Nils Larsch
ec1edeb5fa
update pkcs12 help message + manpage
...
PR: 1443
Submitted by: Artem Chuprina <ran@cryptocom.ru>
2006-12-21 20:36:15 +00:00
Nils Larsch
5dfe910023
properly initialize SSL context, check return value
2006-12-13 22:06:37 +00:00
Nils Larsch
10a10fb834
return 0 if 'noout' is used and no error has occurred
...
PR: 1435
Submitted by: "Haridharan" <haridharan@gmail.com>
2006-12-05 20:09:25 +00:00
Nils Larsch
ae93dc13ab
add support for whirlpool in apps/speed
...
PR: 1338
Submitted by: justin@soze.net
2006-12-01 21:42:55 +00:00
Nils Larsch
7806f3dd4b
replace macros with functions
...
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:54:57 +00:00
Ben Laurie
96ea4ae91c
Add RFC 3779 support.
2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
5456583294
Don't add the TS EKU by default in openssl.cnf because it then
...
makes certificates genereated by ca, CA.pl etc useless for anything else.
2006-11-07 14:27:55 +00:00
Nils Larsch
224328e404
fix warning
2006-11-06 20:10:44 +00:00
Andy Polyakov
5b50f99e1e
Further mingw build procedure updates.
2006-10-24 22:14:20 +00:00
Andy Polyakov
cbfb39d1be
Rudimentary support for cross-compiling.
2006-10-21 13:38:16 +00:00
Dr. Stephen Henson
347ed3b93c
Buffer size handling fix for enc.
...
PR:1374
2006-09-22 17:14:22 +00:00
Dr. Stephen Henson
5d20c4fb35
Overhaul of by_dir code to handle dynamic loading of CRLs.
2006-09-17 17:16:28 +00:00
Richard Levitte
5776c3c4c6
According to documentation, including time.h declares select() on
...
OpenVMS, and possibly more.
Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select
2006-08-20 05:54:35 +00:00
Richard Levitte
0c3d346cb7
Correct warnings about signedness.
2006-08-20 05:18:12 +00:00
Dr. Stephen Henson
f6e7d01450
Support for multiple CRLs with same issuer name in X509_STORE. Modify
...
verify logic to try to use an unexpired CRL if possible.
2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
1aa44cc797
Avoid WIN32 warning.
2006-07-21 22:28:48 +00:00
Dr. Stephen Henson
37c8fd0eba
Avoid warnings.
2006-07-21 22:26:31 +00:00
Dr. Stephen Henson
b589427941
WIN32 fixes signed/unsigned issues and slightly socket semantics.
2006-07-17 18:52:51 +00:00
Dr. Stephen Henson
454dbbc593
Add -timeout option to ocsp utility.
2006-07-17 13:26:54 +00:00
Dr. Stephen Henson
f253a058d3
There is should be no need to rewind the input stream any more.
...
For S/MIME multipart/signed type the signature is calculated on the fly.
For other detached data forms the stream isn't used after the single pass to
calculate signatures.
For non-detached the data is stored in a memory BIO.
2006-07-13 20:29:55 +00:00
Dr. Stephen Henson
b3c6a33185
In genpkey, also look for algorithm string name in any supplied ENGINE.
2006-07-12 18:00:20 +00:00
Dr. Stephen Henson
105f6a6323
Update some usage messages.
2006-07-10 22:49:08 +00:00
Dr. Stephen Henson
5ba4bf35c5
New functions to enumerate digests and ciphers.
2006-07-09 00:53:45 +00:00
Bodo Möller
b166f13eb5
Call 'print_stuff' even if a handshake failed.
2006-06-15 19:00:34 +00:00
Bodo Möller
6a983d4287
Fix a bug recently introduced when updating this file to use the new
...
keygen API: make sure that 'pkey_type' is actually visible to MAIN().
2006-06-14 01:16:22 +00:00
Bodo Möller
f3dea9a595
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Dr. Stephen Henson
01b8b3c7d2
Complete EVP_PKEY_ASN1_METHOD ENGINE support.
2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
6f88c6a634
Add missing prototype. Extend engine utility to print public key algorithms.
2006-06-01 12:38:22 +00:00
Richard Levitte
0ed110b969
Because all object files are now in a file, we don't need to mention
...
any of them on the linker command line. Besides, OBJECT_FILE now
represents the last compiled file, and using it here only results in
getting warnings about multiple definitions of the symbols in that
file.
2006-06-01 10:24:47 +00:00
Dr. Stephen Henson
6657b9c73a
Fix warnings.
2006-05-26 13:27:58 +00:00
Dr. Stephen Henson
ba0d04a986
Update pkeyutl to use size_t for pkey functions.
2006-05-26 12:24:49 +00:00
Richard Levitte
3cb9eb30d3
Signed vs. unsigned conflict
2006-05-25 23:40:04 +00:00
Richard Levitte
e0b624e20e
There was a problem with too long command lines, so I rebuilt to make
...
it work better.
2006-05-25 23:37:03 +00:00
Dr. Stephen Henson
c27309edcb
Allow any supported cipher to be used with smime -encrypt.
2006-05-25 16:53:52 +00:00
Dr. Stephen Henson
216e0d5b91
Fix smime -pk7out.
2006-05-22 13:37:16 +00:00
Dr. Stephen Henson
5531192151
Add -resign and -md options to smime command to support resigning an
...
existing structure and using alternative digest for signing.
2006-05-18 23:44:44 +00:00
Dr. Stephen Henson
a6e7fcd140
Multiple signer support in smime application.
2006-05-18 12:41:28 +00:00
Dr. Stephen Henson
76cf3fcb43
Reformat smime.c utility.
2006-05-18 11:54:16 +00:00
Dr. Stephen Henson
121dd39f9f
New option to pkcs12 utility to set alternative MAC digest algorithm.
2006-05-17 18:46:22 +00:00
Dr. Stephen Henson
a263253545
Don't try to print PBE information if it can't be decoded.
2006-05-17 18:24:35 +00:00
Dr. Stephen Henson
8de916bcee
Oops...
2006-05-17 12:29:16 +00:00
Dr. Stephen Henson
1631d5f9b9
HMAC OIDs from RFC4231.
2006-05-17 12:27:45 +00:00
Dr. Stephen Henson
98c82b899e
Gather keygen options in req and only use them after all other options have
...
been processed. This allows any ENGINE changing operations to be processed
first (for example a config file).
2006-05-16 12:11:14 +00:00
Dr. Stephen Henson
fbf6643607
Bugfix: the NONE string for PBE algorithms wasn't working.
2006-05-15 13:23:15 +00:00
Dr. Stephen Henson
1bd06bd0c4
In interactive mode only config OpenSSL once.
2006-05-12 17:11:58 +00:00
Richard Levitte
98bf13c36b
make update
2006-05-12 15:31:28 +00:00
Dr. Stephen Henson
759d8ac6ee
Typo.
2006-05-12 00:27:39 +00:00
Dr. Stephen Henson
959e8dfe06
Update 'req' command to use new keygen API.
