Skip to content
  1. Jun 29, 2000
  2. Jun 26, 2000
  3. Jun 23, 2000
  4. Jun 20, 2000
  5. Jun 19, 2000
  6. Jun 15, 2000
  7. Jun 14, 2000
    • Geoff Thorpe's avatar
      Little typo. · f18ef82a
      Geoff Thorpe authored
      f18ef82a
    • Geoff Thorpe's avatar
      This adds Atalla support code to the ENGINE framework. If you have an · cc015c48
      Geoff Thorpe authored
      Atalla card, you should be able to compile with the "hw-atalla" switch
      with "./config" or "perl Configure", and then you can use the command-
      line switch "-engine atalla" inside speed, s_cient and s_server (after
      checking out note (1)).
      
      Notes:
        (1) I've turned on native name translation when loading the shared-
            library, but this means that the Unix shared library needs to be
            libatasi.so rather than atasi.so. I got around this in my testing
            by creating a symbollic link from /usr/lib/libatasi.so to the real
            library, but something better will be needed. It also assumes in
            win32 that the DLL will be called atasi.dll - but as I don't have
            a win32/atalla environment to try I have no idea yet if this is
            the case.
        (2) Currently DSA verifies are not accelerated because I haven't yet
            got a mod_exp-based variant of BN_mod_exp2_mont() that yields
            correct results.
        (3) Currently the "init()" doesn't fail if the shared library can
            load successfully but the card is not operational. In this case,
            the ENGINE_init() call will succeed, but all RSA, DSA, DH, and
            the two BN_*** operations will fail until the ENGINE is switched
            back to something that does work. I expect to correct this next.
        (4) Although the API for the Atalla card just has the one crypto
            function suggesting an RSA private key operation - this is in
            fact just a straight mod_exp function that ignores all the RSA
            key parameters except the (private) exponent and modulus. This is
            why the only accelerator work is taking place inside the mod_exp
            function and there's no optimisation of RSA private key operations
            based on CRT etc.
      cc015c48
    • Richard Levitte's avatar
      Geoff inspired me to nullify some pointers if initialisation went · 9a405105
      Richard Levitte authored
      wrong.  Additionally, just give a new value to hndidx once.
      9a405105
    • Geoff Thorpe's avatar
      DSO_bind() is effectively a method-specific wrapper for dlopen() or · 4c4ea428
      Geoff Thorpe authored
      whatever the underlying API is. It must return (void *) because shared
      libraries can expose functions, structures, or whatever. However, some
      compilers give loads of warnings about casted function pointers through
      this code, so I am explicitly casting them to the right prototypes.
      4c4ea428
    • Geoff Thorpe's avatar
      I'm working on Atalla ENGINE code, and the existing bn_exp.c hooks · 28e94dc7
      Geoff Thorpe authored
      (initiated by ./config and the presence of SDK headers) are conflicting.
      28e94dc7
    • Geoff Thorpe's avatar
      If initialisation fails for any reason, the global function pointers · f8127435
      Geoff Thorpe authored
      should be NULL'd out.
      f8127435
  8. Jun 13, 2000
  9. Jun 09, 2000
    • Geoff Thorpe's avatar
      * Migrate the engine code's Malloc + Free calls to the newer · 05d909c5
      Geoff Thorpe authored
        OPENSSL_malloc and OPENSSL_free.
      
      * 3 "normal" files (crypto/rsa/rsa_lib.c, crypto/dsa/dsa_lib.c
        and crypto/dh/dh_lib.c) had their Malloc's and Free's missed
        when Richard merged the changes across to this branch -
        probably because those files have been changed in this branch
        and gave some grief to the merge - so I've changed them
        manually here.
      05d909c5
  10. Jun 08, 2000
  11. Jun 01, 2000
    • cvs2svn's avatar
    • Richard Levitte's avatar
      There have been a number of complaints from a number of sources that names · 26a3a48d
      Richard Levitte authored
      like Malloc, Realloc and especially Free conflict with already existing names
      on some operating systems or other packages.  That is reason enough to change
      the names of the OpenSSL memory allocation macros to something that has a
      better chance of being unique, like prepending them with OPENSSL_.
      
