Dr. Stephen Henson
bdee69f718
Allow various X509_STORE_CTX properties to be
...
inherited from X509_STORE.
Add CRL checking options to other applications.
2001-05-09 00:30:39 +00:00
Dr. Stephen Henson
b545dc6775
Initial CRL based revocation checking.
2001-05-07 22:52:50 +00:00
Dr. Stephen Henson
c2e45f6ddf
Win32 fixes:
...
define LLONG properly for VC++.
stop compiler complaining about signed/unsigned mismatch in apps/engine.c
2001-04-29 16:30:59 +00:00
Richard Levitte
21023745e2
Clean up ENGINE before exiting.
2001-04-26 16:08:10 +00:00
Geoff Thorpe
f11bc84080
Changes to "openssl engine" to support the new control command code in
...
ENGINE.
* Extra verbosity can be added with more "v"'s, eg. '-vvv' gives
information about input flags and descriptions for each control command
in each ENGINE. Check the output of "openssl engine -vvv" for example.
* '-pre <cmd>' and '-post <cmd>' can be used to invoke control commands on
the specified ENGINE (or on all of them if no engine id is specified,
although that usually gets pretty ugly). '-post' commands are only
attempted if '-t' is specified and the engine successfully initialises.
'-pre' commands are always attempted whether or not '-t' causes an
initialisation to be tried afterwards. Multiple '-pre' and/or '-post'
commands can be specified and they will be called in the order they
occur on the command line.
Parameterised commands (the normal case, there are currently no
unparameterised ones) are split into command and argument via a separating
colon. Eg. "openssl engine -pre SO_PATH:/lib/libdriver.so <id>" results in
the call;
ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libdriver.so", 0);
Application code should similarly allow arbitrary name-value string pairs
to be passed into ENGINEs in a manner matching that in apps/engine.c,
either using the same colon-separated format, or entered as two distinct
strings. Eg. as stored in a registry. The last parameter of
ENGINE_ctrl_cmd_string can be changed from 0 to 1 if the command should
only be attempted if it's supported by the specified ENGINE (eg. for
commands like "FORK_CHECK:1" that may or may not apply to the run-time
ENGINE).
2001-04-19 02:08:26 +00:00
Richard Levitte
9237ba8b66
Correct typo.
2001-04-11 14:14:54 +00:00
Richard Levitte
95874603b0
Add -keyform.
2001-04-11 14:11:55 +00:00
Richard Levitte
ed2e24d564
Show an example of moving the emailAddress object from the subkect DN
...
to subjectAltName when signing a certificate.
2001-04-11 13:04:20 +00:00
Richard Levitte
c3bdbcf639
NetBSD and OpenBSD use TOD as well
2001-04-11 10:06:02 +00:00
Lutz Jänicke
93f117003e
Add forgotten "-passin" option to smime.c usage help.
2001-04-08 10:51:14 +00:00
Richard Levitte
967d95f096
Incorporate some changes that make OpenSSL compilable in CygWin.
2001-04-04 15:50:30 +00:00
Bodo Möller
50b8ba0201
avoid buffer overflow
2001-03-31 07:48:07 +00:00
Bodo Möller
b10ae320f7
this time *really* fix the /../ check ...
2001-03-30 14:55:50 +00:00
Bodo Möller
5d3ab9b096
For -WWW, fix test for ".." directory references (and avoid warning for
...
index -1).
2001-03-30 10:47:21 +00:00
Richard Levitte
812cb5638c
make update
2001-03-24 12:39:59 +00:00
Bodo Möller
f89aebb1c4
Add missing '#ifndef OPENSSL_NO_DSA'.
2001-03-22 15:06:19 +00:00
Richard Levitte
51740b12ae
Correct a typo which might have lead to a dump.
...
Noted by Martin Kraemer <Martin.Kraemer@Fujitsu-Siemens.com>
2001-03-16 10:30:10 +00:00
Dr. Stephen Henson
791bd0cd2b
Add copy_extensions option to 'ca' utility.
2001-03-16 02:04:17 +00:00
Dr. Stephen Henson
e890dcdb19
Add 'align' option to nameopt.
...
Add default values for display by the 'ca' utility
to openssl.cnf
Update docs.
2001-03-15 22:45:20 +00:00
Dr. Stephen Henson
535d79da63
Overhaul the display of certificate details in
...
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.
This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
2001-03-15 19:13:40 +00:00
Dr. Stephen Henson
0a3ea5d34a
Document the -certopt option to the x509 utility.
...
Add no_issuer option.
Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.
2001-03-15 01:15:54 +00:00
Bodo Möller
cad4b840c8
Fix: return 0 if no error occured.
2001-03-13 22:17:10 +00:00
Bodo Möller
10654d3a74
Forcibly enable memory leak checking during "make test"
2001-03-11 14:49:46 +00:00
Richard Levitte
251cb4cfed
For some experiments, it is sometimes nice to serve files with complete
...
HTTP responses.
2001-03-10 16:20:52 +00:00
Dr. Stephen Henson
1358835050
Change the EVP_somecipher() and EVP_somedigest()
...
functions to return constant EVP_MD and EVP_CIPHER
pointers.
Update docs.
2001-03-09 02:51:02 +00:00
Bodo Möller
a75d8bebd2
Bugfix: previously the serial number file could turn negative
...
because an incompletely initialized ASN1_INTEGER was used.
2001-03-08 19:13:24 +00:00
Bodo Möller
3285076c8e
Integrate ec_err.[co].
...
"make depend"
2001-03-08 12:30:12 +00:00
Richard Levitte
70d70a3c81
Code for better build under Darwin (MacOS X).
...
Submitted by Brad Dominy <jdominy@darwinuser.org>
2001-03-07 10:04:00 +00:00
Bodo Möller
65e8167079
Move ec.h to ec2.h because it is not compatible with what we will use.
...
Add EC vaporware: change relevant Makefiles and add some empty source
files.
"make update".
2001-03-05 20:13:37 +00:00
Bodo Möller
bad4058574
New option '-subj arg' for 'openssl req' and 'openssl ca'. This
...
sets the subject name for a new request or supersedes the
subject name in a given request.
Add options '-batch' and '-verbose' to 'openssl req'.
Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller
2001-03-05 11:09:43 +00:00
Bodo Möller
d8c2adae57
increase emailAddress_max
2001-03-04 01:33:55 +00:00
Richard Levitte
7f19d42e9d
MacOSX doesn't have ftime().
...
Spotted by Pieter Bowman <bowman@math.utah.edu>
2001-02-27 08:14:32 +00:00
Dr. Stephen Henson
f196522159
New function and options to check OCSP response validity.
2001-02-24 13:50:06 +00:00
Geoff Thorpe
e3a9164073
I missed one.
2001-02-23 00:09:50 +00:00
Richard Levitte
41d2a336ee
e_os.h does not belong with the exported headers. Do not put it there
...
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
19f2192136
Windows does not know of strigs.h or strcasecmp, so when in Windows,
...
make strcasecmp a macro to _stricmp.
2001-02-22 14:21:06 +00:00
Geoff Thorpe
1aa0d94781
This adds command-line support to s_server for controlling the generation
...
of session IDs. Namely, passing "-id_prefix <text>" will set a
generate_session_id() callback that generates session IDs as random data
with <text> block-copied over the top of the start of the ID. This can be
viewed by watching the session ID s_client's output when it connects.
This is mostly useful for testing any SSL/TLS code (eg. proxies) that wish
to deal with multiple servers, when each of which might be generating a
unique range of session IDs (eg. with a certain prefix).