2006-05-11 21:39:00 +00:00
Dr. Stephen Henson
03919683f9
Add support for default public key digest type ctrl.
2006-05-07 17:09:39 +00:00
Ulf Möller
36e77b1059
Bug fix.
...
PR: 1307
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
2006-05-01 18:49:26 +00:00
Dr. Stephen Henson
816c2b5a79
Fix from stable branch.
2006-04-28 00:30:49 +00:00
Dr. Stephen Henson
15f80eea31
Fix usage message for pkeyutl.
2006-04-26 15:42:29 +00:00
Dr. Stephen Henson
ee1d9ec019
Remove link between digests and signature algorithms.
...
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
7bf7333d68
If we include winsock2.h then FD_SET wants an unsigned type for an fd.
2006-04-17 12:22:13 +00:00
Dr. Stephen Henson
b010b7c434
Use more flexible method of determining output length, by setting &outlen
...
value of the passed output buffer is NULL.
The old method of using EVP_PKEY_size(pkey) isn't flexible enough to cover all
cases where the output length may depend on the operation or the parameters
associated with it.
2006-04-15 18:50:56 +00:00
Richard Levitte
51aa7bd321
Got sick and tired of duplicating... Too error-prone (i.e. I forget
...
to update both...)!
2006-04-14 19:56:28 +00:00
Dr. Stephen Henson
ffb1ac674c
Complete key derivation support.
2006-04-13 20:16:56 +00:00
Dr. Stephen Henson
3be34589e8
Update dependencies.
2006-04-13 13:00:45 +00:00
Dr. Stephen Henson
92511cff48
Change the option setting command line switch to "-pkeyopt" to avoid confusion
...
with algorithm parameters.
2006-04-13 12:38:46 +00:00
Richard Levitte
7b82159865
Synchronise what what's happening with the Unix build
2006-04-13 09:59:52 +00:00
Ulf Möller
fb05e1cdf6
declare as in prototype
...
Submitted by: Gisle Vanem
2006-04-12 19:24:45 +00:00
Dr. Stephen Henson
75ef718820
Support for DSA keygen, fix for genpkey.
2006-04-12 11:14:11 +00:00
Ulf Möller
4700aea951
Add BeOS support.
...
PR: 1312
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
Reviewed by: Ulf Moeller
2006-04-11 21:34:21 +00:00
Ulf Möller
9555339007
improve make dclean to remove files generated during build
...
PR: 1308
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
Reviewed by: Ulf Moeller
2006-04-11 20:05:23 +00:00
Dr. Stephen Henson
2fbe371f53
Fix parameter error messages.
2006-04-11 18:30:25 +00:00
Dr. Stephen Henson
15181d7811
Write parameters if -genparam option include.
2006-04-11 18:21:40 +00:00
Dr. Stephen Henson
1edba2110f
Add parameter generation option to genpkey.
2006-04-11 18:18:14 +00:00
Dr. Stephen Henson
f5cda4cbb1
Initial keygen support.
2006-04-11 13:28:52 +00:00
Richard Levitte
25dc89eb9b
Synchronise with the Unix build
2006-04-10 11:39:49 +00:00
Dr. Stephen Henson
4a3dc3c0e3
Add RSA ctrl for padding mode, add ctrl support in pkeyutl.
2006-04-09 12:42:09 +00:00
Dr. Stephen Henson
a2318e86bd
Fix typo. Add EVP_PKEY_CTX control function for later use by command line
...
utilities.
2006-04-09 00:34:00 +00:00
Dr. Stephen Henson
a9164153d1
Reformat pkeyutl.c, add support for verify operation but nothing actually
...
supports it (yet).
2006-04-08 22:25:47 +00:00
Dr. Stephen Henson
8795d38906
Update dependencies.
2006-04-08 13:04:31 +00:00
Dr. Stephen Henson
8cd44e3630
Implement encrypt/decrypt using RSA.
2006-04-08 13:02:04 +00:00
Dr. Stephen Henson
9e4d0f0be2
New utility 'pkeyutl' a general purpose version of 'rsautl'.
2006-04-07 19:33:28 +00:00
Dr. Stephen Henson
53ec8809cf
Add an explicit load_config() call so any added algorithms are
...
visible.
2006-04-04 18:47:20 +00:00
Dr. Stephen Henson
0b33dac310
New function to retrieve ASN1 info on public key algorithms. New command
...
line option to print out info.
2006-04-04 18:16:03 +00:00
Richard Levitte
16f66ae794
Synchronise with recent changes
2006-03-30 04:30:45 +00:00
Bodo Möller
bcbe37b716
Change default curve (for compatibility with a
...
soon-to-be-widely-deployed implementation that doesn't support the
previous default)
Submitted by: Douglas Stebila
2006-03-30 02:41:30 +00:00
Dr. Stephen Henson
246e09319c
Fix bug where freed OIDs could be accessed in EVP_cleanup() by
...
defering freeing in OBJ_cleanup().
2006-03-28 17:23:48 +00:00
Dr. Stephen Henson
3e4585c8fd
New utility pkeyparam. Enhance and bugfix algorithm specific parameter
...
functions to support it.
2006-03-28 14:35:32 +00:00
Dr. Stephen Henson
3e84b6e15f
New general public key utility 'pkey'.
2006-03-28 12:34:45 +00:00
Nils Larsch
b4e88ccb28
ensure the pointer is valid before using it
2006-03-18 14:27:41 +00:00
Nils Larsch
d916ba1ba1
check if con != NULL before using it
2006-03-18 14:24:02 +00:00
Nils Larsch
67b6f1ca88
fix problems found by coverity: remove useless code
2006-03-15 17:45:43 +00:00
Nils Larsch
e968089485
use BIO_snprintf() instead of snprintf + use BIO_FP_TEXT for text output
...
Submitted by: Gisle Vanem
2006-03-12 22:16:57 +00:00
Nils Larsch
a0aa8b4b61
fix signed vs. unsigned warning
2006-03-11 12:18:11 +00:00
Nils Larsch
ddac197404
add initial support for RFC 4279 PSK SSL ciphersuites
...
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
2006-03-10 23:06:27 +00:00
Richard Levitte
8721fc2d0b
Forgot the TSA application...
2006-03-02 13:28:52 +00:00
Ulf Möller
11503177d1
TS bugfixes: Do not hardcode message digest algorithms; fix ASN1 decoding.
...
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
2006-02-26 23:34:53 +00:00
Richard Levitte
9ab899a660
Synchronise with openss.cnf
2006-02-26 10:48:40 +00:00
Nils Larsch
fcfd87168a
fix warning: add missing prototype
2006-02-13 09:43:31 +00:00
Ulf Möller
3b408d83fe
make update
2006-02-12 23:21:56 +00:00
Ulf Möller
c7235be6e3
RFC 3161 compliant time stamp request creation, response generation
...
and response verification.
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Bodo Möller
241520e66d
More TLS extension related changes.
...
Submitted by: Peter Sylvester
2006-01-11 06:10:40 +00:00
Bodo Möller
a13c20f603
Further TLS extension updates
...
