Dr. Stephen Henson
db50661fce
X509 verification fixes.
...
Ignore self issued certificates when checking path length constraints.
Duplicate OIDs in policy tree in case they are allocated.
Use anyPolicy from certificate cache and not current tree level.
2008-07-13 14:25:36 +00:00
Dr. Stephen Henson
d4cdbab99b
Avoid warnings with -pedantic, specifically:
...
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00
Geoff Thorpe
5f834ab123
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
...
version some time soon.
2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
8528128b2a
Update from stable branch.
2008-06-26 23:27:31 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
59d2d48f64
Add support for client cert engine setting in s_client app.
...
Add appropriate #ifdefs round client cert functions in headers.
2008-06-03 11:26:27 +00:00
Dr. Stephen Henson
c451bd828f
Avoid case in ca.c fix.
2008-06-02 12:10:06 +00:00
Dr. Stephen Henson
8ecfbedd85
Revert, doesn't fix warning :-(
2008-06-02 10:42:57 +00:00
Dr. Stephen Henson
c173fce4e2
Avoid cast with wrapper function.
2008-06-02 10:37:53 +00:00
Dr. Stephen Henson
c6ddacf7f8
Stop const mismatch warning.
2008-05-31 19:28:57 +00:00
Dr. Stephen Henson
ab3eafd5b5
Stop warning about extra ';' outside of function.
2008-05-31 19:17:25 +00:00
Dr. Stephen Henson
dd043cd501
Stop const mismatch warning in VC++.
2008-05-31 18:55:23 +00:00
Ben Laurie
3c1d6bbc92
LHASH revamp. make depend.
2008-05-26 11:24:29 +00:00
Lutz Jänicke
51e00db226
Document "openssl s_server" -crl_check* options
...
Submitted by: Daniel Black <daniel.subs@internode.on.net>
2008-05-19 07:52:15 +00:00
Lutz Jänicke
a92ebf2290
Provide information about "openssl dgst" -hmac option.
2008-05-19 07:43:34 +00:00
Lutz Jänicke
f49c687507
Typo. (From 0.9.8-stable/S. Henson)
...
PR: 1672
2008-05-19 06:21:05 +00:00
Dr. Stephen Henson
718f8f7a9e
Fix from stable branch.
2008-05-12 16:24:31 +00:00
Dr. Stephen Henson
4a954b56c9
Use "cont" consistently in cms-examples.pl
...
Add a -certsout option to output any certificates in a message.
Add test for example 4.11
2008-05-01 23:30:06 +00:00
Lutz Jänicke
44a877aa88
Fix incorrect return value in apps/apps.c:parse_yesno()
...
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>
2008-04-17 14:15:27 +00:00
Lutz Jänicke
6b6fe3d8e4
Correctly handle case of bad arguments supplied to rsautl
...
PR: 1659
2008-04-17 13:36:13 +00:00
Lutz Jänicke
4c1a6e004a
Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev
...
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
2008-04-17 10:19:16 +00:00
Dr. Stephen Henson
a5db50d005
Revert argument swap change... oops CMS_uncompress() was consistent...
2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1
Make CMS_uncompress() argument order consistent with other functions.
2008-04-11 17:34:13 +00:00
Richard Levitte
fc003bcecb
Synchronise with Unix build
2008-04-11 01:53:16 +00:00
Dr. Stephen Henson
e0fbd07309
Add additional parameter to CMS_final() to handle detached content.
2008-04-10 11:22:14 +00:00
Dr. Stephen Henson
7f50d9a4b0
Correct references to smime in cms app.
2008-04-09 22:09:45 +00:00
Dr. Stephen Henson
36309aa2be
Signed receipt generation code.
2008-03-28 19:43:16 +00:00
Dr. Stephen Henson
eb9d8d8cd4
Support for verification of signed receipts.
2008-03-28 13:15:39 +00:00
Geoff Thorpe
f7ccba3edf
There was a need to support thread ID types that couldn't be reliably cast
...
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
f5e2354c9d
Add support for signed receipt request printout and generation.
2008-03-26 17:40:22 +00:00
Dr. Stephen Henson
f4cc56f494
Signed Receipt Request utility functions and option on CMS utility to
...
print out receipt requests.
2008-03-26 13:10:21 +00:00
Dr. Stephen Henson
6205171362
Add support for CMS structure printing in cms utility.
2008-03-24 21:53:07 +00:00
Dr. Stephen Henson
fe591284be
Update dependencies.
2008-03-22 18:52:03 +00:00
Dr. Stephen Henson
054307e7ed
Allow alternate eContentType oids to be set in cms utility.
...
Add id-ct-asciiTextWithCRLF OID.
Give more meaninful error message is attempt to use key ID from a certificate
without a key ID.
2008-03-19 19:34:30 +00:00
Dr. Stephen Henson
eeb9cdfc94
Add support for KEK decrypt in cms utility.