2001-02-21 18:38:48 +00:00
Richard Levitte
14565bedaf
Some functions, like strdup() and strcasecmp(), are defined in
...
strings.h according to X/Open.
2001-02-20 19:05:59 +00:00
Richard Levitte
02cc82ff8a
I forgot there was a reason why the inclusions and definition of u_int
...
was made in a certain sequence. This change restores the earlier
"chain of command".
2001-02-20 17:37:02 +00:00
Richard Levitte
38f3b3e29c
OpenVMS catches up.
2001-02-20 17:14:30 +00:00
Richard Levitte
be1bd9239f
Get e_os2.h to get all the system definitions correctly.
2001-02-20 14:07:03 +00:00
Dr. Stephen Henson
569afce4b0
Fix typo.
2001-02-20 13:30:28 +00:00
Richard Levitte
56dde3ebe6
Include opensslconf.h or the like early to make sure system macros get
...
correctly defined.
2001-02-20 13:11:54 +00:00
Bodo Möller
ff055b5c89
honour '-no_tmp_rsa'
2001-02-20 12:59:48 +00:00
Richard Levitte
bc36ee6227
Use new-style system-id macros everywhere possible. I hope I haven't
...
missed any.
This compiles and runs on Linux, and external applications have no
problems with it. The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Ulf Möller
28143c66e1
Fix warning.
2001-02-20 00:43:03 +00:00
Richard Levitte
cf1b7d9664
Make all configuration macros available for application by making
...
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Richard Levitte
07247321c6
make update
2001-02-19 14:00:38 +00:00
Dr. Stephen Henson
acba75c59d
New -set_serial options to 'req' and 'x509'.
...
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.
Fix typo in uid.c
2001-02-19 13:38:32 +00:00
Dr. Stephen Henson
a6b7ffddac
New options to 'ca' utility to support CRL entry extensions.
...
Add revelant new X509V3 extensions.
Add OIDs.
Fix ASN1 memory leak code to pop info if external allocation used.
2001-02-16 01:35:44 +00:00
Lutz Jänicke
52b621db88
Add "-rand" option to s_client and s_server.
2001-02-15 10:22:07 +00:00
Dr. Stephen Henson
f2e5ca84d4
Option to disable standard block padding with EVP API.
...
Add -nopad option to enc command.
Update docs.
2001-02-14 02:11:52 +00:00
Dr. Stephen Henson
cdc7b8cc60
Initial OCSP SSL support.
2001-02-14 01:12:41 +00:00
Dr. Stephen Henson
67c1801924
New function OCSP_parse_url() and -url option for ocsp utility.
...
Doesn't handle SSL URLs yet.
2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946
Modify OCSP nonce behaviour.
2001-02-12 23:28:45 +00:00
Bodo Möller
620cea37e0
disable stdin buffering in load_cert
2001-02-10 13:12:35 +00:00
Bodo Möller
c15e036398
use case-insensitive comparison in set_table_opts
...
(similar to how arguments such as -inform/-outform specifications
are treated)
2001-02-10 11:21:29 +00:00
Dr. Stephen Henson
ccb08f98ae
Fix CRL printing to correctly show when there are no revoked certificates.
...
Make ca.c correctly initialize the revocation date.
Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
2001-02-10 00:56:45 +00:00
Lutz Jänicke
836f996010
New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override
...
the clients choice; in SSLv2 the client uses the server's preferences.
2001-02-09 19:56:31 +00:00
Lutz Jänicke
1613c4d3bf
Typo
2001-02-09 19:05:49 +00:00
Dr. Stephen Henson
c063f2c5ec
Various Win32 related fixed. Make no-krb5 work in mkdef.pl .
...
Fix warning in apps/engine.c
Remove definitions of deleted functions.
Add missing definition of X509_VAL.
2001-02-09 18:16:12 +00:00
Dr. Stephen Henson
b3f2e399d2
Add missing \n's to ocsp usage message.
2001-02-09 03:09:05 +00:00
Dr. Stephen Henson
8c950429a9
Allow various options to be included for signing and verify of
...
OCSP responses.
Documentation to follow...
Urgh.. this conflicted with the -VAfile patch I hope I haven't
broken it.
2001-02-08 19:36:10 +00:00
Richard Levitte
9235adbf47
Add the -VAfile option to 'openssl ocsp'. This option will give the
...
client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.
2001-02-08 17:59:29 +00:00
Lutz Jänicke
73fc98a7bf
Fix typo preventing correct usage of -out option.
2001-02-07 14:15:41 +00:00
Ben Laurie
259810e05b
Rijdael CBC mode and partial undebugged SSL support.
2001-02-06 14:09:13 +00:00
Bodo Möller
69a03c1799
don't dump core
2001-02-06 09:47:47 +00:00
Ulf Möller
4327aae816
format strings
2001-02-06 02:57:35 +00:00
Ben Laurie
4978361212
Make depend.
2001-02-04 21:06:55 +00:00
Lutz Jänicke
08f3f07212
If the source has already been succesfully queried, do not try to open it
...
again as file.
2001-02-03 10:59:13 +00:00
Dr. Stephen Henson
88ce56f8c1
Various function for commmon operations.
2001-02-02 00:45:54 +00:00
Bodo Möller
a25b265d27
Use OpenSSL_add_all_algorithms instead of the backwards compatibility
...
alias SSLeay_add_all_algorithms
2001-01-23 13:36:57 +00:00
Dr. Stephen Henson
8e8972bb68
Fixes to various ASN1_INTEGER routines for negative case.
...
Enhance s2i_ASN1_INTEGER().
2001-01-19 14:21:48 +00:00
Bodo Möller
57108f0ad5
Fix openssl passwd -1
2001-01-19 07:37:56 +00:00
Dr. Stephen Henson
73758d435b
Additional functionality in ocsp utility: print summary
...
of status info. Check nonce values. Option to disable
verify. Update usage message.
Rename status to string functions and make them global.
2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
90f63e8f83
Don't shadow.
2001-01-18 01:36:54 +00:00
Dr. Stephen Henson
e8af92fcb1
Implement remaining OCSP verify checks in
...
accordance with RFC2560.
2001-01-18 01:35:39 +00:00
Richard Levitte
b3466895e6
Keep up with Unix
2001-01-17 01:35:35 +00:00
Dr. Stephen Henson
81f169e95c
Initial OCSP certificate verify. Not complete,
...
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Bodo Möller
dfebac32c0
New '-extfile' option for 'openssl ca'.
...
This allows keeping extensions in a separate configuration file.
Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
2001-01-15 11:35:24 +00:00
Dr. Stephen Henson
8e5b6314ef
Fix warning in apps/ca.c
2001-01-14 13:58:49 +00:00
Dr. Stephen Henson
b4b1bdd5d3
Preliminary ocsp utility documentation.
...
Fix ocsp usage message.
2001-01-14 00:52:19 +00:00
Dr. Stephen Henson
5782ceb298
New OCSP utility. This can generate, parse and print
...
OCSP requests. It can also query reponders and parse or
print out responses.
Still needs some more work: OCSP response checks and
of course documentation.
2001-01-13 01:48:38 +00:00
Bodo Möller
c67cdb50d2
New 'openssl ca -status <serial>' and 'openssl ca -updatedb'
...
commands.
Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
2001-01-12 14:50:44 +00:00
Bodo Möller
d199858e89
New -newreq-nodes option to CA.pl.
...
Submitted by: Damien Miller <djm@mindrot.org>
2001-01-11 13:23:19 +00:00
Bodo Möller
72e2d9138c
It's silly to use a different default for PERL than in the top
...
