wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2666 commits 20 branches 302 tags 153 MiB
Commit graph

621 commits

Author SHA1 Message Date
Geoff Thorpe
b9e6391582 This change facilitates name translation for shared libraries. The 
technique used is far from perfect and alternatives are welcome.
Basically if the translation flag is set, the string is not too
long, and there appears to be no path information in the string,
then it is converted to whatever the standard should be for the
DSO_METHOD in question, eg;
    blah --> libblah.so   on *nix, and
    blah --> blah.dll     on win32.

This change also introduces the DSO_ctrl() function that is used
by the name translation stuff.
 2000-04-19 21:45:17 +00:00
Bodo Möller
e5c84d5152 New function ERR_error_string_n. 2000-04-14 23:36:15 +00:00
Richard Levitte
a9831305d8 I forgot to update the change log 2000-04-10 15:48:16 +00:00
Bodo Möller
1d90f28029 In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites 2000-04-06 22:33:14 +00:00
Geoff Thorpe
6ef4d9d512 Better make a note of what's going on ... :-) 2000-04-04 22:49:27 +00:00
Richard Levitte
c90341a155 Tagging has now been done, update to the next version (it's not quite 
as important to keep a low profile here :-))
 2000-04-01 11:24:27 +00:00
Richard Levitte
5e61580bbd Version and name changes, and a last minute changelog 2000-04-01 11:15:15 +00:00
Bodo Möller
cf194c1f68 Entry for ssleay_rand_status locking fix. 2000-03-30 08:12:35 +00:00
Bodo Möller
3bc90f2373 Fix typo in -clrext option, but add a compatibility hack because 
0.9.5a should not break anything that works in 0.9.5.
 2000-03-27 18:10:08 +00:00
Dr. Stephen Henson
b475baffb2 Fix for HMAC. 2000-03-27 00:53:27 +00:00
Dr. Stephen Henson
e77066ea0a Fix a memory leak in PKCS12_parse. 
Don't copy private key to X509 etc public key structures.
Fix for warning.
 2000-03-22 13:50:23 +00:00
Ulf Möller
7af4816f0e des_quad_cksum() byte order bug fix. 
See http://www.pdc.kth.se/kth-krb/

Their solution for CRAY is somewhat awkward.
I'll assume that a "short" is 32 bits on CRAY to avoid the
#ifdef _CRAY
    typedef struct {
        unsigned int a:32;
        unsigned int b:32;
    } XXX;
#else
    typedef DES_LONG XXX;
#endif
 2000-03-19 02:06:37 +00:00
Dr. Stephen Henson
80870566cf Make V_ASN1_APP_CHOOSE work again. 2000-03-14 03:29:57 +00:00
Bodo Möller
df1ff3f1b3 Correction. 2000-03-13 21:01:05 +00:00
Bodo Möller
7694ddcbc0 Clarifications for 'no-XXX'. 2000-03-13 20:48:23 +00:00
Bodo Möller
46c4647e3c "openssl no-..." commands for avoiding the need to grep 
"openssl list-standard-commands".
 2000-03-13 20:31:46 +00:00
Bodo Möller
65b002f399 Update test suite so that 'make test' succeeds in 'no-rsa' configuration. 2000-03-13 19:24:39 +00:00
Bodo Möller
e11f0de67f Copy DH key (if available) in addition to the bare parameters 
in SSL_new.
If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh
on computing a DH key that will be ignored anyway.

