happen.
2001-02-22 14:40:15 +00:00
Richard Levitte
a5bc1e8568 Use e_os2.h rather than opensslconf.h, since some needed macros are
defined there.
2001-02-22 14:37:50 +00:00
Richard Levitte
c38171ba1f Exported header files should not include e_os.h. 2001-02-22 14:27:22 +00:00
Richard Levitte
bb3ee8e75d Since opensslconf.h might be included over and over, undefine
OPENSSL_UNISTD before redefining it, to avoid compiler warnings.
2001-02-22 14:24:50 +00:00
Richard Levitte
32654e792b One indirection level too little compared to the
pre-CRYPTO_MEM_LEAK_CB time.
2001-02-22 14:23:44 +00:00
Richard Levitte
e3ef8d2e6b Since SSL_add_dir_cert_subjects_to_stack isn't impemented on VMS,
there's no point creating an alias for it.
2001-02-22 13:22:20 +00:00
Dr. Stephen Henson
72e3c20c14 Rebuild ASN1 error codes to remove unused function and reason codes. 2001-02-22 00:39:06 +00:00
Geoff Thorpe
47ddf355b4 'make update' 2001-02-21 17:43:52 +00:00
Richard Levitte
35618bf6ad strdup() is a X/Open extension. 2001-02-20 20:00:30 +00:00
Richard Levitte
460fe31f0c With later version of DEC C on VMS, some functions (strcmp(), for
example) are declared with some extra linkage information.  This
generates a warning when using the function name as a value to a
regular function pointer with the "correct" definition of the
function.  Therefore, use a macro to cast the appropriate function on
VMS.
2001-02-20 19:13:46 +00:00
Richard Levitte
14565bedaf Some functions, like strdup() and strcasecmp(), are defined in
strings.h according to X/Open.
2001-02-20 19:05:59 +00:00
Richard Levitte
38f3b3e29c OpenVMS catches up. 2001-02-20 17:14:30 +00:00
Geoff Thorpe
4dc719fc37 The callbacks in the NAME_FUNCS structure are not used directly as LHASH
callbacks, and their prototypes were consistent as they were. These casts
need reversing.

Also, I personally find line breaks during parameter lists (ie a line
ending in a comma) easier to read at a glance than line breaks at the end
of a function call and before a dereference on the return value (ie a line
ending in a closed-bracket followed by a line starting with "->").
2001-02-20 16:31:15 +00:00
Ulf Möller
48f2ef8d00 make it a loop as in dsa 2001-02-20 16:17:25 +00:00
Richard Levitte
b8feddae71 Get the right cast for lhash callback functions. 2001-02-20 14:00:29 +00:00
Richard Levitte
a9daa46758 Include string.h so mem*() functions get properly declared. 2001-02-20 13:41:11 +00:00
Richard Levitte
a9aa3d580c A new bunch of too long symbols to hack.
OCSP_CRLID_new and OCSP_crlID_new clash on case-insensitive systems.
2001-02-20 13:26:00 +00:00
Richard Levitte
56a6ccc84f DEC C on VMS is pedantic by definition. 2001-02-20 13:24:23 +00:00
Richard Levitte
03c4d82fa1 Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS
get a chance to be defined.
Make a batter file name translator (uhm, no, that's not the finished
variant :-)).
2001-02-20 13:23:42 +00:00
Richard Levitte
7ab1a39181 Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS
get a chance to be defined.
2001-02-20 13:22:35 +00:00
Richard Levitte
6525ced540 Let VMS catch up. 2001-02-20 13:10:14 +00:00
Richard Levitte
e28e42a549 Use sk_*_new_null() instead of sk_*_new(NULL). That avoids getting
lots of silly warnings from the compiler.
2001-02-20 13:06:10 +00:00
Richard Levitte
d8770f3ece Include string.h so mem* functions get properly declared. 2001-02-20 12:51:56 +00:00
Richard Levitte
4981372d03 Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS
get a chance to be defined.
2001-02-20 12:44:46 +00:00
Richard Levitte
3ebac273f5 Include string.h so mem* functions get properly declared. 2001-02-20 12:43:11 +00:00
Richard Levitte
5af18f65f4 Use 0 instead of NULL, at least for function casts, since there are
variants of stdio.h that define NULL in such a way that it's "unsafe"
to use for function pointer casting.
2001-02-20 12:40:42 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Bodo Möller
f2bc668429 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
2001-02-20 08:10:38 +00:00
Richard Levitte
8120813066 Use new-style system-id macros. 2001-02-20 07:43:22 +00:00
Ulf Möller
12c2fe8d53 Use BN_rand_range(). 2001-02-20 00:43:59 +00:00
Ulf Möller
335c4f0966 BN_rand_range() needs a BN_rand() variant that doesn't set the MSB. 2001-02-20 00:23:07 +00:00
Richard Levitte
4901b41653 Make sure time() is properly declared. 2001-02-19 22:47:40 +00:00
Richard Levitte
74cd365b03 Use the new-style system-identity macros. 2001-02-19 22:04:02 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Richard Levitte
07247321c6 make update 2001-02-19 14:00:38 +00:00
Dr. Stephen Henson
acba75c59d New -set_serial options to 'req' and 'x509'.
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.

