wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15651 commits 20 branches 302 tags 153 MiB
Commit graph

2108 commits

Author SHA1 Message Date
Dr. Stephen Henson
40c5eaeeec oops, revert verify.c change 2010-02-27 23:03:26 +00:00
Dr. Stephen Henson
c1ca9d3238 Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and 
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
 2010-02-27 23:02:41 +00:00
Dr. Stephen Henson
48435b2098 include TVS 1.1 version string 2010-02-26 19:38:33 +00:00
Dr. Stephen Henson
db28aa86e0 add -trusted_first option and verify flag 2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
04e4b82726 allow setting of verify names in command line utilities and print out verify names in verify utility 2010-02-25 00:11:32 +00:00
Dr. Stephen Henson
5a9e3f05ff PR: 2170 
Submitted by: Magnus Lilja <lilja.magnus@gmail.com>

Make -c option in dgst work again.
 2010-02-12 17:07:16 +00:00
Dr. Stephen Henson
17ebc10ffa PR: 2161 
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.

Make no-dsa, no-ecdsa and no-rsa compile again.
 2010-02-02 13:35:27 +00:00
Dr. Stephen Henson
08c239701b Experimental renegotiation support in s_server test -www server. 2010-01-28 19:48:36 +00:00
Dr. Stephen Henson
c2963f5b87 revert wrongly committed test code 2010-01-27 17:49:33 +00:00
Dr. Stephen Henson
4ba1aa393b typo 2010-01-27 14:05:39 +00:00
Richard Levitte
407a410136 Have the VMS build system catch up with the 1.0.0-stable branch. 2010-01-27 09:18:42 +00:00
Dr. Stephen Henson
ba64ae6cd1 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:12 +00:00
Andy Polyakov
d582c98d8f apps/speed.c: limit loop counters to 2^31 in order to avoid overflows 
in performance calculations. For the moment there is only one code
fast enough to suffer from this: Intel AES-NI engine.
PR: 2096
 2010-01-17 17:31:38 +00:00
Dr. Stephen Henson
0e0c6821fa PR: 2136 
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
 2010-01-12 17:29:34 +00:00
Andy Polyakov
cba9ffc32a Fix compilation on older Linux. Linux didn't always have sockaddr_storage, 
not to mention that first sockaddr_storage had __ss_family, not ss_family.
In other words it makes more sense to avoid sockaddr_storage...
 2010-01-06 21:22:56 +00:00
Dr. Stephen Henson
35b0ea4efe Add simple external session cache to s_server. This serialises sessions 
just like a "real" server making it easier to trace any problems.
 2009-12-27 23:24:45 +00:00
Dr. Stephen Henson
ef51b4b9b4 New option to enable/disable connection to unpatched servers 2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
5430200b8b Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:08 +00:00
Dr. Stephen Henson
637f374ad4 Initial experimental TLSv1.1 support 2009-12-07 13:31:02 +00:00
Dr. Stephen Henson
3533ab1fee Replace the broken SPKAC certification with the correct version. 2009-12-02 14:41:51 +00:00
Dr. Stephen Henson
d2a53c2238 Experimental CMS password based recipient Info support. 2009-11-26 18:57:39 +00:00
Richard Levitte
0a02d1db34 Update from 1.0.0-stable 2009-11-12 17:03:10 +00:00
Dr. Stephen Henson
860c3dd1b6 add missing parts of reneg port, fix apps patch 2009-11-11 14:51:19 +00:00
Dr. Stephen Henson
2942dde56c commit missing apps code for reneg fix 2009-11-11 14:10:24 +00:00
Dr. Stephen Henson
2008e714f3 Add missing functions to allow access to newer X509_STORE_CTX status 
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
 2009-10-31 19:22:18 +00:00
Dr. Stephen Henson
245d2ee3d0 Add option to allow in-band CRL loading in verify utility. Add function 
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
 2009-10-31 13:33:57 +00:00
Dr. Stephen Henson
d4be92896c Add -no_cache option to s_server 2009-10-28 17:49:30 +00:00
Dr. Stephen Henson
6aa1770c6d Use new X509_STORE_set_verify_cb function instead of old macro. 2009-10-18 14:40:33 +00:00
Dr. Stephen Henson
be45636661 Fix for WIN32 and possibly other platforms which don't define in_port_t. 2009-10-15 18:49:30 +00:00
Dr. Stephen Henson
636b6b450d PR: 2069 
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

IPv6 support for DTLS.
 2009-10-15 17:41:31 +00:00
Dr. Stephen Henson
2c55c0d367 PR: 1847 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Integrated patches to CA.sh to bring it into line with CA.pl functionality.
 2009-10-15 17:27:34 +00:00
Dr. Stephen Henson
0431941ec5 Revert extra changes from previous commit. 2009-10-15 17:17:45 +00:00
Dr. Stephen Henson
42733b3bea PR: 2066 
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Add -r option to dgst to produce format compatible with core utilities.
 2009-10-15 17:13:54 +00:00
Dr. Stephen Henson
0e039aa797 Fix warnings about ignoring fgets return value 2009-10-04 16:42:56 +00:00
Dr. Stephen Henson
b48315d9b6 PR: 2061 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct i2b_PVK_bio error handling in rsa.c, dsa.c
 2009-10-01 00:25:24 +00:00
Dr. Stephen Henson
18e503f30f PR: 2064, 728 
Submitted by: steve@openssl.org

Add support for custom headers in OCSP requests.
 2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
37fc562bd8 Free SSL_CTX after BIO 2009-09-30 21:36:17 +00:00
Dr. Stephen Henson
a25f33d28a Submitted by: Julia Lawall <julia@diku.dk> 
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
 2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
08882ac5be PR: 2038 
Submitted by: Artem Chuprina <ran@cryptocom.ru>
Approved by: steve@openssl.org

Avoid double call to BIO_free().
 2009-09-11 11:02:52 +00:00
Dr. Stephen Henson
b5ca7df5aa PR: 2031 
Submitted by: steve@openssl.org

Tolerate application/timestamp-response which some servers send out.
 2009-09-07 17:57:18 +00:00
Dr. Stephen Henson
e0d4e97c1a Make update, deleting bogus DTLS error code 2009-09-06 15:58:19 +00:00
Dr. Stephen Henson
f4274da164 PR: 1644 
Submitted by: steve@openssl.org

Fix to make DHparams_dup() et al work in C++.

For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
 2009-09-06 15:49:46 +00:00
Dr. Stephen Henson
07a9d1a2c2 PR: 2028 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
 2009-09-04 17:42:53 +00:00
Dr. Stephen Henson
2d1cbca960 PR: 2020 
Submitted by: Keith Beckman <kbeckman@mcg.edu>,  Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org

Fix improperly capitalized references to WWW::Curl::Easy.
 2009-09-02 15:57:24 +00:00
Dr. Stephen Henson
17b5326ba9 PR: 2013 
Submitted by: steve@openssl.org

Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.

Add error checking to CRL generation in ca utility when nextUpdate is being
set.
 2009-09-02 13:54:50 +00:00
Dr. Stephen Henson
1771668096 Tidy up and fix verify callbacks to avoid structure dereference, use of 
obsolete functions and enhance to handle new conditions such as policy printing.
 2009-09-02 12:47:28 +00:00
Dr. Stephen Henson
ba4526e071 Stop unused variable warning on WIN32 et al. 2009-08-18 11:15:33 +00:00
Dr. Stephen Henson
3ed3603b60 Update default dependency flags. 
Make error name discrepancies a fatal error.
Fix error codes.
make update
 2009-08-12 17:30:37 +00:00
Dr. Stephen Henson
b972fbaa8f PR: 1997 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
 2009-08-12 13:19:54 +00:00
Dr. Stephen Henson
77c7f17a5e Typo 2009-08-10 15:52:49 +00:00
Dr. Stephen Henson
b318cfb169 PR: 1999 
Submitted by: "Bayram Kurumahmut" <kbayram@ubicom.com>
Approved by: steve@openssl.org

Don't use HAVE_FORK in apps/speed.c it can conflict with configured version.
 2009-08-10 15:30:40 +00:00
Dr. Stephen Henson
f10f4447da Update from 1.0.0-stable. 2009-08-05 15:29:58 +00:00
Dr. Stephen Henson
c869da8839 Update from 1.0.0-stable 2009-07-27 21:10:00 +00:00
Dr. Stephen Henson
bdfa4ff947 Update from 0.9.8-stable 2009-07-24 11:17:10 +00:00
Dr. Stephen Henson
3f7c592082 Updates from 1.0.0-stable. 2009-07-14 15:30:05 +00:00
Dr. Stephen Henson
6053ef80e5 Use new time routines to avoid possible overflow. 2009-07-13 11:40:14 +00:00
Dr. Stephen Henson
c55d27ac33 Make update. 2009-07-08 09:19:53 +00:00
Dr. Stephen Henson
db99779bee Use common verify parameters instead of the small ad-hoc subset in 
s_client, s_server.
 2009-06-30 15:56:35 +00:00
Dr. Stephen Henson
e5b2b0f91f Updates from 1.0.0-stable 2009-06-30 15:28:16 +00:00
Dr. Stephen Henson
9a5faeaa42 Allow setting of verify depth in verify parameters (as opposed to the depth 
implemented using the verify callback).
 2009-06-29 16:09:37 +00:00
Dr. Stephen Henson
f3be6c7b7d Update from 1.0.0-stable. 2009-06-26 11:29:26 +00:00
Dr. Stephen Henson
c05353c50a Rename asc2uni and uni2asc functions to avoid clashes. 2009-06-17 12:04:56 +00:00
Dr. Stephen Henson
eddee61671 PR: 1956 
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Netware doesn't have strings.h
 2009-06-17 11:32:59 +00:00
Dr. Stephen Henson
58f41a926a Updates from 1.0.0-stable 2009-06-05 14:59:26 +00:00
Dr. Stephen Henson
046f210112 Update from 1.0.0-stable. 2009-05-17 16:04:58 +00:00
Richard Levitte
cc8cc9a3a1 Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda). 
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
 2009-05-15 16:36:56 +00:00
Dr. Stephen Henson
83d8fa7dd1 Update from stable branch. 2009-05-13 11:32:46 +00:00
Dr. Stephen Henson
d4f0339c66 Update from 1.0.0-stable. 2009-04-26 22:18:22 +00:00
Richard Levitte
7184ef1210 Cast to avoid signedness confusion 2009-04-26 12:16:08 +00:00
Dr. Stephen Henson
ef236ec3b2 Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
Dr. Stephen Henson
8711efb498 Updates from 1.0.0-stable branch. 2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
645532b999 Update from 1.0.0-stable 2009-04-06 21:42:37 +00:00
Dr. Stephen Henson
06ddf8eb08 Updates from 1.0.0-stable 2009-04-04 19:54:06 +00:00
Dr. Stephen Henson
14023fe352 Merge from 1.0.0-stable branch. 2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
b6b0b0d7a5 Update from 1.0.0-stable. 2009-04-01 14:59:49 +00:00
Dr. Stephen Henson
70b2186e24 Stop warnings. 2009-03-31 19:54:51 +00:00
Dr. Stephen Henson
aaf35f11d7 Allow use of algorithm and cipher names for dgsts and enc utilities instead 
of having to manually include each one.
 2009-03-30 11:31:50 +00:00
Dr. Stephen Henson
38b6e6c07b Typo in usage message. 2009-03-23 21:04:23 +00:00
Dr. Stephen Henson
e4e949192b Submitted by: Victor B. Wagner <vitus@cryptocom.ru> 
Reviewed by: steve@openssl.org

Check return codes properly in md BIO and dgst command.
 2009-03-18 18:53:08 +00:00
Dr. Stephen Henson
617298dca3 Update from stable branch. 2009-03-12 17:10:26 +00:00
Dr. Stephen Henson
33ab2e31f3 PR: 1854 
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.
 2009-03-09 13:59:07 +00:00
Ben Laurie
73bfcf2226 Don't ask for -iv for ciphers that need no IV. 2009-03-03 15:14:33 +00:00
Dr. Stephen Henson
0ed6b52687 Stop warning about use of *printf() without a format. 2009-02-15 15:29:59 +00:00
Dr. Stephen Henson
30b1b28aff Return correct exit code. 2009-02-12 18:06:11 +00:00
Dr. Stephen Henson
46400c97a9 Avoid leaks in pkcs8 app, tidy code up. 2009-02-12 18:02:47 +00:00
Dr. Stephen Henson
3859d7ee78 Just to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED... 2009-02-06 16:43:52 +00:00
Bodo Möller
d615bceb2d For -hex, print just one \n 2009-02-02 00:40:29 +00:00
Bodo Möller
7ca1cfbac3 -hex option for openssl rand 
PR: 1831
Submitted by: Damien Miller
 2009-02-02 00:01:28 +00:00
Richard Levitte
5871ddb016 Because DEC C - sorry, HP C - is picky about features, we need to 
define _XOPEN_SOURCE_EXTENDED to reach fd_set and timeval types and
functionality.
 2009-01-28 07:38:14 +00:00
Dr. Stephen Henson
bab534057b Updatde from stable branch. 2009-01-07 23:44:27 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should 
test for them!
 2008-12-29 16:11:58 +00:00
Andy Polyakov
2140659b00 Incidentally http://cvs.openssl.org/chngview?cn=17710 also made it possible 
to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit
expands it even to apps catalog and actually omits the macro in question
from Configure.
 2008-12-22 14:05:42 +00:00
Dr. Stephen Henson
70531c147c Make no-engine work again. 2008-12-20 17:04:40 +00:00
Lutz Jänicke
d88d941c87 apps/speed.c: children should not inherit buffered I/O 
PR: 1787
Submitted by: Artur Klauser <aklauser@google.com>
 2008-12-10 08:03:47 +00:00
Bodo Möller
7a76219774 Implement Configure option pattern "experimental-foo" 
(specifically, "experimental-jpake").
 2008-12-02 01:21:39 +00:00
Dr. Stephen Henson
2900fc8ae1 Don't stop -cipher from working. 2008-11-30 22:01:31 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Ben Laurie
f3b7bdadbc Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. 2008-11-16 12:47:12 +00:00
Ben Laurie
774b2fe700 Aftermath of a clashing size_t fix (now only format changes). 2008-11-13 09:48:47 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
70d71f6185 Fix warnings: printf format mismatches on 64 bit platforms. 
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
 2008-11-02 15:41:30 +00:00
Dr. Stephen Henson
c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed 
not used.
 2008-11-02 12:50:48 +00:00
Ben Laurie
4d6e1e4f29 size_tification. 2008-11-01 14:37:00 +00:00
Dr. Stephen Henson
e9eda23ae6 Fix warnings and various issues. 
C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile
 2008-10-27 12:02:52 +00:00
Ben Laurie
6caa4edd3e Add JPAKE. 2008-10-26 18:40:52 +00:00
Dr. Stephen Henson
ac786241a2 Add support for -crlnumber option in crl utility. 2008-10-22 19:54:55 +00:00
Lutz Jänicke
020d67fb89 Allow detection of input EOF in quiet mode by adding -no_ign_eof option 
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>
 2008-10-22 06:46:14 +00:00
Lutz Jänicke
1581f82243 Add missing "-d" to option list of openssl version. 
Submitted by: Alex Chen <alex_chen@filemaker.com>
 2008-10-20 12:53:36 +00:00
Dr. Stephen Henson
640b86cb24 Fix Warning... 2008-10-19 17:22:34 +00:00
Ben Laurie
d5bbead449 Add XMPP STARTTLS support. 2008-10-14 19:11:26 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj() 
and should avoid any OS date limitations such as the year 2038 bug.
 2008-10-07 22:55:27 +00:00
Bodo Möller
1a489c9af1 From branch OpenSSL_0_9_8-stable: Allow soft-loading engines. 
Also, fix CHANGES (consistency with stable branch).
 2008-09-15 20:41:24 +00:00
Dr. Stephen Henson
0702150f53 Make no-tlsext compile. 2008-09-03 12:29:57 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find 
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
 2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate 
and CRL signing keys.
 2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension. 
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
 2008-08-12 10:32:56 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs, 
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
 2008-08-06 15:54:15 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates. 
Allow inibit any policy flag to be set in apps.
 2008-07-30 15:49:12 +00:00
Ralf S. Engelschall
6bcbac0abb remove a doubled entry for '-binary' in the usage message 2008-07-27 15:51:35 +00:00
Dr. Stephen Henson
db50661fce X509 verification fixes. 
Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.
 2008-07-13 14:25:36 +00:00
Dr. Stephen Henson
d4cdbab99b Avoid warnings with -pedantic, specifically: 
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
 2008-07-04 23:12:52 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked 
version some time soon.
 2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
8528128b2a Update from stable branch. 2008-06-26 23:27:31 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
59d2d48f64 Add support for client cert engine setting in s_client app. 
Add appropriate #ifdefs round client cert functions in headers.
 2008-06-03 11:26:27 +00:00
Dr. Stephen Henson
c451bd828f Avoid case in ca.c fix. 2008-06-02 12:10:06 +00:00
Dr. Stephen Henson
8ecfbedd85 Revert, doesn't fix warning :-( 2008-06-02 10:42:57 +00:00
Dr. Stephen Henson
c173fce4e2 Avoid cast with wrapper function. 2008-06-02 10:37:53 +00:00
Dr. Stephen Henson
c6ddacf7f8 Stop const mismatch warning. 2008-05-31 19:28:57 +00:00
Dr. Stephen Henson
ab3eafd5b5 Stop warning about extra ';' outside of function. 2008-05-31 19:17:25 +00:00
Dr. Stephen Henson
dd043cd501 Stop const mismatch warning in VC++. 2008-05-31 18:55:23 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Lutz Jänicke
51e00db226 Document "openssl s_server" -crl_check* options 
Submitted by: Daniel Black <daniel.subs@internode.on.net>
 2008-05-19 07:52:15 +00:00
Lutz Jänicke
a92ebf2290 Provide information about "openssl dgst" -hmac option. 2008-05-19 07:43:34 +00:00
Lutz Jänicke
f49c687507 Typo. (From 0.9.8-stable/S. Henson) 
PR: 1672
 2008-05-19 06:21:05 +00:00
Dr. Stephen Henson
718f8f7a9e Fix from stable branch. 2008-05-12 16:24:31 +00:00
Dr. Stephen Henson
4a954b56c9 Use "cont" consistently in cms-examples.pl 
Add a -certsout option to output any certificates in a message.