ssltest -dhe1024dsa (w/ 160-bit sub-prime) had an unfair performance
advantage over -dhe1024 (safe prime): SSL_OP_SINGLE_DH_USE was
effectively always enabled because SSL_new ignored the DH key set in
the SSL_CTX.  Now -dhe1024 takes the server only about twice as long
as -dhe1024dsa instead of three times as long (for 1024 bit RSA
with 1024 bit DH).
 2000-03-13 17:07:04 +00:00
Bodo Möller
2d5e449a18 Mention -ign_eof. 2000-03-10 13:49:02 +00:00
Bodo Möller
daf4e53e86 spelling 2000-03-07 15:10:08 +00:00
Dr. Stephen Henson
068fdce877 New compatability trust and purpose settings. 2000-03-07 14:04:29 +00:00
Dr. Stephen Henson
48fe0eec67 Fix the PKCS#8 DSA code so it works again. All the 
broken formats worked but the valid didn't :-(
 2000-03-07 01:03:33 +00:00
Ulf Möller
4c4d87f95f bug fix release planned 2000-03-06 14:24:25 +00:00
Bodo Möller
59fc2b0fc2 Preserve reason strings in automatically build tables. 2000-03-05 00:19:36 +00:00
Bodo Möller
0a150c5c9f Generate correct error reasons strings for SYSerr. 2000-03-04 01:36:53 +00:00
Bodo Möller
41918458c0 New '-dsaparam' option for 'openssl dhparam', and related fixes. 2000-03-03 22:18:19 +00:00
Dr. Stephen Henson
d9c88a3902 Move the 'file scope' argument in set_label to 
the third argument: the second was being used
already.
 2000-03-03 00:06:40 +00:00
Bodo Möller
84d14408bf Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts. 2000-03-02 22:44:55 +00:00
Bodo Möller
5eb8ca4d92 Use RAND_METHOD for implementing RAND_status. 2000-03-02 14:34:58 +00:00
Ulf Möller
7a2dfc2a20 Note bug fix for the DSA infinite loop 2000-03-01 19:07:58 +00:00
Bodo Möller
55f7d65db0 Document the 'rand' application. 2000-03-01 07:57:25 +00:00
Ralf S. Engelschall
010712ff23 Added configuration support for Linux/IA64 
Submitted by: Rolf Haberrecker <rolf@suse.de>
 2000-02-29 15:29:02 +00:00
Ulf Möller
2da0c11926 Support assembler for Mingw32. 2000-02-28 19:16:41 +00:00
Ulf Möller
a4709b3d88 Shared library support for Solaris and HPUX 
by Lutz Behnke and by Lutz Jaenicke.

Hopefully we'll have a unified way of handling shared libraries when
we move to autoconf...
 2000-02-28 19:14:46 +00:00
Bodo Möller
865874f2dd Switch to 0.9.6, and finally remove the annoying message 
about renamed header files.
 2000-02-28 18:03:16 +00:00
Dr. Stephen Henson
82b931860a Ouch! PKCS7_encrypt() was heading MIME text headers twice 
because it added them manually and as part of SMIME_crlf_copy().
Removed the manual add.
 2000-02-28 14:11:19 +00:00
Richard Levitte
74cdf6f73a Time for a release 2000-02-28 11:59:02 +00:00
Dr. Stephen Henson
587bb0e02e Don't call BN_rand with zero bits in bntest.c 2000-02-27 17:34:30 +00:00
Andy Polyakov
a5770be6ae Statement that it fails only on 32-bit architectures isn't true. 2000-02-27 02:34:37 +00:00
Ulf Möller
688938fbb4 Bug fix! 2000-02-27 02:05:39 +00:00
Dr. Stephen Henson
94de04192d Fix so Win32 assembly language works with MASM. 
Add info about where to get MASM.
 2000-02-27 01:15:25 +00:00
Dr. Stephen Henson
0202197dbf Make ASN1 types real typedefs. 
Rebuild error files.
 2000-02-26 19:25:31 +00:00
Bodo Möller
6d0d5431d4 More get0 et al. changes. Also provide fgrep targets in CHANGES 
where the new functions are mentioned.
 2000-02-26 08:36:46 +00:00
Ulf Möller
234b5e9611 Make clear which naming convention is meant. 2000-02-26 02:24:16 +00:00
Dr. Stephen Henson
c7cb16a8ff Rename functions for new convention. 2000-02-26 01:55:33 +00:00
Dr. Stephen Henson
fbb41ae0ad Allow code which calls RSA temp key callback to cope 
with a failure.