Submitted by: Peter Sylvester
2006-01-09 19:49:05 +00:00
Bodo Möller
1aeb3da83f
Fixes for TLS server_name extension
...
Submitted by: Peter Sylvester
2006-01-06 09:08:59 +00:00
Richard Levitte
8de5b7f548
Fix signed/unsigned char clashes.
2006-01-04 12:02:43 +00:00
Bodo Möller
f1fd4544a3
Various changes in the new TLS extension code, including the following:
...
- fix indentation
- rename some functions and macros
- fix up confusion between SSL_ERROR_... and SSL_AD_... values
2006-01-03 03:27:19 +00:00
Bodo Möller
b1277b9902
C style fix-up
2006-01-02 23:29:12 +00:00
Bodo Möller
ed3883d21b
Support TLS extensions (specifically, HostName)
...
Submitted by: Peter Sylvester
2006-01-02 23:14:37 +00:00
Andy Polyakov
7b1b47a8e6
Mention Whirlpool in dgst -help.
2005-11-30 20:58:41 +00:00
Dr. Stephen Henson
c173d09c56
Typo
2005-11-30 19:25:55 +00:00
Dr. Stephen Henson
cb49a3cfa1
Make CA.pl script use CA extensions when creating a root CA.
2005-11-30 18:31:36 +00:00
Richard Levitte
a53cb070e3
When using POSIXly functions, we need to define _POSIX_C_SOURCE, at
...
least when the source is compiled with ANSI settings.
2005-11-27 15:32:57 +00:00
Andy Polyakov
eed22ac4ac
Eliminate VC compiler warning.
2005-11-06 21:11:41 +00:00
Andy Polyakov
9135fddb0e
Revive app_tminterval for Netware.
2005-11-06 17:11:04 +00:00
Andy Polyakov
d88fcf73f1
Revive app_tminterval for vxworks.
2005-11-06 16:55:44 +00:00
Andy Polyakov
a950f28762
Revive app_tminterval for VMS.
2005-11-06 16:16:38 +00:00
Andy Polyakov
e22f63f231
The typos never stop. Fix one in apps/apps.c.
2005-11-06 12:15:12 +00:00
Andy Polyakov
f530138876
Fix newly introduced typos and warnings in ./apps.
2005-11-06 11:58:22 +00:00
Andy Polyakov
0a39d8f207
Collect timing procedures in apps/apps.c. It's a bit cruel patch, as it
...
temporarily[!] removes support for couple of esoteric platforms [well,
Netware, vxWorks and VMS].
2005-11-06 11:40:59 +00:00
Andy Polyakov
a1ad253f17
Eliminate remaining calls to stat in apps/apps.c and unify WIN32_rename for
...
all Windows targets.
2005-11-04 16:12:05 +00:00
Andy Polyakov
ffa101872f
Eliminate dependency on read/write/stat in apps under _WIN32.
2005-11-04 09:30:55 +00:00
Andy Polyakov
53261831f1
Get rid of arcane reference to _fmode in apps/apps.h. Binary open is
...
handles properly by bss_file.c, which renders _fmode redundant.
2005-11-03 16:42:57 +00:00
Andy Polyakov
eff7cb41d1
Disable BIO_s_fd on CE and disable fd:N as password passing option on
...
all _WIN32 [see commentary for clarification].
2005-11-03 15:31:28 +00:00
Nils Larsch
d86b0f1f5f
compile sstrsep only if HAVE_FORK is defined; patch supplied by Johan Gill <johane@lysator.liu.se>
2005-11-02 22:13:43 +00:00
Bodo Möller
ee8836c442
fix stupid typo
2005-10-26 19:30:10 +00:00
Dr. Stephen Henson
3f67e11fab
Add PVK support to dsa utility.
2005-10-08 17:32:07 +00:00
Dr. Stephen Henson
566dda07ba
New option SSL_OP_NO_COMP to disable compression. New ctrls to set
...
maximum send fragment size. Allocate I/O buffers accordingly.
2005-10-08 00:18:53 +00:00
Bodo Möller
13e4670c29
new option "openssl ciphers -V"
2005-10-01 04:08:48 +00:00
Dr. Stephen Henson
09b6c2ef15
Make OPENSSL_NO_COMP compile again.
2005-09-30 23:35:33 +00:00
Nils Larsch
cc29c1204b
successfully updating the db shouldn't result in an error message
2005-09-30 16:47:38 +00:00
Dr. Stephen Henson
29b9763d9f
Change openssl.cnf to use UTF8Strings by default and not always include issuer
...
and serial versions of AKID.
2005-09-16 11:58:28 +00:00
Dr. Stephen Henson
c11c64fbe0
Update to ASN1 printing code.
2005-09-03 00:40:40 +00:00
Nils Larsch
33ac8b3139
don't try to load cert/key when the "-nocert" option is set
2005-09-02 12:44:59 +00:00
Dr. Stephen Henson
9194296de8
Update ASN1 printing code and add a -print option to 'pkcs7' utility for
...
initial testing.
2005-09-01 18:00:56 +00:00
Dr. Stephen Henson
a0156a926f
Integrated support for PVK files.
2005-08-31 16:37:54 +00:00
Ben Laurie
2c2e46dbf5
Generate primes, too.
2005-08-23 13:48:17 +00:00
Ben Laurie
b8e8ccdc79
Fix warning.
2005-08-21 15:59:10 +00:00
Dr. Stephen Henson
eea374fd19
Command line support for RSAPublicKey format.
2005-08-21 00:18:26 +00:00
Dr. Stephen Henson
45e2738585
Remove ASN1_METHOD code replace with new ASN1 alternative.
2005-08-20 18:12:45 +00:00
Nils Larsch
4ebb342fcd
Let the TLSv1_method() etc. functions return a const SSL_METHOD
...
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-14 21:48:33 +00:00
Dr. Stephen Henson
8f2e4fdf86
Allow PKCS7_decrypt() to work if no cert supplied.
2005-08-04 22:15:22 +00:00
Geoff Thorpe
7f0c65703a
"make update"
2005-07-26 04:48:54 +00:00
Nils Larsch
3eeaab4bed
make
...
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
2005-07-16 12:37:36 +00:00
Dr. Stephen Henson
cbdac46d58
Update from stable branch.
2005-07-04 23:12:04 +00:00
Richard Levitte
d2e0c81720
The private key should never have ended up in newreq.pem.
...
Now, it ends up in newkey.pem instead.
2005-07-04 21:44:16 +00:00
Nils Larsch
9e1a112336
initialize newly allocated data
...
PR: 1145
2005-07-01 16:08:14 +00:00
Ben Laurie
a51a97262d
Brought forward from 0.9.8 - 64 bit warning fixes and fussy compiler fixes.
2005-06-29 11:02:15 +00:00
Richard Levitte
417f8973ff
asn1parse doesn't support any TXT format, so let's stop pretending
...
it does.
2005-06-28 15:44:11 +00:00
Andy Polyakov
53bb3bee34
Fix typos in apps/apps.c
2005-06-27 15:56:53 +00:00
Andy Polyakov
2f3c39bc62
Minor (final?) Makefiles polish.
