Commit graph

639 commits

Author SHA1 Message Date
Bodo Möller
affadbef0b Consistency 2000-09-04 15:47:17 +00:00
Bodo Möller
bbb8de0966 Avoid abort() throughout the library, except when preprocessor
symbols for debugging are defined.
2000-09-04 15:34:43 +00:00
Dr. Stephen Henson
bd08a2bd0c Add 'rsautl' low level RSA utility.
Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.
2000-09-03 23:13:48 +00:00
Bodo Möller
a545c6f6b1 QNX 4 support. 2000-09-01 09:54:25 +00:00
Ben Laurie
7049ef5f90 Add demo state machine. 2000-08-30 18:14:28 +00:00
Dr. Stephen Henson
7df1c720f6 Fix typo in i2d_ASN1_ENUMERATED
Fix bug in read only memory BIOs so BIO_reset() works.

Add sign and verify options to dgst utility, need
to update docs.
2000-08-30 16:14:29 +00:00
Dr. Stephen Henson
d096b524af Add support for 'other' PKCS#7 content types. 2000-08-22 22:20:25 +00:00
Dr. Stephen Henson
469938cb40 Fixes to d2i_ASN1_OBJECT, ASN1_INTEGER_to_BN and a_strex.c 2000-08-22 12:54:21 +00:00
Dr. Stephen Henson
eaa2818189 Various fixes...
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
2000-08-21 22:02:23 +00:00
Richard Levitte
bb531a0a1c Assar wanted an address change. 2000-08-18 09:50:41 +00:00
Richard Levitte
e6629837a9 Added BIO_vprintf() and BIO_vsnprintf(). The former because I've
found myself needing it a number of times, the latter for completeness.
2000-08-18 09:36:59 +00:00
Richard Levitte
6fd5a04729 Document the added diversity to the possible log levels. 2000-08-17 23:27:03 +00:00
Richard Levitte
368f85545e Document the reconfiguratoin option for Configure. 2000-08-17 10:25:46 +00:00
Richard Levitte
3009458e2f MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test 2000-08-14 14:05:53 +00:00
Richard Levitte
88364bc2bc The pkcs12 had no way of getting a CA file or path to be used when
building a complete chain.  Now added through the -CAfile and -CApath
arguments.
2000-08-11 19:43:20 +00:00
Dr. Stephen Henson
d4fbe3182d Fix for bad sorting of object names.
Add warning print out if duplicate names found:
should end up as a fatal error but a warning for
now until they problems are fixed...
2000-08-06 18:43:32 +00:00
Dr. Stephen Henson
2d978cbd30 Changes needed for Tandem NSK, supplied by Scott Uroff (scott@xypro.com).
Fix warnings with BIO_dump_indent().
2000-08-04 00:01:39 +00:00
Bodo Möller
aa826d88e1 Document rollback issues. 2000-07-29 19:27:20 +00:00
Bodo Möller
37569e64e8 Fix SSL 2.0 rollback checking: The previous implementation of the
test was never triggered due to an off-by-one error.

In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.
2000-07-29 18:50:41 +00:00
Dr. Stephen Henson
a657546f9c New ASN1_STRING_print_ex() and X509_NAME_print_ex()
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.

The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).

Still needs to be documented, integrated into other
utilities and extensively tested.
2000-07-28 01:58:15 +00:00
Richard Levitte
ca1e465f6d Add the possibility to get hexdumps of unprintable data when using
'openssl asn1parse'.  As a side effect, the functions ASN1_parse_dump
and BIO_dump_indent are added.
2000-07-27 17:28:25 +00:00
Dr. Stephen Henson
284ef5f357 Make NEG_PUBKEY_BUG on by default.
ASN1_TIME fixes.

New function c2i_ASN1_OBJECT().
2000-07-26 01:18:37 +00:00
Bodo Möller
fa729135d8 crypto/err.c bugfix 2000-07-21 15:17:04 +00:00
Richard Levitte
b436a98257 Redo and enhance the support for building shared libraries. Currently
there's support for building under Linux and True64 (using examples
from the programming manuals), including versioning that is currently
the same as OpenSSL versions but should really be a different series.

