Dr. Stephen Henson
af57d84312
Rename SSLeay_add_all_algorithms() et al to
...
OpenSSL_add_all_algorithms(). Move these into
separate files so they work properly.
2000-02-04 14:01:38 +00:00
Dr. Stephen Henson
82fc1d9c28
Add new -notext option to 'ca', -pubkey option to spkac.
...
Remove some "WTF??" casts from applications.
Fixes to keep VC++ happy and avoid warnings.
Docs tidy.
2000-02-03 02:56:48 +00:00
Bodo Möller
e74231ed9e
rndsort{Miller, Rabin} primality test.
2000-02-02 21:20:44 +00:00
Bodo Möller
2c5fe5b12a
Change log entry completed.
2000-02-01 07:50:42 +00:00
Ulf Möller
8efb60144d
EBCDIC support.
...
Submitted by: Martin Kraemer <martin.kraemer@mch.sni.de>
2000-02-01 02:21:16 +00:00
Ulf Möller
98d0b2e375
Note changes.
2000-01-30 23:34:33 +00:00
Bodo Möller
cdd43b5ba5
Documentation for BN_is_prime_fasttest.
2000-01-30 11:05:39 +00:00
Bodo Möller
1baa94907c
Make output of "openssl dsaparam 1024" more interesting :-)
2000-01-30 03:32:28 +00:00
Bodo Möller
7865b871c0
Tiny changes to previous patch (the log message was meant to be
...
"Make DSA_generate_parameters faster").
2000-01-30 02:40:38 +00:00
Bodo Möller
a87030a1ed
Make DSA_generate_parameters, and fix a couple of bug
...
(including another problem in the s3_srvr.c state machine).
2000-01-30 02:23:03 +00:00
Dr. Stephen Henson
e1314b5716
Fix CRL encoding bug.
2000-01-29 00:00:26 +00:00
Bodo Möller
07e6dbde66
more information on 0.9.5
2000-01-28 21:26:30 +00:00
Dr. Stephen Henson
90644dd74d
New -pkcs12 option to CA.pl.
...
Document CA.pl script.
Initialise and free up the extra DH fields
(nothing uses them yet though).
2000-01-28 01:35:31 +00:00
Ulf Möller
38e33cef15
Document DSA and SHA.
...
New function BN_pseudo_rand().
Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
generating DSA primes (why not use BN_is_prime()?)
2000-01-27 19:31:26 +00:00
Ulf Möller
e93f9a3284
Run ispell.
...
Clean up bn_mont.c.
2000-01-27 01:50:42 +00:00
Bodo Möller
2557eaeac8
Avoid a race condition.
2000-01-24 17:57:56 +00:00
Bodo Möller
a46faa2bfd
Improve clarity.
2000-01-24 16:02:29 +00:00
Bodo Möller
aabbb7451b
Document RAND_load_file change.
2000-01-24 14:42:26 +00:00
Dr. Stephen Henson
dd9d233e2a
Tidy up CRYPTO_EX_DATA structures.
2000-01-23 23:41:49 +00:00
Dr. Stephen Henson
fabce04122
Make s_server, s_client check cipher list return codes.
...
Update docs.
2000-01-23 02:28:08 +00:00
Ulf Möller
4486d0cd7a
Document the DH library, and make some minor changes along the way.
2000-01-22 20:05:23 +00:00
Dr. Stephen Henson
09483c58e3
Add new program dhparam and update docs.
2000-01-22 13:58:29 +00:00
Dr. Stephen Henson
bda70ed430
Gets Lutz Jaenicke's name right this time :-)
...
Apologies to both concerned.
2000-01-22 12:49:48 +00:00
Dr. Stephen Henson
018e57c74d
Apply Lutz Behnke's 56 bit cipher patch with a few
...
minor changes.
Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.
2000-01-22 03:17:06 +00:00
Dr. Stephen Henson
8100490a72
Make -CAcreateserial start from 1 instead of 0 for
...
serial numbers.
2000-01-21 02:42:14 +00:00
Ulf Möller
e7f97e2d22
Check RAND_bytes() return value or use RAND_pseudo_bytes().