Makefile. (The default is never actually used though because
the top Makefile passes its value of PERL down to sub-Makefiles.)
2001-01-10 16:46:00 +00:00
Bodo Möller
673b3fde82
Add SSLEAY_DIR argument code for SSLeay_version.
...
Add '-d' option for 'openssl version' (included in '-a').
2001-01-10 15:15:36 +00:00
Bodo Möller
a87e50a945
'char' argument to islower must be converted to 'unsigned char'
2001-01-10 14:58:22 +00:00
Bodo Möller
c06648f7f0
Fix C code generate by 'openssl dsaparam -C'.
2001-01-10 14:26:32 +00:00
Ulf Möller
b2293b1e9b
rsa_num is not used with NO_RSA
2001-01-09 21:39:16 +00:00
Dr. Stephen Henson
ecbe07817a
Rewrite PKCS#12 code and remove some of the old
...
horrible macros.
Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
2000-12-31 01:13:04 +00:00
Richard Levitte
701adceb12
"make update" plus a rewrite of both .num files.
2000-12-29 00:19:12 +00:00
Bodo Möller
2c0d10123e
If CONF_get_string returns NULL and we want to tolerate this
...
(e.g., use a default), we have to call ERR_clear_error().
2000-12-15 16:59:49 +00:00
Bodo Möller
3ac82faae5
Locking issues.
2000-12-15 16:40:35 +00:00
Richard Levitte
8d28d5f81b
Constification of the data of a hash table. This means the callback
...
functions need to be constified, and therefore meant a number of easy
changes a little everywhere.
Now, if someone could explain to me why OBJ_dup() cheats...
2000-12-13 17:15:03 +00:00
Richard Levitte
df2c442a6d
Make TYPE_RSA the default type instead of just setting it when -new is
...
given. That also allows the arguments to come in any order (-new
last, for example).
2000-12-09 11:11:35 +00:00
Geoff Thorpe
d0fa136ce2
Next step in tidying up the LHASH code.
...
DECLARE/IMPLEMENT macros now exist to create type (and prototype) safe
wrapper functions that avoid the use of function pointer casting yet retain
type-safety for type-specific callbacks. However, most of the usage within
OpenSSL itself doesn't really require the extra function because the hash
and compare callbacks are internal functions declared only for use by the
hash table. So this change catches all those cases and reimplements the
functions using the base-level LHASH prototypes and does per-variable
casting inside those functions to convert to the appropriate item type.
The exception so far is in ssl_lib.c where the hash and compare callbacks
are not static - they're exposed in ssl.h so their prototypes should not be
changed. In this last case, the IMPLEMENT_LHASH_*** macros have been left
intact.
2000-12-08 20:02:01 +00:00
Dr. Stephen Henson
9d6b1ce644
Merge from the ASN1 branch of new ASN1 code
...
to main trunk.
Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00
Ben Laurie
b0dc680f71
Fix warnings.
2000-12-03 10:04:22 +00:00
Geoff Thorpe
35a99b6380
Use the new LHASH macros to declare type-safe wrapper functions that can
...
be used as the hash/compare callbacks without function pointer casting.
For now, this is just happening in the apps/ directory whilst a few people
check the approach. The rest of the library will be moved across to the
same idea if there's no problems with this.
2000-12-02 23:16:54 +00:00
Ulf Möller
e0c875081e
remember the problem with ftime()
2000-12-02 18:50:31 +00:00
Geoff Thorpe
385d81380c
First step in tidying up the LHASH code. The callback prototypes (and
...
casts) used in the lhash code are about as horrible and evil as they can
be. For starters, the callback prototypes contain empty parameter lists.
Yuck.
This first change defines clearer prototypes - including "typedef"'d
function pointer types to use as "hash" and "compare" callbacks, as well as
the callbacks passed to the lh_doall and lh_doall_arg iteration functions.
Now at least more explicit (and clear) casting is required in all of the
dependant code - and that should be included in this commit.
The next step will be to hunt down and obliterate some of the function
pointer casting being used when it's not necessary - a particularly evil
variant exists in the implementation of lh_doall.
2000-12-01 20:31:52 +00:00
Bodo Möller
b5a25a430a
"make depend"
2000-12-01 08:48:42 +00:00
Richard Levitte
f9b3bff6f7
First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>
2000-11-30 22:53:34 +00:00
Bodo Möller
53d286797c
avoid segmentation fault
2000-11-29 11:04:31 +00:00
Richard Levitte
d53d271728
Addapt the VMS scripts to the changes in the Makefiles.
2000-11-22 18:17:16 +00:00
Ben Laurie
646d56956b
Better handling of EVP names, add EVP to speed.
2000-11-20 04:14:19 +00:00
Bodo Möller
db70a3fd6e
Improve usability of 'openssl passwd' by including
...
password verification where it makes sense.
2000-11-17 09:03:02 +00:00
Ulf Möller
6a8ba34f9d
in some new file names the first 8 characters were not unique
2000-11-12 22:32:18 +00:00
Ben Laurie
757e392d4e
Make Rijndael work! Those long flights have some good points.
2000-11-12 02:13:38 +00:00
Richard Levitte
ccb9643f02
Remove references to RSAref. The glue library is but a memory to fade
...
away now...
2000-11-08 17:51:37 +00:00
Richard Levitte
5e4ca4220e
The consequence of constification is that to pass the address to a
...
pointer to a const double pointe parameter, the pointer must point to
const data as well.
2000-11-06 23:16:04 +00:00
Richard Levitte
e7ef1a561a
Make all engines available in the openssl application.
2000-11-06 22:03:00 +00:00
Richard Levitte
11c0f1201c
Change the engine library so the application writer has to explicitely
...
load the "external" built-in engines (those that require DSO). This
makes linking with libdl or other dso libraries non-mandatory.
Change 'openssl engine' accordingly.
Change the engine header files so some declarations (that differed at
that!) aren't duplicated, and make sure engine_int.h includes
engine.h. That way, there should be no way of missing the needed
info.
2000-11-02 20:33:04 +00:00
Richard Levitte
69e7805f54
'openssl engine' can now list engine capabilities. The current
...
implementation is contained in the application, and the capability
string building part should really be part of the engine library.
This is therefore an experimental hack, and will be changed in the
near future.
2000-11-02 19:24:48 +00:00
Richard Levitte
e264cfe17a
Better error reporting in 'openssl engine'
2000-11-02 18:58:43 +00:00
Richard Levitte
8224b0cbe5
make update
2000-11-02 18:53:25 +00:00
Bodo Möller
15d52ddb55
Never call load_dh_param(NULL) because this leads to an illegal
...
fopen(NULL).
2000-11-02 10:35:10 +00:00
Richard Levitte
d48f487e2c
-t is supported, so display some help about it.
2000-11-01 23:55:45 +00:00
Richard Levitte
14c6d27d63
Add application to enumerate, list and test engines with.
2000-11-01 02:57:35 +00:00
Richard Levitte
92125ffaec
Make flag variables int instead of char. This avoids getting into trouble on systems where char is unsigned by default
2000-10-31 11:58:56 +00:00
Richard Levitte
32d862ede4
Add the possibility to use keys handled by engines in more
...
applications.
2000-10-28 22:40:40 +00:00
Richard Levitte
a44f26d5c9
Small documentation change
2000-10-28 22:21:04 +00:00
Richard Levitte
5660eb489e
NetBSD doesn't use ftime().
2000-10-27 20:28:37 +00:00
Richard Levitte
eb64730b9c
The majority of the OCSP code from CertCo.