With this change, it's up to the users to decide if they want shared
libraries as well as the static ones.  This decision now has to be
done at configuration time (well, not really, those who know what they
do can still do it the same way as before).

The OpenSSL programs (openssl and the test programs) are currently
always linked statically, but this may change in the future in a
configurable manner.  The necessary makefile variables to enable this
are in place.

Also note that I have done absolutely nothing about the Windows target
to get something similar.  On the other hand, DLLs are already the
default there, but without versioning, and I've no idea what the
possibilities for such a thing are there...
2000-07-21 15:08:53 +00:00
Ulf Möller
c0722725f9 Randomness polling function for Win9x. 2000-07-19 21:35:35 +00:00
Dr. Stephen Henson
fd13f0ee52 Make req seed the PRNG if signing with
an already existing DSA key.

Document the new smime options.
2000-07-12 23:55:30 +00:00
Dr. Stephen Henson
094fe66d9f Fix some typose in the i2d/d2i functions that
call the i2c/c2i (they were not using the
content length for the headers).

Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.

New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.
2000-07-10 18:33:05 +00:00
Dr. Stephen Henson
a338e21bd1 New ASN1 functions that just deal with
content octets, not tag+length.
2000-07-07 13:24:36 +00:00
Richard Levitte
d5870bbe23 Document the change. 2000-07-05 02:52:47 +00:00
Richard Levitte
f365611ca3 Undo the changes I just made. I'm not sure what I was thinking of.
The message to everyone is "Do not hack OpenSSL when stressed"...
2000-06-28 16:47:45 +00:00
Richard Levitte
523c83ec9a Document my latest changes. 2000-06-28 16:24:29 +00:00
Bodo Möller
1f4643a2f4 BSD-style MD5-based password algorithm in 'openssl passwd'.
(Still needs to be tested against the original using sample passwords
of different length.)
2000-06-23 18:00:16 +00:00
Richard Levitte
1023b1220e Document the change in req. 2000-06-22 21:17:46 +00:00
Richard Levitte
fb0b844a7d Document the change in req. 2000-06-22 09:19:59 +00:00
Dr. Stephen Henson
4dd4535441 Change mkstack.pl so it now sorts each group
into lexical order. Previously it depended on
the order of files in the directory.

This should now mean that all systems will
agree on the order of safestack.h and will
not change it needlessly and avoid massive
needless commits to safestack.h in future.

It wont however avoid this one :-(
2000-06-22 00:34:27 +00:00
Dr. Stephen Henson
130832150c Fixes for Win32 build.
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).

Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.

The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.

Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
2000-06-21 02:25:30 +00:00
Dr. Stephen Henson
7ef8206859 Handle ASN1_SET_OF and PKCS12_STACK_OF using function
casts in the same way as STACK_OF.
2000-06-20 18:45:28 +00:00
Dr. Stephen Henson
3aceb94b9e Safe stack reorganisation in terms of function casts.
After some messing around this seems to work but needs
a few more tests. Working out the syntax for sk_set_cmp_func()
(cast it to a function that itself returns a function pointer)
was painful :-(

Needs some testing to see what other compilers think of this
syntax.

Also needs similar stuff for ASN1_SET_OF etc etc.
2000-06-16 23:29:26 +00:00
Dr. Stephen Henson
d3ed8ceb3d Add support for the modified SGC key format used in IIS. 2000-06-15 23:48:05 +00:00
Dr. Stephen Henson
e366f2b876 Fix evp_locl.h macros.
Documentation correction.
2000-06-11 15:43:17 +00:00
Dr. Stephen Henson
a91dedca48 Document EVP routines. Change EVP_SealInit() and EVP_OpenInit()
to support multiple calls.