Fix typo in uid.c
2001-02-19 13:38:32 +00:00
Richard Levitte
b36c170d1b VMS follows suit. 2001-02-19 11:30:22 +00:00
Bodo Möller
934397ec66 Memory leak detection bugfixes for multi-threading. 2001-02-19 10:32:53 +00:00
Bodo Möller
0f8631495d Add uid.{c,o} 2001-02-19 10:31:04 +00:00
Dr. Stephen Henson
a6b7ffddac New options to 'ca' utility to support CRL entry extensions.
Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.
2001-02-16 01:35:44 +00:00
Dr. Stephen Henson
f2e5ca84d4 Option to disable standard block padding with EVP API.
Add -nopad option to enc command.

Update docs.
2001-02-14 02:11:52 +00:00
Ulf Möller
36fafffae2 New function OPENSSL_issetugid(). Needs more work. 2001-02-14 01:35:44 +00:00
Dr. Stephen Henson
67c1801924 New function OCSP_parse_url() and -url option for ocsp utility.
Doesn't handle SSL URLs yet.
2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946 Modify OCSP nonce behaviour. 2001-02-12 23:28:45 +00:00
Dr. Stephen Henson
94fcd01349 Work around for libsafe "error". 2001-02-12 03:22:49 +00:00
Dr. Stephen Henson
ccb08f98ae Fix CRL printing to correctly show when there are no revoked certificates.
Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
2001-02-10 00:56:45 +00:00
Bodo Möller
e306892994 Simplify BN_rand_range 2001-02-10 00:34:02 +00:00
Lutz Jänicke
b5f6d9dc6e Fix "wierd" typo as submitted by Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>. 2001-02-09 19:03:53 +00:00
Dr. Stephen Henson
c063f2c5ec Various Win32 related fixed. Make no-krb5 work in mkdef.pl .
Fix warning in apps/engine.c

Remove definitions of deleted functions.

Add missing definition of X509_VAL.
2001-02-09 18:16:12 +00:00
Richard Levitte
c2bf70a27c The check for request including a nonce and response not having it was
inversed.  Corrected.  Hopefully, this will make it work without
dumping core.
2001-02-08 19:28:10 +00:00
Ulf Möller
a71b5abfa4 use <= instead of == 2001-02-08 17:45:32 +00:00
Ulf Möller
928cc3a6de point out that RAND_load_file() etc are only for seed files, not for
entropy devices or sockets.
2001-02-08 17:22:56 +00:00
Bodo Möller
792e2ce7f4 Another comment change. (Previous comment does not apply
for range = 11000000... or range = 100000...)
2001-02-08 12:34:08 +00:00
Bodo Möller
3952584571 Change comments. (The expected number of iterations in BN_rand_range
never exceeds 1.333...).
2001-02-08 12:27:22 +00:00
Bodo Möller
a5d2acfc79 oops -- remove observation code 2001-02-08 12:24:41 +00:00
Bodo Möller
35ed8cb8b6 Integrate my implementation of a countermeasure against
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
2001-02-08 12:14:51 +00:00
Bodo Möller
7edc5ed90a platform specific CFLAGS don't belong into this Makefile 2001-02-08 11:15:50 +00:00
Ulf Möller
57e7d3ce15 Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00
Lutz Jänicke
a8ebe4697e Modify access to EGD socket to deal with EINTR etc that can appear
during connect() and other calls. First seen on Unixware-7.

Unify access to EGD-socket for all RAND_egd_*() methods.
2001-02-07 22:13:38 +00:00
Dr. Stephen Henson
deb2c1a1c5 Fix AES code.
Update Rijndael source to v3.0

Add AES OIDs.

Change most references of Rijndael to AES.

Add new draft AES ciphersuites.
2001-02-07 18:15:18 +00:00
Ben Laurie
259810e05b Rijdael CBC mode and partial undebugged SSL support. 2001-02-06 14:09:13 +00:00
Bodo Möller
9eea2be6f1 Avoid coredumps for CONF_get_...(NULL, ...) 2001-02-06 10:26:34 +00:00
Ulf Möller
4327aae816 format strings 2001-02-06 02:57:35 +00:00
Ulf Möller
741a9690df Fix potential buffer overrun for EBCDIC. 2001-02-06 02:54:02 +00:00
Richard Levitte
e24e40657f Fix a memory leak in BIO_get_accept_socket(). This leak was small and
only happened when the port number wasn't parsable ot the host wasn't
possible to convert to an IP address.
Contributed by Niko Baric <Niko.Baric@epost.de>
2001-02-05 09:15:09 +00:00
Bodo Möller
448361a86c Include string.h (whis is in all relevant standards) instead of
memory.h (which is not).
2001-02-05 09:07:50 +00:00
Dr. Stephen Henson
26e083ccb7 New function to copy nonce values from OCSP
request to response.
2001-02-05 00:35:06 +00:00
Ben Laurie
4978361212 Make depend. 2001-02-04 21:06:55 +00:00
Ben Laurie
1618bc7921 Can't remember why this was needed? 2001-02-04 21:02:22 +00:00
Ben Laurie
1b843d3c69 Fix a warning. 2001-02-04 21:01:32 +00:00
Dr. Stephen Henson
2b916952a8 Fix ASN1_TIME_to_generlizedtime().
Add protoype for OCSP_response_create().

Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
2001-02-04 03:04:43 +00:00
Dr. Stephen Henson
02e4fbed3d Various OCSP responder utility functions.
Delete obsolete OCSP functions.

Largely untested at present...
2001-02-03 19:20:45 +00:00
Dr. Stephen Henson
88ce56f8c1 Various function for commmon operations. 2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
664d83bb23 Tidy up the mess in bss_sock.c and bss_fd.c
by placing them socket/fd code in separate
files rather than trying to have them both
share the same one.
2001-02-02 00:31:45 +00:00
Dr. Stephen Henson
8cff6331c9 Tolerate some "variations" used in some
certificates.

One is a valid CA which has no basicConstraints
but does have certSign keyUsage.

Other is S/MIME signer with nonRepudiation but
no digitalSignature.
2001-02-01 01:57:32 +00:00
Richard Levitte
16a44ae7e9 Increase consistency of header data (some mail readers really do not
like spaces before the semicolon, and besides, other parts of this
file makes the values without those spaces), and move spacing of
continuation lines to support BIO's that break lines after each
write.
2001-01-30 13:38:59 +00:00
Bodo Möller
78f3a2aad7 Comment and indentation 2001-01-28 14:38:11 +00:00
Dr. Stephen Henson
b847024026 Make sk_sort tolearate a NULL argument. 2001-01-28 14:20:13 +00:00
Dr. Stephen Henson
50d5199120 New OCSP response verify option OCSP_TRUSTOTHER 2001-01-26 01:55:52 +00:00
Dr. Stephen Henson
a43cf9fae9 Add debugging info to new ASN1 code to trace memory leaks.
Fix PKCS7 and PKCS12 memory leaks.

Initialise encapsulated content type properly.
2001-01-24 18:39:54 +00:00
Bodo Möller
9ae9c221de Update "OAEP reconsidered" comment 2001-01-24 14:59:25 +00:00
Ulf Möller
75802000c8 There is no C version of bn_div_3_words 2001-01-23 16:26:15 +00:00
Dr. Stephen Henson
ba8e28248f Fix to stop X509_time_adj() using GeneralizedTime. 2001-01-20 13:38:45 +00:00
Dr. Stephen Henson
8e8972bb68 Fixes to various ASN1_INTEGER routines for negative case.
Enhance s2i_ASN1_INTEGER().
2001-01-19 14:21:48 +00:00
Dr. Stephen Henson
73758d435b Additional functionality in ocsp utility: print summary
of status info. Check nonce values. Option to disable
verify. Update usage message.

Rename status to string functions and make them global.
2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
e8af92fcb1 Implement remaining OCSP verify checks in
accordance with RFC2560.
2001-01-18 01:35:39 +00:00
Dr. Stephen Henson
81f169e95c Initial OCSP certificate verify. Not complete,
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Dr. Stephen Henson
6308af199d Change PKCS#12 key derivation routines to cope with
non null terminated passwords.
2001-01-14 14:07:10 +00:00
Dr. Stephen Henson
5782ceb298 New OCSP utility. This can generate, parse and print
OCSP requests. It can also query reponders and parse or
print out responses.

Still needs some more work: OCSP response checks and
of course documentation.
2001-01-13 01:48:38 +00:00
Bodo Möller
cc85ec447b Disable RegQueryValueEx() call.
Problem reported by "Wolfgang Marczy" <WMarczy@topcall.co.at>
in a message to openssl-dev (19 Dec 2000 13:40:51 +0100).
2001-01-12 15:16:21 +00:00
Bodo Möller
af5473c45a isspace must be used only on *unsigned* chars 2001-01-12 14:45:12 +00:00
Dr. Stephen Henson
adf87b2df5 Fix typo in OCSP ASN1 module, this caused
invalid format in OCSP request signatures.

Add spaces to OCSP HTTP header.

Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.
2001-01-11 23:24:28 +00:00
Dr. Stephen Henson
9b4dc8308f OCSP basic response verify. Very incomplete
but will verify the signatures on a response
and locate the signers certifcate.

Still needs to implement a proper OCSP certificate
verify.

Fix warning in RAND_egd().
2001-01-11 00:52:50 +00:00
Bodo Möller
b93642c5cc No functional change, but slightly improved code clarity. 2001-01-10 19:26:34 +00:00
Bodo Möller
a5435e8b29 After discussion with Richard, change the new API for extended memory
allocation callbacks so that it is no longer visible to applications
that these live at a different call level than conventional memory
allocation callbacks.
2001-01-10 18:09:57 +00:00
Bodo Möller
eddf82a36a make indentation consistent 2001-01-10 15:31:04 +00:00