2000-10-27 11:05:35 +00:00
Richard Levitte
5270e7025e
Merge the engine branch into the main trunk. All conflicts resolved.
...
At the same time, add VMS support for Rijndael.
2000-10-26 21:07:28 +00:00
Bodo Möller
28967cf079
rsautl.c requires RSA.
2000-10-26 12:05:57 +00:00
Bodo Möller
4fb40db932
Don't ever set 'seeded' if RAND_status() returned 0
...
(although maybe this static variable should be abolished totally,
it was introduced before RAND_status existed).
2000-10-23 07:37:03 +00:00
Richard Levitte
2b59a6ac14
There's no reason why app_RAND_load_file() should return 0 when
...
RAND_status() hasn't.
Reported by Dale Stimson <dale@accentre.com>.
2000-10-21 22:43:07 +00:00
Dr. Stephen Henson
51754ec835
Update test server certificate in apps/server.pem (it was expired).
2000-10-16 22:56:10 +00:00
Richard Levitte
3ab5651112
The experimental Rijndael code moved to the main trunk.
...
make update done.
2000-10-14 20:09:54 +00:00
Dr. Stephen Henson
8ca533e378
More code for X509_print_ex() support.
2000-10-06 11:51:47 +00:00
Dr. Stephen Henson
d0c9858914
Global DirectoryString mask fix.
...
Add support for X509_NAME_print_ex() in req.
Initial code for cutomizable X509 print routines.
2000-10-04 01:16:32 +00:00
Richard Levitte
1cbb729fdc
Oops, if the target only had USE_TOD, an error message was issued...
2000-09-21 16:01:08 +00:00
Richard Levitte
c5f8bbbc0b
Portability patch for HP MPE/iX. Submitted by Mark Bixby <mark_bixby@hp.com>
2000-09-21 05:42:01 +00:00
Richard Levitte
edb0d64367
AIX doesn't like ftime() either.
2000-09-20 15:10:16 +00:00
Richard Levitte
645749ef98
On VMS, stdout may very well lead to a file that is written to in a
...
record-oriented fashion. That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it. This can be very confusing.
The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record. Voila, BIO_f_linebuffer() is born.
Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this. After
the release, this BIO method will be enabled on all other platforms as
well.
2000-09-20 13:55:50 +00:00
Richard Levitte
b004872c59
BSDI only supports ftime() through libcompat, which means it's
...
better not to use it.
2000-09-19 23:14:42 +00:00
Dr. Stephen Henson
688fbf5475
Fix a typo in apps/pkcs12.c which was using the wrong part of
...
ASN1_TYPE (though they are both ASN1_STRING so it didn't cause
any problems).
Make 'siglen' an int in apps/dgst.c so we can check the return
value of BIO_read() etc.
2000-09-19 17:51:11 +00:00
Richard Levitte
28178bcf24
FreeBSD only supports ftime() through libcompat, which means it's
...
better not to use it.
2000-09-19 16:13:38 +00:00
Richard Levitte
a3829b8650
ftime() is not supported on SGI.
...
Reported by Steve Robb <steve@eu.c2.net>
2000-09-18 16:52:05 +00:00
Richard Levitte
62324627aa
Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care
...
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
2000-09-17 18:21:27 +00:00
Richard Levitte
623eea376a
siglen is unsigned, so comparing it to less than 0 is silly, and
...
generates a compiler warning with Compaq C.
2000-09-17 18:08:38 +00:00
Richard Levitte
1c86d93ca5
'make update'
2000-09-15 22:13:38 +00:00
Richard Levitte
095aadc43f
Move up inclusion of conf.h, so non-MONOLITH programs can benefit from
...
it as well, especially in apps.c.
2000-09-15 19:37:14 +00:00
Richard Levitte
5614bb91f5
rsa_num2 is no longer used, so remove it.
2000-09-14 11:09:03 +00:00
Richard Levitte
03ea28c985
Better error checking for RSA and DSA signature and verification speed
...
tests. This was required to not get mysterious errors when they
wouldn't quite want to work.
2000-09-12 08:12:52 +00:00
Richard Levitte
05c2b37176
DSA_verify() and DSA_sign() might return -1...
2000-09-11 22:21:38 +00:00
Richard Levitte
16e91fe8ab
OpenBSD doesn't support timeb.
2000-09-11 16:46:35 +00:00
Richard Levitte
ec6a40e278
Last minute update, in time to make it to 0.9.6-beta1
2000-09-11 13:06:48 +00:00
Richard Levitte
97d8e82c4c
Marin Kraemer <Martin.Kraemer@MchP.Siemens.De> sent us patches to make
...
the OpenSSL commands x50 and req work better on a EBCDIC system.
2000-09-10 14:45:19 +00:00
Richard Levitte
0baed24c1b
More VMS synchronisation
2000-09-09 18:05:27 +00:00
Richard Levitte
eec79f9bab
Synchronise the VMS build with the Unix one.
2000-09-08 20:25:49 +00:00
Dr. Stephen Henson
709e85953d
Update verify docs.
...
New option to verify program to print out diagnostics.
2000-09-08 00:53:58 +00:00
Richard Levitte
62ab514e98
'make update'
2000-09-07 08:46:51 +00:00
Bodo Möller
61f175f4ba
Get rid of ASN1_UTCTIME_get, which cannot work with time_t
...
return type (on platforms where time_t is a 32 bit value).
New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.
2000-09-06 15:40:52 +00:00
Bodo Möller
1af407e78f
typo
2000-09-06 12:18:24 +00:00
Bodo Möller
2b40660ec1
Add OAEP. Seed the PRNG.
2000-09-06 11:49:43 +00:00
Dr. Stephen Henson
bbb720034a
Fix typo in rsautl.
...
Add support for settable verify time in X509_verify_cert().
Document rsautl utility.
2000-09-05 22:30:38 +00:00
Dr. Stephen Henson
2f043896d1
*BIG* verify code reorganisation.
...
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
2000-09-05 17:53:58 +00:00
Dr. Stephen Henson
34216c0422
Keep a not of original encoding in certificate requests.
...
Add new option to PKCS7_sign to exclude S/MIME capabilities.
2000-09-05 13:27:57 +00:00
Bodo Möller
bbb8de0966
Avoid abort() throughout the library, except when preprocessor
...
symbols for debugging are defined.
2000-09-04 15:34:43 +00:00
Dr. Stephen Henson
bd08a2bd0c
Add 'rsautl' low level RSA utility.
...
Add DER public key routines.
Add -passin argument to 'ca' utility.
Document sign and verify options to dgst.
2000-09-03 23:13:48 +00:00
Dr. Stephen Henson
7df1c720f6
Fix typo in i2d_ASN1_ENUMERATED
...
Fix bug in read only memory BIOs so BIO_reset() works.
Add sign and verify options to dgst utility, need
to update docs.
2000-08-30 16:14:29 +00:00
Dr. Stephen Henson
d428bf8c56
New option to CA.pl to sign request using CA extensions.
...
This allows intermediate CAs to be created more easily.
PKCS12_create() now checks private key matches certificate.
Fix typo in x509 app.
Update docs.
New function ASN1_STRING_to_UTF8() converts any ASN1_STRING
type to UTF8.
2000-08-24 23:24:18 +00:00
Dr. Stephen Henson
eaa2818189
Various fixes...
...
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.
set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.
remove extraneous '\r' in MIME encoder.
Allow a NULL to be passed to X509_gmtime_adj()
Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
2000-08-21 22:02:23 +00:00
Richard Levitte
3009458e2f
MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test
2000-08-14 14:05:53 +00:00
Richard Levitte
5ce42a7e68
Memory leaks fix. It now looks like all memory leaks, at least around
...
building complete chains, are gone.