2008-03-19 18:39:51 +00:00
Dr. Stephen Henson
ab12438030
Add support for KEKRecipientInfo in cms application.
2008-03-19 13:53:52 +00:00
Dr. Stephen Henson
c220e58f9e
Make 3DES default cipher in cms utility.
2008-03-18 19:03:03 +00:00
Dr. Stephen Henson
e4f0e40eac
Various tidies/fixes:
...
Make streaming support in cms cleaner.
Note errors in various S/MIME functions if CMS_final() fails.
Add streaming support for enveloped data.
2008-03-18 13:45:43 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
7c337e00d2
Fix some warnings.
2008-03-16 20:59:10 +00:00
Geoff Thorpe
7e8481afd1
Fix a nasty cast issue that my compiler was choking on.
2008-03-16 20:57:12 +00:00
Dr. Stephen Henson
4f1aa191b3
Initial support for enveloped data decrypt. Extent runex.pl to cover these
...
examples. All RFC4134 examples can not be processed.
2008-03-15 23:21:33 +00:00
Dr. Stephen Henson
d9f5f07e28
Initial support for Encrypted Data type generation.
2008-03-14 23:30:56 +00:00
Dr. Stephen Henson
1021f9aa5e
Typos.
2008-03-14 19:38:44 +00:00
Dr. Stephen Henson
b820455c6e
Encrypted Data type processing. Add options to cms utility and run section 7
...
tests in RFC4134.
2008-03-14 13:21:48 +00:00
Dr. Stephen Henson
8931b30d84
And so it begins...
...
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
52108cecc0
<strings.h> does not exist under WIN32.
2008-01-14 18:10:55 +00:00
Ben Laurie
f12797a447
Missing headers.
2008-01-12 11:22:31 +00:00
Andy Polyakov
637f90621d
Cygwin compatibility fix to apps/ocsp.c.
2008-01-05 21:32:29 +00:00
Dr. Stephen Henson
eef0c1f34c
Netware support.
...
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
341e18b497
Handle non-SHA1 digests for certids in OCSP test responder.
2007-12-14 12:43:50 +00:00
Dr. Stephen Henson
cec2538ca9
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
...
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Bodo Möller
15bd07e923
fix typos
...
Submitted by: Ernst G. Giessmann
2007-11-19 07:24:08 +00:00
Ben Laurie
fdf355878c
Fix buffer overflow.
2007-11-16 14:41:09 +00:00
Dr. Stephen Henson
0e1dba934f
1. Changes for s_client.c to make it return non-zero exit code in case
...
of handshake failure
2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).
3. Changes to EVP
- adding of function EVP_PKEY_CTX_get0_peerkey
- Make function EVP_PKEY_derive_set_peerkey work for context with
ENCRYPT operation, because we use peerkey field in the context to
pass non-ephemeral secret key to GOST encrypt operation.
- added EVP_PKEY_CTRL_SET_IV control command. It is really
GOST-specific, but it is used in SSL code, so it has to go
in some header file, available during libssl compilation
4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data
5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
make debugging output which depends on constants defined there, work
and other KSSL_DEBUG output fixes
6. Declaration of real GOST ciphersuites, two authentication methods
SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST
7. Implementation of these methods.
8. Support for sending unsolicited serverhello extension if GOST
ciphersuite is selected. It is require for interoperability with
CryptoPro CSP 3.0 and 3.6 and controlled by
SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
This constant is added to SSL_OP_ALL, because it does nothing, if
non-GOST ciphersuite is selected, and all implementation of GOST
include compatibility with CryptoPro.
9. Support for CertificateVerify message without length field. It is
another CryptoPro bug, but support is made unconditional, because it
does no harm for draft-conforming implementation.
10. In tls1_mac extra copy of stream mac context is no more done.
When I've written currently commited code I haven't read
EVP_DigestSignFinal manual carefully enough and haven't noticed that
it does an internal digest ctx copying.
This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Dr. Stephen Henson
b7fcc08976
Typo.
2007-09-28 17:18:18 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Bodo Möller
86d4bc3aea
fix length parameter in SSL_set_tlsext_opaque_prf_input() calls
2007-09-23 11:08:59 +00:00
Bodo Möller
761772d7e1
Implement the Opaque PRF Input TLS extension
...
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way. In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().
Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
2007-09-21 06:54:24 +00:00
Ben Laurie
9311c4421a
Fix dependencies. Make depend.
2007-09-19 14:53:18 +00:00
Ben Laurie
e28eddc51f
Typo? Why did this work, anyway?
2007-09-08 15:58:51 +00:00
Dr. Stephen Henson
d82a612a90
Fix warning: print format option not compatible with size_t.
2007-09-07 13:34:46 +00:00
Dr. Stephen Henson
e7e8f4b333
Fix another warning.
