1. 27 7月, 2001 2 次提交
    • D
      · 1241126a
      Dr. Stephen Henson 提交于
      More linker bloat reorganisation:
      
      Split private key PEM and normal PEM handling. Private key
      handling needs to link in stuff like PKCS#8.
      
      Relocate the ASN1 *_dup() functions, to the relevant ASN1
      modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
      these were all in crypto/x509/x_all.c along with every ASN1
      BIO/fp function which linked in *every* ASN1 function if
      a single dup was used.
      
      Move the authority key id ASN1 structure to a separate file.
      This is used in the X509 routines and its previous location
      linked in all the v3 extension code.
      
      Also move ASN1_tag2bit to avoid linking in a_bytes.c which
      is now largely obsolete.
      
      So far under Linux stripped binary with single PEM_read_X509
      is now 238K compared to 380K before these changes.
      1241126a
    • D
      · 19da1300
      Dr. Stephen Henson 提交于
      First of several reorganisations to
      reduce linker bloat. For example the
      single line:
      
      PEM_read_X509()
      
      results in a binary of around 400K in Linux!
      
      This first step separates some of the PEM functions and
      avoids linking in some PKCS#7 and PKCS#12 code.
      19da1300
  2. 26 7月, 2001 5 次提交
  3. 25 7月, 2001 3 次提交
  4. 24 7月, 2001 3 次提交
    • B
      avoid warnings · ea3b8af5
      Bodo Möller 提交于
      ea3b8af5
    • B
      Avoid race condition. · badb910f
      Bodo Möller 提交于
      Submitted by: Travis Vitek <vitek@roguewave.com>
      badb910f
    • G
      - New INSTALL document describing different ways to build "tunala" and · 3866752e
      Geoff Thorpe 提交于
        possible problems.
      - New file breakage.c handles (so far) missing functions.
      - Get rid of some signed/unsigned/const warnings thanks to solaris-cc
      - Add autoconf/automake input files, and helper scripts to populate missing
        (but auto-generated) files.
      
      This change adds a configure.in and Makefile.am to build everything using
      autoconf, automake, and libtool - and adds "gunk" scripts to generate the
      various files those things need (and clean then up again after). This means
      that "autogunk.sh" needs to be run first on a system with the autotools,
      but the resulting directory should be "configure"able and compilable on
      systems without those tools.
      3866752e
  5. 23 7月, 2001 3 次提交
  6. 21 7月, 2001 6 次提交
  7. 20 7月, 2001 1 次提交
    • G
      Currently, RSA code, when using no padding scheme, simply checks that input · 81d1998e
      Geoff Thorpe 提交于
      does not contain more bytes than the RSA modulus 'n' - it does not check
      that the input is strictly *less* than 'n'. Whether this should be the
      case or not is open to debate - however, due to security problems with
      returning miscalculated CRT results, the 'rsa_mod_exp' implementation in
      rsa_eay.c now performs a public-key exponentiation to verify the CRT result
      and in the event of an error will instead recalculate and return a non-CRT
      (more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent
      to the mod_exp of 'I mod n', and the verify result is automatically between
      0 and n-1 inclusive, the verify only matches the input if 'I' was less than
      'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie.
      they differ by a multiple of 'n'). Rather than rejecting correct
      calculations and doing redundant and slower ones instead, this changes the
      equality check in the verification code to a congruence check.
      81d1998e
  8. 17 7月, 2001 1 次提交
  9. 16 7月, 2001 2 次提交
  10. 13 7月, 2001 3 次提交
  11. 12 7月, 2001 11 次提交