Add test for example 4.11
 2008-05-01 23:30:06 +00:00
Lutz Jänicke
44a877aa88 Fix incorrect return value in apps/apps.c:parse_yesno() 
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>
 2008-04-17 14:15:27 +00:00
Lutz Jänicke
6b6fe3d8e4 Correctly handle case of bad arguments supplied to rsautl 
PR: 1659
 2008-04-17 13:36:13 +00:00
Lutz Jänicke
4c1a6e004a Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev 
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
 2008-04-17 10:19:16 +00:00
Dr. Stephen Henson
a5db50d005 Revert argument swap change... oops CMS_uncompress() was consistent... 2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1 Make CMS_uncompress() argument order consistent with other functions. 2008-04-11 17:34:13 +00:00
Richard Levitte
fc003bcecb Synchronise with Unix build 2008-04-11 01:53:16 +00:00
Dr. Stephen Henson
e0fbd07309 Add additional parameter to CMS_final() to handle detached content. 2008-04-10 11:22:14 +00:00
Dr. Stephen Henson
7f50d9a4b0 Correct references to smime in cms app. 2008-04-09 22:09:45 +00:00
Dr. Stephen Henson
36309aa2be Signed receipt generation code. 2008-03-28 19:43:16 +00:00
Dr. Stephen Henson
eb9d8d8cd4 Support for verification of signed receipts. 2008-03-28 13:15:39 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast 
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
 2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
f5e2354c9d Add support for signed receipt request printout and generation. 2008-03-26 17:40:22 +00:00
Dr. Stephen Henson
f4cc56f494 Signed Receipt Request utility functions and option on CMS utility to 
print out receipt requests.
 2008-03-26 13:10:21 +00:00
Dr. Stephen Henson
6205171362 Add support for CMS structure printing in cms utility. 2008-03-24 21:53:07 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Dr. Stephen Henson
054307e7ed Allow alternate eContentType oids to be set in cms utility. 
Add id-ct-asciiTextWithCRLF OID.

Give more meaninful error message is attempt to use key ID from a certificate
without a key ID.
 2008-03-19 19:34:30 +00:00
Dr. Stephen Henson
eeb9cdfc94 Add support for KEK decrypt in cms utility. 2008-03-19 18:39:51 +00:00
Dr. Stephen Henson
ab12438030 Add support for KEKRecipientInfo in cms application. 2008-03-19 13:53:52 +00:00
Dr. Stephen Henson
c220e58f9e Make 3DES default cipher in cms utility. 2008-03-18 19:03:03 +00:00
Dr. Stephen Henson
e4f0e40eac Various tidies/fixes: 
Make streaming support in cms cleaner.

Note errors in various S/MIME functions if CMS_final() fails.

Add streaming support for enveloped data.
 2008-03-18 13:45:43 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism, 
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
 2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
7c337e00d2 Fix some warnings. 2008-03-16 20:59:10 +00:00
Geoff Thorpe
7e8481afd1 Fix a nasty cast issue that my compiler was choking on. 2008-03-16 20:57:12 +00:00
Dr. Stephen Henson
4f1aa191b3 Initial support for enveloped data decrypt. Extent runex.pl to cover these 
examples. All RFC4134 examples can not be processed.
 2008-03-15 23:21:33 +00:00
Dr. Stephen Henson
d9f5f07e28 Initial support for Encrypted Data type generation. 2008-03-14 23:30:56 +00:00
Dr. Stephen Henson
1021f9aa5e Typos. 2008-03-14 19:38:44 +00:00
Dr. Stephen Henson
b820455c6e Encrypted Data type processing. Add options to cms utility and run section 7 
tests in RFC4134.
 2008-03-14 13:21:48 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins... 
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
 2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
52108cecc0 <strings.h> does not exist under WIN32. 2008-01-14 18:10:55 +00:00
Ben Laurie
f12797a447 Missing headers. 2008-01-12 11:22:31 +00:00
Andy Polyakov
637f90621d Cygwin compatibility fix to apps/ocsp.c. 2008-01-05 21:32:29 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support. 
Submitted by: Guenter Knauf <eflash@gmx.net>
 2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
341e18b497 Handle non-SHA1 digests for certids in OCSP test responder. 2007-12-14 12:43:50 +00:00
Dr. Stephen Henson
cec2538ca9 Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve 
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
 2007-12-04 12:41:28 +00:00
Bodo Möller
15bd07e923 fix typos 
Submitted by: Ernst G. Giessmann
 2007-11-19 07:24:08 +00:00
Ben Laurie
fdf355878c Fix buffer overflow. 2007-11-16 14:41:09 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case 
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
 2007-10-26 12:06:36 +00:00
Dr. Stephen Henson
b7fcc08976 Typo. 2007-09-28 17:18:18 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Bodo Möller
86d4bc3aea fix length parameter in SSL_set_tlsext_opaque_prf_input() calls 2007-09-23 11:08:59 +00:00
Bodo Möller
761772d7e1 Implement the Opaque PRF Input TLS extension 
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way.  In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().

Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
 2007-09-21 06:54:24 +00:00
Ben Laurie
9311c4421a Fix dependencies. Make depend. 2007-09-19 14:53:18 +00:00
Ben Laurie
e28eddc51f Typo? Why did this work, anyway? 2007-09-08 15:58:51 +00:00
Dr. Stephen Henson
d82a612a90 Fix warning: print format option not compatible with size_t. 2007-09-07 13:34:46 +00:00
Dr. Stephen Henson
e7e8f4b333 Fix another warning. 2007-09-07 13:27:40 +00:00
Dr. Stephen Henson
014f62b649 Add usage message for -sess_out, -sess_in 2007-08-23 12:20:36 +00:00
Dr. Stephen Henson
d24a9c8f5a Docs and usage messages for RFC4507bis support. 2007-08-23 11:34:48 +00:00
Dr. Stephen Henson
367eb1f125 Fix warning and make no-tlsext work. 2007-08-12 18:56:14 +00:00
Dr. Stephen Henson
710069c19e Fix warnings. 2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
6434abbfc6 RFC4507 (including RFC4507bis) TLS stateless session resumption support 
for OpenSSL.
 2007-08-11 23:18:29 +00:00
Andy Polyakov
d6c764573c Proper support for shared build under MacOS X. 2007-07-31 18:24:41 +00:00
Bodo Möller
f7b61702a0 document -S and -nopad options in usage information 2007-07-31 09:42:47 +00:00
Dr. Stephen Henson
8dbdf6314c Typo. 2007-05-21 16:36:09 +00:00
Dr. Stephen Henson
9c54e18bf0 Fixes for dgst tool. Initialize md_name, sig_name properly. Return error code 
on failure. Keep output format consistent with previous versions.

Also flush stdout after printing ACCEPT in s_server.
 2007-05-21 15:53:30 +00:00
Dr. Stephen Henson
0f9e0abbee Set len to buffer size. 2007-05-17 16:42:05 +00:00
Dr. Stephen Henson
e77dbf325f Prepend signature name in dgst output. 2007-05-17 16:19:17 +00:00
Dr. Stephen Henson
f03620ea15 Use default md if none specified in dgst utility. 2007-05-17 12:55:03 +00:00
Dr. Stephen Henson
47b2e238e5 Use EVP_DigestVerify() in dgst.c if verifying. 2007-05-17 12:35:32 +00:00
Dr. Stephen Henson
ad35cdac74 PR: 1516 
Revert change in 1516 because it breaks Windows build. Use a modified version
of the headers from s_client.c which has used similar functionality without
any problems.
 2007-05-16 12:16:49 +00:00
Ben Laurie
69ab085290 More IGE speedup. 2007-05-13 15:14:38 +00:00
Ben Laurie
5f09d0ecc2 AES IGE mode speedup. 2007-05-13 12:57:59 +00:00
Dr. Stephen Henson
6217896145 Improve error detection when streaming S/MIME. 
Only use streaming when appropriate for detached data in smime utility.
 2007-05-10 17:37:15 +00:00
Andy Polyakov
6ef18c21c9 Bug in apps/dgst.c. 2007-04-30 15:20:10 +00:00
Bodo Möller
96afc1cfd5 Add SEED encryption algorithm. 
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
 2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
9cfc8a9d5c Update smime utility to support streaming for -encrypt and -sign -nodetach 
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.

These all process content on the fly without storing it all in memory.
 2007-04-13 01:06:41 +00:00
Dr. Stephen Henson
2022cfe07e New -mac and -macopt options to dgst utility. Reimplement -hmac option in 
terms of new API.
 2007-04-11 17:20:40 +00:00
Dr. Stephen Henson
d952c79a7b New -sigopt option for dgst utility. 2007-04-08 12:47:18 +00:00
Ben Laurie
3dfb6b3353 Yet another resource leak. Coverity ID 123. 2007-04-07 13:20:09 +00:00
Ben Laurie
44907e6064 Free memory. Coverity ID 62. 2007-04-05 15:45:22 +00:00
Ben Laurie
231671b9ff Resource leak. 2007-04-04 16:00:03 +00:00
Ben Laurie
313fce7b61 Don't free a NULL. Coverity ID 112. 2007-04-04 14:59:20 +00:00
Ben Laurie
309fa55bbb Return an error if the serial number is badly formed. (Coverity ID 116). 2007-04-04 14:35:56 +00:00
Ben Laurie
4b8747e440 Die if serial number is invalid. 2007-04-04 13:41:33 +00:00
Richard Levitte
a1d915990b Apply a more modern way to get the definition of select(), except for VMS. 
Submitted by Corinna Vinschen <vinschen@redhat.com>
 2007-03-29 18:34:57 +00:00
Dr. Stephen Henson
9981a51e42 Stage 1 GOST ciphersuite support. 
Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org
 2007-03-23 17:04:05 +00:00
Lutz Jänicke
ee373e7f19 Fix problem with multi line responses in -starttls by using a buffering 
BIO and BIO_gets().
 2007-02-22 17:39:47 +00:00
Lutz Jänicke
8d72476e2b Extend SMTP and IMAP protocol handling to perform the required 
EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
 2007-02-21 18:20:41 +00:00
Dr. Stephen Henson
5d5ca32fa1 Updates from 0.9.8-stable branch. 2007-02-18 18:21:57 +00:00
Richard Levitte
85c6749216 Add STARTTLS support for IMAP and FTP. 
Submitted by Kees Cook <kees@outflux.net>
 2007-02-16 18:12:16 +00:00
Dr. Stephen Henson
52cfa39716 Add -hmac option to dgst from 0.9.7 stable branch. 2007-02-08 19:07:43 +00:00
Nils Larsch
123b23fa95 fix return value of get_cert_chain() 
PR: 1441
 2006-12-27 09:40:52 +00:00
Richard Levitte
8bbf6bcf17 Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see 
the declarations of fd_set, select() and so on.
 2006-12-25 10:54:14 +00:00
Nils Larsch
ec1edeb5fa update pkcs12 help message + manpage 
PR: 1443
Submitted by: Artem Chuprina <ran@cryptocom.ru>
 2006-12-21 20:36:15 +00:00
Nils Larsch
5dfe910023 properly initialize SSL context, check return value 2006-12-13 22:06:37 +00:00
Nils Larsch
10a10fb834 return 0 if 'noout' is used and no error has occurred 
PR: 1435
Submitted by: "Haridharan" <haridharan@gmail.com>
 2006-12-05 20:09:25 +00:00
Nils Larsch
ae93dc13ab add support for whirlpool in apps/speed 
PR: 1338
Submitted by: justin@soze.net
 2006-12-01 21:42:55 +00:00
Nils Larsch
7806f3dd4b replace macros with functions 
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
 2006-11-29 20:54:57 +00:00
Ben Laurie
96ea4ae91c Add RFC 3779 support. 2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
5456583294 Don't add the TS EKU by default in openssl.cnf because it then 
makes certificates genereated by ca, CA.pl etc useless for anything else.
 2006-11-07 14:27:55 +00:00
Nils Larsch
224328e404 fix warning 2006-11-06 20:10:44 +00:00
Andy Polyakov
5b50f99e1e Further mingw build procedure updates. 2006-10-24 22:14:20 +00:00
Andy Polyakov
cbfb39d1be Rudimentary support for cross-compiling. 2006-10-21 13:38:16 +00:00
Dr. Stephen Henson
347ed3b93c Buffer size handling fix for enc. 
PR:1374
 2006-09-22 17:14:22 +00:00
Dr. Stephen Henson
5d20c4fb35 Overhaul of by_dir code to handle dynamic loading of CRLs. 2006-09-17 17:16:28 +00:00
Richard Levitte
5776c3c4c6 According to documentation, including time.h declares select() on 
OpenVMS, and possibly more.

Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select
 2006-08-20 05:54:35 +00:00
Richard Levitte
0c3d346cb7 Correct warnings about signedness. 2006-08-20 05:18:12 +00:00
Dr. Stephen Henson
f6e7d01450 Support for multiple CRLs with same issuer name in X509_STORE. Modify 
verify logic to try to use an unexpired CRL if possible.
 2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
1aa44cc797 Avoid WIN32 warning. 2006-07-21 22:28:48 +00:00
Dr. Stephen Henson
37c8fd0eba Avoid warnings. 2006-07-21 22:26:31 +00:00
Dr. Stephen Henson
b589427941 WIN32 fixes signed/unsigned issues and slightly socket semantics. 2006-07-17 18:52:51 +00:00
Dr. Stephen Henson
454dbbc593 Add -timeout option to ocsp utility. 2006-07-17 13:26:54 +00:00
Dr. Stephen Henson
f253a058d3 There is should be no need to rewind the input stream any more. 
For S/MIME multipart/signed type the signature is calculated on the fly.

For other detached data forms the stream isn't used after the single pass to
calculate signatures.

For non-detached the data is stored in a memory BIO.
 2006-07-13 20:29:55 +00:00
Dr. Stephen Henson
b3c6a33185 In genpkey, also look for algorithm string name in any supplied ENGINE. 2006-07-12 18:00:20 +00:00
Dr. Stephen Henson
105f6a6323 Update some usage messages. 2006-07-10 22:49:08 +00:00
Dr. Stephen Henson
5ba4bf35c5 New functions to enumerate digests and ciphers. 2006-07-09 00:53:45 +00:00
Bodo Möller
b166f13eb5 Call 'print_stuff' even if a handshake failed. 2006-06-15 19:00:34 +00:00
Bodo Möller
6a983d4287 Fix a bug recently introduced when updating this file to use the new 
keygen API: make sure that 'pkey_type' is actually visible to MAIN().
 2006-06-14 01:16:22 +00:00
Bodo Möller
f3dea9a595 Camellia cipher, contributed by NTT 
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
 2006-06-09 15:44:59 +00:00
Dr. Stephen Henson
01b8b3c7d2 Complete EVP_PKEY_ASN1_METHOD ENGINE support. 2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
6f88c6a634 Add missing prototype. Extend engine utility to print public key algorithms. 2006-06-01 12:38:22 +00:00
Richard Levitte
0ed110b969 Because all object files are now in a file, we don't need to mention 
any of them on the linker command line.  Besides, OBJECT_FILE now
represents the last compiled file, and using it here only results in
getting warnings about multiple definitions of the symbols in that
file.
 2006-06-01 10:24:47 +00:00
Dr. Stephen Henson
6657b9c73a Fix warnings. 2006-05-26 13:27:58 +00:00
Dr. Stephen Henson
ba0d04a986 Update pkeyutl to use size_t for pkey functions. 2006-05-26 12:24:49 +00:00
Richard Levitte
3cb9eb30d3 Signed vs. unsigned conflict 2006-05-25 23:40:04 +00:00
Richard Levitte
e0b624e20e There was a problem with too long command lines, so I rebuilt to make 
it work better.
 2006-05-25 23:37:03 +00:00
Dr. Stephen Henson
c27309edcb Allow any supported cipher to be used with smime -encrypt. 2006-05-25 16:53:52 +00:00
Dr. Stephen Henson
216e0d5b91 Fix smime -pk7out. 2006-05-22 13:37:16 +00:00
Dr. Stephen Henson
5531192151 Add -resign and -md options to smime command to support resigning an 
existing structure and using alternative digest for signing.
 2006-05-18 23:44:44 +00:00
Dr. Stephen Henson
a6e7fcd140 Multiple signer support in smime application. 2006-05-18 12:41:28 +00:00
Dr. Stephen Henson
76cf3fcb43 Reformat smime.c utility. 2006-05-18 11:54:16 +00:00
Dr. Stephen Henson
121dd39f9f New option to pkcs12 utility to set alternative MAC digest algorithm. 2006-05-17 18:46:22 +00:00
Dr. Stephen Henson
a263253545 Don't try to print PBE information if it can't be decoded. 2006-05-17 18:24:35 +00:00
Dr. Stephen Henson
8de916bcee Oops... 2006-05-17 12:29:16 +00:00
Dr. Stephen Henson
1631d5f9b9 HMAC OIDs from RFC4231. 2006-05-17 12:27:45 +00:00
Dr. Stephen Henson
98c82b899e Gather keygen options in req and only use them after all other options have 
been processed. This allows any ENGINE changing operations to be processed
first (for example a config file).
 2006-05-16 12:11:14 +00:00
Dr. Stephen Henson
fbf6643607 Bugfix: the NONE string for PBE algorithms wasn't working. 2006-05-15 13:23:15 +00:00
Dr. Stephen Henson
1bd06bd0c4 In interactive mode only config OpenSSL once. 2006-05-12 17:11:58 +00:00
Richard Levitte
98bf13c36b make update 2006-05-12 15:31:28 +00:00
Dr. Stephen Henson
759d8ac6ee Typo. 2006-05-12 00:27:39 +00:00
Dr. Stephen Henson
959e8dfe06 Update 'req' command to use new keygen API. 2006-05-11 21:39:00 +00:00
Dr. Stephen Henson
03919683f9 Add support for default public key digest type ctrl. 2006-05-07 17:09:39 +00:00
Ulf Möller
36e77b1059 Bug fix. 
PR: 1307
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
 2006-05-01 18:49:26 +00:00
Dr. Stephen Henson
816c2b5a79 Fix from stable branch. 2006-04-28 00:30:49 +00:00
Dr. Stephen Henson
15f80eea31 Fix usage message for pkeyutl. 2006-04-26 15:42:29 +00:00
Dr. Stephen Henson
ee1d9ec019 Remove link between digests and signature algorithms. 
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
 2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
7bf7333d68 If we include winsock2.h then FD_SET wants an unsigned type for an fd. 2006-04-17 12:22:13 +00:00
Dr. Stephen Henson
b010b7c434 Use more flexible method of determining output length, by setting &outlen 
value of the passed output buffer is NULL.

The old method of using EVP_PKEY_size(pkey) isn't flexible enough to cover all
cases where the output length may depend on the operation or the parameters
associated with it.
 2006-04-15 18:50:56 +00:00
Richard Levitte
51aa7bd321 Got sick and tired of duplicating... Too error-prone (i.e. I forget 
to update both...)!
 2006-04-14 19:56:28 +00:00
Dr. Stephen Henson
ffb1ac674c Complete key derivation support. 2006-04-13 20:16:56 +00:00
Dr. Stephen Henson
3be34589e8 Update dependencies. 2006-04-13 13:00:45 +00:00
Dr. Stephen Henson
92511cff48 Change the option setting command line switch to "-pkeyopt" to avoid confusion 
with algorithm parameters.
 2006-04-13 12:38:46 +00:00
Richard Levitte
7b82159865 Synchronise what what's happening with the Unix build 2006-04-13 09:59:52 +00:00
Ulf Möller
fb05e1cdf6 declare as in prototype 
Submitted by: Gisle Vanem
 2006-04-12 19:24:45 +00:00
Dr. Stephen Henson
75ef718820 Support for DSA keygen, fix for genpkey. 2006-04-12 11:14:11 +00:00
Ulf Möller
4700aea951 Add BeOS support. 
PR: 1312
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
Reviewed by: Ulf Moeller
 2006-04-11 21:34:21 +00:00
Ulf Möller
9555339007 improve make dclean to remove files generated during build 
PR: 1308
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
Reviewed by: Ulf Moeller
 2006-04-11 20:05:23 +00:00
Dr. Stephen Henson
2fbe371f53 Fix parameter error messages. 2006-04-11 18:30:25 +00:00
Dr. Stephen Henson
15181d7811 Write parameters if -genparam option include. 2006-04-11 18:21:40 +00:00
Dr. Stephen Henson
1edba2110f Add parameter generation option to genpkey. 2006-04-11 18:18:14 +00:00
Dr. Stephen Henson
f5cda4cbb1 Initial keygen support. 2006-04-11 13:28:52 +00:00
Richard Levitte
25dc89eb9b Synchronise with the Unix build 2006-04-10 11:39:49 +00:00
Dr. Stephen Henson
4a3dc3c0e3 Add RSA ctrl for padding mode, add ctrl support in pkeyutl. 2006-04-09 12:42:09 +00:00
Dr. Stephen Henson
a2318e86bd Fix typo. Add EVP_PKEY_CTX control function for later use by command line 
utilities.
 2006-04-09 00:34:00 +00:00
Dr. Stephen Henson
a9164153d1 Reformat pkeyutl.c, add support for verify operation but nothing actually 
supports it (yet).
 2006-04-08 22:25:47 +00:00
Dr. Stephen Henson
8795d38906 Update dependencies. 2006-04-08 13:04:31 +00:00
Dr. Stephen Henson
8cd44e3630 Implement encrypt/decrypt using RSA. 2006-04-08 13:02:04 +00:00
Dr. Stephen Henson
9e4d0f0be2 New utility 'pkeyutl' a general purpose version of 'rsautl'. 2006-04-07 19:33:28 +00:00
Dr. Stephen Henson
53ec8809cf Add an explicit load_config() call so any added algorithms are 
visible.
 2006-04-04 18:47:20 +00:00
Dr. Stephen Henson
0b33dac310 New function to retrieve ASN1 info on public key algorithms. New command 
line option to print out info.
 2006-04-04 18:16:03 +00:00
Richard Levitte
16f66ae794 Synchronise with recent changes 2006-03-30 04:30:45 +00:00
Bodo Möller
bcbe37b716 Change default curve (for compatibility with a 
soon-to-be-widely-deployed implementation that doesn't support the
previous default)

Submitted by: Douglas Stebila
 2006-03-30 02:41:30 +00:00
Dr. Stephen Henson
246e09319c Fix bug where freed OIDs could be accessed in EVP_cleanup() by 
defering freeing in OBJ_cleanup().
 2006-03-28 17:23:48 +00:00
Dr. Stephen Henson
3e4585c8fd New utility pkeyparam. Enhance and bugfix algorithm specific parameter 
functions to support it.
 2006-03-28 14:35:32 +00:00
Dr. Stephen Henson
3e84b6e15f New general public key utility 'pkey'. 2006-03-28 12:34:45 +00:00
Nils Larsch
b4e88ccb28 ensure the pointer is valid before using it 2006-03-18 14:27:41 +00:00
Nils Larsch
d916ba1ba1 check if con != NULL before using it 2006-03-18 14:24:02 +00:00
Nils Larsch
67b6f1ca88 fix problems found by coverity: remove useless code 2006-03-15 17:45:43 +00:00
Nils Larsch
e968089485 use BIO_snprintf() instead of snprintf + use BIO_FP_TEXT for text output 
Submitted by: Gisle Vanem
 2006-03-12 22:16:57 +00:00
Nils Larsch
a0aa8b4b61 fix signed vs. unsigned warning 2006-03-11 12:18:11 +00:00
Nils Larsch
ddac197404 add initial support for RFC 4279 PSK SSL ciphersuites 
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
 2006-03-10 23:06:27 +00:00
Richard Levitte
8721fc2d0b Forgot the TSA application... 2006-03-02 13:28:52 +00:00
Ulf Möller
11503177d1 TS bugfixes: Do not hardcode message digest algorithms; fix ASN1 decoding. 
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
 2006-02-26 23:34:53 +00:00
Richard Levitte
9ab899a660 Synchronise with openss.cnf 2006-02-26 10:48:40 +00:00
Nils Larsch
fcfd87168a fix warning: add missing prototype 2006-02-13 09:43:31 +00:00
Ulf Möller
3b408d83fe make update 2006-02-12 23:21:56 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation 
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
 2006-02-12 23:11:56 +00:00
Bodo Möller
241520e66d More TLS extension related changes. 
Submitted by: Peter Sylvester
 2006-01-11 06:10:40 +00:00
Bodo Möller
a13c20f603 Further TLS extension updates 
Submitted by: Peter Sylvester
 2006-01-09 19:49:05 +00:00
Bodo Möller
1aeb3da83f Fixes for TLS server_name extension 
Submitted by: Peter Sylvester
 2006-01-06 09:08:59 +00:00
Richard Levitte
8de5b7f548 Fix signed/unsigned char clashes. 2006-01-04 12:02:43 +00:00
Bodo Möller
f1fd4544a3 Various changes in the new TLS extension code, including the following: 
- fix indentation
 - rename some functions and macros
 - fix up confusion between SSL_ERROR_... and SSL_AD_... values
 2006-01-03 03:27:19 +00:00
Bodo Möller
b1277b9902 C style fix-up 2006-01-02 23:29:12 +00:00
Bodo Möller
ed3883d21b Support TLS extensions (specifically, HostName) 
Submitted by: Peter Sylvester
 2006-01-02 23:14:37 +00:00
Andy Polyakov
7b1b47a8e6 Mention Whirlpool in dgst -help. 2005-11-30 20:58:41 +00:00
Dr. Stephen Henson
c173d09c56 Typo 2005-11-30 19:25:55 +00:00
Dr. Stephen Henson
cb49a3cfa1 Make CA.pl script use CA extensions when creating a root CA. 2005-11-30 18:31:36 +00:00
Richard Levitte
a53cb070e3 When using POSIXly functions, we need to define _POSIX_C_SOURCE, at 
least when the source is compiled with ANSI settings.
 2005-11-27 15:32:57 +00:00
Andy Polyakov
eed22ac4ac Eliminate VC compiler warning. 2005-11-06 21:11:41 +00:00
Andy Polyakov
9135fddb0e Revive app_tminterval for Netware. 2005-11-06 17:11:04 +00:00
Andy Polyakov
d88fcf73f1 Revive app_tminterval for vxworks. 2005-11-06 16:55:44 +00:00
Andy Polyakov
a950f28762 Revive app_tminterval for VMS. 2005-11-06 16:16:38 +00:00
Andy Polyakov
e22f63f231 The typos never stop. Fix one in apps/apps.c. 2005-11-06 12:15:12 +00:00
Andy Polyakov
f530138876 Fix newly introduced typos and warnings in ./apps. 2005-11-06 11:58:22 +00:00
Andy Polyakov
0a39d8f207 Collect timing procedures in apps/apps.c. It's a bit cruel patch, as it 
temporarily[!] removes support for couple of esoteric platforms [well,
Netware, vxWorks and VMS].
 2005-11-06 11:40:59 +00:00
Andy Polyakov
a1ad253f17 Eliminate remaining calls to stat in apps/apps.c and unify WIN32_rename for 
all Windows targets.
 2005-11-04 16:12:05 +00:00
Andy Polyakov
ffa101872f Eliminate dependency on read/write/stat in apps under _WIN32. 2005-11-04 09:30:55 +00:00
Andy Polyakov
53261831f1 Get rid of arcane reference to _fmode in apps/apps.h. Binary open is 
handles properly by bss_file.c, which renders _fmode redundant.
 2005-11-03 16:42:57 +00:00
Andy Polyakov
eff7cb41d1 Disable BIO_s_fd on CE and disable fd:N as password passing option on 
all _WIN32 [see commentary for clarification].
 2005-11-03 15:31:28 +00:00
Nils Larsch
d86b0f1f5f compile sstrsep only if HAVE_FORK is defined; patch supplied by Johan Gill <johane@lysator.liu.se> 2005-11-02 22:13:43 +00:00
Bodo Möller
ee8836c442 fix stupid typo 2005-10-26 19:30:10 +00:00
Dr. Stephen Henson
3f67e11fab Add PVK support to dsa utility. 2005-10-08 17:32:07 +00:00
Dr. Stephen Henson
566dda07ba New option SSL_OP_NO_COMP to disable compression. New ctrls to set 
maximum send fragment size. Allocate I/O buffers accordingly.
 2005-10-08 00:18:53 +00:00
Bodo Möller
13e4670c29 new option "openssl ciphers -V" 2005-10-01 04:08:48 +00:00
Dr. Stephen Henson
09b6c2ef15 Make OPENSSL_NO_COMP compile again. 2005-09-30 23:35:33 +00:00
Nils Larsch
cc29c1204b successfully updating the db shouldn't result in an error message 2005-09-30 16:47:38 +00:00
Dr. Stephen Henson
29b9763d9f Change openssl.cnf to use UTF8Strings by default and not always include issuer 
and serial versions of AKID.
 2005-09-16 11:58:28 +00:00
Dr. Stephen Henson
c11c64fbe0 Update to ASN1 printing code. 2005-09-03 00:40:40 +00:00
Nils Larsch
33ac8b3139 don't try to load cert/key when the "-nocert" option is set 2005-09-02 12:44:59 +00:00
Dr. Stephen Henson
9194296de8 Update ASN1 printing code and add a -print option to 'pkcs7' utility for 
initial testing.
 2005-09-01 18:00:56 +00:00
Dr. Stephen Henson
a0156a926f Integrated support for PVK files. 2005-08-31 16:37:54 +00:00
Ben Laurie
2c2e46dbf5 Generate primes, too. 2005-08-23 13:48:17 +00:00
Ben Laurie
b8e8ccdc79 Fix warning. 2005-08-21 15:59:10 +00:00
Dr. Stephen Henson
eea374fd19 Command line support for RSAPublicKey format. 2005-08-21 00:18:26 +00:00
Dr. Stephen Henson
45e2738585 Remove ASN1_METHOD code replace with new ASN1 alternative. 2005-08-20 18:12:45 +00:00
Nils Larsch
4ebb342fcd Let the TLSv1_method() etc. functions return a const SSL_METHOD 
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
 2005-08-14 21:48:33 +00:00
Dr. Stephen Henson
8f2e4fdf86 Allow PKCS7_decrypt() to work if no cert supplied. 2005-08-04 22:15:22 +00:00
Geoff Thorpe
7f0c65703a "make update" 2005-07-26 04:48:54 +00:00
Nils Larsch
3eeaab4bed make 
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159
 2005-07-16 12:37:36 +00:00
Dr. Stephen Henson
cbdac46d58 Update from stable branch. 2005-07-04 23:12:04 +00:00
Richard Levitte
d2e0c81720 The private key should never have ended up in newreq.pem. 
Now, it ends up in newkey.pem instead.
 2005-07-04 21:44:16 +00:00
Nils Larsch
9e1a112336 initialize newly allocated data 
PR: 1145
 2005-07-01 16:08:14 +00:00
Ben Laurie
a51a97262d Brought forward from 0.9.8 - 64 bit warning fixes and fussy compiler fixes. 2005-06-29 11:02:15 +00:00
Richard Levitte
417f8973ff asn1parse doesn't support any TXT format, so let's stop pretending 
it does.
 2005-06-28 15:44:11 +00:00
Andy Polyakov
53bb3bee34 Fix typos in apps/apps.c 2005-06-27 15:56:53 +00:00
Andy Polyakov
2f3c39bc62 Minor (final?) Makefiles polish. 2005-06-26 17:47:44 +00:00
Andy Polyakov
02c31fa461 Jumbo Makfiles update. 
- eliminate ambiguities between GNU-ish and SysV-ish make flavors;
- switch [back] to -e;
- fold/unify rules;