2007-09-07 13:27:40 +00:00
Dr. Stephen Henson
014f62b649
Add usage message for -sess_out, -sess_in
2007-08-23 12:20:36 +00:00
Dr. Stephen Henson
d24a9c8f5a
Docs and usage messages for RFC4507bis support.
2007-08-23 11:34:48 +00:00
Dr. Stephen Henson
367eb1f125
Fix warning and make no-tlsext work.
2007-08-12 18:56:14 +00:00
Dr. Stephen Henson
710069c19e
Fix warnings.
2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
6434abbfc6
RFC4507 (including RFC4507bis) TLS stateless session resumption support
...
for OpenSSL.
2007-08-11 23:18:29 +00:00
Andy Polyakov
d6c764573c
Proper support for shared build under MacOS X.
2007-07-31 18:24:41 +00:00
Bodo Möller
f7b61702a0
document -S and -nopad options in usage information
2007-07-31 09:42:47 +00:00
Dr. Stephen Henson
8dbdf6314c
Typo.
2007-05-21 16:36:09 +00:00
Dr. Stephen Henson
9c54e18bf0
Fixes for dgst tool. Initialize md_name, sig_name properly. Return error code
...
on failure. Keep output format consistent with previous versions.
Also flush stdout after printing ACCEPT in s_server.
2007-05-21 15:53:30 +00:00
Dr. Stephen Henson
0f9e0abbee
Set len to buffer size.
2007-05-17 16:42:05 +00:00
Dr. Stephen Henson
e77dbf325f
Prepend signature name in dgst output.
2007-05-17 16:19:17 +00:00
Dr. Stephen Henson
f03620ea15
Use default md if none specified in dgst utility.
2007-05-17 12:55:03 +00:00
Dr. Stephen Henson
47b2e238e5
Use EVP_DigestVerify() in dgst.c if verifying.
2007-05-17 12:35:32 +00:00
Dr. Stephen Henson
ad35cdac74
PR: 1516
...
Revert change in 1516 because it breaks Windows build. Use a modified version
of the headers from s_client.c which has used similar functionality without
any problems.
2007-05-16 12:16:49 +00:00
Ben Laurie
69ab085290
More IGE speedup.
2007-05-13 15:14:38 +00:00
Ben Laurie
5f09d0ecc2
AES IGE mode speedup.
2007-05-13 12:57:59 +00:00
Dr. Stephen Henson
6217896145
Improve error detection when streaming S/MIME.
...
Only use streaming when appropriate for detached data in smime utility.
2007-05-10 17:37:15 +00:00
Andy Polyakov
6ef18c21c9
Bug in apps/dgst.c.
2007-04-30 15:20:10 +00:00
Bodo Möller
96afc1cfd5
Add SEED encryption algorithm.
...
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
9cfc8a9d5c
Update smime utility to support streaming for -encrypt and -sign -nodetach
...
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.
These all process content on the fly without storing it all in memory.
2007-04-13 01:06:41 +00:00
Dr. Stephen Henson
2022cfe07e
New -mac and -macopt options to dgst utility. Reimplement -hmac option in
...
terms of new API.
2007-04-11 17:20:40 +00:00
Dr. Stephen Henson
d952c79a7b
New -sigopt option for dgst utility.
2007-04-08 12:47:18 +00:00
Ben Laurie
3dfb6b3353
Yet another resource leak. Coverity ID 123.
2007-04-07 13:20:09 +00:00
Ben Laurie
44907e6064
Free memory. Coverity ID 62.
2007-04-05 15:45:22 +00:00
Ben Laurie
231671b9ff
Resource leak.
2007-04-04 16:00:03 +00:00
Ben Laurie
313fce7b61
Don't free a NULL. Coverity ID 112.
2007-04-04 14:59:20 +00:00
Ben Laurie
309fa55bbb
Return an error if the serial number is badly formed. (Coverity ID 116).
2007-04-04 14:35:56 +00:00
Ben Laurie
4b8747e440
Die if serial number is invalid.
2007-04-04 13:41:33 +00:00
Richard Levitte
a1d915990b
Apply a more modern way to get the definition of select(), except for VMS.
...
Submitted by Corinna Vinschen <vinschen@redhat.com>
2007-03-29 18:34:57 +00:00
Dr. Stephen Henson
9981a51e42
Stage 1 GOST ciphersuite support.
...
Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org
2007-03-23 17:04:05 +00:00
Lutz Jänicke
ee373e7f19
Fix problem with multi line responses in -starttls by using a buffering
...
BIO and BIO_gets().
2007-02-22 17:39:47 +00:00
Lutz Jänicke
8d72476e2b
Extend SMTP and IMAP protocol handling to perform the required
...
EHLO or CAPABILITY handshake before sending STARTTLS
Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
2007-02-21 18:20:41 +00:00
Dr. Stephen Henson
5d5ca32fa1
Updates from 0.9.8-stable branch.