New function to retrieve email address from certificates and
requests.
2000-06-11 12:18:15 +00:00
Bodo Möller
482a9d41b9 In longer tests with g=2, DH exchange does not become quite as fast
as expected -- maybe it's the different processor, maybe my
previous timings were too inaccurate.
2000-06-10 12:05:52 +00:00
Bodo Möller
a71e2621bc BN_mod_exp_mont_word entry:
Don't give performance gain estimates that appear to be more precise
than they really are, especially when they are wrong
(2/(1/1.15 + 1) = ca. 1.0698).
2000-06-10 10:08:31 +00:00
Bodo Möller
dc434bbcb0 Slightly faster DSA verification (BN_mod_exp2_mont),
marginally faster BN_mod_exp for 1024 bit exponents.
2000-06-08 20:26:03 +00:00
Bodo Möller
947b3b8baf Add entry that Richard forgot. 2000-06-08 15:01:14 +00:00
Bodo Möller
f8989a2155 Use the equivalent of a sliding window (without precomputation
because we're only handling words anyway) in BN_mod_exp_mont_word
making it a little faster for very small exponents,
and adjust the performance gain estimate in CHANGES according
to slightly more thorough measurements.
(15% faster than BN_mod_exp_mont for "large" base,
20% faster than BN_mod_exp_mont for small base.)
2000-06-08 09:39:28 +00:00
Bodo Möller
6dad7bd69c Speed up DH with small generator. 2000-06-07 21:29:25 +00:00
Ulf Möller
be5d92e014 CygWin32 support.
Submitted by: John Jarvie <jjarvie@newsguy.com>
2000-06-03 23:23:10 +00:00
Geoff Thorpe
e41c8d6ad4 This change will cause builds (by default) to not use different STACK
structures and functions for each stack type. The previous behaviour
can be enabled by configuring with the "-DDEBUG_SAFESTACK" option.
This will also cause "make update" (mkdef.pl in particular) to
update the libeay.num and ssleay.num symbol tables with the number of
extra functions DEBUG_SAFESTACK creates.

The way this change works is to accompany each DECLARE_STACK_OF()
macro with a set of "#define"d versions of the sk_##type##_***
functions that ensures all the existing "type-safe" stack calls are
precompiled into the underlying stack calls. The presence or abscence
of the DEBUG_SAFESTACK symbol controls whether this block of
"#define"s or the DECLARE_STACK_OF() macro is taking effect. The
block of "#define"s is in turn generated and maintained by a perl
script (util/mkstack.pl) that encompasses the block with delimiting
C comments. This works in a similar way to the auto-generated error
codes and, like the other such maintenance utilities, is invoked
by the "make update" target.

A long (but mundane) commit will follow this with the results of
"make update" - this will include all the "#define" blocks for
each DECLARE_STACK_OF() statement, along with stripped down
libeay.num and ssleay.num files.
2000-06-01 05:13:52 +00:00
Geoff Thorpe
ccd86b68ef The previous commit to crypto/stack/*.[ch] pulled the type-safety strings
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;

X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).

Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
2000-06-01 02:36:58 +00:00
Bodo Möller
361ee9733f Improve PRNG robustness. 2000-05-30 21:44:36 +00:00
Dr. Stephen Henson
49528751b8 More EVP cipher revision.
Change EVP_SealInit() and EVP_OpenInit() to
handle cipher parameters.

Make it possible to set RC2 and RC5 params.

Make RC2 ASN1 code use the effective key bits
and not the key length.

TODO: document how new API works.
2000-05-30 18:26:22 +00:00
Dr. Stephen Henson
57ae2e2428 Fourth phase EVP revision.
Declare ciphers in terms of macros. This reduces
the amount of code and places each block cipher EVP
definition in a single file instead of being spread
over 4 files.
2000-05-30 02:10:57 +00:00
Dr. Stephen Henson
360370d953 Third phase of EVP cipher overhaul.
Remove duplicated code in EVP.
2000-05-28 12:44:46 +00:00
Bodo Möller
1fab73ac85 Bugfix: clear error queue after ignoring ssl_verify_cert_chain result. 2000-05-27 22:25:01 +00:00
Dr. Stephen Henson
be06a9348d Second phase of EVP cipher overhaul.
Change functions like EVP_EncryptUpdate() so they now return a
value. These normally have software only implementations
which cannot fail so this was acceptable. However ciphers
can be implemented in hardware and these could return errors.
2000-05-27 12:38:43 +00:00
Dr. Stephen Henson
7f0606016c Beginnings of EVP cipher overhaul. This should eventually
enhance and tidy up the EVP interface.