Fix typos in some error codes.
 2000-02-25 00:23:48 +00:00
Ulf Möller
505b5a0ee0 BIO_printf() change 2000-02-24 22:57:42 +00:00
Ulf Möller
4ec2d4d2b3 Support EGD. 2000-02-24 02:51:47 +00:00
Ulf Möller
cdf20e0839 add missing names. 2000-02-23 21:57:22 +00:00
Dr. Stephen Henson
3142c86d65 Allow ADH to be used but not present in the default cipher 
list.

Allow CERTIFICATE to be used in PEM headers for PKCS#7 structures:
some CAs do this.
 2000-02-23 01:11:01 +00:00
Dr. Stephen Henson
72b60351f1 Change EVP_MD_CTX_type so it is more logical and add EVP_MD_CTX_md for 
the old functionality.

Various warning fixes.

Initial EVP symmetric cipher docs.
 2000-02-22 02:59:26 +00:00
Bodo Möller
745c70e565 Move MAC computations for Finished from ssl3_read_bytes into 
ssl3_get_message, which is more logical (and avoids a bug,
in addition to the one that I introduced yesterday :-)
and makes Microsoft "fast SGC" less special.
MS SGC should still work now without an extra state of its own
(it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state
for reading the body of a Client Hello message), however this should
be tested to make sure, and I don't have a MS SGC client.
 2000-02-21 10:16:30 +00:00
Bodo Möller
b35e9050f2 Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. 2000-02-20 23:04:06 +00:00
Dr. Stephen Henson
d754b3850f Change the 'other' structure in certificate aux info. 2000-02-20 18:27:23 +00:00
Bodo Möller
853f757ece Allow for higher granularity of entropy estimates by using 'double' 
instead of 'unsigned' counters.
Seed PRNG in MacOS/GetHTTPS.src/GetHTTPS.cpp.

Partially submitted by Yoram Meroz <yoram@mail.idrive.com>.
 2000-02-19 15:22:53 +00:00
Dr. Stephen Henson
8a208cba97 New functions and option to use NEW in certificate requests. 2000-02-18 00:54:21 +00:00
Dr. Stephen Henson
a3fe382e2d Pass phrase reorganisation. 2000-02-16 23:16:01 +00:00
Ben Laurie
bd03b99b9b Add support for Compaq Atalla crypto accelerator. 2000-02-16 22:15:39 +00:00
Dr. Stephen Henson
de469ef21e Fix for Netscape "hang" bug. 2000-02-15 14:19:44 +00:00
Andy Polyakov
bcba6cc60f HP-UX tune-up: new unified configs, HP C compiler bug workaround. 2000-02-12 23:33:01 +00:00
Dr. Stephen Henson
d13e4eb0b5 Make pkcs12 and smime applications seed random number 
generator (otherwise they don't work) and add -rand
option. Update docs.
 2000-02-12 03:03:04 +00:00
Bodo Möller
3ebf0be142 Corrections. 2000-02-11 17:18:50 +00:00
Bodo Möller
bb325c7d6a 'passwd' tool. 2000-02-10 21:50:52 +00:00
Dr. Stephen Henson
f07fb9b24b Add command line password options to the reamining utilities, 
amend docs.
 2000-02-08 01:34:59 +00:00
Ulf Möller
cae55bfc68 Improve bntest slightly, and fix another bug in the BN library. 2000-02-06 15:56:59 +00:00
Andy Polyakov
0fad6cb7e7 Support for MacOS X (Rhapsody) is added. Also get rid of volatile 
qualifier in asm definitions as it prevents compiler from moving
the instruction(s) during optimization pass.
 2000-02-06 11:15:20 +00:00
Ulf Möller
4a6222d71b BN_div bugfix. The q-- loop should not be entered in the n0==d0 case. 2000-02-06 00:25:39 +00:00
Dr. Stephen Henson
66430207a4 Add support for some broken PKCS#8 formats. 2000-02-05 21:07:56 +00:00
Ulf Möller
9b141126d4 New functions BN_CTX_start(), BN_CTX_get(), BN_CTX_end() to access 
temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but
the BN_CTX implementation could now easily be changed.
 2000-02-05 14:17:32 +00:00
Dr. Stephen Henson
af57d84312 Rename SSLeay_add_all_algorithms() et al to 
OpenSSL_add_all_algorithms(). Move these into
separate files so they work properly.
 2000-02-04 14:01:38 +00:00
Dr. Stephen Henson
82fc1d9c28 Add new -notext option to 'ca', -pubkey option to spkac. 
Remove some "WTF??" casts from applications.