2007-02-18 18:21:57 +00:00
Richard Levitte
85c6749216
Add STARTTLS support for IMAP and FTP.
...
Submitted by Kees Cook <kees@outflux.net>
2007-02-16 18:12:16 +00:00
Dr. Stephen Henson
52cfa39716
Add -hmac option to dgst from 0.9.7 stable branch.
2007-02-08 19:07:43 +00:00
Nils Larsch
123b23fa95
fix return value of get_cert_chain()
...
PR: 1441
2006-12-27 09:40:52 +00:00
Richard Levitte
8bbf6bcf17
Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see
...
the declarations of fd_set, select() and so on.
2006-12-25 10:54:14 +00:00
Nils Larsch
ec1edeb5fa
update pkcs12 help message + manpage
...
PR: 1443
Submitted by: Artem Chuprina <ran@cryptocom.ru>
2006-12-21 20:36:15 +00:00
Nils Larsch
5dfe910023
properly initialize SSL context, check return value
2006-12-13 22:06:37 +00:00
Nils Larsch
10a10fb834
return 0 if 'noout' is used and no error has occurred
...
PR: 1435
Submitted by: "Haridharan" <haridharan@gmail.com>
2006-12-05 20:09:25 +00:00
Nils Larsch
ae93dc13ab
add support for whirlpool in apps/speed
...
PR: 1338
Submitted by: justin@soze.net
2006-12-01 21:42:55 +00:00
Nils Larsch
7806f3dd4b
replace macros with functions
...
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:54:57 +00:00
Ben Laurie
96ea4ae91c
Add RFC 3779 support.
2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
5456583294
Don't add the TS EKU by default in openssl.cnf because it then
...
makes certificates genereated by ca, CA.pl etc useless for anything else.
2006-11-07 14:27:55 +00:00
Nils Larsch
224328e404
fix warning
2006-11-06 20:10:44 +00:00
Andy Polyakov
5b50f99e1e
Further mingw build procedure updates.
2006-10-24 22:14:20 +00:00
Andy Polyakov
cbfb39d1be
Rudimentary support for cross-compiling.
2006-10-21 13:38:16 +00:00
Dr. Stephen Henson
347ed3b93c
Buffer size handling fix for enc.
...
PR:1374
2006-09-22 17:14:22 +00:00
Dr. Stephen Henson
5d20c4fb35
Overhaul of by_dir code to handle dynamic loading of CRLs.
2006-09-17 17:16:28 +00:00
Richard Levitte
5776c3c4c6
According to documentation, including time.h declares select() on
...
OpenVMS, and possibly more.
Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select
2006-08-20 05:54:35 +00:00
Richard Levitte
0c3d346cb7
Correct warnings about signedness.
2006-08-20 05:18:12 +00:00
Dr. Stephen Henson
f6e7d01450
Support for multiple CRLs with same issuer name in X509_STORE. Modify
...
verify logic to try to use an unexpired CRL if possible.
2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
1aa44cc797
Avoid WIN32 warning.
2006-07-21 22:28:48 +00:00
Dr. Stephen Henson
37c8fd0eba
Avoid warnings.
2006-07-21 22:26:31 +00:00
Dr. Stephen Henson
b589427941
WIN32 fixes signed/unsigned issues and slightly socket semantics.
2006-07-17 18:52:51 +00:00
Dr. Stephen Henson
454dbbc593
Add -timeout option to ocsp utility.
2006-07-17 13:26:54 +00:00
Dr. Stephen Henson
f253a058d3
There is should be no need to rewind the input stream any more.
...
For S/MIME multipart/signed type the signature is calculated on the fly.
For other detached data forms the stream isn't used after the single pass to
calculate signatures.
For non-detached the data is stored in a memory BIO.
2006-07-13 20:29:55 +00:00
Dr. Stephen Henson
b3c6a33185
In genpkey, also look for algorithm string name in any supplied ENGINE.
2006-07-12 18:00:20 +00:00
Dr. Stephen Henson
105f6a6323
Update some usage messages.
2006-07-10 22:49:08 +00:00
Dr. Stephen Henson
5ba4bf35c5
New functions to enumerate digests and ciphers.
2006-07-09 00:53:45 +00:00
Bodo Möller
b166f13eb5
Call 'print_stuff' even if a handshake failed.
2006-06-15 19:00:34 +00:00
Bodo Möller
6a983d4287
Fix a bug recently introduced when updating this file to use the new
...
keygen API: make sure that 'pkey_type' is actually visible to MAIN().
2006-06-14 01:16:22 +00:00
Bodo Möller
f3dea9a595
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Dr. Stephen Henson
01b8b3c7d2
Complete EVP_PKEY_ASN1_METHOD ENGINE support.
2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
6f88c6a634
Add missing prototype. Extend engine utility to print public key algorithms.