This patch adds initial support for variable length ciphers
and changes S/MIME code to use this.

Some other library functions need modifying to support use
of modified cipher parameters.

Also need to change all the cipher functions that should
return error codes, but currenly don't.

And of course it needs extensive testing...
2000-05-26 23:51:35 +00:00
Bodo Möller
2c05c494c0 Implement SSL_OP_TLS_ROLLBACK_BUG for servers.
Call dh_tmp_cb with correct 'is_export' flag.

Avoid tabs in CHANGES.
2000-05-25 09:50:40 +00:00
Dr. Stephen Henson
b4b41f48d1 Add DSA library string. Workaround for IIS .key file invalid
ASN1 encoding.
2000-05-24 13:09:59 +00:00
Richard Levitte
6d7cce481e Add a note about the new document. 2000-05-18 21:25:48 +00:00
Dr. Stephen Henson
439df5087f Fix c_rehash script, add -fingerprint option to crl. 2000-05-18 00:33:00 +00:00
Ulf Möller
0e1c06128a Get rid of more non-ANSI declarations. 2000-05-15 22:54:43 +00:00
Dr. Stephen Henson
0cb957a684 Fix for SSL server purpose checking 2000-05-04 23:03:49 +00:00
Dr. Stephen Henson
a331a305e9 Make PKCS#12 code handle missing passwords.
Add a couple of FAQs.
2000-05-04 00:08:35 +00:00
Bodo Möller
316e6a66f2 Note apps/x509.c bugfixes. 2000-05-02 20:29:03 +00:00
Bodo Möller
dcba2534fa Avoid leaking memory in thread_hash (and enable memory leak detection
for it).
2000-04-29 23:58:05 +00:00
Ulf Möller
3973628ea6 Submitted by:
Reviewed by:
PR:
2000-04-27 15:06:26 +00:00
Geoff Thorpe
deb4d50e51 Previously, the default RSA_METHOD was NULL until the first RSA structure was
initialised, at which point an appropriate default was chosen. This meant a
call to RSA_get_default_method might have returned FALSE.

This change fixes that; now any called to RSA_new(), RSA_new_method(NULL), or
RSA_get_default_method() will ensure that a default is chosen if it wasn't
already.
2000-04-20 06:44:18 +00:00
Geoff Thorpe
b9e6391582 This change facilitates name translation for shared libraries. The
technique used is far from perfect and alternatives are welcome.
Basically if the translation flag is set, the string is not too
long, and there appears to be no path information in the string,
then it is converted to whatever the standard should be for the
DSO_METHOD in question, eg;
    blah --> libblah.so   on *nix, and
    blah --> blah.dll     on win32.

This change also introduces the DSO_ctrl() function that is used
by the name translation stuff.
2000-04-19 21:45:17 +00:00
Bodo Möller
e5c84d5152 New function ERR_error_string_n. 2000-04-14 23:36:15 +00:00
Richard Levitte
a9831305d8 I forgot to update the change log 2000-04-10 15:48:16 +00:00
Bodo Möller
1d90f28029 In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites 2000-04-06 22:33:14 +00:00
Geoff Thorpe
6ef4d9d512 Better make a note of what's going on ... :-) 2000-04-04 22:49:27 +00:00
Richard Levitte
c90341a155 Tagging has now been done, update to the next version (it's not quite
as important to keep a low profile here :-))
2000-04-01 11:24:27 +00:00
Richard Levitte
5e61580bbd Version and name changes, and a last minute changelog 2000-04-01 11:15:15 +00:00
Bodo Möller
cf194c1f68 Entry for ssleay_rand_status locking fix. 2000-03-30 08:12:35 +00:00
Bodo Möller
3bc90f2373 Fix typo in -clrext option, but add a compatibility hack because
0.9.5a should not break anything that works in 0.9.5.
2000-03-27 18:10:08 +00:00
Dr. Stephen Henson
b475baffb2 Fix for HMAC. 2000-03-27 00:53:27 +00:00
Dr. Stephen Henson
e77066ea0a Fix a memory leak in PKCS12_parse.
Don't copy private key to X509 etc public key structures.
Fix for warning.
2000-03-22 13:50:23 +00:00
Ulf Möller
7af4816f0e des_quad_cksum() byte order bug fix.
See http://www.pdc.kth.se/kth-krb/