2000-08-11 22:50:08 +00:00
Richard Levitte
9ee1c838cb
Memory leaks fix. There seems to be more in other parts of OpenSSL...
2000-08-11 21:41:08 +00:00
Richard Levitte
88364bc2bc
The pkcs12 had no way of getting a CA file or path to be used when
...
building a complete chain. Now added through the -CAfile and -CApath
arguments.
2000-08-11 19:43:20 +00:00
Richard Levitte
3132e196bd
Unicos doesn't have sys/timeb.h. Fix it by defining the TIMEB macro unless on Unicos.
2000-08-03 21:54:31 +00:00
Bodo Möller
69764d720a
Include SKIP DH parameters with OpenSSL.
...
These have been created by a SHA.1 based procedure, see
http://www.skip-vpn.org/spec/numbers.html .
(These values are taken from that document, I have not
implemented the prime generator.)
2000-08-02 09:04:44 +00:00
Richard Levitte
ee087bb8eb
Make it so we can dynamically enable memory allocation debugging through the
...
environment variable OPENSSL_DEBUG_MEMORY (existence is sufficient). At the
same time, it makes sure that CRYPTO_malloc_debug_init() gets expanded some-
where and thereby tested for compilation.
2000-08-01 17:15:36 +00:00
Bodo Möller
cc244b371d
Update 'openssl passwd' documentation on selection of algorithms.
2000-07-31 12:27:44 +00:00
Dr. Stephen Henson
bd4e152791
Document the new DN printing options.
...
Change a few names to be more meaningful.
Fix typos in CA.pl docs.
2000-07-30 01:27:59 +00:00
Dr. Stephen Henson
a657546f9c
New ASN1_STRING_print_ex() and X509_NAME_print_ex()
...
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.
The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).
Still needs to be documented, integrated into other
utilities and extensively tested.
2000-07-28 01:58:15 +00:00
Richard Levitte
ca1e465f6d
Add the possibility to get hexdumps of unprintable data when using
...
'openssl asn1parse'. As a side effect, the functions ASN1_parse_dump
and BIO_dump_indent are added.
2000-07-27 17:28:25 +00:00
Bodo Möller
25063f1d9b
Document -purpose option in usage string.
2000-07-15 18:10:35 +00:00
Dr. Stephen Henson
fd13f0ee52
Make req seed the PRNG if signing with
...
an already existing DSA key.
Document the new smime options.
2000-07-12 23:55:30 +00:00
Dr. Stephen Henson
094fe66d9f
Fix some typose in the i2d/d2i functions that
...
call the i2c/c2i (they were not using the
content length for the headers).
Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.
New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.
2000-07-10 18:33:05 +00:00
Richard Levitte
c2bbf9cf6c
I got sick and tired of having to keep track of NIDs when such a thing
...
could be done automagically, much like the numbering in libeay.num and
ssleay.num. The solution works as follows:
- New object identifiers are inserted in objects.txt, following the
syntax given in objects.README.
- objects.pl is used to process obj_mac.num and create a new
obj_mac.h.
- obj_dat.pl is used to create a new obj_dat.h, using the data in
obj_mac.h.
This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended. The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!). Additions are OK, as well as consistent name changes.
2000-07-05 02:45:36 +00:00
Ben Laurie
2bfb4dbce4
Use up-to-date functions.
2000-07-01 16:25:20 +00:00
Richard Levitte
4e74239cca
Give the user the option to measure real time instead of user CPU time.
2000-06-30 17:16:46 +00:00
Richard Levitte
f365611ca3
Undo the changes I just made. I'm not sure what I was thinking of.
...
The message to everyone is "Do not hack OpenSSL when stressed"...
2000-06-28 16:47:45 +00:00
Richard Levitte
20d242b0de
Make it possible for users of the openssl applications to specify the
...
EGD should be used as seeding input, and where the named socket is.
2000-06-28 16:10:56 +00:00
Bodo Möller
1f4643a2f4
BSD-style MD5-based password algorithm in 'openssl passwd'.
...
(Still needs to be tested against the original using sample passwords
of different length.)
2000-06-23 18:00:16 +00:00
Richard Levitte
431b0cce7d
Move add_oid_section to apps.c, so it can be shared by several
...
applications. Also, have it and the certificate and key loading
functions take a BIO argument for error output.
2000-06-22 22:07:27 +00:00
Richard Levitte
ff4e9d91d9
Change req so the new parameter '-rand file' uses the given file in
...
addition to the file given through the RANDFILE option or environment
variable.
2000-06-22 21:16:01 +00:00
Richard Levitte
90ae4673a5
Move the certificate and key loading functions to apps.c, so they can
...
be shared by several applications.
2000-06-22 17:42:50 +00:00
Richard Levitte
2a98f41708
Forgot the self-documentation within req.
2000-06-22 09:59:21 +00:00
Richard Levitte
ac57d15b75
Small change to accept the command line parameter '-rand file'. This
...
parameter takes precedence over the RANDFILE option in the
configuration file.
2000-06-22 09:13:43 +00:00
Bodo Möller
0f4805f515
Avoid unnecessary links and incomplete program file in apps/.
2000-06-19 17:38:22 +00:00
Dr. Stephen Henson
d3ed8ceb3d
Add support for the modified SGC key format used in IIS.
2000-06-15 23:48:05 +00:00
Geoff Thorpe
1c4f90a05d
Enable DSO support on alpha (OSF1), cc and gcc.
...
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
2000-06-13 12:59:38 +00:00
Dr. Stephen Henson
a91dedca48
Document EVP routines. Change EVP_SealInit() and EVP_OpenInit()
...
to support multiple calls.
New function to retrieve email address from certificates and
requests.
2000-06-11 12:18:15 +00:00
Bodo Möller
f1d92d941e
Accept -F4 option in lower case, which is what the usage information
...
says one should use.
2000-06-08 22:40:09 +00:00
Bodo Möller
208f3688e0
No need to abort if c_rehash fails here (e.g. because Perl is not where
...
it is expected).
2000-06-07 21:28:15 +00:00
Bodo Möller
b598ea93e7
use consistent indentation
2000-06-07 19:43:44 +00:00
Richard Levitte
26a3a48d65
There have been a number of complaints from a number of sources that names
...
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Richard Levitte
a9ef75c50d
Small fix to enable reading from stdin as well.
...
Contributed by Yoichiro Okabe <okabe@wizsoft.co.jp>
2000-06-01 11:23:20 +00:00
Bodo Möller
d9586857d6
Add required cast.
2000-05-19 12:02:49 +00:00
Dr. Stephen Henson
439df5087f
Fix c_rehash script, add -fingerprint option to crl.
2000-05-18 00:33:00 +00:00
Ben Laurie
5de603abc8
Typesafety Thought Police part 3.
2000-05-16 21:22:45 +00:00
Ben Laurie
f2716dada0
Typesafety Thought Police Part 2.
2000-05-16 19:53:50 +00:00
Ben Laurie
b4604683fa
Typesafety thought police.
2000-05-16 14:38:29 +00:00
Ulf Möller
0e1c06128a
Get rid of more non-ANSI declarations.
2000-05-15 22:54:43 +00:00
Ben Laurie
fd73a2121c
Allow UTCTIME objects to be retrieved. Check for imminent cert expiry.
2000-05-14 12:39:53 +00:00
Dr. Stephen Henson
a331a305e9
Make PKCS#12 code handle missing passwords.
...
Add a couple of FAQs.