2005-06-26 17:47:44 +00:00
Andy Polyakov
02c31fa461
Jumbo Makfiles update.
...
- eliminate ambiguities between GNU-ish and SysV-ish make flavors;
- switch [back] to -e;
- fold/unify rules;
This is follow-up to the patch introducing common BUILDENV. Idea is
to collect as much parameters in $(TOP) as possible and "strip" lower
Makefiles for most variables [and thus makes them more readable].
2005-06-23 00:03:26 +00:00
Richard Levitte
b764ab9537
Netware patch submitted by Verdon Walker" <VWalker@novell.com> in PR
...
1107. He says:
This is a followup to the NetWare patch that was applied to beta3. It
does the following:
- Fixes a problem in the CLib build with undefined symbols.
- Adds the ability to use BSD sockets as the default for the OpenSSL
socket BIO. NetWare supports 2 flavors of sockets and our Apache
developers need BSD sockets as a configurable option when building
OpenSSL. This adds that for them.
- Updates to the INSTALL.NW file to explain new options.
I have tried very hard to make sure all the changes are in NetWare
specific files or guarded carefully to make sure they only impact
NetWare builds. I have tested the Windows build to make sure it does
not break that since we have made changes to mk1mf.pl.
We are still working the gcc cross compile for NetWare issue and hope
to have a patch for that before beta 6 is released.
2005-06-13 03:23:50 +00:00
Nils Larsch
63d740752f
changes from 0.9.8
2005-05-31 18:22:53 +00:00
Nils Larsch
6e04afb8c5
include opensslconf.h if OPENSSL_NO_* is used
2005-05-31 17:36:06 +00:00
Richard Levitte
b29228836a
DJGPP changes. Contributed by Doug Kaufman <dkaufman@rahul.net>
2005-05-30 22:37:44 +00:00
Richard Levitte
80b168a5a9
We have some source with \r\n as line ends. DEC C informs about that,
...
and I really can't be bothered...
2005-05-29 12:13:51 +00:00
Dr. Stephen Henson
499fca2db3
Update from 0.9.7-stable. Also repatch and rebuild error codes.
2005-05-28 20:44:02 +00:00
Andy Polyakov
4b23506594
OPENSSL_NO_SHA512 to mask even SHA512_CTX declaration. This is done to
...
make no-sha512 more effective on platforms, which don't support 64-bit
integer type of *any* kind.
2005-05-22 08:55:15 +00:00
Andy Polyakov
ea1b02db6a
OPENSSL_Applink update.
2005-05-17 00:08:28 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341
ecc api cleanup; summary:
...
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Bodo Möller
46a643763d
Implement fixed-window exponentiation to mitigate hyper-threading
...
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Andy Polyakov
734540f887
Consolidate BUILDENV [idea is to keep all variables in one place].
2005-05-15 23:53:34 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
b6995add5c
Make -CSP option work again in pkcs12 utility by checking for
...
attribute in EVP_PKEY structure.
2005-05-15 00:54:45 +00:00
Nils Larsch
8b15c74018
give EC_GROUP_new_by_nid a more meanigful name:
...
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Nils Larsch
3afa6cf866
improve command line argument checking
...
PR: 1061
2005-05-10 09:51:29 +00:00
Bodo Möller
fbeaa3c47d
Update util/ck_errf.pl script, and have it run automatically
...
during "make errors" and thus during "make update".
Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
2005-05-09 00:27:37 +00:00
Ben Laurie
0ff469d38d
Add prototype.
2005-05-01 13:49:56 +00:00
Andy Polyakov
4c3a2d64e4
Fold rules in test/Makefiles [from stable].
2005-04-30 21:39:39 +00:00
Richard Levitte
aed14edd12
From branch OpenSSL_0_9_7-stable, 2004-08-11 22:34:
...
Another missing module in the VMS build files.I believe this is
the last, though...
2005-04-30 15:21:40 +00:00
Richard Levitte
14a948e6ad
All kinds of changes from branch OpenSSL_0_9_7-stable
2005-04-30 15:17:05 +00:00
Nils Larsch
7ab2d30349
add 192 bit prime curve to the command line options
2005-04-29 15:21:09 +00:00
Dr. Stephen Henson
6c61726b2a
Lots of Win32 fixes for DTLS.
...
1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.
2005-04-27 16:27:14 +00:00
Dr. Stephen Henson
b08868c48a
Port prime utility across from stable branch.
2005-04-26 23:02:52 +00:00
Bodo Möller
0d5ea7613e
make update
2005-04-26 18:09:21 +00:00
Dr. Stephen Henson
4e321ffaff
Fixes for signed/unsigned warnings and shadows.
2005-04-26 17:43:53 +00:00
Ben Laurie
36d16f8ee0
Add DTLS support.
2005-04-26 16:02:40 +00:00
Nils Larsch
965a1cb92e
change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible
2005-04-23 10:11:16 +00:00
Ben Laurie
e9ad6665a5
Add debug target, remove cast, note possible bug.
2005-04-23 06:05:24 +00:00
Nils Larsch
e7076c5a80
make update
2005-04-22 20:17:17 +00:00
Richard Levitte
7efebab9fd
signed vs. unsigned.
2005-04-20 13:21:10 +00:00
Dr. Stephen Henson
f68854b4c3
Various Win32 and other fixes for warnings and compilation errors.
...
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
2005-04-19 00:12:36 +00:00
Nils Larsch
ff990440ee
const fixes
2005-04-15 18:29:33 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Nils Larsch
eb3eab20a8
const fixes
2005-04-07 22:48:33 +00:00
Nils Larsch
7d727231b7
some const fixes
2005-04-05 19:11:19 +00:00
Nils Larsch
69740c2b3f
update progs.pl to reflect changes in progs.h
2005-04-05 18:17:13 +00:00
Nils Larsch
12bdb64375
use SHA-1 as the default digest for the apps/openssl commands
2005-04-02 09:29:15 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Nils Larsch
689c6f2542
add new curves to the loop (with some cleanup from me)
...
Submitted by: Jean-Luc Duval
Reviewed by: Nils Larsch
2005-03-20 23:12:13 +00:00
Bodo Möller
9f6715d4bb
"make depend". This takes into account the algorithms that are now
...
disabled by default (MDC2 and RC5), which until now were skipped
by "make links" and yet supposedly required by some of the Makefiles,
meaning that the recent snapshots failed to compile.
Problem reported by Nils Larsch.
2005-03-13 19:49:47 +00:00
Andy Polyakov
877dbcb8a0
Shut whiny make's up.
2005-02-03 10:19:59 +00:00
Andy Polyakov
62d27939c2
Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms
...
and SafeDllSearchMode in Windows.
Submitted by: Richard Levitte
2005-02-01 23:48:37 +00:00
Richard Levitte
4aca9297dc
The mix of CFLAGS and LDFLAGS is a bit confusing in my opinion, and
...
Makefile.shared was a bit overcomplicated.