Fixes to keep VC++ happy and avoid warnings.

Docs tidy.
 2000-02-03 02:56:48 +00:00
Bodo Möller
e74231ed9e rndsort{Miller, Rabin} primality test. 2000-02-02 21:20:44 +00:00
Bodo Möller
2c5fe5b12a Change log entry completed. 2000-02-01 07:50:42 +00:00
Ulf Möller
8efb60144d EBCDIC support. 
Submitted by: Martin Kraemer <martin.kraemer@mch.sni.de>
 2000-02-01 02:21:16 +00:00
Ulf Möller
98d0b2e375 Note changes. 2000-01-30 23:34:33 +00:00
Bodo Möller
cdd43b5ba5 Documentation for BN_is_prime_fasttest. 2000-01-30 11:05:39 +00:00
Bodo Möller
1baa94907c Make output of "openssl dsaparam 1024" more interesting :-) 2000-01-30 03:32:28 +00:00
Bodo Möller
7865b871c0 Tiny changes to previous patch (the log message was meant to be 
"Make DSA_generate_parameters faster").
 2000-01-30 02:40:38 +00:00
Bodo Möller
a87030a1ed Make DSA_generate_parameters, and fix a couple of bug 
(including another problem in the s3_srvr.c state machine).
 2000-01-30 02:23:03 +00:00
Dr. Stephen Henson
e1314b5716 Fix CRL encoding bug. 2000-01-29 00:00:26 +00:00
Bodo Möller
07e6dbde66 more information on 0.9.5 2000-01-28 21:26:30 +00:00
Dr. Stephen Henson
90644dd74d New -pkcs12 option to CA.pl. 
Document CA.pl script.
Initialise and free up the extra DH fields
(nothing uses them yet though).
 2000-01-28 01:35:31 +00:00
Ulf Möller
38e33cef15 Document DSA and SHA. 
New function BN_pseudo_rand().
Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
generating DSA primes (why not use BN_is_prime()?)
 2000-01-27 19:31:26 +00:00
Ulf Möller
e93f9a3284 Run ispell. 
Clean up bn_mont.c.
 2000-01-27 01:50:42 +00:00
Bodo Möller
2557eaeac8 Avoid a race condition. 2000-01-24 17:57:56 +00:00
Bodo Möller
a46faa2bfd Improve clarity. 2000-01-24 16:02:29 +00:00
Bodo Möller
aabbb7451b Document RAND_load_file change. 2000-01-24 14:42:26 +00:00
Dr. Stephen Henson
dd9d233e2a Tidy up CRYPTO_EX_DATA structures. 2000-01-23 23:41:49 +00:00
Dr. Stephen Henson
fabce04122 Make s_server, s_client check cipher list return codes. 
Update docs.
 2000-01-23 02:28:08 +00:00
Ulf Möller
4486d0cd7a Document the DH library, and make some minor changes along the way. 2000-01-22 20:05:23 +00:00
Dr. Stephen Henson
09483c58e3 Add new program dhparam and update docs. 2000-01-22 13:58:29 +00:00
Dr. Stephen Henson
bda70ed430 Gets Lutz Jaenicke's name right this time :-) 
Apologies to both concerned.
 2000-01-22 12:49:48 +00:00
Dr. Stephen Henson
018e57c74d Apply Lutz Behnke's 56 bit cipher patch with a few 
minor changes.

Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.
 2000-01-22 03:17:06 +00:00
Dr. Stephen Henson
8100490a72 Make -CAcreateserial start from 1 instead of 0 for 
serial numbers.
 2000-01-21 02:42:14 +00:00
Ulf Möller
e7f97e2d22 Check RAND_bytes() return value or use RAND_pseudo_bytes(). 2000-01-21 01:15:56 +00:00
Dr. Stephen Henson
6e6bc352b1 Finish off the X509_ATTRIBUTE string stuff. 2000-01-20 01:37:17 +00:00
Dr. Stephen Henson
77b47b9036 Rename X509_att*() stuff to X509at_*(), add X509_REQ wrappers. 2000-01-19 01:02:13 +00:00
Ulf Möller
aa82db4fb4 Add missing #ifndefs that caused missing symbols when building libssl 
as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.

Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
 2000-01-16 21:10:00 +00:00
Ulf Möller
373b575f5a New function RAND_pseudo_bytes() generated pseudorandom numbers that 
are not guaranteed to be unpredictable.
 2000-01-16 15:58:17 +00:00
Bodo Möller
0983760dfc note about things still to do with RAND_bytes 2000-01-13 21:20:26 +00:00
Bodo Möller
a873356c00 Use CRYPTO_push_info to find a memory leak in pkcs12.c. 2000-01-13 21:10:43 +00:00
Ulf Möller
eb952088f0 Precautions against using the PRNG uninitialized: RAND_bytes() now 
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
 2000-01-13 20:59:17 +00:00
Bodo Möller
76aa0ddc86 Turn BN_prime_checks into a macro. 
Primes p where (p-1)/2 is prime too are called "safe", not "strong".
 2000-01-12 11:57:30 +00:00
Richard Levitte
de73e397f8 Added a comment about Win32. 2000-01-11 22:32:37 +00:00
Richard Levitte
cbfa4c32c0 Add more info to the memory allocation change log. 
Suggested by Bodo.
 2000-01-11 22:16:12 +00:00
Bodo Möller
3cc6cdea0f The buffer in ss3_read_n cannot actually occur because it is never 
called with max > n when extend is set.
 2000-01-11 08:09:27 +00:00
Bodo Möller
c51ae173a6 Clean up some of the SSL server code. 2000-01-11 01:07:26 +00:00
Dr. Stephen Henson
25f923ddd1 New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code. 
Remove references to 'TXT' in -inform and -outform switches.
 2000-01-09 14:21:40 +00:00
Dr. Stephen Henson
dad666fbbe Add PKCS#12 manpage and use MAC iteration counts by default. 2000-01-08 03:16:04 +00:00
Ulf Möller
0f583f69f3 Honor the no-xxx Configure options when creating .DEF files. 2000-01-07 03:17:47 +00:00
Dr. Stephen Henson
35f4850ae0 More X509_ATTRIBUTE changes. 2000-01-07 00:55:54 +00:00
Dr. Stephen Henson
b38f9f66c3 Initial automation changes to 'req' and X509_ATTRIBUTE functions. 2000-01-06 01:26:48 +00:00
Bodo Möller
ca03109c3a New functions SSL_get_finished, SSL_get_peer_finished. 
Add short state string for MS SGC.
 2000-01-06 01:19:17 +00:00
Bodo Möller
f2d9a32cf4 Use separate arrays for certificate verify and for finished hashes. 2000-01-06 00:24:24 +00:00
Andy Polyakov
bdf5e18317 Enhanced support for Alpha Linux. See CHANGES for details. 2000-01-02 20:46:58 +00:00
Dr. Stephen Henson
3d14b9d04a Add support for MS "fast SGC". 2000-01-02 18:52:58 +00:00
Dr. Stephen Henson
20432eae41 Fix some of the command line password stuff. New function 