2000-01-21 01:15:56 +00:00
Dr. Stephen Henson
6e6bc352b1
Finish off the X509_ATTRIBUTE string stuff.
2000-01-20 01:37:17 +00:00
Dr. Stephen Henson
77b47b9036
Rename X509_att*() stuff to X509at_*(), add X509_REQ wrappers.
2000-01-19 01:02:13 +00:00
Ulf Möller
aa82db4fb4
Add missing #ifndefs that caused missing symbols when building libssl
...
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
2000-01-16 21:10:00 +00:00
Ulf Möller
373b575f5a
New function RAND_pseudo_bytes() generated pseudorandom numbers that
...
are not guaranteed to be unpredictable.
2000-01-16 15:58:17 +00:00
Bodo Möller
0983760dfc
note about things still to do with RAND_bytes
2000-01-13 21:20:26 +00:00
Bodo Möller
a873356c00
Use CRYPTO_push_info to find a memory leak in pkcs12.c.
2000-01-13 21:10:43 +00:00
Ulf Möller
eb952088f0
Precautions against using the PRNG uninitialized: RAND_bytes() now
...
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
2000-01-13 20:59:17 +00:00
Bodo Möller
76aa0ddc86
Turn BN_prime_checks into a macro.
...
Primes p where (p-1)/2 is prime too are called "safe", not "strong".
2000-01-12 11:57:30 +00:00
Richard Levitte
de73e397f8
Added a comment about Win32.
2000-01-11 22:32:37 +00:00
Richard Levitte
cbfa4c32c0
Add more info to the memory allocation change log.
...
Suggested by Bodo.
2000-01-11 22:16:12 +00:00
Bodo Möller
3cc6cdea0f
The buffer in ss3_read_n cannot actually occur because it is never
...
called with max > n when extend is set.
2000-01-11 08:09:27 +00:00
Bodo Möller
c51ae173a6
Clean up some of the SSL server code.
2000-01-11 01:07:26 +00:00
Dr. Stephen Henson
25f923ddd1
New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code.
...
Remove references to 'TXT' in -inform and -outform switches.
2000-01-09 14:21:40 +00:00
Dr. Stephen Henson
dad666fbbe
Add PKCS#12 manpage and use MAC iteration counts by default.
2000-01-08 03:16:04 +00:00
Ulf Möller
0f583f69f3
Honor the no-xxx Configure options when creating .DEF files.
2000-01-07 03:17:47 +00:00
Dr. Stephen Henson
35f4850ae0
More X509_ATTRIBUTE changes.
2000-01-07 00:55:54 +00:00
Dr. Stephen Henson
b38f9f66c3
Initial automation changes to 'req' and X509_ATTRIBUTE functions.
2000-01-06 01:26:48 +00:00
Bodo Möller
ca03109c3a
New functions SSL_get_finished, SSL_get_peer_finished.
...
Add short state string for MS SGC.
2000-01-06 01:19:17 +00:00
Bodo Möller
f2d9a32cf4
Use separate arrays for certificate verify and for finished hashes.
2000-01-06 00:24:24 +00:00
Andy Polyakov
bdf5e18317
Enhanced support for Alpha Linux. See CHANGES for details.
2000-01-02 20:46:58 +00:00
Dr. Stephen Henson
3d14b9d04a
Add support for MS "fast SGC".
2000-01-02 18:52:58 +00:00
Dr. Stephen Henson
20432eae41
Fix some of the command line password stuff. New function
...
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
2000-01-01 16:42:49 +00:00
Bodo Möller
47134b7864
Don't request client certificate in anonymous ciphersuites
...
except when following the specs is bound to fail.
1999-12-29 17:43:03 +00:00
Bodo Möller
45fd4dbb84
Fix SSL_CTX_add_session: When two SSL_SESSIONs have the same ID,
...
they can sometimes be different memory structures.
1999-12-29 14:29:32 +00:00
Dr. Stephen Henson
f45f40ffff
Add OIDs for idea and blowfish. Unfortunately these are in
...
the middle of the OID table so the diff is rather large :-(
1999-12-29 02:59:18 +00:00
Dr. Stephen Henson
6447cce372
Simplify the trust structure: basically zap the bit strings and
...
represent everything by OIDs.