2000-05-04 00:08:35 +00:00
Bodo Möller
c4d0df0c4f
Fix a memory leak, and don't generate inappropriate error message
...
when PEM_read_bio_X509_REQ fails.
2000-05-02 20:18:48 +00:00
Bodo Möller
7fc840cc85
Stylistic changes: Don't use a macro for the malloc'ed length since it
...
is not constant.
2000-04-27 09:11:28 +00:00
Bodo Möller
4adcfa052f
Warn about truncation also in the case when a single password is read using
...
the password prompt.
2000-04-27 06:47:23 +00:00
Bodo Möller
e5c84d5152
New function ERR_error_string_n.
2000-04-14 23:36:15 +00:00
Richard Levitte
7a807ad8a7
"make update"
2000-04-09 12:52:40 +00:00
Bodo Möller
1d90f28029
In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites
2000-04-06 22:33:14 +00:00
Bodo Möller
3bc90f2373
Fix typo in -clrext option, but add a compatibility hack because
...
0.9.5a should not break anything that works in 0.9.5.
2000-03-27 18:10:08 +00:00
Ulf Möller
a1a96e54a4
Sample application using RAND_event() to collect entropy from mouse
...
movements, keyboard etc. and write it to a seed file.
2000-03-19 22:58:12 +00:00
Bodo Möller
6e22639f46
Eliminate memory leaks in mem_dbg.c.
2000-03-18 15:18:27 +00:00
Richard Levitte
1f515cfe09
e_os.h: don't do double work with status codes.
...
openssl.c: make damn sure e_os.h knows about OPENSSL_C
2000-03-18 09:09:31 +00:00
Bodo Möller
fb51beb591
Remove CRYPTO_push/pop_info invocations to improve code readability --
...
I hope all memory leaks that may occur here have already been tracked down.
2000-03-14 21:25:39 +00:00
Bodo Möller
cc497fb04a
Avoid a warning.
2000-03-14 16:35:36 +00:00
Richard Levitte
1fff621bd7
Typo corrected
2000-03-14 04:32:24 +00:00
Richard Levitte
8824ec7cd5
Make sure strcmp() gets declared.
2000-03-14 04:09:48 +00:00
Bodo Möller
46c4647e3c
"openssl no-..." commands for avoiding the need to grep
...
"openssl list-standard-commands".
2000-03-13 20:31:46 +00:00
Bodo Möller
863fe2ecac
cleaning up a little
2000-03-12 23:27:14 +00:00
Ulf Möller
cee814f9d5
make update
2000-03-12 12:49:45 +00:00
Richard Levitte
ce301b6b0b
Add the possibility (with -ign_eof) to ignore end of file on input but
...
still not be quiet. Also make it clear that -quiet implicitely means
-ign_eof as well.
2000-03-10 12:18:28 +00:00
Bodo Möller
0dd3989868
Change to code generated by 'dhparam -C':
...
- Move DH parameter components inside the function.
- Automatically #include the required header file if it
has not already been #included.
2000-03-10 12:17:37 +00:00
Bodo Möller
a10c512afa
another typo
2000-03-10 11:47:58 +00:00
Bodo Möller
9f5d2069a4
typo
2000-03-10 11:43:45 +00:00
Dr. Stephen Henson
e743a5134e
Don't Free() password if it was read from config file.
2000-03-09 01:03:44 +00:00
Dr. Stephen Henson
c61252001b
Fix typo and make ca get the CA and request fields correct.
2000-03-08 12:44:10 +00:00
Bodo Möller
de83c12253
Add missing include (only MONOLITH builds were possible without it).
...
Submitted by: Andrew W. Gray
2000-03-05 01:11:44 +00:00
Bodo Möller
cf7fa82897
Read complete seed files given in -rand options.
2000-03-04 17:44:07 +00:00
Bodo Möller
0a150c5c9f
Generate correct error reasons strings for SYSerr.
2000-03-04 01:36:53 +00:00
Bodo Möller
37634c8bc9
Add an #include.
2000-03-03 23:27:56 +00:00
Bodo Möller
bb2276abf7
Avoid potential memory leak in code generated by 'openssl dhparam -C'.
2000-03-03 22:24:43 +00:00
Bodo Möller
41918458c0
New '-dsaparam' option for 'openssl dhparam', and related fixes.
2000-03-03 22:18:19 +00:00
Richard Levitte
a8883854a3
Synchronise
2000-03-02 23:32:47 +00:00
Ulf Möller
99a97051d4
pseudo-seed for the PRNG before testing DSA
2000-03-01 17:42:06 +00:00
Bodo Möller
afbd0746cf
'rand'/'-rand' documentation.
2000-03-01 11:45:53 +00:00
Bodo Möller
55f7d65db0
Document the 'rand' application.
2000-03-01 07:57:25 +00:00
Bodo Möller
27b782732f
'rand' application for creating pseudo-random files.
2000-02-29 23:47:01 +00:00
Ulf Möller
c9e1fe33be
Fix for non-monolithic build.
...
Submitted by: Andrew Gray <agray@iconsinc.com>
2000-02-28 20:16:06 +00:00
Richard Levitte
cde28e18bf
New logical names to skip algorithms are now supported.
2000-02-27 10:41:31 +00:00
Bodo Möller
6d0d5431d4
More get0 et al. changes. Also provide fgrep targets in CHANGES
...
where the new functions are mentioned.
2000-02-26 08:36:46 +00:00
Richard Levitte
cb464c38b2
The OpenVMS library is most definitely not built for anything but
...
files, unless it's all in unixly syntax. We can't guarantee that
right now, so let's skip the whole test suit. There are other places
(like the open()) where errors are detected anyway.
2000-02-26 03:53:58 +00:00
Dr. Stephen Henson
c7cb16a8ff
Rename functions for new convention.
2000-02-26 01:55:33 +00:00
Richard Levitte
1b8b0a8294
Correct small typo
2000-02-26 00:18:48 +00:00
Richard Levitte
3e0f27f3c9
Changes to synchronise with Unix.
...
(actually, much more is needed, like a real config script)
2000-02-25 20:37:46 +00:00
Ulf Möller
fea217f96f
EGD bugfix.
...
Submitted by: Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-02-25 14:16:43 +00:00
Ralf S. Engelschall
07fb39c32e
Make gcc 2.95.2 happy here, too.
2000-02-24 10:37:58 +00:00
Ulf Möller
4ec2d4d2b3
Support EGD.
2000-02-24 02:51:47 +00:00
Dr. Stephen Henson
4b42658082
Make pkcs8 work again.
...
Make EVP_CIPHER_type() return NID_undef if the cipher has no
ASN1 OID, modify code to handle this.
2000-02-22 18:45:11 +00:00
Bodo Möller
a2a0158959
Fix some bugs and document others
2000-02-21 17:09:54 +00:00
Ulf Möller
4ec19e203c
Fix gcc warnings.
2000-02-20 20:59:21 +00:00
Dr. Stephen Henson
ae1bb4e572
Add -clrext option to 'x509'
2000-02-19 00:46:02 +00:00
Bodo Möller
a91451ef13
add missing 'static'
2000-02-18 10:39:40 +00:00
Dr. Stephen Henson
8a208cba97
New functions and option to use NEW in certificate requests.
2000-02-18 00:54:21 +00:00
Bodo Möller
73c5591944
Casts now unnecessary because of changed prototype.
2000-02-17 18:36:21 +00:00
Dr. Stephen Henson
cd3c54e50f
Add -pass argument to 'enc'.
...
Fix to make Win32 compile work again.
2000-02-17 00:41:43 +00:00
Dr. Stephen Henson
a3fe382e2d
Pass phrase reorganisation.