This is follow-up to the patch introducing common BUILDENV. Idea is
to collect as much parameters in $(TOP) as possible and "strip" lower
Makefiles for most variables [and thus makes them more readable].
 2005-06-23 00:03:26 +00:00
Richard Levitte
b764ab9537 Netware patch submitted by Verdon Walker" <VWalker@novell.com> in PR 
1107.  He says:

This is a followup to the NetWare patch that was applied to beta3.  It
does the following:

- Fixes a problem in the CLib build with undefined symbols.

- Adds the ability to use BSD sockets as the default for the OpenSSL
  socket BIO.  NetWare supports 2 flavors of sockets and our Apache
  developers need BSD sockets as a configurable option when building
  OpenSSL.  This adds that for them.

- Updates to the INSTALL.NW file to explain new options.

I have tried very hard to make sure all the changes are in NetWare
specific files or guarded carefully to make sure they only impact
NetWare builds.  I have tested the Windows build to make sure it does
not break that since we have made changes to mk1mf.pl.

We are still working the gcc cross compile for NetWare issue and hope
to have a patch for that before beta 6 is released.
 2005-06-13 03:23:50 +00:00
Nils Larsch
63d740752f changes from 0.9.8 2005-05-31 18:22:53 +00:00
Nils Larsch
6e04afb8c5 include opensslconf.h if OPENSSL_NO_* is used 2005-05-31 17:36:06 +00:00
Richard Levitte
b29228836a DJGPP changes. Contributed by Doug Kaufman <dkaufman@rahul.net> 2005-05-30 22:37:44 +00:00
Richard Levitte
80b168a5a9 We have some source with \r\n as line ends. DEC C informs about that, 
and I really can't be bothered...
 2005-05-29 12:13:51 +00:00
Dr. Stephen Henson
499fca2db3 Update from 0.9.7-stable. Also repatch and rebuild error codes. 2005-05-28 20:44:02 +00:00
Andy Polyakov
4b23506594 OPENSSL_NO_SHA512 to mask even SHA512_CTX declaration. This is done to 
make no-sha512 more effective on platforms, which don't support 64-bit
integer type of *any* kind.
 2005-05-22 08:55:15 +00:00
Andy Polyakov
ea1b02db6a OPENSSL_Applink update. 2005-05-17 00:08:28 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and 
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
 2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341 ecc api cleanup; summary: 
- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
 2005-05-16 10:11:04 +00:00
Bodo Möller
46a643763d Implement fixed-window exponentiation to mitigate hyper-threading 
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2005-05-16 01:43:31 +00:00
Andy Polyakov
734540f887 Consolidate BUILDENV [idea is to keep all variables in one place]. 2005-05-15 23:53:34 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
b6995add5c Make -CSP option work again in pkcs12 utility by checking for 
attribute in EVP_PKEY structure.
 2005-05-15 00:54:45 +00:00
Nils Larsch
8b15c74018 give EC_GROUP_new_by_nid a more meanigful name: 
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
 2005-05-10 11:37:47 +00:00
Nils Larsch
3afa6cf866 improve command line argument checking 
PR: 1061
 2005-05-10 09:51:29 +00:00
Bodo Möller
fbeaa3c47d Update util/ck_errf.pl script, and have it run automatically 
during "make errors" and thus during "make update".

Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
 2005-05-09 00:27:37 +00:00
Ben Laurie
0ff469d38d Add prototype. 2005-05-01 13:49:56 +00:00
Andy Polyakov
4c3a2d64e4 Fold rules in test/Makefiles [from stable]. 2005-04-30 21:39:39 +00:00
Richard Levitte
aed14edd12 From branch OpenSSL_0_9_7-stable, 2004-08-11 22:34: 
Another missing module in the VMS build files.I believe this is
the last, though...
 2005-04-30 15:21:40 +00:00
Richard Levitte
14a948e6ad All kinds of changes from branch OpenSSL_0_9_7-stable 2005-04-30 15:17:05 +00:00
Nils Larsch
7ab2d30349 add 192 bit prime curve to the command line options 2005-04-29 15:21:09 +00:00
Dr. Stephen Henson
6c61726b2a Lots of Win32 fixes for DTLS. 
1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.
 2005-04-27 16:27:14 +00:00
Dr. Stephen Henson
b08868c48a Port prime utility across from stable branch. 2005-04-26 23:02:52 +00:00
Bodo Möller
0d5ea7613e make update 2005-04-26 18:09:21 +00:00
Dr. Stephen Henson
4e321ffaff Fixes for signed/unsigned warnings and shadows. 2005-04-26 17:43:53 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Nils Larsch
965a1cb92e change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible 2005-04-23 10:11:16 +00:00
Ben Laurie
e9ad6665a5 Add debug target, remove cast, note possible bug. 2005-04-23 06:05:24 +00:00
Nils Larsch
e7076c5a80 make update 2005-04-22 20:17:17 +00:00
Richard Levitte
7efebab9fd signed vs. unsigned. 2005-04-20 13:21:10 +00:00
Dr. Stephen Henson
f68854b4c3 Various Win32 and other fixes for warnings and compilation errors. 
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
 2005-04-19 00:12:36 +00:00
Nils Larsch
ff990440ee const fixes 2005-04-15 18:29:33 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Nils Larsch
eb3eab20a8 const fixes 2005-04-07 22:48:33 +00:00
Nils Larsch
7d727231b7 some const fixes 2005-04-05 19:11:19 +00:00
Nils Larsch
69740c2b3f update progs.pl to reflect changes in progs.h 2005-04-05 18:17:13 +00:00
Nils Larsch
12bdb64375 use SHA-1 as the default digest for the apps/openssl commands 2005-04-02 09:29:15 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Nils Larsch
689c6f2542 add new curves to the loop (with some cleanup from me) 
Submitted by: Jean-Luc Duval
Reviewed by:  Nils Larsch
 2005-03-20 23:12:13 +00:00
Bodo Möller
9f6715d4bb "make depend". This takes into account the algorithms that are now 
disabled by default (MDC2 and RC5), which until now were skipped
by "make links" and yet supposedly required by some of the Makefiles,
meaning that the recent snapshots failed to compile.

Problem reported by Nils Larsch.
 2005-03-13 19:49:47 +00:00
Andy Polyakov
877dbcb8a0 Shut whiny make's up. 2005-02-03 10:19:59 +00:00
Andy Polyakov
62d27939c2 Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms 
and SafeDllSearchMode in Windows.

Submitted by: Richard Levitte
 2005-02-01 23:48:37 +00:00
Richard Levitte
4aca9297dc The mix of CFLAGS and LDFLAGS is a bit confusing in my opinion, and 
Makefile.shared was a bit overcomplicated.

Make the shell variables LDFLAGS and SHAREDFLAGS in Makefile.shared
get the values of $(CFLAGS) or $(LDFLAGS) as appropriate depending on
the value the shell variables LDCMD and SHAREDCMD get.  That leaves
much less chance of confusion, since those pairs of shell variables
always are defined together.
 2005-01-26 23:51:20 +00:00
Andy Polyakov
fbdce13e5a Please BSD make... 2005-01-25 22:09:11 +00:00
Andy Polyakov
02a00bb054 DJGPP update. 
PR: 989
Submitted by: Doug Kaufman
 2005-01-04 10:28:38 +00:00
Andy Polyakov
3ffb8d42bc Remove naming conflict between variable and label. 2004-12-30 11:10:11 +00:00
Dr. Stephen Henson
e90faddaf8 Prompt for passphrases for PKCS12 input format 2004-12-29 01:07:14 +00:00
Richard Levitte
6951c23afd Add functionality needed to process proxy certificates. 2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
abbc186bd2 Fix s_client so it works without a certificate again. 2004-12-13 18:02:23 +00:00
Richard Levitte
de6859e442 Propagate a few more variables to Makefile.shared when linking 
programs.
 2004-12-13 17:28:44 +00:00
Dr. Stephen Henson
a37e22d866 Use X509_cmp_time() in -checkend option, to support GeneralizedTime. 2004-12-05 18:26:19 +00:00
Dr. Stephen Henson
5b40d7dd97 Add -passin argument to dgst command. 2004-12-03 12:26:56 +00:00
Richard Levitte
30b415b076 Make an explicit check during certificate validation to see that the 
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)
 2004-11-29 11:28:08 +00:00
Dr. Stephen Henson
3fee255102 Typo. 2004-11-23 21:40:10 +00:00
Dr. Stephen Henson
16df5f066a Fix memory leak. 2004-11-23 21:22:21 +00:00
Dr. Stephen Henson
00dd8f6d6e In "req" exit immediately if configuration file is needed and it can't 
be loaded instead of giving the misleading:

"unable to find 'distinguised_name' in config"

error message.
 2004-11-17 18:36:13 +00:00
Dr. Stephen Henson
826a42a088 PR: 910 
Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.

Update docs.
 2004-11-16 17:30:59 +00:00
Dr. Stephen Henson
151368ccba PR: 940 
Typo: use prompt_info, not cb_data->prompt_info.
 2004-11-14 15:40:00 +00:00
Dr. Stephen Henson
5fee606442 Zap obsolete der_chop script. 2004-11-14 00:08:36 +00:00
Dr. Stephen Henson
78df5a2f1e Fix x509.c so it creates serial number file again if no 
serial number is supplied on command line.
 2004-11-13 13:26:06 +00:00
Richard Levitte
6c9f57d629 Cut'n'paste mistake. All tested OK now... 2004-11-11 19:36:08 +00:00
Richard Levitte
382342ce1d Whoops, syntactic mistake... 2004-11-11 18:58:01 +00:00
Richard Levitte
69c922f5d2 Some find it confusing that environment variables are set when shared 
libraries aren't built or used.  I can see the point, so I'm
reorganising a little for clarity.
 2004-11-11 18:18:43 +00:00
Dr. Stephen Henson
10c8505734 Use the default_md config file value when signing CRLs. 
PR:662
 2004-11-11 13:47:06 +00:00
Dr. Stephen Henson
10f92aac33 Don't return an error with crl -noout. 
PR:917
Sumbmitted by: Michael Konietzka <konietzka@schlund.de>
 2004-11-11 02:13:08 +00:00
Richard Levitte
8de69cf2c6 Make sure LD_PRELOAD is only set when we build shared libraries (and 
therefore link with them).  Add LD_PRELOAD setting code where it was
still missing.

