wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2478 commits 20 branches 302 tags 153 MiB
Commit graph

606 commits

Author SHA1 Message Date
Dr. Stephen Henson
3d14b9d04a Add support for MS "fast SGC". 2000-01-02 18:52:58 +00:00
Dr. Stephen Henson
20432eae41 Fix some of the command line password stuff. New function 
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
 2000-01-01 16:42:49 +00:00
Bodo Möller
47134b7864 Don't request client certificate in anonymous ciphersuites 
except when following the specs is bound to fail.
 1999-12-29 17:43:03 +00:00
Bodo Möller
45fd4dbb84 Fix SSL_CTX_add_session: When two SSL_SESSIONs have the same ID, 
they can sometimes be different memory structures.
 1999-12-29 14:29:32 +00:00
Dr. Stephen Henson
f45f40ffff Add OIDs for idea and blowfish. Unfortunately these are in 
the middle of the OID table so the diff is rather large :-(
 1999-12-29 02:59:18 +00:00
Dr. Stephen Henson
6447cce372 Simplify the trust structure: basically zap the bit strings and 
represent everything by OIDs.
 1999-12-29 00:40:28 +00:00
Dr. Stephen Henson
e6f3c5850e New {i2d,d2i}_PrivateKey_{bio, fp} functions. 1999-12-26 19:20:03 +00:00
Dr. Stephen Henson
36217a9424 Allow passwords to be included on command line for a few 
more utilities.
 1999-12-24 23:53:57 +00:00
Dr. Stephen Henson
525f51f6c9 Add PKCS#8 utility functions and add PBE options. 1999-12-23 02:02:42 +00:00
Bodo Möller
78baa17ad0 Correct spelling, and don't abuse grave accent as left quote 
(which was allowed by old ASCII definitions but is not compatible
with ISO 8859-1, ISO 10646 etc.).
 1999-12-22 16:10:44 +00:00
Dr. Stephen Henson
e76f935ead Support for ASN1 NULL type. 1999-12-22 01:39:23 +00:00
Andy Polyakov
099f1b32c8 Initial support for MacOS is now available 
Submitted by: Roy Woods <roy@centricsystems.ca>
Reviewed by: Andy Polyakov
 1999-12-19 16:17:45 +00:00
Richard Levitte
f3a2a04496 - Added more documentation in CHANGES. 
- Made CRYPTO_MDEBUG even less used in crypto.h, giving
   MemCheck_start() and MemCheck_stop() only one possible definition.
 - Made the values of the debug function pointers in mem.c dependent
   on the existence of the CRYPTO_MDEBUG macro, and made the rest of
   the code understand the NULL case.

That's it.  With this code, the old behvior of the debug functionality
is restored, but you can still opt to have it on, even when the
library wasn't compiled with a defined CRYPTO_MDEBUG.
 1999-12-18 02:34:37 +00:00
Richard Levitte
d8df48a9bc - Made sure some changed behavior is documented in CHANGES. 
- Moved the handling of compile-time defaults from crypto.h to
   mem_dbg.c, since it doesn't make sense for the library users to try
   to affect this without recompiling libcrypto.
 - Made sure V_CRYPTO_MDEBUG_TIME and V_CRYPTO_MDEBUG_THREAD had clear
   and constant definitions.
 - Aesthetic correction.
 1999-12-18 01:14:39 +00:00
Richard Levitte
9ac42ed8fc Rebuild of the OpenSSL memory allocation and deallocation routines. 
With this change, the following is provided and present at all times
(meaning CRYPTO_MDEBUG is no longer required to get this functionality):

  - hooks to provide your own allocation and deallocation routines.
    They have to have the same interface as malloc(), realloc() and
    free().  They are registered by calling CRYPTO_set_mem_functions()
    with the function pointers.

  - hooks to provide your own memory debugging routines.  The have to
    have the same interface as as the CRYPTO_dbg_*() routines.  They
    are registered by calling CRYPTO_set_mem_debug_functions() with
    the function pointers.

I moved everything that was already built into OpenSSL and did memory
debugging to a separate file (mem_dbg.c), to make it clear what is
what.