Make the shell variables LDFLAGS and SHAREDFLAGS in Makefile.shared
get the values of $(CFLAGS) or $(LDFLAGS) as appropriate depending on
the value the shell variables LDCMD and SHAREDCMD get. That leaves
much less chance of confusion, since those pairs of shell variables
always are defined together.
2005-01-26 23:51:20 +00:00
Andy Polyakov
fbdce13e5a
Please BSD make...
2005-01-25 22:09:11 +00:00
Andy Polyakov
02a00bb054
DJGPP update.
...
PR: 989
Submitted by: Doug Kaufman
2005-01-04 10:28:38 +00:00
Andy Polyakov
3ffb8d42bc
Remove naming conflict between variable and label.
2004-12-30 11:10:11 +00:00
Dr. Stephen Henson
e90faddaf8
Prompt for passphrases for PKCS12 input format
2004-12-29 01:07:14 +00:00
Richard Levitte
6951c23afd
Add functionality needed to process proxy certificates.
2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
abbc186bd2
Fix s_client so it works without a certificate again.
2004-12-13 18:02:23 +00:00
Richard Levitte
de6859e442
Propagate a few more variables to Makefile.shared when linking
...
programs.
2004-12-13 17:28:44 +00:00
Dr. Stephen Henson
a37e22d866
Use X509_cmp_time() in -checkend option, to support GeneralizedTime.
2004-12-05 18:26:19 +00:00
Dr. Stephen Henson
5b40d7dd97
Add -passin argument to dgst command.
2004-12-03 12:26:56 +00:00
Richard Levitte
30b415b076
Make an explicit check during certificate validation to see that the
...
CA setting in each certificate on the chain is correct. As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
given)
2004-11-29 11:28:08 +00:00
Dr. Stephen Henson
3fee255102
Typo.
2004-11-23 21:40:10 +00:00
Dr. Stephen Henson
16df5f066a
Fix memory leak.
2004-11-23 21:22:21 +00:00
Dr. Stephen Henson
00dd8f6d6e
In "req" exit immediately if configuration file is needed and it can't
...
be loaded instead of giving the misleading:
"unable to find 'distinguised_name' in config"
error message.
2004-11-17 18:36:13 +00:00
Dr. Stephen Henson
826a42a088
PR: 910
...
Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.
Update docs.
2004-11-16 17:30:59 +00:00
Dr. Stephen Henson
151368ccba
PR: 940
...
Typo: use prompt_info, not cb_data->prompt_info.
2004-11-14 15:40:00 +00:00
Dr. Stephen Henson
5fee606442
Zap obsolete der_chop script.
2004-11-14 00:08:36 +00:00
Dr. Stephen Henson
78df5a2f1e
Fix x509.c so it creates serial number file again if no
...
serial number is supplied on command line.
2004-11-13 13:26:06 +00:00
Richard Levitte
6c9f57d629
Cut'n'paste mistake. All tested OK now...
2004-11-11 19:36:08 +00:00
Richard Levitte
382342ce1d
Whoops, syntactic mistake...
2004-11-11 18:58:01 +00:00
Richard Levitte
69c922f5d2
Some find it confusing that environment variables are set when shared
...
libraries aren't built or used. I can see the point, so I'm
reorganising a little for clarity.
2004-11-11 18:18:43 +00:00
Dr. Stephen Henson
10c8505734
Use the default_md config file value when signing CRLs.
...
PR:662
2004-11-11 13:47:06 +00:00
Dr. Stephen Henson
10f92aac33
Don't return an error with crl -noout.
...
PR:917
Sumbmitted by: Michael Konietzka <konietzka@schlund.de>
2004-11-11 02:13:08 +00:00
Richard Levitte
8de69cf2c6
Make sure LD_PRELOAD is only set when we build shared libraries (and
...
therefore link with them). Add LD_PRELOAD setting code where it was
still missing.
PR: 966
2004-11-05 09:12:10 +00:00
Geoff Thorpe
58ae65cd1a
Update ECDSA and ECDH for OPENSSL_NO_ENGINE.
...
Reported by: Maxim Masiutin
Submitted by: Nils Larsch
2004-10-21 00:06:14 +00:00
Richard Levitte
d813ff2ac1
make update
2004-09-10 10:30:33 +00:00
Dr. Stephen Henson
c431798e82
Reformat smime utility.
...
Add support for policy checking in verify utility.
2004-09-07 18:38:46 +00:00
Dr. Stephen Henson
fb80794568
Don't use 'explicit' for variable name.
2004-09-07 00:31:08 +00:00
Dr. Stephen Henson
4ec3d785e5
Reformat smime.c
2004-09-07 00:28:17 +00:00
Dr. Stephen Henson
5d7c222db8
New X509_VERIFY_PARAM structure and associated functionality.
...
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
2004-09-06 18:43:01 +00:00
Richard Levitte
2549564009
On systems that use case-insensitive symbol names (i.e. they're all
...
converted to upper case or something like that), the application-
level bio_dump_cb() has a name clash with the new library function
BIO_dump_cb(). The easiest fix is to rename the function at the
application level.
2004-08-12 08:58:55 +00:00
Dr. Stephen Henson
b5a93e2250
Call setup_engine after autoconfig.
2004-08-06 12:44:34 +00:00
Dr. Stephen Henson
c128bb0fa2
Don't ignore return value of EVP_DigestInit_ex() in md BIOs and dgst utility.
2004-08-05 18:09:50 +00:00
Andy Polyakov
c88f8f76b5
'apps/openssl dgst -help' update and minor apps/speed.c update.
2004-07-25 18:57:35 +00:00
Dr. Stephen Henson
0efea28dcb
Don't try to parse non string types.
2004-07-01 18:15:33 +00:00
Richard Levitte
28a8003467
Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>.
...
PR: 499
2004-06-28 22:01:37 +00:00
Richard Levitte
563cd0f2b0
Make the tests of EVP operations without padding. As a consequence,
...
there's no need for a larger BUFSIZE any more...
PR: 904
2004-06-28 16:32:12 +00:00
Richard Levitte
3ac0f28837
Make sure that the buffers are large enough to contain padding.
...
PR: 904
2004-06-28 12:23:35 +00:00
Richard Levitte
47c1735acd
NetWare fixes provided by Verdon Walker for OpenSSL 0.9.8-dev.
...
The changes have been mailed to <crypt@bis.doc.gov> as well.
PR: 903
2004-06-28 11:55:28 +00:00
Dr. Stephen Henson
8a60547896
Reformat pkcs8 source.
2004-06-24 13:10:54 +00:00
Andy Polyakov
bc1ca8605c
Working on HP-UX shared support...
2004-05-31 14:50:19 +00:00
Andy Polyakov
63ba7e293f
Make sha-256/-512 naming in speed.c consistent with their names as they
...
will appear at EVP leyer.
2004-05-31 12:40:22 +00:00
Andy Polyakov
46ceb15c39
SHA-256/-512 test and benchmark.
2004-05-20 21:49:38 +00:00
Geoff Thorpe
9c52d2cc75
After the latest round of header-hacking, regenerate the dependencies in
...