PR: 966
 2004-11-05 09:12:10 +00:00
Geoff Thorpe
58ae65cd1a Update ECDSA and ECDH for OPENSSL_NO_ENGINE. 
Reported by: Maxim Masiutin
Submitted by: Nils Larsch
 2004-10-21 00:06:14 +00:00
Richard Levitte
d813ff2ac1 make update 2004-09-10 10:30:33 +00:00
Dr. Stephen Henson
c431798e82 Reformat smime utility. 
Add support for policy checking in verify utility.
 2004-09-07 18:38:46 +00:00
Dr. Stephen Henson
fb80794568 Don't use 'explicit' for variable name. 2004-09-07 00:31:08 +00:00
Dr. Stephen Henson
4ec3d785e5 Reformat smime.c 2004-09-07 00:28:17 +00:00
Dr. Stephen Henson
5d7c222db8 New X509_VERIFY_PARAM structure and associated functionality. 
This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.
 2004-09-06 18:43:01 +00:00
Richard Levitte
2549564009 On systems that use case-insensitive symbol names (i.e. they're all 
converted to upper case or something like that), the application-
level bio_dump_cb() has a name clash with the new library function
BIO_dump_cb().  The easiest fix is to rename the function at the
application level.
 2004-08-12 08:58:55 +00:00
Dr. Stephen Henson
b5a93e2250 Call setup_engine after autoconfig. 2004-08-06 12:44:34 +00:00
Dr. Stephen Henson
c128bb0fa2 Don't ignore return value of EVP_DigestInit_ex() in md BIOs and dgst utility. 2004-08-05 18:09:50 +00:00
Andy Polyakov
c88f8f76b5 'apps/openssl dgst -help' update and minor apps/speed.c update. 2004-07-25 18:57:35 +00:00
Dr. Stephen Henson
0efea28dcb Don't try to parse non string types. 2004-07-01 18:15:33 +00:00
Richard Levitte
28a8003467 Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>. 
PR: 499
 2004-06-28 22:01:37 +00:00
Richard Levitte
563cd0f2b0 Make the tests of EVP operations without padding. As a consequence, 
there's no need for a larger BUFSIZE any more...

PR: 904
 2004-06-28 16:32:12 +00:00
Richard Levitte
3ac0f28837 Make sure that the buffers are large enough to contain padding. 
PR: 904
 2004-06-28 12:23:35 +00:00
Richard Levitte
47c1735acd NetWare fixes provided by Verdon Walker for OpenSSL 0.9.8-dev. 
The changes have been mailed to <crypt@bis.doc.gov> as well.

PR: 903
 2004-06-28 11:55:28 +00:00
Dr. Stephen Henson
8a60547896 Reformat pkcs8 source. 2004-06-24 13:10:54 +00:00
Andy Polyakov
bc1ca8605c Working on HP-UX shared support... 2004-05-31 14:50:19 +00:00
Andy Polyakov
63ba7e293f Make sha-256/-512 naming in speed.c consistent with their names as they 
will appear at EVP leyer.
 2004-05-31 12:40:22 +00:00
Andy Polyakov
46ceb15c39 SHA-256/-512 test and benchmark. 2004-05-20 21:49:38 +00:00
Geoff Thorpe
9c52d2cc75 After the latest round of header-hacking, regenerate the dependencies in 
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
 2004-05-17 19:26:06 +00:00
Geoff Thorpe
f0eae953e2 Remove some unnecessary recursive includes from the internal apps.h header, 
and include bn.h in those C files that need bignum functionality.
 2004-05-17 19:05:32 +00:00
Richard Levitte
d1739eb2d6 make update 2004-05-13 21:38:47 +00:00
Dr. Stephen Henson
df368ecce4 Make self signing option of 'x509' use random serial numbers too. 2004-05-12 18:20:37 +00:00
Geoff Thorpe
bcfea9fb25 Allow RSA key-generation to specify an arbitrary public exponent. Jelte 
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
 2004-04-26 15:31:35 +00:00
Dr. Stephen Henson
77475142ec New option to 'x509' -next_serial. This outputs the certificate 
serial number plus 1 to the output file. Its purpose is to allow
serial number files to be initialized when random serial numbers
are used.
 2004-04-21 12:46:20 +00:00
Dr. Stephen Henson
90fac84066 Use X509_get_serialNumber() instead of accessing internals in x509.c 2004-04-21 12:43:21 +00:00
Dr. Stephen Henson
64674bcc8c Reduce chances of issuer and serial number duplication by use of random 
initial serial numbers.

PR: 842
 2004-04-20 12:05:26 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Geoff Thorpe
823a67b0a9 header cleanup in apps/ 2004-04-19 18:13:07 +00:00
Dr. Stephen Henson
ae44fc1ec4 Clear error if unique_subject lookup fails. 2004-04-15 00:32:19 +00:00
Richard Levitte
d530017c00 Move the definition of Win32_rename(), since the macro rename gets undefined 
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853
 2004-03-25 20:09:00 +00:00
Geoff Thorpe
5148710994 Adds warnings about two curves and fixes the "seed" value for two other 
curves.

Submitted by: Nils Larsch
 2004-03-25 03:03:52 +00:00
Richard Levitte
d342ec3335 o_str.h isn't a public header file, so make sure it will still be 
included.
 2004-03-24 09:43:03 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated 
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
 2004-03-15 23:15:26 +00:00
Dr. Stephen Henson
3f39976da3 Call autoconfig code in pkcs7 utility. 2004-03-05 23:46:29 +00:00
Geoff Thorpe
6c43032121 minor signed/unsigned warning fixes 2004-02-10 18:46:10 +00:00
Dr. Stephen Henson
37ead9be0b Fix handling of -offset and -length in asn1parse tool. 
If -offset exceeds -length of data available exit with an error.

Don't read past end of total data available when -offset supplied.

If -length exceeds total available truncate it.
 2004-02-08 13:30:04 +00:00
Andy Polyakov
3a160f1dc6 Fix declaration inconsistency in ecparam.c. 2004-01-24 16:51:59 +00:00
Lutz Jänicke
cdb42bcf0c Cover all DSA setups when running tests 
PR: #748
Submitted by: Kirill Kochetkov <kochet@ixbt.com>
 2004-01-08 07:46:37 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh 
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy(). 
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 14:40:17 +00:00
Richard Levitte
03ddbdd9b9 Move another common functionality (reproduced so far with cut'n'paste) 
to apps.c, and give it the hopefully descriptive name parse_yesno().
 2003-11-28 14:45:09 +00:00
Richard Levitte
d45a098472 Forgot to change the declaration of do_subject() to one of parse_name()... 2003-11-28 14:18:05 +00:00
Richard Levitte
6d5ffb591b Move do_subject() to apps.c and rename it to parse_name(). The 
rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.
 2003-11-28 14:07:14 +00:00
Richard Levitte
7ce9e425bc Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option 
to 'openssl req' and 'openssl ca'.

PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte

(there will be some follow-up changes)
 2003-11-28 14:04:09 +00:00
Richard Levitte
4d8743f490 Netware-specific changes, 
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
 2003-11-28 13:10:58 +00:00
Dr. Stephen Henson
a8287a90ea Give CRLDP its standard name. 
Max req -x509 use V1 if extensions section absent.
 2003-11-20 22:45:06 +00:00
Lutz Jänicke
95de3d204f Make sure to initialize AES counters to obtain proper results. 
Submitted by: Kirill Kochetkov <kochet@ixbt.com>

PR: #748
 2003-11-18 18:27:12 +00:00
Lutz Jänicke
f35232e6f3 Catch error condition to prevent NULL pointer dereference. 
Submitted by: Goetz Babin-Ebell <babin-ebell@trustcenter.de>

PR: #766
 2003-11-16 16:30:39 +00:00
Geoff Thorpe
d8ec0dcf45 Avoid some shadowed variable names. 
Submitted by: Nils Larsch
 2003-11-04 00:51:32 +00:00
Richard Levitte
cfd06a6223 Let exit codes propagate from within for loops. 2003-10-31 06:58:24 +00:00
Geoff Thorpe
bc3c578208 Copy-n-paste bug (don't mix variable declarations and code). This sets the 
callback structure just before it is needed.
 2003-10-29 22:30:45 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. 
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
 2003-10-29 20:24:15 +00:00
Geoff Thorpe
0991f07034 For whatever reason (compiler or header bugs), at least one commonly-used 
linux system (namely mine) chokes on our definitions and uses of the "HZ"
symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast"
(when in fact there is no function casting involved at all). In both cases,
it is easily worked around by not defining a cast into the macro and
jiggling the expressions slightly.

In addition - this highlights some cruft in openssl that needs sorting out.
The tmdiff.h header is exported as part of the openssl API despite the fact
that it is ugly as the driven sludge and not used anywhere in the library,
applications, or utilities. More weird still, almost identical code exists
in apps/speed.c though it looks to be slightly tweaked - so either tmdiff
should be updated and used by speed.c, or it should be dumped because it's
obviously not useful enough.

Rather than removing it for now, I've changed the API for tmdiff to at
least make sense. This involves taking the object type (MS_TM) from the
implementation and using it in the header rather than using "char *" in the
API and casting mercilessly in the code (ugh). If someone doesn't like
"MS_TM" and the "ms_time_***" naming, by all means change it. This should
be a harmless improvement, because the existing API is clearly not very
useful (eg. we reimplement it rather than using it in our own utils).

However, someone still needs to take a hack at consolidating speed.c and
tmdiff.[ch] somehow.
 2003-10-29 04:40:13 +00:00
Geoff Thorpe
2aaec9cced Update any code that was using deprecated functions so that everything builds 
and links with OPENSSL_NO_DEPRECATED defined.
 2003-10-29 04:14:08 +00:00
Dr. Stephen Henson
a08ced78c8 Avoid warnings: add missing prototype, don't shadow. 2003-10-10 23:07:24 +00:00
Richard Levitte
f44e184ec6 s_client should inform the user of any compression/expansion methods used. 2003-10-06 12:19:38 +00:00
Richard Levitte
3d7c4a5a6d Selected changes for MSDOS, contributed by Gisle Vanem <giva@bgnett.no>. 
PR: 669
 2003-09-27 21:56:08 +00:00
Richard Levitte
253e893c2b Include the instance in the Kerberos ticket information. 
In s_server, print the received Kerberos information.
PR: 693
 2003-09-27 17:55:13 +00:00
Dr. Stephen Henson
dfe399e7d9 Add -passin support to rsautl 2003-09-21 02:20:02 +00:00
Dr. Stephen Henson
7068c8b1a6 In order to get the expected self signed error when 
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
 2003-09-21 02:18:15 +00:00
Richard Levitte
e6fa67fa93 Generalise the definition of strcasecmp() and strncasecmp() for 
platforms that don't (necessarely) have it.  In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).
 2003-09-09 14:48:36 +00:00
Dr. Stephen Henson
560dfd2a02 New -ignore_err option in ocsp application to stop the server 
exiting on the first error in a request.
 2003-09-03 23:56:01 +00:00
Bodo Möller
563c05e2dc fix out-of-bounds check in lock_dbg_cb (was too lose to detect all 
invalid cases)

PR: 674
 2003-08-14 10:33:56 +00:00
Bodo Möller
968766cad8 updates for draft-ietf-tls-ecc-03.txt 
Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller
 2003-07-22 12:34:21 +00:00
Richard Levitte
94805c84d1 Add -issuer_hash and make -subject_hash the default way to get the 
subject hash, with -hash a synonym kept around for backward
compatibility reasons.
PR: 650
 2003-07-03 20:45:09 +00:00
Bodo Möller
0fbffe7a71 implement PKCS #8 / SEC1 private key format for ECC 
Submitted by: Nils Larsch
 2003-06-25 21:35:05 +00:00
Richard Levitte
fd4ef69913 Implement CRL numbers. 
Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com>
PR: 644
 2003-06-19 17:40:16 +00:00
Richard Levitte
fadd2246a0 Avoid warnings saying that the format takes a void*. 2003-06-11 22:26:02 +00:00
Dr. Stephen Henson
beab098d53 Various S/MIME bug and compatibility fixes. 2003-06-01 20:51:58 +00:00
Lutz Jänicke
4f17dfcd75 Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before) 
Submitted by: dg@sunet.ru (Daniel Ginsburg)

PR: #613
 2003-05-28 20:24:57 +00:00
Richard Levitte
d1465bac90 make update 2003-05-01 04:10:32 +00:00
Richard Levitte
4c771796d5 Convert save_serial() to work like save_index(), and add a 
rotate_serial() that works like rotate_index().
 2003-04-04 15:10:35 +00:00
Richard Levitte
d6df2b281f Add documentation on the added functionality in 'openssl ca'. 2003-04-04 14:39:44 +00:00
Richard Levitte
3ae70939ba Correct a lot of printing calls. Remove extra arguments... 2003-04-03 23:39:48 +00:00
Richard Levitte
83b23ed967 One more debug line to conditionalise. 2003-04-03 23:01:20 +00:00
Richard Levitte
16b1b03543 Implement self-signing in 'openssl ca'. This makes it easier to have 
the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.
 2003-04-03 22:33:59 +00:00
Richard Levitte
db598fbce2 Don't try to free NULL values... 2003-04-03 20:03:23 +00:00
Richard Levitte
0998cfaadd Remove unused variable. 2003-04-03 19:07:27 +00:00
Richard Levitte
c4448f60d6 Reset the version number of the issuer certificate? I believe this 
hasn't been tested in a long while...
 2003-04-03 18:50:15 +00:00
Richard Levitte
63b6fe2bf6 Conditionalise all debug strings. 2003-04-03 18:07:39 +00:00
Richard Levitte
f85b68cd49 Make it possible to have multiple active certificates with the same 
subject.
 2003-04-03 16:33:03 +00:00
Richard Levitte
d678cc07ed No need to test -setalias twice. 
PR: 556
 2003-03-31 13:56:52 +00:00
Richard Levitte
03eeb07152 Add usage string for -fingerprint. 
PR: 560
 2003-03-31 13:06:24 +00:00
Dr. Stephen Henson
1a15c89988 Multi valued AVA support. 2003-03-30 01:51:16 +00:00
Dr. Stephen Henson
e5b0508a14 Update ocsp usage message and docs. 2003-03-26 00:46:47 +00:00
Richard Levitte
48f1fa7482 Make sure that all the library paths are modified in prepend mode, not 
replace mode.
PR: 528
 2003-03-20 11:37:47 +00:00
Dr. Stephen Henson
12d4e7b8c8 Fix PEDANTIC stuff... 2003-03-13 21:28:03 +00:00
Dr. Stephen Henson
767712fa62 Avoid warnings for no-engine and PEDANTIC 2003-03-12 02:38:57 +00:00
Bodo Möller
176f31ddec - new ECDH_compute_key interface (KDF is no longer a fixed built-in) 
- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary
 2003-02-28 15:37:10 +00:00
Dr. Stephen Henson
e9ec63961b Fix indefinite length encoding so EOC correctly updates 
the buffer pointer.

Rename PKCS7_PARTSIGN to PKCS7_STREAM.

Guess what that's for :-)
 2003-02-25 19:03:31 +00:00
Ulf Möller
66ecdf3bfb more mingw related cleanups. 2003-02-22 18:00:14 +00:00
Richard Levitte
132eaa59da Allow building applications against static libraries with Makefile.shared. 2003-02-22 14:41:34 +00:00
Dr. Stephen Henson
27068df7e0 Single pass processing to cleartext S/MIME signing. 2003-02-15 00:50:55 +00:00
Richard Levitte
c1269c81fd Handle krb5 libraries separately and make sure only libssl.so depends 
on it.
 2003-02-14 13:12:00 +00:00
Richard Levitte
e270cf9c5e Pay attention to disabled SSL versions. 
PR: 500
 2003-02-14 05:24:22 +00:00
Richard Levitte
85d686e723 Make it possible to disable OCSP, the speed application, and the use of sockets. 
PR: 358
 2003-02-14 01:02:58 +00:00
Richard Levitte
2d3de726c5 Add full support for -rpath/-R, both in shared libraries and 
applications, at least on the platforms where it's known how
to do it.