      This change includes all the name changes needed throughout all C files.
      26a3a48d
    • Ulf Möller's avatar
      Use NO_FP_API. · de42b6a7
      Ulf Möller authored
      de42b6a7
    • Ulf Möller's avatar
    • Richard Levitte's avatar
    • Ulf Möller's avatar
      Bug fix for 64 bit HP-UX. · db82b8f9
      Ulf Möller authored
      Submitted by: Karsten Spang <ks@bellesystems.com>
      db82b8f9
    • Richard Levitte's avatar
      Small fix to enable reading from stdin as well. · a9ef75c5
      Richard Levitte authored
      Contributed by Yoichiro Okabe <okabe@wizsoft.co.jp>
      a9ef75c5
    • Geoff Thorpe's avatar
      "make update" + stripping the type-specific stack functions out of · 7edd2091
      Geoff Thorpe authored
      libeay.num and ssleay.num.
      7edd2091
    • Geoff Thorpe's avatar
      This change will cause builds (by default) to not use different STACK · e41c8d6a
      Geoff Thorpe authored
      structures and functions for each stack type. The previous behaviour
      can be enabled by configuring with the "-DDEBUG_SAFESTACK" option.
      This will also cause "make update" (mkdef.pl in particular) to
      update the libeay.num and ssleay.num symbol tables with the number of
      extra functions DEBUG_SAFESTACK creates.
      
      The way this change works is to accompany each DECLARE_STACK_OF()
      macro with a set of "#define"d versions of the sk_##type##_***
      functions that ensures all the existing "type-safe" stack calls are
      precompiled into the underlying stack calls. The presence or abscence
      of the DEBUG_SAFESTACK symbol controls whether this block of
      "#define"s or the DECLARE_STACK_OF() macro is taking effect. The
      block of "#define"s is in turn generated and maintained by a perl
      script (util/mkstack.pl) that encompasses the block with delimiting
      C comments. This works in a similar way to the auto-generated error
      codes and, like the other such maintenance utilities, is invoked
      by the "make update" target.
      
      A long (but mundane) commit will follow this with the results of
      "make update" - this will include all the "#define" blocks for
      each DECLARE_STACK_OF() statement, along with stripped down
      libeay.num and ssleay.num files.
      e41c8d6a
    • Geoff Thorpe's avatar
      The previous commit to crypto/stack/*.[ch] pulled the type-safety strings · ccd86b68
      Geoff Thorpe authored
      yet tighter, and also put some heat on the rest of the library by
      insisting (correctly) that compare callbacks used in stacks are prototyped
      with "const" parameters. This has led to a depth-first explosion of
      compiler warnings in the code where 1 constification has led to 3 or 4
      more. Fortunately these have all been resolved to completion and the code
      seems cleaner as a result - in particular many of the _cmp() functions
      should have been prototyped with "const"s, and now are. There was one
      little problem however;
      
      X509_cmp() should by rights compare "const X509 *" pointers, and it is now
      declared as such. However, it's internal workings can involve
      recalculating hash values and extensions if they have not already been
      setup. Someone with a more intricate understanding of the flow control of
      X509 might be able to tighten this up, but for now - this seemed the
      obvious place to stop the "depth-first" constification of the code by
      using an evil cast (they have migrated all the way here from safestack.h).
      
      Fortunately, this is the only place in the code where this was required
      to complete these type-safety changes, and it's reasonably clear and
      commented, and seemed the least unacceptable of the options. Trying to
      take the constification further ends up exploding out considerably, and
      indeed leads directly into generalised ASN functions which are not likely
      to cooperate well with this.
      ccd86b68
    • Geoff Thorpe's avatar
      This is the first of two commits (didn't want to dump them all into the · 7bb70435
      Geoff Thorpe authored
      same one). However, the first will temporarily break things until the
      second comes through. :-)
      
      The safestack.h handling was mapping compare callbacks that externally
      are of the type (int (*)(type **,type **)) into the underlying callback
      type used by stack.[ch], which is (int (*)(void *,void *)). After some
      degree of digging, it appears that the callback type in the underlying
      stack code should use double pointers too - when the compare operations
      are invoked (from sk_find and sk_sort), they are being used by bsearch
      and qsort to compare two pointers to pointers. This change corrects the
      prototyping (by only casting to the (void*,void*) form at the moment
      it is needed by bsearch and qsort) and makes the mapping in safestack.h
      more transparent. It also changes from "void*" to "char*" to stay in
      keeping with stack.[ch]'s assumed base type of "char".
      
      Also - the "const" situation was that safestack.h was throwing away
      "const"s, and to c...
      7bb70435
    • Ulf Möller's avatar
      is needed. · f3e9b338
      Ulf Möller authored
      f3e9b338
  12. May 31, 2000