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
f0eae953e2
Remove some unnecessary recursive includes from the internal apps.h header,
...
and include bn.h in those C files that need bignum functionality.
2004-05-17 19:05:32 +00:00
Richard Levitte
d1739eb2d6
make update
2004-05-13 21:38:47 +00:00
Dr. Stephen Henson
df368ecce4
Make self signing option of 'x509' use random serial numbers too.
2004-05-12 18:20:37 +00:00
Geoff Thorpe
bcfea9fb25
Allow RSA key-generation to specify an arbitrary public exponent. Jelte
...
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.
PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
2004-04-26 15:31:35 +00:00
Dr. Stephen Henson
77475142ec
New option to 'x509' -next_serial. This outputs the certificate
...
serial number plus 1 to the output file. Its purpose is to allow
serial number files to be initialized when random serial numbers
are used.
2004-04-21 12:46:20 +00:00
Dr. Stephen Henson
90fac84066
Use X509_get_serialNumber() instead of accessing internals in x509.c
2004-04-21 12:43:21 +00:00
Dr. Stephen Henson
64674bcc8c
Reduce chances of issuer and serial number duplication by use of random
...
initial serial numbers.
PR: 842
2004-04-20 12:05:26 +00:00
Geoff Thorpe
c57bc2dc51
make update
2004-04-19 18:33:41 +00:00
Geoff Thorpe
823a67b0a9
header cleanup in apps/
2004-04-19 18:13:07 +00:00
Dr. Stephen Henson
ae44fc1ec4
Clear error if unique_subject lookup fails.
2004-04-15 00:32:19 +00:00
Richard Levitte
d530017c00
Move the definition of Win32_rename(), since the macro rename gets undefined
...
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853
2004-03-25 20:09:00 +00:00
Geoff Thorpe
5148710994
Adds warnings about two curves and fixes the "seed" value for two other
...
curves.
Submitted by: Nils Larsch
2004-03-25 03:03:52 +00:00
Richard Levitte
d342ec3335
o_str.h isn't a public header file, so make sure it will still be
...
included.
2004-03-24 09:43:03 +00:00
Richard Levitte
875a644a90
Constify d2i, s2i, c2i and r2i functions and other associated
...
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Dr. Stephen Henson
3f39976da3
Call autoconfig code in pkcs7 utility.
2004-03-05 23:46:29 +00:00
Geoff Thorpe
6c43032121
minor signed/unsigned warning fixes
2004-02-10 18:46:10 +00:00
Dr. Stephen Henson
37ead9be0b
Fix handling of -offset and -length in asn1parse tool.
...
If -offset exceeds -length of data available exit with an error.
Don't read past end of total data available when -offset supplied.
If -length exceeds total available truncate it.
2004-02-08 13:30:04 +00:00
Andy Polyakov
3a160f1dc6
Fix declaration inconsistency in ecparam.c.
2004-01-24 16:51:59 +00:00
Lutz Jänicke
cdb42bcf0c
Cover all DSA setups when running tests
...
PR: #748
Submitted by: Kirill Kochetkov <kochet@ixbt.com>
2004-01-08 07:46:37 +00:00
Richard Levitte
79b42e7654
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d
Use BUF_strlcpy() instead of strcpy().
...
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Richard Levitte
03ddbdd9b9
Move another common functionality (reproduced so far with cut'n'paste)
...
to apps.c, and give it the hopefully descriptive name parse_yesno().
2003-11-28 14:45:09 +00:00
Richard Levitte
d45a098472
Forgot to change the declaration of do_subject() to one of parse_name()...
2003-11-28 14:18:05 +00:00
Richard Levitte
6d5ffb591b
Move do_subject() to apps.c and rename it to parse_name(). The
...
rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.
2003-11-28 14:07:14 +00:00
Richard Levitte
7ce9e425bc
Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option
...
to 'openssl req' and 'openssl ca'.
PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte
(there will be some follow-up changes)
2003-11-28 14:04:09 +00:00
Richard Levitte
4d8743f490
Netware-specific changes,
...
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
2003-11-28 13:10:58 +00:00
Dr. Stephen Henson
a8287a90ea
Give CRLDP its standard name.
...
Max req -x509 use V1 if extensions section absent.
2003-11-20 22:45:06 +00:00
Lutz Jänicke
95de3d204f
Make sure to initialize AES counters to obtain proper results.
...
Submitted by: Kirill Kochetkov <kochet@ixbt.com>
PR: #748
2003-11-18 18:27:12 +00:00
Lutz Jänicke
f35232e6f3
Catch error condition to prevent NULL pointer dereference.
...
Submitted by: Goetz Babin-Ebell <babin-ebell@trustcenter.de>
PR: #766
2003-11-16 16:30:39 +00:00
Geoff Thorpe
d8ec0dcf45
Avoid some shadowed variable names.
...
Submitted by: Nils Larsch
2003-11-04 00:51:32 +00:00
Richard Levitte
cfd06a6223
Let exit codes propagate from within for loops.
2003-10-31 06:58:24 +00:00
Geoff Thorpe
bc3c578208
Copy-n-paste bug (don't mix variable declarations and code). This sets the
...
callback structure just before it is needed.
2003-10-29 22:30:45 +00:00
Geoff Thorpe
2754597013
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
...
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Geoff Thorpe
0991f07034
For whatever reason (compiler or header bugs), at least one commonly-used
...
linux system (namely mine) chokes on our definitions and uses of the "HZ"
symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast"
(when in fact there is no function casting involved at all). In both cases,
it is easily worked around by not defining a cast into the macro and
jiggling the expressions slightly.
In addition - this highlights some cruft in openssl that needs sorting out.
The tmdiff.h header is exported as part of the openssl API despite the fact
that it is ugly as the driven sludge and not used anywhere in the library,
applications, or utilities. More weird still, almost identical code exists
in apps/speed.c though it looks to be slightly tweaked - so either tmdiff
should be updated and used by speed.c, or it should be dumped because it's
obviously not useful enough.
Rather than removing it for now, I've changed the API for tmdiff to at
least make sense. This involves taking the object type (MS_TM) from the
implementation and using it in the header rather than using "char *" in the
API and casting mercilessly in the code (ugh). If someone doesn't like
"MS_TM" and the "ms_time_***" naming, by all means change it. This should
be a harmless improvement, because the existing API is clearly not very
useful (eg. we reimplement it rather than using it in our own utils).
However, someone still needs to take a hack at consolidating speed.c and
tmdiff.[ch] somehow.
2003-10-29 04:40:13 +00:00
Geoff Thorpe
2aaec9cced
Update any code that was using deprecated functions so that everything builds
...
and links with OPENSSL_NO_DEPRECATED defined.
2003-10-29 04:14:08 +00:00
Dr. Stephen Henson
a08ced78c8
Avoid warnings: add missing prototype, don't shadow.
2003-10-10 23:07:24 +00:00
Richard Levitte
f44e184ec6
s_client should inform the user of any compression/expansion methods used.