Note: this has only been tested on GNU-based platforms (Linux), and
needs to be tested on all others.  Additionally, it's not yet
supported on the following platforms, for lack of information:

Darwin (MacOS X)
Cygwin
OSF1/Alpha
SVR3
ReliantUNIX

Please help out with testing and the platforms we don't yet know well
enough.
 2003-02-13 23:52:54 +00:00
Dr. Stephen Henson
33075f229e Typo. 2003-02-10 17:52:10 +00:00
Bodo Möller
d42d2d1ab6 avoid coredump 
Submitted by: Nils Larsch
 2003-02-08 19:49:16 +00:00
Bodo Möller
37c660ff9b implement fast point multiplication with precomputation 
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
 2003-02-06 19:25:12 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework. 
PR: 287
 2003-01-30 17:39:26 +00:00
Geoff Thorpe
bb3e67f315 "openssl engine" will not display ENGINE/DSO load failure errors when 
testing availability of engines with "-t" - the old behaviour of is
produced by increasing the feature's verbosity with "-tt".
 2003-01-30 14:58:44 +00:00
Richard Levitte
4e78074b39 cert_sk isn't always allocated, so freeing it may cause a crash. 
PR: 481
 2003-01-30 10:27:43 +00:00
Dr. Stephen Henson
d3b5cb5343 Check return value of gmtime() and add error codes 
where it fails in ASN1_TIME_set().

Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.

Clear error queue in req.c if *_min or *_max is absent.
 2003-01-24 01:12:01 +00:00
Bodo Möller
d745af4b0c avoid potential confusion about curves (prime192v1 and prime256v1 are 
also known as secp192r1 and secp256r1, respectively)

Submitted by: Nils Larsch, Bodo Moeller
 2003-01-16 16:05:23 +00:00
Richard Levitte
8cbb91c857 DJGPP doesn't have DLLs, so skip adding to %PATH% in that environment. 
PR: 453
 2003-01-13 15:16:40 +00:00
Dr. Stephen Henson
09ad2458b8 Typo. 2003-01-09 16:54:21 +00:00
Dr. Stephen Henson
5b7249f302 NULL tofree when it is freed to avoid double free. 
Make sure key is not NULL before freeing it.
 2003-01-09 13:06:49 +00:00
Dr. Stephen Henson
876e96fdbf Fix leak. 2003-01-04 18:25:24 +00:00
Richard Levitte
5e42f9ab46 make update 2002-12-29 01:38:15 +00:00
Richard Levitte
e235000169 Spelling error. 
This patch was taken from the OpenBSD copy of OpenSSL 0.9.7 beta3 with patches
 2002-12-25 22:16:56 +00:00
Richard Levitte
821951b851 Avoid double definition of config. 
PR: 420
 2002-12-24 23:53:46 +00:00
Richard Levitte
cb661c56b0 Cygwin needs the library locatin for .DLLs to be set in PATH. Unfortunately, 
the conditional was set to add the library directory to PATH when the
platform is NOT Cygwin.  Corrected.
PR: 404
 2002-12-24 10:50:11 +00:00
Richard Levitte
49e42a1f60 There was a mixup between INSTALLTOP and OPENSSLDIR... 2002-12-20 07:51:03 +00:00
Richard Levitte
9cd16b1dea We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies, 
and then didn't support it very well.  And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
 2002-12-19 22:10:12 +00:00
Richard Levitte
0b900a5e93 I have no idea what possesed me to compile s_socket.c as POSIXly code. 
Incidently, it now compiles so much better without _POSIX_C_SOURCE.
 2002-12-19 19:42:53 +00:00
Richard Levitte
30c08f2e3d Update the make system for installations: 
- define a HERE variable to indicate where the source tree is (used
  very little right now)
- make more use of copying and making attribute changes to {file}.new,
  and then move it to {file}
- use 'mv -f' to avoid all those questions to the user when the file
  in question doesn't have write attributes for that user.
 2002-12-15 05:59:13 +00:00
Geoff Thorpe
f92570f00a This stops a compiler warning from -Wmissing-prototypes. 
(Noticed by Nils Larsch)
 2002-12-11 03:34:26 +00:00
Geoff Thorpe
e189872486 Nils Larsch submitted; 
- a patch to fix a memory leak in rsa_gen.c
  - a note about compiler warnings with unions
  - a note about improving structure element names

This applies his patch and implements a solution to the notes.
 2002-12-08 16:45:26 +00:00
Geoff Thorpe
5daec7ea0e Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are 
being built with it defined - it is not a symbol to affect how openssl
itself builds, but to alter the way openssl headers can be used from an API
point of view. The "deprecated" function wrappers will always remain inside
OpenSSL at least as long as they're still being used internally. :-)

The exception is dsaparam which has been updated to the BN_GENCB-based
functions to test the new functionality. If GENCB_TEST is defined, dsaparam
will support a "-timebomb <n>" switch to cancel parameter-generation if it
gets as far as 'n' seconds without completion.
 2002-12-08 05:38:44 +00:00
Richard Levitte
fa63a98ad8 Apparently, bash is more forgiving than sh. To be backward 
compatible, don't use ==, use = instead...
 2002-12-06 08:43:41 +00:00
Richard Levitte
f68bb3c51f Corrected DJGPP patch 2002-12-05 20:50:25 +00:00
Richard Levitte
1c3e4a3660 EXIT() may mean return(). That's confusing, so let's have it really mean 
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
 2002-12-03 16:33:03 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function. 
I've covered all the memset()s I felt safe modifying, but may have missed some.
 2002-11-28 08:04:36 +00:00
Richard Levitte
19aa370573 Disable this module if OPENSSL_NO_SOCK is defined. 2002-11-22 08:45:20 +00:00
Richard Levitte
450cee5c3a Make sure sysconf exists (it doesn't in the VMS C RTL lesser than version 7). 2002-11-18 23:05:39 +00:00
Bodo Möller
055076cd4f allocate bio_err before memory debugging is enabled to avoid memory leaks 
(we can't release it before the CRYPTO_mem_leaks() call!)

Submitted by: Nils Larsch
 2002-11-18 13:37:40 +00:00
Richard Levitte
0bf23d9b20 WinCE patches 2002-11-15 22:37:18 +00:00
Richard Levitte
6f17f16fd5 Changes to make shared library building and use work better with Cygwin 2002-11-15 16:48:38 +00:00
Richard Levitte
c863201780 Remove warnings. 2002-11-14 15:57:38 +00:00
Richard Levitte
8d6e60486f Fix to build better with DJGPP. 
PR: 338

Here's the description, submitted by Gisle Vanem <giva@bgnett.no>:

1. sock_init() renamed to ssl_sock_init() in ./apps/s_socket.c due
   to name-clash with Watt-32.

2. rand() renamed to Rand() in ./crypto/bn/divtest.c due to name-clash
   with <stdlib.h>

3. Added calls to dbug_init()/sock_init() in some demo programs.

4. Changed cflags/lflags in configure. Watt-32 install root now taken
   from $WATT_ROOT.
 2002-11-14 11:22:01 +00:00
Richard Levitte
c112323dd5 This didn't get to the 0.9.8-dev thread... 2002-11-13 18:09:27 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Dr. Stephen Henson
9ea1b87862 Initial ASN1 generation code. This can construct 
arbitrary encodings from strings and config files.

Documentation to follow...
 2002-11-12 13:34:51 +00:00
Richard Levitte
06b7c8d5ba Variables on the stack must be initialized or we can't depend on any 
initial value.  For errline/errorline, we did depend on that, erroneously
 2002-11-11 21:34:21 +00:00
Richard Levitte
6722b62b36 Make the programs link against the static library on MacOS X. 
PR: 335
 2002-11-11 20:46:52 +00:00
Richard Levitte
3782350c14 -CAserial does take a filename argument. 
PR: 332
 2002-11-08 21:53:54 +00:00
Richard Levitte
ddff68bee7 Windows doesn't know sys/file.h 2002-11-07 21:40:06 +00:00
Richard Levitte
b6d0defb98 Remove all referenses to RSAref, since that's been gone for more than 
a year.
 2002-10-31 16:46:52 +00:00
Bodo Möller
259cdf2af9 Sun has agreed to removing the covenant language from most files. 
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
 2002-10-29 10:59:32 +00:00
Bodo Möller
5c6bf03117 fast reduction for NIST curves 
Submitted by: Nils Larsch
 2002-10-28 13:23:24 +00:00
Richard Levitte
d652a0957f Make sure toupper() is declared 2002-10-25 09:51:45 +00:00
Richard Levitte
d610d27f30 On certain platforms, we redefine certain symbols using macros in 
apps.h.  For those, it's better to include apps.h after the system
headers where those symbols may be defined, since there's otherwise a
chance that the C compiler will barf when it sees something that looks
like this after expansion:

int VMS_strcasecmp((str1),(str2))(const char *, const char *);
 2002-10-24 10:03:55 +00:00
Richard Levitte
96b35c9e26 Signal an error if the entered output password didn't match itself. 
PR: 314
 2002-10-23 15:07:09 +00:00
Bodo Möller
907a8f1e6e fix warnings, and harmonize indentation 2002-10-23 13:11:38 +00:00
Richard Levitte
677532629d makedepend complains when a header file is included more than once in 
the same source file.
 2002-10-14 10:02:36 +00:00
Richard Levitte
2245cd87d4 BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the 
requirement that the serial number always be an even amount of characters.
PR: 248
 2002-10-11 09:38:56 +00:00
Richard Levitte
ca80756c70 VMS below version 7 doesn't have strcasecmp, so let's roll our own on VMS. 
PR: 184
 2002-10-10 09:05:05 +00:00
Richard Levitte
0e2cc42cfb Make sure that the 'config' variable is correctly defined and declared 
for monolithic as well as non-monolithic biuld.
More work is probably needed in this area.
PR: 144
 2002-10-09 15:36:23 +00:00
Richard Levitte
1e5c205ccb Remove redundancy and use the main makefile better 2002-10-09 15:12:36 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we 
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
 2002-10-09 13:25:12 +00:00
Richard Levitte
d7b2342a6a Add missing LF 2002-10-09 06:35:47 +00:00
Dr. Stephen Henson
9a48b07ee4 Various enhancements to PKCS#12 code, new 
medium level API, improved PKCS12_create
and additional functionality in pkcs12
utility.
 2002-10-03 23:53:52 +00:00
Richard Levitte
5d9470ff8e -elapsed is also useful when using gettimeofday 2002-09-25 12:41:59 +00:00
Bodo Möller
9226e2187c Let 'openssl req' fail if an argument to '-newkey' is not 
recognized instead of using RSA as a default.
 2002-09-10 07:34:45 +00:00
Bodo Möller
65b1d31df5 change API for looking at the internal curve list 
Submitted by: Nils Larsch
 2002-09-02 07:08:33 +00:00
Bodo Möller
e2aeb8174b change 'usage' formatting 2002-08-27 10:38:09 +00:00
Bodo Möller
c96f0fd2d1 fix spacing 2002-08-26 14:50:52 +00:00
Bodo Möller
ad55f581f9 fix offsets 
Submitted by: Nils Larsch
 2002-08-26 11:25:14 +00:00
Bodo Möller
d4a8f90cab ecdsa => ec 
Submitted by: Nils Larsch
 2002-08-26 11:20:50 +00:00
Dr. Stephen Henson
fc85ac20c7 Make -nameopt work in req and add support for -reqopt 2002-08-22 23:43:48 +00:00
Dr. Stephen Henson
9a2601033d Fix crahses and leaks in pkcs12 utility -chain option 2002-08-22 21:54:51 +00:00
Bodo Möller
428112ef10 typo 
Submitted by: Nils Larsch
 2002-08-16 11:19:59 +00:00
Bodo Möller
64376cd8ff 'EC' vs. 'ECDSA' 
Submitted by: Nils Larsch
 2002-08-16 11:19:07 +00:00
Bodo Möller
0fd05a2f0f fix warnings (CHARSET_EBCDIC) 
Submitted by: Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
 2002-08-15 14:52:54 +00:00
Bodo Möller
7eb18f1237 Simplify handling of named curves: get rid of EC_GROUP_new_by_name(), 
EC_GROUP_new_by_nid() should be enough.  This avoids a lot of
redundancy.

Submitted by: Nils Larsch
 2002-08-15 09:21:31 +00:00
Richard Levitte
265e892fed Sometimes, the value of the variable containing the compiler call can 
become rather large.  This becomes a problem when the default 1024
character large buffer that WRITE uses isn't enough.  WRITE/SYMBOL
uses a 2048 byte large buffer instead.
 2002-08-15 08:28:38 +00:00
Richard Levitte
bf625abe29 The applications 'ecdsa' and 'ecparam' were missing from the VMS 
build.
 2002-08-14 11:16:20 +00:00
Bodo Möller
f17ef241d1 fix previous commit (there's no SSLEAY_VERSION_TEXT) 2002-08-12 11:21:02 +00:00
Bodo Möller
5488bb6197 get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead) 
Submitted by: Nils Larsch
 2002-08-12 08:47:41 +00:00
Richard Levitte
4fde69b066 In case of shared libraries, we might run one version of the 
application with a different version of the library.  Detect if there
is a difference of versions, and print both versions in that case.
This might prove to be a good enough debugging tool in case of doubt.
 2002-08-11 21:48:44 +00:00
Bodo Möller
74cc4903ef make update 2002-08-09 12:16:15 +00:00
Bodo Möller
41fdcfa71e fix warnings 2002-08-09 11:58:28 +00:00
Bodo Möller
ea26226046 ECC ciphersuite support 
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
 2002-08-09 08:56:08 +00:00
Bodo Möller
e172d60ddb Add ECDH support. 
Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
 2002-08-09 08:43:04 +00:00
Bodo Möller
14a7cfb32a use a generic EC_KEY structure (EC keys are not ECDSA specific) 
Submitted by: Nils Larsch
 2002-08-07 10:49:54 +00:00
Bodo Möller
714df32e33 extend curve list (additional curves over binary fields) 
Submitted by: Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)
 2002-08-02 13:06:17 +00:00
Richard Levitte
456bc309d8 make update 2002-08-01 19:45:54 +00:00
Richard Levitte
da9b972466 Make it possible to load keys from stdin, and restore that 
functionality in the programs that had that before.
Part fo PR 164
 2002-08-01 16:28:40 +00:00
Richard Levitte
5575f781ad Cut'n'paste error with other reposnder certificates cleared. 
PR: 190
 2002-08-01 13:39:39 +00:00
Richard Levitte
87e8feca95 If the email address is moved from the subject to the subject alternate name, 
the subject in the certificate would differ from the subject in the index file,
which has quite bad concequences.
PR: 180
 2002-07-31 14:05:57 +00:00
Lutz Jänicke
3aecef7697 "make update" 2002-07-30 12:44:33 +00:00
Lutz Jänicke
77c46bbf29 Only use DSA-functions if available. 
Submitted by: "Hellan,Kim KHE" <KHE@kmd.dk>
Reviewed by:
PR: 167
 2002-07-29 13:31:44 +00:00
Bodo Möller
eefa6e4e2b harmonize options with those for 'ecparam', 
remove redudant option '-pub'

Submitted by: Nils Larsch
 2002-07-23 09:51:57 +00:00
Richard Levitte
402bcde847 Allow subjects with more than 255 characters to be properly printed. 
PR: 147
 2002-07-18 17:59:21 +00:00
Bodo Möller
7e6617611f Fix bug introduced with revision 1.95 when this filed was modified to 
use the new X509_CRL_set_issuer_name() function:
The CRL issuer should be X509_get_subject_name(x509), not
X509_get_issuer_name(x509).