2006-06-01 12:38:22 +00:00
Richard Levitte
0ed110b969
Because all object files are now in a file, we don't need to mention
...
any of them on the linker command line. Besides, OBJECT_FILE now
represents the last compiled file, and using it here only results in
getting warnings about multiple definitions of the symbols in that
file.
2006-06-01 10:24:47 +00:00
Dr. Stephen Henson
6657b9c73a
Fix warnings.
2006-05-26 13:27:58 +00:00
Dr. Stephen Henson
ba0d04a986
Update pkeyutl to use size_t for pkey functions.
2006-05-26 12:24:49 +00:00
Richard Levitte
3cb9eb30d3
Signed vs. unsigned conflict
2006-05-25 23:40:04 +00:00
Richard Levitte
e0b624e20e
There was a problem with too long command lines, so I rebuilt to make
...
it work better.
2006-05-25 23:37:03 +00:00
Dr. Stephen Henson
c27309edcb
Allow any supported cipher to be used with smime -encrypt.
2006-05-25 16:53:52 +00:00
Dr. Stephen Henson
216e0d5b91
Fix smime -pk7out.
2006-05-22 13:37:16 +00:00
Dr. Stephen Henson
5531192151
Add -resign and -md options to smime command to support resigning an
...
existing structure and using alternative digest for signing.
2006-05-18 23:44:44 +00:00
Dr. Stephen Henson
a6e7fcd140
Multiple signer support in smime application.
2006-05-18 12:41:28 +00:00
Dr. Stephen Henson
76cf3fcb43
Reformat smime.c utility.
2006-05-18 11:54:16 +00:00
Dr. Stephen Henson
121dd39f9f
New option to pkcs12 utility to set alternative MAC digest algorithm.
2006-05-17 18:46:22 +00:00
Dr. Stephen Henson
a263253545
Don't try to print PBE information if it can't be decoded.
2006-05-17 18:24:35 +00:00
Dr. Stephen Henson
8de916bcee
Oops...
2006-05-17 12:29:16 +00:00
Dr. Stephen Henson
1631d5f9b9
HMAC OIDs from RFC4231.
2006-05-17 12:27:45 +00:00
Dr. Stephen Henson
98c82b899e
Gather keygen options in req and only use them after all other options have
...
been processed. This allows any ENGINE changing operations to be processed
first (for example a config file).
2006-05-16 12:11:14 +00:00
Dr. Stephen Henson
fbf6643607
Bugfix: the NONE string for PBE algorithms wasn't working.
2006-05-15 13:23:15 +00:00
Dr. Stephen Henson
1bd06bd0c4
In interactive mode only config OpenSSL once.
2006-05-12 17:11:58 +00:00
Richard Levitte
98bf13c36b
make update
2006-05-12 15:31:28 +00:00
Dr. Stephen Henson
759d8ac6ee
Typo.
2006-05-12 00:27:39 +00:00
Dr. Stephen Henson
959e8dfe06
Update 'req' command to use new keygen API.
2006-05-11 21:39:00 +00:00
Dr. Stephen Henson
03919683f9
Add support for default public key digest type ctrl.
2006-05-07 17:09:39 +00:00
Ulf Möller
36e77b1059
Bug fix.
...
PR: 1307
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
2006-05-01 18:49:26 +00:00
Dr. Stephen Henson
816c2b5a79
Fix from stable branch.
2006-04-28 00:30:49 +00:00
Dr. Stephen Henson
15f80eea31
Fix usage message for pkeyutl.
2006-04-26 15:42:29 +00:00
Dr. Stephen Henson
ee1d9ec019
Remove link between digests and signature algorithms.
...
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
7bf7333d68
If we include winsock2.h then FD_SET wants an unsigned type for an fd.
2006-04-17 12:22:13 +00:00
Dr. Stephen Henson
b010b7c434
Use more flexible method of determining output length, by setting &outlen
...
value of the passed output buffer is NULL.
The old method of using EVP_PKEY_size(pkey) isn't flexible enough to cover all
cases where the output length may depend on the operation or the parameters
associated with it.
2006-04-15 18:50:56 +00:00
Richard Levitte
51aa7bd321
Got sick and tired of duplicating... Too error-prone (i.e. I forget
...
to update both...)!
2006-04-14 19:56:28 +00:00
Dr. Stephen Henson
ffb1ac674c
Complete key derivation support.
2006-04-13 20:16:56 +00:00
Dr. Stephen Henson
3be34589e8
Update dependencies.
2006-04-13 13:00:45 +00:00
Dr. Stephen Henson
92511cff48
Change the option setting command line switch to "-pkeyopt" to avoid confusion
...
with algorithm parameters.
2006-04-13 12:38:46 +00:00
Richard Levitte
7b82159865
Synchronise what what's happening with the Unix build
2006-04-13 09:59:52 +00:00
Ulf Möller
fb05e1cdf6
declare as in prototype
...