2003-10-06 12:19:38 +00:00
Richard Levitte
3d7c4a5a6d
Selected changes for MSDOS, contributed by Gisle Vanem <giva@bgnett.no>.
...
PR: 669
2003-09-27 21:56:08 +00:00
Richard Levitte
253e893c2b
Include the instance in the Kerberos ticket information.
...
In s_server, print the received Kerberos information.
PR: 693
2003-09-27 17:55:13 +00:00
Dr. Stephen Henson
dfe399e7d9
Add -passin support to rsautl
2003-09-21 02:20:02 +00:00
Dr. Stephen Henson
7068c8b1a6
In order to get the expected self signed error when
...
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
2003-09-21 02:18:15 +00:00
Richard Levitte
e6fa67fa93
Generalise the definition of strcasecmp() and strncasecmp() for
...
platforms that don't (necessarely) have it. In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).
2003-09-09 14:48:36 +00:00
Dr. Stephen Henson
560dfd2a02
New -ignore_err option in ocsp application to stop the server
...
exiting on the first error in a request.
2003-09-03 23:56:01 +00:00
Bodo Möller
563c05e2dc
fix out-of-bounds check in lock_dbg_cb (was too lose to detect all
...
invalid cases)
PR: 674
2003-08-14 10:33:56 +00:00
Bodo Möller
968766cad8
updates for draft-ietf-tls-ecc-03.txt
...
Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller
2003-07-22 12:34:21 +00:00
Richard Levitte
94805c84d1
Add -issuer_hash and make -subject_hash the default way to get the
...
subject hash, with -hash a synonym kept around for backward
compatibility reasons.
PR: 650
2003-07-03 20:45:09 +00:00
Bodo Möller
0fbffe7a71
implement PKCS #8 / SEC1 private key format for ECC
...
Submitted by: Nils Larsch
2003-06-25 21:35:05 +00:00
Richard Levitte
fd4ef69913
Implement CRL numbers.
...
Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com>
PR: 644
2003-06-19 17:40:16 +00:00
Richard Levitte
fadd2246a0
Avoid warnings saying that the format takes a void*.
2003-06-11 22:26:02 +00:00
Dr. Stephen Henson
beab098d53
Various S/MIME bug and compatibility fixes.
2003-06-01 20:51:58 +00:00
Lutz Jänicke
4f17dfcd75
Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before)
...
Submitted by: dg@sunet.ru (Daniel Ginsburg)
PR: #613
2003-05-28 20:24:57 +00:00
Richard Levitte
d1465bac90
make update
2003-05-01 04:10:32 +00:00
Richard Levitte
4c771796d5
Convert save_serial() to work like save_index(), and add a
...
rotate_serial() that works like rotate_index().
2003-04-04 15:10:35 +00:00
Richard Levitte
d6df2b281f
Add documentation on the added functionality in 'openssl ca'.
2003-04-04 14:39:44 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
83b23ed967
One more debug line to conditionalise.
2003-04-03 23:01:20 +00:00
Richard Levitte
16b1b03543
Implement self-signing in 'openssl ca'. This makes it easier to have
...
the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.
2003-04-03 22:33:59 +00:00
Richard Levitte
db598fbce2
Don't try to free NULL values...
2003-04-03 20:03:23 +00:00
Richard Levitte
0998cfaadd
Remove unused variable.
2003-04-03 19:07:27 +00:00
Richard Levitte
c4448f60d6
Reset the version number of the issuer certificate? I believe this
...
hasn't been tested in a long while...
2003-04-03 18:50:15 +00:00
Richard Levitte
63b6fe2bf6
Conditionalise all debug strings.
2003-04-03 18:07:39 +00:00
Richard Levitte
f85b68cd49
Make it possible to have multiple active certificates with the same
...
subject.
2003-04-03 16:33:03 +00:00
Richard Levitte
d678cc07ed
No need to test -setalias twice.
...
PR: 556
2003-03-31 13:56:52 +00:00
Richard Levitte
03eeb07152
Add usage string for -fingerprint.
...
PR: 560
2003-03-31 13:06:24 +00:00
Dr. Stephen Henson
1a15c89988
Multi valued AVA support.
2003-03-30 01:51:16 +00:00
Dr. Stephen Henson
e5b0508a14
Update ocsp usage message and docs.
2003-03-26 00:46:47 +00:00
Richard Levitte
48f1fa7482
Make sure that all the library paths are modified in prepend mode, not
...
replace mode.
PR: 528
2003-03-20 11:37:47 +00:00
Dr. Stephen Henson
12d4e7b8c8
Fix PEDANTIC stuff...
2003-03-13 21:28:03 +00:00
Dr. Stephen Henson
767712fa62
Avoid warnings for no-engine and PEDANTIC
2003-03-12 02:38:57 +00:00
Bodo Möller
176f31ddec
- new ECDH_compute_key interface (KDF is no longer a fixed built-in)
...
- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary
2003-02-28 15:37:10 +00:00
Dr. Stephen Henson
e9ec63961b
Fix indefinite length encoding so EOC correctly updates
...
the buffer pointer.
Rename PKCS7_PARTSIGN to PKCS7_STREAM.
Guess what that's for :-)
2003-02-25 19:03:31 +00:00
Ulf Möller
66ecdf3bfb
more mingw related cleanups.
2003-02-22 18:00:14 +00:00
Richard Levitte
132eaa59da
Allow building applications against static libraries with Makefile.shared.
2003-02-22 14:41:34 +00:00
Dr. Stephen Henson
27068df7e0
Single pass processing to cleartext S/MIME signing.
2003-02-15 00:50:55 +00:00
Richard Levitte
c1269c81fd
Handle krb5 libraries separately and make sure only libssl.so depends
...
on it.
2003-02-14 13:12:00 +00:00
Richard Levitte
e270cf9c5e
Pay attention to disabled SSL versions.
...
PR: 500
2003-02-14 05:24:22 +00:00
Richard Levitte
85d686e723
Make it possible to disable OCSP, the speed application, and the use of sockets.
...
PR: 358
2003-02-14 01:02:58 +00:00
Richard Levitte
2d3de726c5
Add full support for -rpath/-R, both in shared libraries and
...
applications, at least on the platforms where it's known how
to do it.
Note: this has only been tested on GNU-based platforms (Linux), and
needs to be tested on all others. Additionally, it's not yet
supported on the following platforms, for lack of information:
Darwin (MacOS X)
Cygwin
OSF1/Alpha
SVR3
ReliantUNIX
Please help out with testing and the platforms we don't yet know well
enough.
2003-02-13 23:52:54 +00:00
Dr. Stephen Henson
33075f229e
Typo.
2003-02-10 17:52:10 +00:00
Bodo Möller
d42d2d1ab6
avoid coredump
...
Submitted by: Nils Larsch
2003-02-08 19:49:16 +00:00
Bodo Möller
37c660ff9b
implement fast point multiplication with precomputation
...
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2003-02-06 19:25:12 +00:00
Richard Levitte
0b13e9f055
Add the possibility to build without the ENGINE framework.
...