Submitted by: Juergen Lesny <lesnyj@informatik.tu-muenchen.de>

typo
 2002-07-18 11:23:50 +00:00
Richard Levitte
ca6dde5d3d Reverse the change with the following log, it needs further investigation: 
Make S/MIME output conform with the mail and MIME standards.
PR: 151
 2002-07-18 10:39:20 +00:00
Richard Levitte
8e6cbcd7c0 Make S/MIME output conform with the mail and MIME standards. 
PR: 151
 2002-07-18 08:47:33 +00:00
Richard Levitte
9335a5f7c0 Unixware doesn't have strings.h, so we need to declare strcasecmp() 
differently.
Unixware 2 needs to link with libresolv.
PR: 148
 2002-07-18 07:47:30 +00:00
Richard Levitte
f5db08e57a On MacOS X, the shared library editor uses DYLD_LIBRARY_PATH 2002-07-17 11:09:44 +00:00
Richard Levitte
cead7f36da Set up the engine before doing anything random-related, since engine randomness 
is only used for seeding and doing it in the wrong order will mean seeding
is done before the engine randomness is hooked in.
Notified by Frederic DONNAT <frederic.donnat@zencod.com>
 2002-07-16 06:52:03 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam' 
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
 2002-07-14 16:54:31 +00:00
Lutz Jänicke
7b63c0fa8c Reorder inclusion of header files: 
des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
 2002-07-10 07:01:54 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are 
handled properly.
Part of PR 75
 2002-06-27 16:39:25 +00:00
Richard Levitte
5585f4eca4 have 'openssl pkcs7' exit with code 1 on error instead of 0. 
PR: 119
 2002-06-27 10:26:40 +00:00
Lutz Jänicke
a947f2d2b6 <sys/select.h> is included for AIX, when USE_SOCKETS is defined. 
Submitted by: Bernhard Simon <bs@bsws.zid.tuwien.ac.at>
Reviewed by:
PR:
 2002-06-20 20:49:27 +00:00
Geoff Thorpe
407adb5b17 This apparently fixes compilation on OSX that was failing in 0.9.7 betas. 
Submitted by: Pieter Bowman <bowman@math.utah.edu>
 2002-06-20 18:22:51 +00:00
Lutz Jänicke
1c02ca537a load_netscape_key is static. 2002-06-18 17:44:56 +00:00
Lutz Jänicke
40889b9cd3 Add missing prototypes. 
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
PR: 89
 2002-06-13 17:40:27 +00:00
Dr. Stephen Henson
99889b46c9 Fix ext_dat.h extension ordering. 
Reinstate -reqout code.

Avoid coredump in ocsp if setup_verify
fails.

Fix typo in ocsp usage message.
 2002-06-13 12:56:27 +00:00
Bodo Möller
254ef80db1 simplify asn1_flag 
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
 2002-06-12 14:01:17 +00:00
Ben Laurie
d15711efc6 Handle read errors. 2002-06-11 12:41:37 +00:00
Bodo Möller
458c29175e move ECC ASN1 that is not specific to ECDSA into crypto/ec/, 
and make some appropriate changes to the EC library.

Submitted by: Nils Larsch
 2002-06-10 12:18:21 +00:00
Lutz Jänicke
0f7b63c834 Make sure that settings are passed back and forth when walking around 
in the tree during build.
Reinstall default PERL settings in Makefiles, as the real reason for the
failure was that the settings were not passed.
 2002-06-06 10:16:59 +00:00
Lutz Jänicke
bb0db9c491 The correct PERL interpreter is passed via commandline. 2002-06-05 07:03:17 +00:00
Richard Levitte
a81e9d3dc4 CAformat should not be used for CA key format. 2002-05-30 16:24:18 +00:00
Richard Levitte
c56fb0f1a3 Remove the duplicate description of -out. 
PR: 28
 2002-05-30 06:24:35 +00:00
Richard Levitte
6298bf9073 There is a chance that the input string is larger than size, and on VMS, 
this wasn't checked and could possibly be exploitable (slim chance, but still)
 2002-05-29 08:31:39 +00:00
Richard Levitte
b935754cb0 Allow the use of the TCP/IP stack keyword TCPIP and NONE 2002-05-22 11:37:20 +00:00
Dr. Stephen Henson
eee6c81af8 Reorganise -subj option code, fix buffer overrun. 2002-05-19 16:31:10 +00:00
Richard Levitte
e9a182fa30 Generate an error if rewinding wasn't possible. 
Notified by Ken Hirsch <kenhirsch@myself.com>.
PR: 23
 2002-05-08 15:12:59 +00:00
Dr. Stephen Henson
253ef2187c Add apps_startup and bio_err init code to smime.c 2002-05-01 20:07:46 +00:00
Lutz Jänicke
c0455cbb18 Fix escaping when using the -subj option of "openssl req", document 
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
 2002-04-30 12:08:18 +00:00
Richard Levitte
6991bf196c Potential memory leak removed. Notified by <threaded@totalise.co.uk> 2002-04-25 10:11:21 +00:00
Bodo Möller
c6efe6f59e fix usage (no 'key') 2002-04-23 13:56:14 +00:00
Bodo Möller
1064acafc4 check return values 
Submitted by: Nils Larsch
 2002-04-17 09:31:34 +00:00
Bodo Möller
6d498d478e harmonize capitalization 2002-04-09 12:42:47 +00:00
Richard Levitte
a18894d159 make update (libeay.num has been edited to match 0.9.7-stable) 2002-04-06 19:16:12 +00:00
Richard Levitte
dfee50ecd9 Allow longer program names (VMS allows up to 39 characters). 
Submitted by Compaq.
 2002-04-06 19:00:50 +00:00
Richard Levitte
125cc35b59 Merge in DES changed from 0.9.7-stable. 2002-03-22 02:42:57 +00:00
Bodo Möller
af28dd6c75 Fix bugs and typos. 
Add some WTLS curves.
New function EC_GROUP_check() (this will probably
be implemented differently soon).

Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
 2002-03-18 13:10:45 +00:00
Dr. Stephen Henson
de941e289e Initialize cipher context in KRB5 
("D. Russell" <russelld@aol.net>)

Allow HMAC functions to use an alternative ENGINE.
 2002-03-14 18:22:23 +00:00
Bodo Möller
690ecff795 Fixes for 'no-hw' combined with 'no-SOME_CIPHER'. 
Fix dsaparam usage output.

Submitted by: Nils Larsch
 2002-03-14 09:52:03 +00:00
Dr. Stephen Henson
26e1237380 Fix the Win32_rename() function so it correctly 
returns an error code. Use the same code in Win9X
and NT.

Fix some ca.c options so they work under Win32:
unlink/rename wont work under Win32 unless the file
is closed.
 2002-03-08 19:11:15 +00:00
Bodo Möller
4882171df5 EC curve stuff 
Submitted by: Nils Larsch
 2002-03-08 11:10:40 +00:00
Dr. Stephen Henson
0dc092334b ENGINE module additions. 
Add "init" command to control ENGINE
initialization.

Call ENGINE_finish on initialized ENGINEs on exit.

Reorder shutdown in apps.c: modules should be shut
down first.

Add test private key loader to openssl ENGINE: this
just loads a private key in PEM format.

Fix print format for dh length parameter.
 2002-03-06 14:15:13 +00:00
Bodo Möller
36c194638e add SECG OIDs 
Submitted by: Nils Larsch
 2002-03-06 13:47:32 +00:00
Bodo Möller
870694b3da fix 'ecdsaparam -C' 2002-03-05 15:17:17 +00:00
Bodo Möller
87a4b4d1f4 fix printf call 2002-03-05 15:05:00 +00:00
Bodo Möller
2b3aeffbbd fix 'ecdsaparam -C' output 
Submitted by: Nils Larsch
 2002-03-05 14:56:17 +00:00
Richard Levitte
26414ee013 Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:42:19 +00:00
Richard Levitte
0d7b9b8b7e make update, after moving around symbols in libeay.num to match 
0.9.7-stable.
 2002-02-26 14:41:29 +00:00
Dr. Stephen Henson
31188ee1a8 Fix new -aes command argument handling 2002-02-26 13:46:55 +00:00
Dr. Stephen Henson
032c49b8b3 non-Monolith fixes. 
Submitted by Andrew W. Gray <agray@iconsinc.com>
 2002-02-22 21:21:18 +00:00
Dr. Stephen Henson
3647bee263 Config code updates. 
CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
 2002-02-22 14:01:21 +00:00
Richard Levitte
b3dfaaa143 Add AES support in the applications that support -des and -des3. 2002-02-20 18:03:07 +00:00
Richard Levitte
cd64618674 gcc chokes on C++ comments in C code. 2002-02-16 11:57:25 +00:00
Richard Levitte
3e83e686ba Add the configuration target VxWorks. 2002-02-14 15:37:38 +00:00
Bodo Möller
1dea1f4509 '-C' is still quite broken 2002-02-14 14:30:20 +00:00
Bodo Möller
44411db8e0 fix '-C' 2002-02-14 14:25:33 +00:00
Bodo Möller
23ac7a1407 fix memory leak 2002-02-14 14:21:49 +00:00
Bodo Möller
d8309efc72 EC_GROUP_get_group_by_name() is now called EC_GROUP_new_by_name() 2002-02-14 10:23:20 +00:00
Bodo Möller
4d94ae00d5 ECDSA support 
Submitted by: Nils Larsch <nla@trustcenter.de>
 2002-02-13 18:21:51 +00:00
Richard Levitte
de2f6e4dae 'make update' 2002-02-05 17:34:58 +00:00
Lutz Jänicke
f701551f36 HP-UX 32bit: 
* When linking against shared libraries, the absolute path is remembered.
  - When linking against -L.., '..' is remembered inside the executable,
    so it will fail after "make install" or when not called from inside the
    "apps/" subdirectory of the build tree.
  - When using the "+cdp" option of "ld", the ".." information can be
    exchanged against $(INSTALL_TOP)/lib. In this case the executable
    will however refuse to work before "make install" has been called.
    This makes testing the 'openssl' executable a problem.
* Solution 1:
  Relink the "openssl" executable, when "make install" is called.
  This would however require significant changes to the toplevel Makefile
  and the apps/ Makefile.
* Solution 2:
  Statically link against libssl and libcrypto, so that the "openssl"
  executable is no longer dependant on the openssl shared libraries.

Select option 2 for HP-UX 32bit, as this requires the smallest change.
 2002-01-29 16:32:40 +00:00
Richard Levitte
1199e2d8cf Apply patch from Toomas Kiisk <vix@cyber.ee> and complete it. 2002-01-29 12:36:01 +00:00
Richard Levitte
80bb905d3d Apply the following changes by Toomas Kiisk <vix@cyber.ee>: 
* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
  and FORMAT_NETSCAPE-aware load_{,pub}key()

This completes the application of his changes.
 2002-01-25 19:43:52 +00:00
Richard Levitte
404dcc5e8e I must learn to compile before I commit... 2002-01-25 17:35:19 +00:00
Richard Levitte
17bcb8d465 Add -keyform. Document -engine. 2002-01-25 16:51:46 +00:00
Ben Laurie
45d87a1ffe Prototype info function. 2002-01-12 15:56:13 +00:00
Richard Levitte
015fbde807 make update 2002-01-02 17:31:23 +00:00
Richard Levitte
ba1b888384 Implement speed measurement for AES. 
Submitted by Stephen Sprunk <stephen@sprunk.org> as part of his AES
integration patch.
 2002-01-02 16:57:57 +00:00
Richard Levitte
47cc5525a2 RSA counter should only be defined of RSA is available. 2002-01-02 12:40:38 +00:00
Richard Levitte
206eb6a11d Change pkcs12 so the certificates coming from -in do not get tossed if 
-certfile is given as well.
 2001-12-12 16:49:02 +00:00
Ben Laurie
ff3fa48fc7 Improve back compatibility. 2001-12-09 21:53:31 +00:00
Bodo Möller
87166e1fb6 fix warnings (one of them was clearly justified) 2001-12-07 17:02:01 +00:00
Dr. Stephen Henson
21a85f1977 Add -pubkey option to req command. 2001-12-01 23:03:30 +00:00
Bodo Möller
4f94d1a8b1 check OPENSSL_NO_... before including header files that might be 
disabled
 2001-11-22 11:13:10 +00:00
Geoff Thorpe
308f028e28 In this particular error condition, the structural reference wasn't being 
released.
 2001-11-22 09:20:08 +00:00
Richard Levitte
83c40e7fc0 Make it possible to give digest names as -evp arguments. 2001-11-15 20:19:40 +00:00
Richard Levitte
e1a00d7d1d If an engine isn't built in, try loading it as a shareable library 
instead.  This also makes it possible for users to simply give said
shareable library as argument for the -engine option.
 2001-11-15 18:48:42 +00:00
Richard Levitte
b476df64a1 make update 
perl util/mkerr.pl -recurse -write -rebuild
 2001-11-15 12:25:14 +00:00
Richard Levitte
817dfc18a3 Change the order of events so the capabilities of loaded engines can 
get listed as well.
 2001-11-14 22:30:17 +00:00
Richard Levitte
135c0af1bb Implement STARTTLS for certain protocols, currently only supporting SMTP. 2001-11-14 13:57:52 +00:00
Bodo Möller
29e0c30c2a more output for SSL 2.0 in our msg_callback 2001-11-10 01:17:02 +00:00
Dr. Stephen Henson
b83eddc578 Win32 fixes. 2001-11-06 13:40:27 +00:00
Dr. Stephen Henson
6229a5607c Fix email address delete code. 2001-11-06 01:44:21 +00:00
Richard Levitte
f559f31bef DOS and Windows do not like unistd.h 2001-11-05 12:43:17 +00:00
Ben Laurie
3210b4fd14 If verify fails, say why. 2001-11-02 13:29:14 +00:00
Richard Levitte
a7b42009c4 Change the shared library support so the shared libraries get built 
sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.
 2001-10-30 08:00:59 +00:00
Richard Levitte
7b5ffd6834 Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names 2001-10-29 13:05:28 +00:00
Dr. Stephen Henson
9b55da73ca Another noemailDN fix. 2001-10-27 17:53:06 +00:00
Dr. Stephen Henson
e7156ff2e8 Allow ca to certify requests containing BMPStrings and UTF8Strings. 2001-10-27 17:04:47 +00:00
Dr. Stephen Henson
437db75b94 Bugfixes for noemailDN option. Make it use the 
correct name (instead of NULL) if nomailDN is
not set, fix memory leaks and retain DN structure
when deleting emailAddress.
 2001-10-27 17:03:20 +00:00
Dr. Stephen Henson
1fc6d41bf6 New options to allow req to accept UTF8 strings as input. 2001-10-26 12:40:38 +00:00
Richard Levitte
66d3e7481e Make sure openssl speed is compilable on systems where fork() doesn't 
exist.  For now, that's all the ones we "support" except Unix.
 2001-10-25 16:08:17 +00:00
Ben Laurie
0e21156333 Add paralellism to speed - note that this currently causes a weird memory leak. 2001-10-25 14:27:17 +00:00
Bodo Möller
89da653fa6 Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of 
the e-mail address in the DN (i.e., it will go into a certificate
extension only).  The new configuration file option 'email_in_dn = no'
has the same effect.

