Geoff Thorpe [Thu, 17 Jun 2004 20:13:50 +0000 (20:13 +0000)]
As Nils put it;
Yet another question: some time ago you changed BN_set_word.
Why didn't you change BN_get_word as well?
Quite. I'm also removing the older commented-out implementations to improve
readability. This complex stuff seems to date from a time when the types
didn't match up well.
Geoff Thorpe [Thu, 17 Jun 2004 20:03:56 +0000 (20:03 +0000)]
BN_div_word() was breaking when called from BN_bn2dec() (actually, this is
the only function that uses it) because it would trip up an assertion in
bn_div_words() when first invoked. This also adds BN_div_word() testing to
bntest.
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
Richard Levitte [Tue, 15 Jun 2004 12:52:26 +0000 (12:52 +0000)]
Making some values explicitely unsigned was derived from ongoing work
that isn't yet committed. It wasn't meant to be committed already, so
I'm removing it for now.
Andy Polyakov [Fri, 11 Jun 2004 17:50:57 +0000 (17:50 +0000)]
SHA fails to compile on x86_64 if compiled with custom flags, without
recommended -DMD32_REG_T=int in particular.
PR: 893
Submitted by: Michal Ludvig <michal-list@logix.cz>
Geoff Thorpe [Tue, 1 Jun 2004 03:18:58 +0000 (03:18 +0000)]
This fixes the installation target for dynamic engines, which was trying to
install to a different location than it had created. (BTW, VMS will need a
matching fix in eng_list.c.) Note, these aren't ssl-specific, so I'm
putting "engines/" into the libs directory rather than at the "--prefix"
level or inside "ssl/".
Andy Polyakov [Mon, 31 May 2004 17:10:49 +0000 (17:10 +0000)]
32-bit PA-RISC requires -Bsymbolic when linking libcrypto.sl. Without
this flag RAND_poll ends up in end-less loop calling RAND_add. But
don't ask me why...
Andy Polyakov [Mon, 31 May 2004 12:26:18 +0000 (12:26 +0000)]
Final SHA-256/-512 touches. Extra md_len field in SHA[256|512]_CTX
reserves for truncated hash function output mode and makes SHA224
thread-safe. Next stop is integration with EVP and we're done...
Andy Polyakov [Mon, 31 May 2004 12:06:27 +0000 (12:06 +0000)]
Kill unused macro and reimplement it for that single context it can
actually be used, namely x86* platforms [because they don't bomb on
unaligned access]. This resulted in 30-40% [depending on message
length] improvement for SHA-256 compiled with gcc and running on P4.
In the lack of assembler implementation I give the compiler all the
help it can possibly get:-)
Richard Levitte [Sun, 30 May 2004 16:58:33 +0000 (16:58 +0000)]
SHA224_Update() and SHA224_Final() aren't implemented, and since
SHA224() uses SHA256_Update() and SHA256_Final() instead, let's just
create aliases in form of macros.
Andy Polyakov [Fri, 28 May 2004 22:18:48 +0000 (22:18 +0000)]
Unified hpux-shared rule. Verified with both 32- and 64-bit builds and
both vendor and GNU compilers. ./engine shared build are still busted.
I mean always were...
Andy Polyakov [Tue, 25 May 2004 20:31:03 +0000 (20:31 +0000)]
Framework for glueing BIO layer and Win32 compiler run-time. Goal is to
make it possible to produce for a unified binary build, which can be
used with a variety of Win32 compilers.
Andy Polyakov [Thu, 20 May 2004 21:18:09 +0000 (21:18 +0000)]
Final API adaptation. Final, "all openssl" performance numbers [not mixture
of different implementations]. Real-life performance improvement is rated
at 2-3x, not 6x as preliminary announced.
Geoff Thorpe [Mon, 17 May 2004 19:26:06 +0000 (19:26 +0000)]
After the latest round of header-hacking, regenerate the dependencies in
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
Geoff Thorpe [Mon, 17 May 2004 19:14:22 +0000 (19:14 +0000)]
Deprecate the recursive includes of bn.h from various API headers (asn1.h,
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
Geoff Thorpe [Mon, 17 May 2004 18:58:47 +0000 (18:58 +0000)]
I can't verify this directly, but recent changes will probably require that
the cryptodev implementation include bn.h directly (when building with
OPENSSL_NO_DEPRECATED that is).
Geoff Thorpe [Mon, 17 May 2004 18:53:47 +0000 (18:53 +0000)]
Deprecate quite a few recursive includes from the ssl.h API header and
remove some unnecessary includes from the internal header ssl_locl.h. This
then requires adding includes for bn.h in four C files.
Geoff Thorpe [Sat, 15 May 2004 18:32:08 +0000 (18:32 +0000)]
Make some more API types opaquely available from ossl_typ.h, meaning the
corresponding headers are only required for API functions or structure
details. This now includes the bignum types and BUF_MEM. Subsequent commits
will remove various dependencies on bn.h and buffer.h and update the
makefile dependencies.
Andy Polyakov [Thu, 6 May 2004 10:36:49 +0000 (10:36 +0000)]
SSE2 accelerated bn_mul_add_words. Code is currently disabled till proper
config and run-time support is added.
PR: 788
Submitted by: <dean@arctic.org>
Reviewed by: <appro>
Bodo Möller [Tue, 4 May 2004 01:15:48 +0000 (01:15 +0000)]
- update from current 0.9.6-stable CHANGES file
- update from current 0.9.7-stable CHANGES file:
Now here we have "CHANGES between 0.9.7e and 0.9.8", and I hope
that all patches mentioned for 0.9.7d and 0.9.7e actually are
in the CVS HEAD, i.e. what is to become 0.9.8.
I have rewritten the 'openssl ca -create_serial' entry (0.9.8)
so that it explains the earlier change that is now listed (0.9.7e).
The ENGINE_set_default typo bug entry has been moved from 0.9.8
to 0.9.7b, which is where it belongs.
Andy Polyakov [Tue, 27 Apr 2004 22:05:50 +0000 (22:05 +0000)]
Improved PowerPC support. Proper ./config support for ppc targets,
especially for AIX. But most important BIGNUM assembler implementation
submitted by IBM.
Submitted by: Peter Waltenberg <pwalten@au1.ibm.com>
Reviewed by: appro
The problem of rsa key-generation getting stuck in a loop for (pointlessly)
small key sizes seems to result from the code continually regenerating the
same prime value once the range is small enough. From my tests, this change
fixes the problem by setting an escape velocity of 3 repeats for the second
of the two primes.
Allow RSA key-generation to specify an arbitrary public exponent. Jelte
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.
New option to 'x509' -next_serial. This outputs the certificate
serial number plus 1 to the output file. Its purpose is to allow
serial number files to be initialized when random serial numbers
are used.
Richard Levitte [Tue, 20 Apr 2004 10:57:07 +0000 (10:57 +0000)]
Print the debug thingies on stderr instead of stdout. If for nothing
else then at least so bc doesn't have problems parsing the output from
bntest :-).
When generating dependencies in the makefiles, generate the reduced
dependencies of the OPENSSL_NO_DEPRECATED mode. This prevents dependencies
being reproduced for "deprecated" header behaviour when a developer doesn't
define the symbol (with the subsequent CVS wars that can ensue).
(oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.
Reduce header interdependencies, initially in engine.h (the rest of the
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.