PR: 287
2003-01-30 17:39:26 +00:00
Geoff Thorpe
bb3e67f315
"openssl engine" will not display ENGINE/DSO load failure errors when
...
testing availability of engines with "-t" - the old behaviour of is
produced by increasing the feature's verbosity with "-tt".
2003-01-30 14:58:44 +00:00
Richard Levitte
4e78074b39
cert_sk isn't always allocated, so freeing it may cause a crash.
...
PR: 481
2003-01-30 10:27:43 +00:00
Dr. Stephen Henson
d3b5cb5343
Check return value of gmtime() and add error codes
...
where it fails in ASN1_TIME_set().
Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.
Clear error queue in req.c if *_min or *_max is absent.
2003-01-24 01:12:01 +00:00
Bodo Möller
d745af4b0c
avoid potential confusion about curves (prime192v1 and prime256v1 are
...
also known as secp192r1 and secp256r1, respectively)
Submitted by: Nils Larsch, Bodo Moeller
2003-01-16 16:05:23 +00:00
Richard Levitte
8cbb91c857
DJGPP doesn't have DLLs, so skip adding to %PATH% in that environment.
...
PR: 453
2003-01-13 15:16:40 +00:00
Dr. Stephen Henson
09ad2458b8
Typo.
2003-01-09 16:54:21 +00:00
Dr. Stephen Henson
5b7249f302
NULL tofree when it is freed to avoid double free.
...
Make sure key is not NULL before freeing it.
2003-01-09 13:06:49 +00:00
Dr. Stephen Henson
876e96fdbf
Fix leak.
2003-01-04 18:25:24 +00:00
Richard Levitte
5e42f9ab46
make update
2002-12-29 01:38:15 +00:00
Richard Levitte
e235000169
Spelling error.
...
This patch was taken from the OpenBSD copy of OpenSSL 0.9.7 beta3 with patches
2002-12-25 22:16:56 +00:00
Richard Levitte
821951b851
Avoid double definition of config.
...
PR: 420
2002-12-24 23:53:46 +00:00
Richard Levitte
cb661c56b0
Cygwin needs the library locatin for .DLLs to be set in PATH. Unfortunately,
...
the conditional was set to add the library directory to PATH when the
platform is NOT Cygwin. Corrected.
PR: 404
2002-12-24 10:50:11 +00:00
Richard Levitte
49e42a1f60
There was a mixup between INSTALLTOP and OPENSSLDIR...
2002-12-20 07:51:03 +00:00
Richard Levitte
9cd16b1dea
We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies,
...
and then didn't support it very well. And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
2002-12-19 22:10:12 +00:00
Richard Levitte
0b900a5e93
I have no idea what possesed me to compile s_socket.c as POSIXly code.
...
Incidently, it now compiles so much better without _POSIX_C_SOURCE.
2002-12-19 19:42:53 +00:00
Richard Levitte
30c08f2e3d
Update the make system for installations:
...
- define a HERE variable to indicate where the source tree is (used
very little right now)
- make more use of copying and making attribute changes to {file}.new,
and then move it to {file}
- use 'mv -f' to avoid all those questions to the user when the file
in question doesn't have write attributes for that user.
2002-12-15 05:59:13 +00:00
Geoff Thorpe
f92570f00a
This stops a compiler warning from -Wmissing-prototypes.
...
(Noticed by Nils Larsch)
2002-12-11 03:34:26 +00:00
Geoff Thorpe
e189872486
Nils Larsch submitted;
...
- a patch to fix a memory leak in rsa_gen.c
- a note about compiler warnings with unions
- a note about improving structure element names
This applies his patch and implements a solution to the notes.
2002-12-08 16:45:26 +00:00
Geoff Thorpe
5daec7ea0e
Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are
...
being built with it defined - it is not a symbol to affect how openssl
itself builds, but to alter the way openssl headers can be used from an API
point of view. The "deprecated" function wrappers will always remain inside
OpenSSL at least as long as they're still being used internally. :-)
The exception is dsaparam which has been updated to the BN_GENCB-based
functions to test the new functionality. If GENCB_TEST is defined, dsaparam
will support a "-timebomb <n>" switch to cancel parameter-generation if it
gets as far as 'n' seconds without completion.
2002-12-08 05:38:44 +00:00
Richard Levitte
fa63a98ad8
Apparently, bash is more forgiving than sh. To be backward
...
compatible, don't use ==, use = instead...
2002-12-06 08:43:41 +00:00
Richard Levitte
f68bb3c51f
Corrected DJGPP patch
2002-12-05 20:50:25 +00:00
Richard Levitte
1c3e4a3660
EXIT() may mean return(). That's confusing, so let's have it really mean
...
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
2002-12-03 16:33:03 +00:00
Richard Levitte
4579924b7e
Cleanse memory using the new OPENSSL_cleanse() function.
...
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
19aa370573
Disable this module if OPENSSL_NO_SOCK is defined.
2002-11-22 08:45:20 +00:00
Richard Levitte
450cee5c3a
Make sure sysconf exists (it doesn't in the VMS C RTL lesser than version 7).
2002-11-18 23:05:39 +00:00
Bodo Möller
055076cd4f
allocate bio_err before memory debugging is enabled to avoid memory leaks
...
(we can't release it before the CRYPTO_mem_leaks() call!)
Submitted by: Nils Larsch
2002-11-18 13:37:40 +00:00
Richard Levitte
0bf23d9b20
WinCE patches
2002-11-15 22:37:18 +00:00
Richard Levitte
6f17f16fd5
Changes to make shared library building and use work better with Cygwin
2002-11-15 16:48:38 +00:00
Richard Levitte
c863201780
Remove warnings.
2002-11-14 15:57:38 +00:00
Richard Levitte
8d6e60486f
Fix to build better with DJGPP.
...
PR: 338
Here's the description, submitted by Gisle Vanem <giva@bgnett.no>:
1. sock_init() renamed to ssl_sock_init() in ./apps/s_socket.c due
to name-clash with Watt-32.
2. rand() renamed to Rand() in ./crypto/bn/divtest.c due to name-clash
with <stdlib.h>
3. Added calls to dbug_init()/sock_init() in some demo programs.
4. Changed cflags/lflags in configure. Watt-32 install root now taken
from $WATT_ROOT.
2002-11-14 11:22:01 +00:00
Richard Levitte
c112323dd5
This didn't get to the 0.9.8-dev thread...
2002-11-13 18:09:27 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Dr. Stephen Henson
9ea1b87862
Initial ASN1 generation code. This can construct
...
arbitrary encodings from strings and config files.
Documentation to follow...
2002-11-12 13:34:51 +00:00
Richard Levitte
06b7c8d5ba
Variables on the stack must be initialized or we can't depend on any
...
initial value. For errline/errorline, we did depend on that, erroneously
2002-11-11 21:34:21 +00:00
Richard Levitte
6722b62b36
Make the programs link against the static library on MacOS X.
...
PR: 335
2002-11-11 20:46:52 +00:00
Richard Levitte
3782350c14
-CAserial does take a filename argument.
...
PR: 332
2002-11-08 21:53:54 +00:00