2000-02-16 23:16:01 +00:00
Ben Laurie
bd44570322
Fix signed/unsigned warnings.
2000-02-16 12:09:17 +00:00
Richard Levitte
207c7df746
Remove the access() call altogether for VMS, since it doesn't quite
...
work for directory specifications (this will be reported as a bug to
DEC^H^H^HCompaq). It could as well be removed for all others as well,
since stat() and open() will return appropriate errors as well, but I
leave that to someone else to decide.
2000-02-15 09:44:54 +00:00
Dr. Stephen Henson
d13e4eb0b5
Make pkcs12 and smime applications seed random number
...
generator (otherwise they don't work) and add -rand
option. Update docs.
2000-02-12 03:03:04 +00:00
Richard Levitte
07fc35519e
A hack to make sure access() will give us the correct answer about the
...
accessability of an "empty" directory. Thsi *is* weird, and a better
solution will be provided in apps/ca.c, when I get time to hack at it.
2000-02-11 18:12:47 +00:00
Bodo Möller
3ebf0be142
Corrections.
2000-02-11 17:18:50 +00:00
Bodo Möller
cbcc5c01f9
Update.
2000-02-11 16:31:04 +00:00
Bodo Möller
e6e7b5f3df
Implement MD5-based "apr1" password hash.
2000-02-11 16:25:44 +00:00
Ben Laurie
efb416299f
Fix shadow.
2000-02-11 13:11:18 +00:00
Richard Levitte
f6814ea43a
Add compilation of the new passwd utility.
2000-02-11 11:21:50 +00:00
Ralf S. Engelschall
667ac4ec6a
Make gcc 2.95.2 happy again, even under ``-Wall -Wshadow -Wpointer-arith -Wcast-align
...
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.
2000-02-11 09:47:18 +00:00
Bodo Möller
bb325c7d6a
'passwd' tool.
2000-02-10 21:50:52 +00:00
Dr. Stephen Henson
f07fb9b24b
Add command line password options to the reamining utilities,
...
amend docs.
2000-02-08 01:34:59 +00:00
Bodo Möller
8652d1c22e
Memory leak.
2000-02-06 02:48:53 +00:00
Bodo Möller
e290c7d4e0
Correction: openssl.c must get the long version of the apps_startup()
...
macro
2000-02-05 21:39:20 +00:00
Bodo Möller
29a28ee503
Cosmetic changes.
2000-02-05 21:28:09 +00:00
Dr. Stephen Henson
66430207a4
Add support for some broken PKCS#8 formats.
2000-02-05 21:07:56 +00:00
Dr. Stephen Henson
af57d84312
Rename SSLeay_add_all_algorithms() et al to
...
OpenSSL_add_all_algorithms(). Move these into
separate files so they work properly.
2000-02-04 14:01:38 +00:00
Ulf Möller
657e60fa00
ispell (and minor modifications)
2000-02-03 23:23:24 +00:00
Dr. Stephen Henson
82fc1d9c28
Add new -notext option to 'ca', -pubkey option to spkac.
...
Remove some "WTF??" casts from applications.
Fixes to keep VC++ happy and avoid warnings.
Docs tidy.
2000-02-03 02:56:48 +00:00
Ulf Möller
51ca375e7e
Seek out and destroy another evil cast.
2000-01-30 23:33:40 +00:00
Ulf Möller
9d1a01be8f
Source code cleanups: Use void * rather than char * in lhash,
...
eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
2000-01-30 22:20:28 +00:00
Richard Levitte
1f36fe2835
Synchronise with Unix code
2000-01-28 12:15:20 +00:00
Dr. Stephen Henson
90644dd74d
New -pkcs12 option to CA.pl.
...
Document CA.pl script.
Initialise and free up the extra DH fields
(nothing uses them yet though).
2000-01-28 01:35:31 +00:00
Bodo Möller
05ccd698b9
RAND_load_file(..., -1) now means "read the complete file";
...
this is what we now use to read $RANDFILE / $HOME/.rnd.
(Previously, after 'cat'ting lots of stuff into .rnd
only the first MB would be looked at.)
Bugfix for apps/enc.c: Continue if RAND_pseudo_bytes returns 0
(only -1 is an error).
2000-01-24 10:03:24 +00:00
Bodo Möller
f13b93d3b4
RAND_pseudo_bytes is good enough for encryption IVs,
...
we should not need RAND_bytes (and we cannot use the latter
unless we load a seed file)
2000-01-24 09:32:20 +00:00
Dr. Stephen Henson
fabce04122
Make s_server, s_client check cipher list return codes.
...
Update docs.
2000-01-23 02:28:08 +00:00
Ulf Möller
2a99e8b9df
dh renamed to dhparam
2000-01-22 21:26:52 +00:00
Dr. Stephen Henson
09483c58e3
Add new program dhparam and update docs.
2000-01-22 13:58:29 +00:00
Dr. Stephen Henson
018e57c74d
Apply Lutz Behnke's 56 bit cipher patch with a few
...
minor changes.
Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.
2000-01-22 03:17:06 +00:00
Bodo Möller
033db22d57
add ERR_print_errors after "end" label.
2000-01-21 11:30:52 +00:00
Dr. Stephen Henson
8100490a72
Make -CAcreateserial start from 1 instead of 0 for
...
serial numbers.
2000-01-21 02:42:14 +00:00
Ulf Möller
e7f97e2d22
Check RAND_bytes() return value or use RAND_pseudo_bytes().
2000-01-21 01:15:56 +00:00
Dr. Stephen Henson
6e6bc352b1
Finish off the X509_ATTRIBUTE string stuff.
2000-01-20 01:37:17 +00:00
Richard Levitte
b058a08085
It doesn't make sense to try see if these variables are negative, since they're unsigned.
2000-01-17 00:49:52 +00:00
Ulf Möller
aa82db4fb4
Add missing #ifndefs that caused missing symbols when building libssl
...
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
2000-01-16 21:10:00 +00:00
Ulf Möller
373b575f5a
New function RAND_pseudo_bytes() generated pseudorandom numbers that
...
are not guaranteed to be unpredictable.
2000-01-16 15:58:17 +00:00
Bodo Möller
4fd2ead09d
Enable memory checking earlier (we correctly free everything
...
except for the BIO through which we print the memory leak list,
and the leak printing function ignores this one block).
2000-01-15 03:08:52 +00:00
Bodo Möller
11afb40c01
Use CRYPTO_push_info to track down memory leak
...
(only the CRYPTO_push_info's in the apps/ directory
are included in the CVS commit, not all those I used
in crypto/)
2000-01-13 22:52:52 +00:00
Bodo Möller
2c736d077b
slightly change usage information
2000-01-13 21:36:06 +00:00
Bodo Möller
a873356c00
Use CRYPTO_push_info to find a memory leak in pkcs12.c.
2000-01-13 21:10:43 +00:00
Dr. Stephen Henson
25f923ddd1
New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code.
...
Remove references to 'TXT' in -inform and -outform switches.
2000-01-09 14:21:40 +00:00
Ben Laurie
752d706aaf
Make NO_RSA compile with pedantic.
2000-01-08 21:06:24 +00:00
Dr. Stephen Henson
c3ed3b6eab
Add -prexit command to s_client and patch some BIO
...
functions so it doesn't crash. Document s_client.
2000-01-08 19:05:47 +00:00
Dr. Stephen Henson
ef7eaa4cb0
Manpages for the DH utils and fix for a memory leak in dh program
2000-01-08 13:36:17 +00:00
Dr. Stephen Henson
dad666fbbe
Add PKCS#12 manpage and use MAC iteration counts by default.