1999-12-29 00:40:28 +00:00
Dr. Stephen Henson
e6f3c5850e
New {i2d,d2i}_PrivateKey_{bio, fp} functions.
1999-12-26 19:20:03 +00:00
Dr. Stephen Henson
36217a9424
Allow passwords to be included on command line for a few
...
more utilities.
1999-12-24 23:53:57 +00:00
Dr. Stephen Henson
525f51f6c9
Add PKCS#8 utility functions and add PBE options.
1999-12-23 02:02:42 +00:00
Bodo Möller
78baa17ad0
Correct spelling, and don't abuse grave accent as left quote
...
(which was allowed by old ASCII definitions but is not compatible
with ISO 8859-1, ISO 10646 etc.).
1999-12-22 16:10:44 +00:00
Dr. Stephen Henson
e76f935ead
Support for ASN1 NULL type.
1999-12-22 01:39:23 +00:00
Andy Polyakov
099f1b32c8
Initial support for MacOS is now available
...
Submitted by: Roy Woods <roy@centricsystems.ca>
Reviewed by: Andy Polyakov
1999-12-19 16:17:45 +00:00
Richard Levitte
f3a2a04496
- Added more documentation in CHANGES.
...
- Made CRYPTO_MDEBUG even less used in crypto.h, giving
MemCheck_start() and MemCheck_stop() only one possible definition.
- Made the values of the debug function pointers in mem.c dependent
on the existence of the CRYPTO_MDEBUG macro, and made the rest of
the code understand the NULL case.
That's it. With this code, the old behvior of the debug functionality
is restored, but you can still opt to have it on, even when the
library wasn't compiled with a defined CRYPTO_MDEBUG.
1999-12-18 02:34:37 +00:00
Richard Levitte
d8df48a9bc
- Made sure some changed behavior is documented in CHANGES.
...
- Moved the handling of compile-time defaults from crypto.h to
mem_dbg.c, since it doesn't make sense for the library users to try
to affect this without recompiling libcrypto.
- Made sure V_CRYPTO_MDEBUG_TIME and V_CRYPTO_MDEBUG_THREAD had clear
and constant definitions.
- Aesthetic correction.
1999-12-18 01:14:39 +00:00
Richard Levitte
9ac42ed8fc
Rebuild of the OpenSSL memory allocation and deallocation routines.
...
With this change, the following is provided and present at all times
(meaning CRYPTO_MDEBUG is no longer required to get this functionality):
- hooks to provide your own allocation and deallocation routines.
They have to have the same interface as malloc(), realloc() and
free(). They are registered by calling CRYPTO_set_mem_functions()
with the function pointers.
- hooks to provide your own memory debugging routines. The have to
have the same interface as as the CRYPTO_dbg_*() routines. They
are registered by calling CRYPTO_set_mem_debug_functions() with
the function pointers.
I moved everything that was already built into OpenSSL and did memory
debugging to a separate file (mem_dbg.c), to make it clear what is
what.
With this, the relevance of the CRYPTO_MDEBUG has changed. The only
thing in crypto/crypto.h that it affects is the definition of the
MemCheck_start and MemCheck_stop macros.
1999-12-17 12:56:24 +00:00
Dr. Stephen Henson
b216664f66
Various S/MIME fixes.
1999-12-11 20:04:06 +00:00
Dr. Stephen Henson
d8223efd04
Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs.
...
Also fix a memory leak in PKCS#7 routines.
1999-12-10 13:46:48 +00:00
Dr. Stephen Henson
5a9a4b299c
Merge in my S/MIME library and utility.
1999-12-05 00:40:59 +00:00
Bodo Möller
cddfe788fb
Add functions des_set_key_checked, des_set_key_unchecked.
...
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
1999-12-03 20:24:21 +00:00
Dr. Stephen Henson
21131f00d7
New function PKC12_newpass()
1999-12-03 03:46:18 +00:00
Dr. Stephen Henson
dd4134101f
Change the trust and purpose code so it doesn't need init
...
either and has a static and dynamic mix.