Submitted by: Gisle Vanem
2006-04-12 19:24:45 +00:00
Dr. Stephen Henson
75ef718820
Support for DSA keygen, fix for genpkey.
2006-04-12 11:14:11 +00:00
Ulf Möller
4700aea951
Add BeOS support.
...
PR: 1312
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
Reviewed by: Ulf Moeller
2006-04-11 21:34:21 +00:00
Ulf Möller
9555339007
improve make dclean to remove files generated during build
...
PR: 1308
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
Reviewed by: Ulf Moeller
2006-04-11 20:05:23 +00:00
Dr. Stephen Henson
2fbe371f53
Fix parameter error messages.
2006-04-11 18:30:25 +00:00
Dr. Stephen Henson
15181d7811
Write parameters if -genparam option include.
2006-04-11 18:21:40 +00:00
Dr. Stephen Henson
1edba2110f
Add parameter generation option to genpkey.
2006-04-11 18:18:14 +00:00
Dr. Stephen Henson
f5cda4cbb1
Initial keygen support.
2006-04-11 13:28:52 +00:00
Richard Levitte
25dc89eb9b
Synchronise with the Unix build
2006-04-10 11:39:49 +00:00
Dr. Stephen Henson
4a3dc3c0e3
Add RSA ctrl for padding mode, add ctrl support in pkeyutl.
2006-04-09 12:42:09 +00:00
Dr. Stephen Henson
a2318e86bd
Fix typo. Add EVP_PKEY_CTX control function for later use by command line
...
utilities.
2006-04-09 00:34:00 +00:00
Dr. Stephen Henson
a9164153d1
Reformat pkeyutl.c, add support for verify operation but nothing actually
...
supports it (yet).
2006-04-08 22:25:47 +00:00
Dr. Stephen Henson
8795d38906
Update dependencies.
2006-04-08 13:04:31 +00:00
Dr. Stephen Henson
8cd44e3630
Implement encrypt/decrypt using RSA.
2006-04-08 13:02:04 +00:00
Dr. Stephen Henson
9e4d0f0be2
New utility 'pkeyutl' a general purpose version of 'rsautl'.
2006-04-07 19:33:28 +00:00
Dr. Stephen Henson
53ec8809cf
Add an explicit load_config() call so any added algorithms are
...
visible.
2006-04-04 18:47:20 +00:00
Dr. Stephen Henson
0b33dac310
New function to retrieve ASN1 info on public key algorithms. New command
...
line option to print out info.
2006-04-04 18:16:03 +00:00
Richard Levitte
16f66ae794
Synchronise with recent changes
2006-03-30 04:30:45 +00:00
Bodo Möller
bcbe37b716
Change default curve (for compatibility with a
...
soon-to-be-widely-deployed implementation that doesn't support the
previous default)
Submitted by: Douglas Stebila
2006-03-30 02:41:30 +00:00
Dr. Stephen Henson
246e09319c
Fix bug where freed OIDs could be accessed in EVP_cleanup() by
...
defering freeing in OBJ_cleanup().
2006-03-28 17:23:48 +00:00
Dr. Stephen Henson
3e4585c8fd
New utility pkeyparam. Enhance and bugfix algorithm specific parameter
...
functions to support it.
2006-03-28 14:35:32 +00:00
Dr. Stephen Henson
3e84b6e15f
New general public key utility 'pkey'.
2006-03-28 12:34:45 +00:00
Nils Larsch
b4e88ccb28
ensure the pointer is valid before using it
2006-03-18 14:27:41 +00:00
Nils Larsch
d916ba1ba1
check if con != NULL before using it
2006-03-18 14:24:02 +00:00
Nils Larsch
67b6f1ca88
fix problems found by coverity: remove useless code
2006-03-15 17:45:43 +00:00
Nils Larsch
e968089485
use BIO_snprintf() instead of snprintf + use BIO_FP_TEXT for text output
...
Submitted by: Gisle Vanem
2006-03-12 22:16:57 +00:00
Nils Larsch
a0aa8b4b61
fix signed vs. unsigned warning
2006-03-11 12:18:11 +00:00
Nils Larsch
ddac197404
add initial support for RFC 4279 PSK SSL ciphersuites
...
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
2006-03-10 23:06:27 +00:00
Richard Levitte
8721fc2d0b
Forgot the TSA application...
2006-03-02 13:28:52 +00:00
Ulf Möller
11503177d1
TS bugfixes: Do not hardcode message digest algorithms; fix ASN1 decoding.
...
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
2006-02-26 23:34:53 +00:00
Richard Levitte
9ab899a660
Synchronise with openss.cnf
2006-02-26 10:48:40 +00:00
Nils Larsch
fcfd87168a
fix warning: add missing prototype
2006-02-13 09:43:31 +00:00
Ulf Möller
3b408d83fe
make update
2006-02-12 23:21:56 +00:00
Ulf Möller
c7235be6e3
RFC 3161 compliant time stamp request creation, response generation
...
and response verification.