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
 2000-01-01 16:42:49 +00:00
Bodo Möller
47134b7864 Don't request client certificate in anonymous ciphersuites 
except when following the specs is bound to fail.
 1999-12-29 17:43:03 +00:00
Bodo Möller
45fd4dbb84 Fix SSL_CTX_add_session: When two SSL_SESSIONs have the same ID, 
they can sometimes be different memory structures.
 1999-12-29 14:29:32 +00:00
Dr. Stephen Henson
f45f40ffff Add OIDs for idea and blowfish. Unfortunately these are in 
the middle of the OID table so the diff is rather large :-(
 1999-12-29 02:59:18 +00:00
Dr. Stephen Henson
6447cce372 Simplify the trust structure: basically zap the bit strings and 
represent everything by OIDs.
 1999-12-29 00:40:28 +00:00
Dr. Stephen Henson
e6f3c5850e New {i2d,d2i}_PrivateKey_{bio, fp} functions. 1999-12-26 19:20:03 +00:00
Dr. Stephen Henson
36217a9424 Allow passwords to be included on command line for a few 
more utilities.
 1999-12-24 23:53:57 +00:00
Dr. Stephen Henson
525f51f6c9 Add PKCS#8 utility functions and add PBE options. 1999-12-23 02:02:42 +00:00
Bodo Möller
78baa17ad0 Correct spelling, and don't abuse grave accent as left quote 
(which was allowed by old ASCII definitions but is not compatible
with ISO 8859-1, ISO 10646 etc.).
 1999-12-22 16:10:44 +00:00
Dr. Stephen Henson
e76f935ead Support for ASN1 NULL type. 1999-12-22 01:39:23 +00:00
Andy Polyakov
099f1b32c8 Initial support for MacOS is now available 
Submitted by: Roy Woods <roy@centricsystems.ca>
Reviewed by: Andy Polyakov
 1999-12-19 16:17:45 +00:00
Richard Levitte
f3a2a04496 - Added more documentation in CHANGES. 
- Made CRYPTO_MDEBUG even less used in crypto.h, giving
   MemCheck_start() and MemCheck_stop() only one possible definition.
 - Made the values of the debug function pointers in mem.c dependent
   on the existence of the CRYPTO_MDEBUG macro, and made the rest of
   the code understand the NULL case.

That's it.  With this code, the old behvior of the debug functionality
is restored, but you can still opt to have it on, even when the
library wasn't compiled with a defined CRYPTO_MDEBUG.
 1999-12-18 02:34:37 +00:00
Richard Levitte
d8df48a9bc - Made sure some changed behavior is documented in CHANGES. 
- Moved the handling of compile-time defaults from crypto.h to
   mem_dbg.c, since it doesn't make sense for the library users to try
   to affect this without recompiling libcrypto.
 - Made sure V_CRYPTO_MDEBUG_TIME and V_CRYPTO_MDEBUG_THREAD had clear
   and constant definitions.
 - Aesthetic correction.
 1999-12-18 01:14:39 +00:00
Richard Levitte
9ac42ed8fc Rebuild of the OpenSSL memory allocation and deallocation routines. 
With this change, the following is provided and present at all times
(meaning CRYPTO_MDEBUG is no longer required to get this functionality):

  - hooks to provide your own allocation and deallocation routines.
    They have to have the same interface as malloc(), realloc() and
    free().  They are registered by calling CRYPTO_set_mem_functions()
    with the function pointers.