With this, the relevance of the CRYPTO_MDEBUG has changed.  The only
thing in crypto/crypto.h that it affects is the definition of the
MemCheck_start and MemCheck_stop macros.
 1999-12-17 12:56:24 +00:00
Dr. Stephen Henson
b216664f66 Various S/MIME fixes. 1999-12-11 20:04:06 +00:00
Dr. Stephen Henson
d8223efd04 Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs. 
Also fix a memory leak in PKCS#7 routines.
 1999-12-10 13:46:48 +00:00
Dr. Stephen Henson
5a9a4b299c Merge in my S/MIME library and utility. 1999-12-05 00:40:59 +00:00
Bodo Möller
cddfe788fb Add functions des_set_key_checked, des_set_key_unchecked. 
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
 1999-12-03 20:24:21 +00:00
Dr. Stephen Henson
21131f00d7 New function PKC12_newpass() 1999-12-03 03:46:18 +00:00
Dr. Stephen Henson
dd4134101f Change the trust and purpose code so it doesn't need init 
either and has a static and dynamic mix.
 1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
08cba61011 Modify the X509 V3 extension lookup code. 1999-12-01 01:49:46 +00:00
Ben Laurie
fea9afbfc7 Make salting the default. Fail gracefully if the input is not salted. 1999-11-30 20:15:19 +00:00
Dr. Stephen Henson
bb7cd4e3eb Remainder of SSL purpose and trust code: trust and purpose setting in 
SSL_CTX and SSL, functions to set them and defaults if no values set.
 1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
51630a3706 Add trust setting support to the verify code. It now checks the 
trust settings of the root CA.

After a few fixes it seems to work OK.

Still need to add support to SSL and S/MIME code though.
 1999-11-27 19:43:10 +00:00
Dr. Stephen Henson
9868232ae1 Initial trust code: allow setting of trust checking functions 
in a table. Doesn't do too much yet.

Make the -<digestname> options in 'x509' affect all relevant
options.

Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.

A few constification changes.
 1999-11-27 01:14:04 +00:00
Dr. Stephen Henson
d4cec6a13d New options to the -verify program which can be used for chain verification. 
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.

Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
 1999-11-26 00:27:07 +00:00
Dr. Stephen Henson
1126239111 Initial chain verify code: not tested probably not working 
at present. However nothing enables it yet so this doesn't
matter :-)
 1999-11-24 01:31:49 +00:00
Dr. Stephen Henson
6d3724d3b0 Support for authority information access extension. 
Fix so EVP_PKEY_rset_*() check return codes.
 1999-11-23 18:50:28 +00:00
Dr. Stephen Henson
52664f5081 Transparent support for PKCS#8 private keys in RSA/DSA. 
New universal public key format.

Fix CRL+cert load problem in by_file.c

Make verify report errors when loading files or dirs
 1999-11-21 22:28:31 +00:00
Dr. Stephen Henson
a716d72734 Support for otherName in GeneralName. 1999-11-19 02:19:58 +00:00
Dr. Stephen Henson
f76d8c4747 Modify verify code to handle self signed certificates. 1999-11-17 01:20:29 +00:00
Bodo Möller
b1fe6ca175 Store verify_result with sessions to avoid potential security hole. 1999-11-16 23:15:41 +00:00
Dr. Stephen Henson
91895a5938 Fix for a bug in PKCS#7 code and non-detached data. 
Remove rc4-64 from ciphers since it doesn't exist...
 1999-11-16 14:54:50 +00:00
Dr. Stephen Henson
fd699ac55f Add a salt to the key derivation using the 'enc' program. 1999-11-16 02:49:25 +00:00
Dr. Stephen Henson
e947f39689 New function X509_cmp(). 1999-11-16 00:56:03 +00:00
Mark J. Cox
b7cfcfb7f8 This corrects the reference count handling in SSL_get_session. 
Previously, the returned SSL_SESSION didn't have its reference count
incremented so the SSL_SESSION could be freed at any time causing
seg-faults if the pointer was subsequently used. Code that uses
SSL_get_session must now make a corresponding SSL_SESSION_free() call when
it is done to avoid memory leaks (or blocked up session caches).