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Bodo Möller
241520e66d
More TLS extension related changes.
...
Submitted by: Peter Sylvester
2006-01-11 06:10:40 +00:00
Bodo Möller
a13c20f603
Further TLS extension updates
...
Submitted by: Peter Sylvester
2006-01-09 19:49:05 +00:00
Bodo Möller
1aeb3da83f
Fixes for TLS server_name extension
...
Submitted by: Peter Sylvester
2006-01-06 09:08:59 +00:00
Richard Levitte
8de5b7f548
Fix signed/unsigned char clashes.
2006-01-04 12:02:43 +00:00
Bodo Möller
f1fd4544a3
Various changes in the new TLS extension code, including the following:
...
- fix indentation
- rename some functions and macros
- fix up confusion between SSL_ERROR_... and SSL_AD_... values
2006-01-03 03:27:19 +00:00
Bodo Möller
b1277b9902
C style fix-up
2006-01-02 23:29:12 +00:00
Bodo Möller
ed3883d21b
Support TLS extensions (specifically, HostName)
...
Submitted by: Peter Sylvester
2006-01-02 23:14:37 +00:00
Andy Polyakov
7b1b47a8e6
Mention Whirlpool in dgst -help.
2005-11-30 20:58:41 +00:00
Dr. Stephen Henson
c173d09c56
Typo
2005-11-30 19:25:55 +00:00
Dr. Stephen Henson
cb49a3cfa1
Make CA.pl script use CA extensions when creating a root CA.
2005-11-30 18:31:36 +00:00
Richard Levitte
a53cb070e3
When using POSIXly functions, we need to define _POSIX_C_SOURCE, at
...
least when the source is compiled with ANSI settings.
2005-11-27 15:32:57 +00:00
Andy Polyakov
eed22ac4ac
Eliminate VC compiler warning.
2005-11-06 21:11:41 +00:00
Andy Polyakov
9135fddb0e
Revive app_tminterval for Netware.
2005-11-06 17:11:04 +00:00
Andy Polyakov
d88fcf73f1
Revive app_tminterval for vxworks.
2005-11-06 16:55:44 +00:00
Andy Polyakov
a950f28762
Revive app_tminterval for VMS.
2005-11-06 16:16:38 +00:00
Andy Polyakov
e22f63f231
The typos never stop. Fix one in apps/apps.c.
2005-11-06 12:15:12 +00:00
Andy Polyakov
f530138876
Fix newly introduced typos and warnings in ./apps.
2005-11-06 11:58:22 +00:00
Andy Polyakov
0a39d8f207
Collect timing procedures in apps/apps.c. It's a bit cruel patch, as it
...
temporarily[!] removes support for couple of esoteric platforms [well,
Netware, vxWorks and VMS].
2005-11-06 11:40:59 +00:00
Andy Polyakov
a1ad253f17
Eliminate remaining calls to stat in apps/apps.c and unify WIN32_rename for
...
all Windows targets.
2005-11-04 16:12:05 +00:00
Andy Polyakov
ffa101872f
Eliminate dependency on read/write/stat in apps under _WIN32.
2005-11-04 09:30:55 +00:00
Andy Polyakov
53261831f1
Get rid of arcane reference to _fmode in apps/apps.h. Binary open is
...
handles properly by bss_file.c, which renders _fmode redundant.
2005-11-03 16:42:57 +00:00
Andy Polyakov
eff7cb41d1
Disable BIO_s_fd on CE and disable fd:N as password passing option on
...
all _WIN32 [see commentary for clarification].
2005-11-03 15:31:28 +00:00
Nils Larsch
d86b0f1f5f
compile sstrsep only if HAVE_FORK is defined; patch supplied by Johan Gill <johane@lysator.liu.se>
2005-11-02 22:13:43 +00:00
Bodo Möller
ee8836c442
fix stupid typo
2005-10-26 19:30:10 +00:00
Dr. Stephen Henson
3f67e11fab
Add PVK support to dsa utility.
2005-10-08 17:32:07 +00:00
Dr. Stephen Henson
566dda07ba
New option SSL_OP_NO_COMP to disable compression. New ctrls to set
...
maximum send fragment size. Allocate I/O buffers accordingly.
2005-10-08 00:18:53 +00:00
Bodo Möller
13e4670c29
new option "openssl ciphers -V"
2005-10-01 04:08:48 +00:00
Dr. Stephen Henson
09b6c2ef15
Make OPENSSL_NO_COMP compile again.
2005-09-30 23:35:33 +00:00
Nils Larsch
cc29c1204b
successfully updating the db shouldn't result in an error message
2005-09-30 16:47:38 +00:00
Dr. Stephen Henson
29b9763d9f
Change openssl.cnf to use UTF8Strings by default and not always include issuer
...
and serial versions of AKID.