2000-01-08 03:16:04 +00:00
Bodo Möller
918a8a16fa
CA.pl is now generated automatically (using CA.pl.in as input)
2000-01-07 13:06:28 +00:00
Bodo Möller
d2b6c3f31f
apps/openssl.cnf and the documentation say it's "nombstr",
...
but crypto/asn1/a_strnid.c had "nombchar".
2000-01-07 13:05:41 +00:00
Bodo Möller
63da21c01b
make no-des and no-rc2 work.
2000-01-07 12:15:54 +00:00
Dr. Stephen Henson
35f4850ae0
More X509_ATTRIBUTE changes.
2000-01-07 00:55:54 +00:00
Dr. Stephen Henson
b38f9f66c3
Initial automation changes to 'req' and X509_ATTRIBUTE functions.
2000-01-06 01:26:48 +00:00
Bodo Möller
3a4f14f3d1
Rename CA.pl to CA.pl.in (no actual changes), and let Configure
...
set the #! line with the path to Perl.
Submitted by: Peter Jones
2000-01-05 01:31:22 +00:00
Dr. Stephen Henson
20432eae41
Fix some of the command line password stuff. New function
...
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
2000-01-01 16:42:49 +00:00
Dr. Stephen Henson
6447cce372
Simplify the trust structure: basically zap the bit strings and
...
represent everything by OIDs.
1999-12-29 00:40:28 +00:00
Dr. Stephen Henson
36217a9424
Allow passwords to be included on command line for a few
...
more utilities.
1999-12-24 23:53:57 +00:00
Dr. Stephen Henson
12aefe78f0
Fixes so NO_RSA works again.
1999-12-24 17:26:33 +00:00
Dr. Stephen Henson
525f51f6c9
Add PKCS#8 utility functions and add PBE options.
1999-12-23 02:02:42 +00:00
Bodo Möller
2b6313d0da
Rename
...
CRYPTO_add_info => CRYPTO_push_info
CRYPTO_remove_info => CRYPTO_pop_info
in the hope that these names are more descriptive;
and "make update".
1999-12-18 13:51:47 +00:00
Bodo Möller
75acc288ca
fix typos and other little errors ...
1999-12-18 13:25:45 +00:00
Bodo Möller
03c48fa07b
Avoid shadowing p to make the compiler happy.
1999-12-18 05:16:30 +00:00
Bodo Möller
3db1f2d5be
Add a comment.
1999-12-18 00:30:32 +00:00
Bodo Möller
e8f48dbacc
Add missing semicolon to make compiler happy, and switch back
...
from MemCheck_start() to CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
because that is what applications should use
(MemCheck_start/stop never really worked for applications
unless CRYPTO_MDEBUG was defined both when compiling the library
and when compiling the application, so probably we should
get rid of it).
1999-12-18 00:28:21 +00:00
Richard Levitte
1ad9bdf253
Use MemCheck_start() instead of CRYPTO_mem_ctrl(), and generate a small leak to test (conditional)
1999-12-17 12:50:06 +00:00
Richard Levitte
8a1580096b
Synchronise VMS scripts with Unix Makefiles
1999-12-16 19:57:50 +00:00
Dr. Stephen Henson
55f30198ad
Various S/MIME fixes. Fix for memory leak, recipient list bug
...
and not excluding parameters with DSA keys.
1999-12-14 02:44:27 +00:00
Dr. Stephen Henson
e3775a33c1
Make the PKCS#7 S/MIME functions check for passed NULL pointers.
...
Fix the usage message of smime utility and sanitise the return
codes.
Add some documentation.
1999-12-09 01:31:32 +00:00
Dr. Stephen Henson
a2121e0aee
Add i2d_ASN1_PRINTABLESTRING() function, and do 'make update'
1999-12-08 00:56:15 +00:00
Dr. Stephen Henson
55ec5861c8
Modify S/MIME application so the -signer option writes the signer(s)
...
to a file if we are verifying.
1999-12-07 02:35:52 +00:00
Dr. Stephen Henson
5a9a4b299c
Merge in my S/MIME library and utility.
1999-12-05 00:40:59 +00:00
Bodo Möller
cddfe788fb
Add functions des_set_key_checked, des_set_key_unchecked.
...
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
1999-12-03 20:24:21 +00:00
Dr. Stephen Henson
dd4134101f
Change the trust and purpose code so it doesn't need init
...
either and has a static and dynamic mix.
1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
08cba61011
Modify the X509 V3 extension lookup code.
1999-12-01 01:49:46 +00:00
Ben Laurie
fea9afbfc7
Make salting the default. Fail gracefully if the input is not salted.
1999-11-30 20:15:19 +00:00
Dr. Stephen Henson
bb7cd4e3eb
Remainder of SSL purpose and trust code: trust and purpose setting in
...
SSL_CTX and SSL, functions to set them and defaults if no values set.
1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
13938aceca
Add part of chain verify SSL support code: not complete or doing anything
...
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
1999-11-29 01:09:25 +00:00
Dr. Stephen Henson
51630a3706
Add trust setting support to the verify code. It now checks the
...
trust settings of the root CA.
After a few fixes it seems to work OK.
Still need to add support to SSL and S/MIME code though.
1999-11-27 19:43:10 +00:00
Dr. Stephen Henson
9868232ae1
Initial trust code: allow setting of trust checking functions
...
in a table. Doesn't do too much yet.
Make the -<digestname> options in 'x509' affect all relevant
options.
Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.
A few constification changes.
1999-11-27 01:14:04 +00:00
Dr. Stephen Henson
d4cec6a13d
New options to the -verify program which can be used for chain verification.
...
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
1999-11-26 00:27:07 +00:00
Dr. Stephen Henson
52664f5081
Transparent support for PKCS#8 private keys in RSA/DSA.
...
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
1999-11-21 22:28:31 +00:00
Ben Laurie
44eca70641
Update dependencies.
1999-11-18 14:32:54 +00:00
Ben Laurie
5ef738240a
Fix warning.
1999-11-18 14:10:53 +00:00
Dr. Stephen Henson
f76d8c4747
Modify verify code to handle self signed certificates.
1999-11-17 01:20:29 +00:00
Dr. Stephen Henson
91895a5938
Fix for a bug in PKCS#7 code and non-detached data.
...
Remove rc4-64 from ciphers since it doesn't exist...
1999-11-16 14:54:50 +00:00
Dr. Stephen Henson
fd699ac55f
Add a salt to the key derivation using the 'enc' program.
1999-11-16 02:49:25 +00:00
Dr. Stephen Henson
06556a1744
'req' fixes. Reinstate length check one request fields.
...
Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
1999-11-14 23:10:50 +00:00
Dr. Stephen Henson
a0e9f529a4
Add support for the 40 and 64 bit RC2 and RC4 ciphers in 'enc'
...
add documentation for 'enc'.
1999-11-14 03:23:17 +00:00
Richard Levitte
849c0fe240
Adjust to changes in apps/openssl.cnf
1999-11-12 01:59:47 +00:00
Richard Levitte
ca0e2bc973
Adjust to changes in apps/Makefile.ssl
1999-11-12 01:52:59 +00:00
Dr. Stephen Henson
954ef7ef69
Merge some common functionality in the apps, delete
...
the encryption option in the pkcs7 utility (they never
did anything) and add a couple more options to pkcs7.
1999-11-12 01:42:25 +00:00
Dr. Stephen Henson
af29811edd
Add password command line options to some utils. Fix and update man
...
pages.
1999-11-11 18:41:31 +00:00