1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
08cba61011
Modify the X509 V3 extension lookup code.
1999-12-01 01:49:46 +00:00
Ben Laurie
fea9afbfc7
Make salting the default. Fail gracefully if the input is not salted.
1999-11-30 20:15:19 +00:00
Dr. Stephen Henson
bb7cd4e3eb
Remainder of SSL purpose and trust code: trust and purpose setting in
...
SSL_CTX and SSL, functions to set them and defaults if no values set.
1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
51630a3706
Add trust setting support to the verify code. It now checks the
...
trust settings of the root CA.
After a few fixes it seems to work OK.
Still need to add support to SSL and S/MIME code though.
1999-11-27 19:43:10 +00:00
Dr. Stephen Henson
9868232ae1
Initial trust code: allow setting of trust checking functions
...
in a table. Doesn't do too much yet.
Make the -<digestname> options in 'x509' affect all relevant
options.
Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.
A few constification changes.
1999-11-27 01:14:04 +00:00
Dr. Stephen Henson
d4cec6a13d
New options to the -verify program which can be used for chain verification.
...
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
1999-11-26 00:27:07 +00:00
Dr. Stephen Henson
1126239111
Initial chain verify code: not tested probably not working
...
at present. However nothing enables it yet so this doesn't
matter :-)
1999-11-24 01:31:49 +00:00
Dr. Stephen Henson
6d3724d3b0
Support for authority information access extension.
...
Fix so EVP_PKEY_rset_*() check return codes.
1999-11-23 18:50:28 +00:00
Dr. Stephen Henson
52664f5081
Transparent support for PKCS#8 private keys in RSA/DSA.
...
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
1999-11-21 22:28:31 +00:00
Dr. Stephen Henson
a716d72734
Support for otherName in GeneralName.
1999-11-19 02:19:58 +00:00
Dr. Stephen Henson
f76d8c4747
Modify verify code to handle self signed certificates.
1999-11-17 01:20:29 +00:00
Bodo Möller
b1fe6ca175
Store verify_result with sessions to avoid potential security hole.
1999-11-16 23:15:41 +00:00
Dr. Stephen Henson
91895a5938
Fix for a bug in PKCS#7 code and non-detached data.
...
Remove rc4-64 from ciphers since it doesn't exist...
1999-11-16 14:54:50 +00:00
Dr. Stephen Henson
fd699ac55f
Add a salt to the key derivation using the 'enc' program.
1999-11-16 02:49:25 +00:00
Dr. Stephen Henson
e947f39689
New function X509_cmp().
1999-11-16 00:56:03 +00:00
Mark J. Cox
b7cfcfb7f8
This corrects the reference count handling in SSL_get_session.
...
Previously, the returned SSL_SESSION didn't have its reference count
incremented so the SSL_SESSION could be freed at any time causing
seg-faults if the pointer was subsequently used. Code that uses
SSL_get_session must now make a corresponding SSL_SESSION_free() call when
it is done to avoid memory leaks (or blocked up session caches).
Submitted By: Geoff Thorpe <geoff@eu.c2.net>
1999-11-15 16:31:31 +00:00
Dr. Stephen Henson
06556a1744
'req' fixes. Reinstate length check one request fields.
...
Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
1999-11-14 23:10:50 +00:00
Dr. Stephen Henson
a0e9f529a4
Add support for the 40 and 64 bit RC2 and RC4 ciphers in 'enc'
...
add documentation for 'enc'.
1999-11-14 03:23:17 +00:00
Richard Levitte
71d7526b72
Avoid some silly compiler warnings, and add the change log I forgot :-)
1999-11-12 03:12:46 +00:00
Dr. Stephen Henson
954ef7ef69
Merge some common functionality in the apps, delete
...
the encryption option in the pkcs7 utility (they never
did anything) and add a couple more options to pkcs7.
1999-11-12 01:42:25 +00:00
Dr. Stephen Henson
af29811edd
Add password command line options to some utils. Fix and update man
...
pages.