2005-09-16 11:58:28 +00:00
Dr. Stephen Henson
c11c64fbe0
Update to ASN1 printing code.
2005-09-03 00:40:40 +00:00
Nils Larsch
33ac8b3139
don't try to load cert/key when the "-nocert" option is set
2005-09-02 12:44:59 +00:00
Dr. Stephen Henson
9194296de8
Update ASN1 printing code and add a -print option to 'pkcs7' utility for
...
initial testing.
2005-09-01 18:00:56 +00:00
Dr. Stephen Henson
a0156a926f
Integrated support for PVK files.
2005-08-31 16:37:54 +00:00
Ben Laurie
2c2e46dbf5
Generate primes, too.
2005-08-23 13:48:17 +00:00
Ben Laurie
b8e8ccdc79
Fix warning.
2005-08-21 15:59:10 +00:00
Dr. Stephen Henson
eea374fd19
Command line support for RSAPublicKey format.
2005-08-21 00:18:26 +00:00
Dr. Stephen Henson
45e2738585
Remove ASN1_METHOD code replace with new ASN1 alternative.
2005-08-20 18:12:45 +00:00
Nils Larsch
4ebb342fcd
Let the TLSv1_method() etc. functions return a const SSL_METHOD
...
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-14 21:48:33 +00:00
Dr. Stephen Henson
8f2e4fdf86
Allow PKCS7_decrypt() to work if no cert supplied.
2005-08-04 22:15:22 +00:00
Geoff Thorpe
7f0c65703a
"make update"
2005-07-26 04:48:54 +00:00
Nils Larsch
3eeaab4bed
make
...
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
2005-07-16 12:37:36 +00:00
Dr. Stephen Henson
cbdac46d58
Update from stable branch.
2005-07-04 23:12:04 +00:00
Richard Levitte
d2e0c81720
The private key should never have ended up in newreq.pem.
...
Now, it ends up in newkey.pem instead.
2005-07-04 21:44:16 +00:00
Nils Larsch
9e1a112336
initialize newly allocated data
...
PR: 1145
2005-07-01 16:08:14 +00:00
Ben Laurie
a51a97262d
Brought forward from 0.9.8 - 64 bit warning fixes and fussy compiler fixes.
2005-06-29 11:02:15 +00:00
Richard Levitte
417f8973ff
asn1parse doesn't support any TXT format, so let's stop pretending
...
it does.
2005-06-28 15:44:11 +00:00
Andy Polyakov
53bb3bee34
Fix typos in apps/apps.c
2005-06-27 15:56:53 +00:00
Andy Polyakov
2f3c39bc62
Minor (final?) Makefiles polish.
2005-06-26 17:47:44 +00:00
Andy Polyakov
02c31fa461
Jumbo Makfiles update.
...
- eliminate ambiguities between GNU-ish and SysV-ish make flavors;
- switch [back] to -e;
- fold/unify rules;
This is follow-up to the patch introducing common BUILDENV. Idea is
to collect as much parameters in $(TOP) as possible and "strip" lower
Makefiles for most variables [and thus makes them more readable].
2005-06-23 00:03:26 +00:00
Richard Levitte
b764ab9537
Netware patch submitted by Verdon Walker" <VWalker@novell.com> in PR
...
1107. He says:
This is a followup to the NetWare patch that was applied to beta3. It
does the following:
- Fixes a problem in the CLib build with undefined symbols.
- Adds the ability to use BSD sockets as the default for the OpenSSL
socket BIO. NetWare supports 2 flavors of sockets and our Apache
developers need BSD sockets as a configurable option when building
OpenSSL. This adds that for them.
- Updates to the INSTALL.NW file to explain new options.
I have tried very hard to make sure all the changes are in NetWare
specific files or guarded carefully to make sure they only impact
NetWare builds. I have tested the Windows build to make sure it does
not break that since we have made changes to mk1mf.pl.
We are still working the gcc cross compile for NetWare issue and hope
to have a patch for that before beta 6 is released.
2005-06-13 03:23:50 +00:00
Nils Larsch
63d740752f
changes from 0.9.8
2005-05-31 18:22:53 +00:00
Nils Larsch
6e04afb8c5
include opensslconf.h if OPENSSL_NO_* is used
2005-05-31 17:36:06 +00:00
Richard Levitte
b29228836a
DJGPP changes. Contributed by Doug Kaufman <dkaufman@rahul.net>
2005-05-30 22:37:44 +00:00
Richard Levitte
80b168a5a9
We have some source with \r\n as line ends. DEC C informs about that,
...
and I really can't be bothered...
2005-05-29 12:13:51 +00:00
Dr. Stephen Henson
499fca2db3
Update from 0.9.7-stable. Also repatch and rebuild error codes.
2005-05-28 20:44:02 +00:00