Their solution for CRAY is somewhat awkward.
I'll assume that a "short" is 32 bits on CRAY to avoid the
#ifdef _CRAY
    typedef struct {
        unsigned int a:32;
        unsigned int b:32;
    } XXX;
#else
    typedef DES_LONG XXX;
#endif
2000-03-19 02:06:37 +00:00
Dr. Stephen Henson
80870566cf Make V_ASN1_APP_CHOOSE work again. 2000-03-14 03:29:57 +00:00
Bodo Möller
df1ff3f1b3 Correction. 2000-03-13 21:01:05 +00:00
Bodo Möller
7694ddcbc0 Clarifications for 'no-XXX'. 2000-03-13 20:48:23 +00:00
Bodo Möller
46c4647e3c "openssl no-..." commands for avoiding the need to grep
"openssl list-standard-commands".
2000-03-13 20:31:46 +00:00
Bodo Möller
65b002f399 Update test suite so that 'make test' succeeds in 'no-rsa' configuration. 2000-03-13 19:24:39 +00:00
Bodo Möller
e11f0de67f Copy DH key (if available) in addition to the bare parameters
in SSL_new.
If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh
on computing a DH key that will be ignored anyway.

ssltest -dhe1024dsa (w/ 160-bit sub-prime) had an unfair performance
advantage over -dhe1024 (safe prime): SSL_OP_SINGLE_DH_USE was
effectively always enabled because SSL_new ignored the DH key set in
the SSL_CTX.  Now -dhe1024 takes the server only about twice as long
as -dhe1024dsa instead of three times as long (for 1024 bit RSA
with 1024 bit DH).
2000-03-13 17:07:04 +00:00
Bodo Möller
2d5e449a18 Mention -ign_eof. 2000-03-10 13:49:02 +00:00
Bodo Möller
daf4e53e86 spelling 2000-03-07 15:10:08 +00:00
Dr. Stephen Henson
068fdce877 New compatability trust and purpose settings. 2000-03-07 14:04:29 +00:00
Dr. Stephen Henson
48fe0eec67 Fix the PKCS#8 DSA code so it works again. All the
broken formats worked but the valid didn't :-(
2000-03-07 01:03:33 +00:00
Ulf Möller
4c4d87f95f bug fix release planned 2000-03-06 14:24:25 +00:00
Bodo Möller
59fc2b0fc2 Preserve reason strings in automatically build tables. 2000-03-05 00:19:36 +00:00
Bodo Möller
0a150c5c9f Generate correct error reasons strings for SYSerr. 2000-03-04 01:36:53 +00:00
Bodo Möller
41918458c0 New '-dsaparam' option for 'openssl dhparam', and related fixes. 2000-03-03 22:18:19 +00:00
Dr. Stephen Henson
d9c88a3902 Move the 'file scope' argument in set_label to
the third argument: the second was being used
already.
2000-03-03 00:06:40 +00:00
Bodo Möller
84d14408bf Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts. 2000-03-02 22:44:55 +00:00
Bodo Möller
5eb8ca4d92 Use RAND_METHOD for implementing RAND_status. 2000-03-02 14:34:58 +00:00
Ulf Möller
7a2dfc2a20 Note bug fix for the DSA infinite loop 2000-03-01 19:07:58 +00:00
Bodo Möller
55f7d65db0 Document the 'rand' application. 2000-03-01 07:57:25 +00:00
Ralf S. Engelschall
010712ff23 Added configuration support for Linux/IA64
Submitted by: Rolf Haberrecker <rolf@suse.de>
2000-02-29 15:29:02 +00:00