1999-11-11 18:41:31 +00:00
Dr. Stephen Henson
aba3e65f2c
Very preliminary POD format documentation for some
...
of the openssl utility commands...
1999-11-10 02:52:17 +00:00
Dr. Stephen Henson
a0ad17bb6c
Fix to the -revoke option in ca. It was leaking memory, crashing and just
...
plain not working :-(
Also fix some memory leaks in the new X509_NAME code.
Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
1999-11-08 13:58:08 +00:00
Dr. Stephen Henson
ce1b4fe146
Allow additional information to be attached to a
...
certificate: currently this includes trust settings
and a "friendly name".
1999-11-04 00:45:35 +00:00
Mark J. Cox
ce2c95b2a2
Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). The
...
problem was that one of the replacement routines had not been working since
SSLeay releases. For now the offending routine has been replaced with
non-optimised assembler. Even so, this now gives around 95% performance
improvement for 1024 bit RSA signs.
1999-11-03 14:10:10 +00:00
Dr. Stephen Henson
9716a8f9f2
Fix to PKCS#7 routines so it can decrypt some oddball RC2 handling.
1999-10-29 13:06:25 +00:00
Dr. Stephen Henson
74400f7348
Continued multibyte character support.
...
Add a bunch of functions to simplify the creation of X509_NAME structures.
Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
1999-10-27 00:15:11 +00:00
Bodo Möller
62ac293801
Always hash the pid in the first iteration in ssleay_rand_bytes,
...
don't try to detect fork()s by looking at getpid().
The reason is that threads sharing the same memory can have different
PIDs; it's inefficient to run RAND_seed each time a different thread
calls RAND_bytes.
1999-10-26 16:26:48 +00:00
Bodo Möller
c1e744b912
Make md_rand.c more robust.
1999-10-26 14:49:12 +00:00
Bodo Möller
99e87569fd
Don't be overly paranoid.
1999-10-26 11:19:42 +00:00
Bodo Möller
a31011e8e0
Various randomness handling bugfixes and improvements --
...
some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.
1999-10-26 01:56:29 +00:00
Dr. Stephen Henson
462f79ec44
New function ASN1_mbstring_copy() to handle ASN1 string copying. Ultimately
...
this will be used to clear up the horrible DN mess.
1999-10-21 13:20:49 +00:00
Dr. Stephen Henson
08e9c1af6c
Replace the macros in asn1.h with function equivalents. Also make UTF8Strings
...
tolerated in certificates.
1999-10-20 01:50:23 +00:00
Dr. Stephen Henson
673b102c5b
Initial support for certificate purpose checking: this will
...
ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.
1999-10-13 01:11:56 +00:00
Dr. Stephen Henson
56a3fec1b1
Add EX_DATA support to X509.
...
Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.
1999-10-11 01:30:04 +00:00
Dr. Stephen Henson
4654ef985b
New functions to parse and get extensions.
1999-10-09 02:54:10 +00:00
Andy Polyakov
7e102e28e1
RC4 tune-up featuring 30-40% performance improvement on most RISC
...
platforms. See crypto/rc4/rc4_enc.c for further details.
1999-10-07 12:10:26 +00:00
Dr. Stephen Henson
d71c6bc5a4
Fix for bug in pkcs12 program and typo in ASN1_tag2str().
1999-10-05 13:10:21 +00:00
Dr. Stephen Henson
2d681b779c
Fix for bug in pkcs12 program and typo in ASN1_tag2str().
1999-10-05 12:57:50 +00:00
Dr. Stephen Henson
3908cdf442
New option -dhparam to s_server to allow the DH parameter file to be set
...
explicitly. Previously it couldn't be changed because it was hard coded as
"server.pem".
1999-10-04 23:56:06 +00:00
Dr. Stephen Henson
3ea23631d4
Add support for public key input and output in rsa and dsa utilities with some
...
new DSA public key functions that were missing.
Also beginning of a cache for X509_EXTENSION structures: this will allow them
to be accessed more quickly for things like certificate chain verification...