  - hooks to provide your own memory debugging routines.  The have to
    have the same interface as as the CRYPTO_dbg_*() routines.  They
    are registered by calling CRYPTO_set_mem_debug_functions() with
    the function pointers.

I moved everything that was already built into OpenSSL and did memory
debugging to a separate file (mem_dbg.c), to make it clear what is
what.

With this, the relevance of the CRYPTO_MDEBUG has changed.  The only
thing in crypto/crypto.h that it affects is the definition of the
MemCheck_start and MemCheck_stop macros.
 1999-12-17 12:56:24 +00:00
Dr. Stephen Henson
b216664f66 Various S/MIME fixes. 1999-12-11 20:04:06 +00:00
Dr. Stephen Henson
d8223efd04 Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs. 
Also fix a memory leak in PKCS#7 routines.
 1999-12-10 13:46:48 +00:00
Dr. Stephen Henson
5a9a4b299c Merge in my S/MIME library and utility. 1999-12-05 00:40:59 +00:00
Bodo Möller
cddfe788fb Add functions des_set_key_checked, des_set_key_unchecked. 
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
 1999-12-03 20:24:21 +00:00
Dr. Stephen Henson
21131f00d7 New function PKC12_newpass() 1999-12-03 03:46:18 +00:00
Dr. Stephen Henson
dd4134101f Change the trust and purpose code so it doesn't need init 
either and has a static and dynamic mix.
 1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
08cba61011 Modify the X509 V3 extension lookup code. 1999-12-01 01:49:46 +00:00
Ben Laurie
fea9afbfc7 Make salting the default. Fail gracefully if the input is not salted. 1999-11-30 20:15:19 +00:00
Dr. Stephen Henson
bb7cd4e3eb Remainder of SSL purpose and trust code: trust and purpose setting in 
SSL_CTX and SSL, functions to set them and defaults if no values set.
 1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
51630a3706 Add trust setting support to the verify code. It now checks the 
trust settings of the root CA.

After a few fixes it seems to work OK.

Still need to add support to SSL and S/MIME code though.
 1999-11-27 19:43:10 +00:00
Dr. Stephen Henson
9868232ae1 Initial trust code: allow setting of trust checking functions 
in a table. Doesn't do too much yet.

Make the -<digestname> options in 'x509' affect all relevant
options.

Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.

A few constification changes.
 1999-11-27 01:14:04 +00:00
Dr. Stephen Henson
d4cec6a13d New options to the -verify program which can be used for chain verification. 
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.

Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
 1999-11-26 00:27:07 +00:00
Dr. Stephen Henson
1126239111 Initial chain verify code: not tested probably not working 
at present. However nothing enables it yet so this doesn't
matter :-)
 1999-11-24 01:31:49 +00:00
Dr. Stephen Henson
6d3724d3b0 Support for authority information access extension. 
Fix so EVP_PKEY_rset_*() check return codes.
 1999-11-23 18:50:28 +00:00
Dr. Stephen Henson
52664f5081 Transparent support for PKCS#8 private keys in RSA/DSA. 
New universal public key format.

Fix CRL+cert load problem in by_file.c

Make verify report errors when loading files or dirs
 1999-11-21 22:28:31 +00:00
Dr. Stephen Henson
a716d72734 Support for otherName in GeneralName. 1999-11-19 02:19:58 +00:00
Dr. Stephen Henson
f76d8c4747 Modify verify code to handle self signed certificates. 1999-11-17 01:20:29 +00:00
Bodo Möller
b1fe6ca175 Store verify_result with sessions to avoid potential security hole. 1999-11-16 23:15:41 +00:00
Dr. Stephen Henson
91895a5938 Fix for a bug in PKCS#7 code and non-detached data. 
Remove rc4-64 from ciphers since it doesn't exist...
 1999-11-16 14:54:50 +00:00
Dr. Stephen Henson
fd699ac55f Add a salt to the key derivation using the 'enc' program. 1999-11-16 02:49:25 +00:00