Submitted by: Massimiliano Pala madwolf@openca.org
 2001-10-25 08:25:19 +00:00
Richard Levitte
c2e4f17c1a Due to an increasing number of clashes between modern OpenSSL and 
libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_.  Compatibility routines are provided and declared by including
openssl/des_old.h.  Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.

The compatibility functions will be removed in some future release, at
the latest in version 1.0.
 2001-10-24 21:21:12 +00:00
Dr. Stephen Henson
f1558bb424 Reject certificates with unhandled critical extensions. 2001-10-21 02:09:15 +00:00
Dr. Stephen Henson
6ca487992b Stop spurious "unable to load config info" errors in req 2001-10-21 01:05:53 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback(). 
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
 2001-10-20 17:56:36 +00:00
Dr. Stephen Henson
cecd263878 Add missing EVP_CIPHER_CTX_{init,cleanup} 2001-10-20 16:18:03 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way 
to digests to retain compatibility.
 2001-10-17 00:37:12 +00:00
Lutz Jänicke
41ebed27fa Flush buffers to prevent mixed output (Adam Back <adam@cypherspace.org>). 2001-10-16 14:24:46 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() 
with existing code.

Modify library to use digest *_ex() functions.
 2001-10-16 01:24:29 +00:00
Richard Levitte
dd5e774664 Add support for md4WithRSAEncryption. 2001-10-10 21:37:45 +00:00
Richard Levitte
712557128b 'make update' 2001-10-10 08:27:52 +00:00
Richard Levitte
b30245dae0 'make update' 2001-10-10 07:56:20 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our 
types.h to ossl_typ.h.
 2001-10-04 07:32:46 +00:00
Richard Levitte
3d90a32429 sch isn't an array, how did this pass through gcc? 2001-10-02 11:49:55 +00:00
Geoff Thorpe
4ba163cbf9 Make "openssl engine -c" list any supported digests as well as supported 
ciphers.
 2001-10-01 15:41:31 +00:00
Richard Levitte
a4a8f7b3ef Change HZ in speed to rely on sysconf() if the clock tick is available 
that way.  Synchronise s_time with these changes.
 2001-09-28 10:34:48 +00:00
Geoff Thorpe
34c66925aa ENGINE_register_all_complete() will register all implementations of all 
algorithms present in all loaded ENGINEs. The result is that if any of
those ENGINEs successfully initialises, and the ENGINE_TABLE_FLAG_NOINIT
flag isn't set, then they will always be used (and cached as defaults) in
preference to software implementations. Ie. accidental auto-detection of
acceleration hardware :-)

This change stops all implementations being automatically registered in
"openssl" sub-commands, so that the "setup_engine()" handler in apps.c
controls which ENGINEs are registered for use. A special case has been
added that will revert to this "auto-detect" logic, ie. if the "-engine"
switch is used as;
   -engine auto
 2001-09-28 02:25:14 +00:00
Richard Levitte
7876e4488f Stop thinking arguments starting with - are algorithm identifiers. 
Show timing parameters and timing functions used.
It looks like some Linuxen have very weird settings for CLK_TCK.  I'm
very unsure about this change and will investigate further.
 2001-09-27 15:43:55 +00:00
Geoff Thorpe
0b4b9a11f5 Put the cipher info back into the "openssl engine" command. 2001-09-25 21:45:03 +00:00
Geoff Thorpe
6dc5d570d0 Make necessary tweaks to apps/ files due to recent ENGINE surgery. See 
crypto/engine/README for details.
 2001-09-25 20:35:01 +00:00
Geoff Thorpe
10b2328fea "make update" 2001-09-24 17:42:35 +00:00
Bodo Möller
c404ff7955 make update 2001-09-20 22:52:19 +00:00
Geoff Thorpe
8ce2912fbc Updated dependencies from "make update" 2001-09-12 02:43:22 +00:00
Geoff Thorpe
1372965e2e Reduce the header dependencies on engine.h in apps/. 2001-09-12 02:39:06 +00:00
Geoff Thorpe
51ac0cfe44 make update 2001-09-10 21:18:11 +00:00
Geoff Thorpe
16e819e1d8 Put all "common" initialisation in the apps_startup() and apps_shutdown() 
macros in apps.h.
 2001-09-10 21:04:14 +00:00
Bodo Möller
c2222c2ea2 restore previous revision -- memory leak should be fixed in mem.c 2001-09-10 18:47:33 +00:00
Bodo Möller
336da5642d fix memory leak 2001-09-10 18:13:16 +00:00
Bodo Möller
a52c2fb296 exclude disabled message digests 2001-09-10 17:18:56 +00:00
Bodo Möller
41450b27f2 add AES ciphers 2001-09-10 17:12:31 +00:00
Bodo Möller
e72d5983f2 Update so that progs.h can indeed be automatically generated 
(Working file: progs.h
     revision 1.24

     date: 2001/02/19 16:06:03;  author: levitte;  state: Exp;  lines: +59 -59
     Make all configuration macros available for application by making
     sure they are available in opensslconf.h, by giving them names starting
     with "OPENSSL_" to avoid conflicts with other packages and by making
     sure e_os2.h will cover all platform-specific cases together with
     opensslconf.h.

     [...])
 2001-09-10 17:00:28 +00:00
Bodo Möller
384eff877c Fix apps/openssl.c and ssl/ssltest.c so that they use 
CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(),
which is the default implementation of the former and should usually
not be directly used by applications (at least if we assume that the
options accepted by the default implementation will also be meaningful
to any other implementations).

Also fix apps/openssl.c and ssl/ssltest such that environment variable
setting 'OPENSSL_DEBUG_MEMORY=off' actively disables the compiled-in
library defaults (i.e. such that CRYPTO_MDEBUG is ignored in this
case).
 2001-09-10 09:50:30 +00:00
Ben Laurie
7d34470458 Look up MD5 by name. 2001-09-07 11:45:42 +00:00
Ulf Möller
9d07fd03e3 Use GCC 2.95/3.0 optimization 2001-09-05 02:18:40 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul. 
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
 2001-09-01 20:02:13 +00:00
Ulf Möller
de73cca923 make update 2001-09-01 04:25:50 +00:00
Lutz Jänicke
faacb092f8 -passin argument not used when actually loading the key 
(found by Massimiliano Pala <madwolf@hackmasters.net>).
 2001-08-24 13:33:15 +00:00
Dr. Stephen Henson
b439a74620 Load OCSP responder key before waiting for an incoming 
connection so it can prompt for pass phrase on startup
instead of after the first connection.

Add -port switch to usage message.
 2001-08-23 23:54:11 +00:00
Ben Laurie
354c3ace73 Add first cut symmetric crypto support. 2001-08-18 10:22:54 +00:00
Dr. Stephen Henson
b65f851318 Make -passin -passout etc work again. 
Fix leak in ca.c when using -passin.
 2001-08-17 01:09:54 +00:00
Dr. Stephen Henson
35bf35411c Add CRL utility functions to allow CRLs to be 
built up without accessing structures directly.

Update ca.c to use new functions.

Fix ca.c so it now build CRLs correctly again.
 2001-08-17 00:33:43 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Lutz Jänicke
e9eb000c53 Oops, one SSL_OP_NON_EXPORT_FIRST was left. 2001-08-03 13:05:44 +00:00
Richard Levitte
99ecb90a99 make update 2001-07-31 06:40:10 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
534a1ed0cb Allow OCSP server to handle multiple requests. 
Document new OCSP options.
 2001-07-13 13:13:44 +00:00
Dr. Stephen Henson
ee306a1332 Initial OCSP server support, using index.txt format. 
This can process internal requests or behave like a
mini responder.

Todo: documentation, update usage info.
 2001-07-12 20:41:51 +00:00
Geoff Thorpe
af436bc158 openssl speed is quite useful for testing hardware support (among other 
things), especially as the RSA keys are fixed. However, DSA only fixes the
DSA parameters and then generates the public and private components on the
fly each time - this commit hard-codes some sampled key values so that this
is no longer the case.
 2001-07-11 18:59:25 +00:00
Richard Levitte
567671e291 make update 2001-07-10 21:00:37 +00:00
Richard Levitte
2a1ef75435 Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in 
SSL according to RFC 2712.  His comment is:

This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication.  I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week.  The full kit includes patches
for mod-ssl, apache, and a few text clients.  The sourceforge URL
is http://sourceforge.net/projects/kssl/ .

Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct.  I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field.  I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
 2001-07-09 21:46:58 +00:00
Ben Laurie
f82197ad75 Don't update argc, argv for decrypt flag! 2001-07-08 12:58:10 +00:00
Ben Laurie
3f37e73bae Speed test decrypt EVP operations. 2001-07-08 12:14:41 +00:00
Lutz Jänicke
43f9391bcc When only the key is given to "enc", the IV is undefined 
(found by Andy Brown <logic@warthog.com>).
 2001-07-03 10:31:11 +00:00
Ben Laurie
a169e82065 Fix warning. 2001-07-02 12:50:30 +00:00
Dr. Stephen Henson
b7a26e6daf Modify apps to use NCONF code instead of old CONF code. 
Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...
 2001-06-28 11:41:50 +00:00
Richard Levitte
ce16450a89 Make better use of load_cert, load_certs and load_key. 2001-06-27 09:12:43 +00:00
Richard Levitte
7953b8ff1b Make better use of load_cert, load_certs and load_key. 2001-06-25 14:23:36 +00:00
Richard Levitte
5abc8ae6f9 Make better use of load_cert, load_certs and load_key. 2001-06-25 14:00:47 +00:00
Richard Levitte
3d5e97f560 Call apps_shutdown() to take down what apps_startup() set up. 2001-06-25 08:35:59 +00:00
Richard Levitte
55dcfa421c make update 2001-06-23 16:43:03 +00:00
Richard Levitte
c04f8cf44a Use apps_shutdown() in all applications, in case someone decides not 
to go the monolith way (does anyone do that these days?).

NOTE: a few applications are missing in this commit.  I've a few more
changes in them that I haven't tested yet.
 2001-06-23 16:37:32 +00:00
Richard Levitte
870d986131 apps_startup() needs a corresponding apps_shutdown(). 2001-06-23 16:31:41 +00:00
Richard Levitte
4f272c17f5 Make use of new features in UI's. Among others, the application 
password callbak doesn't need to check for sizes any more.
 2001-06-23 16:30:14 +00:00
Dr. Stephen Henson
2c7bc88d78 Fix UI leak in apps. 2001-06-23 12:48:46 +00:00
Richard Levitte
2cd3ad9bdd Modify "openssl engine" to handle and display internal control 
commands appropriately.
 2001-06-20 06:35:46 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and 
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
 2001-06-19 22:30:40 +00:00
Dr. Stephen Henson
a45e4a5537 Fix memory leaks. 2001-06-19 17:13:48 +00:00
Richard Levitte
6dcd1c9109 Do a proof of concept. "openssl genrsa" will make the name of the 
file part of the password prompt unless it's standard input...

More will be added...
 2001-06-19 16:34:53 +00:00
Richard Levitte
2fe5adc36c Change the common application routines to use a UI_METHOD for password 
prompting, even when done through the callback.
 2001-06-19 16:26:30 +00:00
Dr. Stephen Henson
a3376fe8fc make apps compile again 2001-06-19 00:23:47 +00:00
Richard Levitte
c6c0035ea5 One feature wasn't quite commited yet 2001-06-18 06:30:12 +00:00
Richard Levitte
531d630b5c Provide an application-common setup function for engines and use it 
everywhere.
 2001-06-18 06:22:33 +00:00
Dr. Stephen Henson
f2a253e0dd Add support for MS CSP Name PKCS#12 attribute. 2001-06-11 00:43:20 +00:00
Richard Levitte
2b49dd1e8f 'make update' 2001-06-05 20:32:36 +00:00
Richard Levitte
30b4c2724e Extend all the loading functions to take an engine pointer, a pass 
string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.

Also, have our own password callback that we can send both a password
and some prompt info to.  The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...

Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves...  That's changed too.
 2001-05-30 15:29:28 +00:00
Richard Levitte
98405f240b VMS doesn't support more than on period in a file name 2001-05-22 12:47:38 +00:00
Dr. Stephen Henson
bdee69f718 Allow various X509_STORE_CTX properties to be 
inherited from X509_STORE.

Add CRL checking options to other applications.
 2001-05-09 00:30:39 +00:00
Dr. Stephen Henson
b545dc6775 Initial CRL based revocation checking. 2001-05-07 22:52:50 +00:00
Dr. Stephen Henson
c2e45f6ddf Win32 fixes: 
define LLONG properly for VC++.

stop compiler complaining about signed/unsigned mismatch in apps/engine.c
 2001-04-29 16:30:59 +00:00
Richard Levitte
21023745e2 Clean up ENGINE before exiting. 2001-04-26 16:08:10 +00:00
Geoff Thorpe
f11bc84080 Changes to "openssl engine" to support the new control command code in 
ENGINE.

 * Extra verbosity can be added with more "v"'s, eg. '-vvv' gives
   information about input flags and descriptions for each control command
   in each ENGINE. Check the output of "openssl engine -vvv" for example.

 * '-pre <cmd>' and '-post <cmd>' can be used to invoke control commands on
   the specified ENGINE (or on all of them if no engine id is specified,
   although that usually gets pretty ugly). '-post' commands are only
   attempted if '-t' is specified and the engine successfully initialises.
   '-pre' commands are always attempted whether or not '-t' causes an
   initialisation to be tried afterwards. Multiple '-pre' and/or '-post'
   commands can be specified and they will be called in the order they
   occur on the command line.

Parameterised commands (the normal case, there are currently no
unparameterised ones) are split into command and argument via a separating
colon. Eg. "openssl engine -pre SO_PATH:/lib/libdriver.so <id>" results in
the call;
    ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libdriver.so", 0);

Application code should similarly allow arbitrary name-value string pairs
to be passed into ENGINEs in a manner matching that in apps/engine.c,
either using the same colon-separated format, or entered as two distinct
strings. Eg. as stored in a registry. The last parameter of
ENGINE_ctrl_cmd_string can be changed from 0 to 1 if the command should
only be attempted if it's supported by the specified ENGINE (eg. for
commands like "FORK_CHECK:1" that may or may not apply to the run-time
ENGINE).
 2001-04-19 02:08:26 +00:00
Richard Levitte
9237ba8b66 Correct typo. 2001-04-11 14:14:54 +00:00
Richard Levitte
95874603b0 Add -keyform. 2001-04-11 14:11:55 +00:00
Richard Levitte
ed2e24d564 Show an example of moving the emailAddress object from the subkect DN 
to subjectAltName when signing a certificate.
 2001-04-11 13:04:20 +00:00
Richard Levitte
c3bdbcf639 NetBSD and OpenBSD use TOD as well 2001-04-11 10:06:02 +00:00
Lutz Jänicke
93f117003e Add forgotten "-passin" option to smime.c usage help. 2001-04-08 10:51:14 +00:00