1999-10-04 21:17:47 +00:00
Dr. Stephen Henson
393f2c651d
Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message
...
contains no certificates.
Also fix typo in RANLIB changes.
1999-10-04 12:08:59 +00:00
Dr. Stephen Henson
4579dd5dc6
Fix for base64 BIO decoding bug
1999-10-02 13:33:06 +00:00
Bodo Möller
0f7e6fe10c
Fix typo that I introduced when reformatting lines.
1999-09-24 20:24:24 +00:00
Bodo Möller
96c2201bef
Keep line lengths < 80 characters.
1999-09-21 13:33:15 +00:00
Dr. Stephen Henson
06f4536a61
Fix to make s_client and s_server work under Windows. A bit of a hack but
...
an improvement on not working at all.
1999-09-20 22:09:17 +00:00
Dr. Stephen Henson
1c80019a2c
Add new sign and verify members to RSA_METHOD and change SSL code to use sign
...
and verify rather than direct encrypt/decrypt.
1999-09-18 22:37:44 +00:00
Dr. Stephen Henson
090d848ea8
Various CRL enhancements tidies and workaround for broken CRLs.
1999-09-18 01:42:02 +00:00
Bodo Möller
6f7af1524e
Use non-copying BIO interface in ssltest.c.
1999-09-10 14:03:21 +00:00
Bodo Möller
396f631458
some more patches for avoiding problems with non-automatic variables
1999-09-08 21:58:13 +00:00
Dr. Stephen Henson
4a61a64f50
This is preliminary support for an "RSA null" cipher. Unfortunately when
...
OpenSSL is compiled with NO_RSA, no RSA operations can be used: including
key generation storage and display of RSA keys. Since these operations are
not covered by the RSA patent (my understanding is it only covers encrypt,
decrypt, sign and verify) they can be included: this is an often requested
feature, attempts to use the patented operations return an error code.
This is enabled by setting RSA_NULL. This means that if a particular application
has its own legal US RSA implementation then it can use that instead by setting
it as the default RSA method.
Still experimental and needs some fiddling of the other libraries so they have
some options that don't attempt to use RSA if it isn't allowed.
1999-09-08 18:02:25 +00:00
Bodo Möller
c1082a90bb
Non-copying interface to BIO pairs.
...
It's still totally untested ...
1999-09-07 21:37:09 +00:00
Dr. Stephen Henson
a785abc324
New function to convert ASN1 tag values to strings. Also fix typo in asn1.h
1999-09-07 12:16:29 +00:00
Dr. Stephen Henson
aef838fc95
New UTF8 utility functions to parse/generate UTF8 strings.
1999-09-04 17:19:55 +00:00
Bodo Möller
074309b7ee
Fix server behaviour when facing backwards-compatible client hellos.
1999-09-03 16:33:11 +00:00
Dr. Stephen Henson
8ce97163a2
Add new 'spkac' utility and several SPKAC utility functions.
1999-09-03 01:08:34 +00:00
Andy Polyakov
2d4287da34
RIPEMD160 shape-up. Final touch.
1999-08-28 13:18:25 +00:00
Dr. Stephen Henson
87a25f9032
Allow the extension section specified in config files to be overridden
...
on the command line for various utilities.
1999-08-27 00:08:17 +00:00
Dr. Stephen Henson
f9150e5421
Allow the 1.OU="my OU" syntax in 'ca' for SPKACs.
1999-08-25 23:18:23 +00:00
Dr. Stephen Henson
c79b16e11d
Allow extensions to be added to certificate requests, update the sample
...
config file (change RAW to DER).
1999-08-25 16:59:26 +00:00
Dr. Stephen Henson
7b65c3298f
Fix for a bug which meant encrypting BIOs sometimes wouldn't read the final
...
block.
1999-08-24 13:21:35 +00:00
Dr. Stephen Henson
13066cee60
Initial support for DH_METHOD. Also added a DH lock. A few changes made to
...
DSA_METHOD to make it more consistent with RSA_METHOD.
1999-08-23 23:11:32 +00:00
Dr. Stephen Henson
c0711f7f0f
Initial support for DSA_METHOD...
1999-08-22 17:57:38 +00:00
Dr. Stephen Henson
8484721adb
Allow memory bios to be read only and change PKCS#7 routines to use them.
1999-08-19 13:07:43 +00:00
Bodo Möller
de1915e48c
Fix horrible (and hard to track down) bug in ssl23_get_client_hello:
...
In case of a restart, v[0] and v[1] were incorrectly initialised.
This was interpreted by ssl3_get_client_key_exchange as an RSA decryption
failure (don't ask me why) and caused it to create a _random_ master key
instead (even weirder), which obviously led to incorrect input to
ssl3_generate_master_secret and thus caused "block cipher pad is
wrong" error messages from ssl3_enc for the client's Finished message.
Arrgh.
1999-08-18 17:14:42 +00:00
Dr. Stephen Henson
c6c3450643
Fix PKCS7_ENC_CONTENT_new() to include a sensible default content type and add
...
support for encrypted content type in PKCS7_set_content().
1999-08-17 12:58:01 +00:00
Dr. Stephen Henson
fd52057729
Add functions to allow extensions to be added to certificate requests.
...
Modify obj_dat.pl to take its files from the command line. Usage is now
perl obj_dat.pl objects.h obj_dat.h
this should avoid redirection shell escape problems under Win32.
1999-08-11 13:08:58 +00:00
Dr. Stephen Henson
87c49f622e
Support for parsing of certificate extensions in PKCS#10 requests: these are
...
used by things like Xenroll. Also include documentation for extendedKeyUsage
extension.
1999-08-09 22:38:05 +00:00
Bodo Möller
1b1a6e7808
-crlf option.
1999-08-09 13:01:48 +00:00
Ralf S. Engelschall
d91e201e96
Bump after tarball rolling.
...
Friends, feel free to start again hacking for 0.9.5... ;)
1999-08-09 11:14:08 +00:00
Bodo Möller
9a577e29e8
spelling
1999-08-08 22:41:24 +00:00
Ralf S. Engelschall
dfbaf95618
Install libRSAglue.a when OpenSSL is build with RSAref.
...
This should now finally make the RSAref users happy...
1999-08-08 19:12:26 +00:00
Ralf S. Engelschall
9639515871
A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
...
Hint from: Andrija Antonijevic <TheAntony2@bigfoot.com>
1999-08-08 10:15:43 +00:00
Dr. Stephen Henson
ed7f60fbf9
Fix -startdate and -enddate arguments to 'ca' program. Also update NEWS file
...
with some 0.9.4 changes.
1999-08-06 21:47:09 +00:00
Bodo Möller
48c843c367
New function DSA_dup_DH, and fixes for bugs that were found
...
while implementing and using it.
1999-08-05 11:50:18 +00:00
Bodo Möller
41a6fdea80
0.9.4 won't be completed in July ...
1999-08-03 12:24:14 +00:00
Dr. Stephen Henson
922180d794
Allow the PKCS#7 (S/MIME encrypt) application to support more than one
...
recipient.
1999-07-30 01:12:46 +00:00
Bodo Möller
571199434c
Always use buildinf.h, which now includes the mk1mfinf.h data.
...
Using different files caused problems because the dependencies
in the Makefiles produced by mk1mf.pl were for the standard case,
i.e. mentioned buildinf.h and not mk1mfinf.h.
1999-07-29 12:57:23 +00:00
Dr. Stephen Henson
3e3d2ea2fc
New function OBJ_obj2txt()
1999-07-27 22:22:58 +00:00
Dr. Stephen Henson
770d19b862
New RSA flag RSA_FLAG_EXT_PKEY, to always call rsa_mod_exp.
1999-07-27 21:58:08 +00:00
Bodo Möller
2e0fc87599
Use correct CFLAG definition for makefile.one builds.
1999-07-27 09:10:36 +00:00
Andy Polyakov
a0618e3e5e
Added support for SPARC Linux.
1999-07-25 15:13:49 +00:00
Bodo Möller
74678cc2f8
Additional user data argument to pem_password_cb function type
...
and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>
1999-07-21 20:57:16 +00:00