Submitted By: Geoff Thorpe <geoff@eu.c2.net>
 1999-11-15 16:31:31 +00:00
Dr. Stephen Henson
06556a1744 'req' fixes. Reinstate length check one request fields. 
Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
 1999-11-14 23:10:50 +00:00
Dr. Stephen Henson
a0e9f529a4 Add support for the 40 and 64 bit RC2 and RC4 ciphers in 'enc' 
add documentation for 'enc'.
 1999-11-14 03:23:17 +00:00
Richard Levitte
71d7526b72 Avoid some silly compiler warnings, and add the change log I forgot :-) 1999-11-12 03:12:46 +00:00
Dr. Stephen Henson
954ef7ef69 Merge some common functionality in the apps, delete 
the encryption option in the pkcs7 utility (they never
did anything) and add a couple more options to pkcs7.
 1999-11-12 01:42:25 +00:00
Dr. Stephen Henson
af29811edd Add password command line options to some utils. Fix and update man 
pages.
 1999-11-11 18:41:31 +00:00
Dr. Stephen Henson
aba3e65f2c Very preliminary POD format documentation for some 
of the openssl utility commands...
 1999-11-10 02:52:17 +00:00
Dr. Stephen Henson
a0ad17bb6c Fix to the -revoke option in ca. It was leaking memory, crashing and just 
plain not working :-(

Also fix some memory leaks in the new X509_NAME code.

Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
 1999-11-08 13:58:08 +00:00
Dr. Stephen Henson
ce1b4fe146 Allow additional information to be attached to a 
certificate: currently this includes trust settings
and a "friendly name".
 1999-11-04 00:45:35 +00:00
Mark J. Cox
ce2c95b2a2 Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). The 
problem was that one of the replacement routines had not been working since
SSLeay releases.  For now the offending routine has been replaced with
non-optimised assembler.  Even so, this now gives around 95% performance
improvement for 1024 bit RSA signs.
 1999-11-03 14:10:10 +00:00
Dr. Stephen Henson
9716a8f9f2 Fix to PKCS#7 routines so it can decrypt some oddball RC2 handling. 1999-10-29 13:06:25 +00:00
Dr. Stephen Henson
74400f7348 Continued multibyte character support. 
Add a bunch of functions to simplify the creation of X509_NAME structures.

Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
 1999-10-27 00:15:11 +00:00
Bodo Möller
62ac293801 Always hash the pid in the first iteration in ssleay_rand_bytes, 
don't try to detect fork()s by looking at getpid().
The reason is that threads sharing the same memory can have different
PIDs; it's inefficient to run RAND_seed each time a different thread
calls RAND_bytes.
 1999-10-26 16:26:48 +00:00
Bodo Möller
c1e744b912 Make md_rand.c more robust. 1999-10-26 14:49:12 +00:00
Bodo Möller
99e87569fd Don't be overly paranoid. 1999-10-26 11:19:42 +00:00
Bodo Möller
a31011e8e0 Various randomness handling bugfixes and improvements -- 
some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.
 1999-10-26 01:56:29 +00:00
Dr. Stephen Henson
462f79ec44 New function ASN1_mbstring_copy() to handle ASN1 string copying. Ultimately 
this will be used to clear up the horrible DN mess.
 1999-10-21 13:20:49 +00:00
Dr. Stephen Henson
08e9c1af6c Replace the macros in asn1.h with function equivalents. Also make UTF8Strings 
tolerated in certificates.
 1999-10-20 01:50:23 +00:00
Dr. Stephen Henson
673b102c5b Initial support for certificate purpose checking: this will 
ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.
 1999-10-13 01:11:56 +00:00
Dr. Stephen Henson
56a3fec1b1 Add EX_DATA support to X509. 
Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.
 1999-10-11 01:30:04 +00:00
Dr. Stephen Henson
4654ef985b New functions to parse and get extensions. 1999-10-09 02:54:10 +00:00
Andy Polyakov
7e102e28e1 RC4 tune-up featuring 30-40% performance improvement on most RISC 
platforms. See crypto/rc4/rc4_enc.c for further details.
 1999-10-07 12:10:26 +00:00
Dr. Stephen Henson
d71c6bc5a4 Fix for bug in pkcs12 program and typo in ASN1_tag2str(). 1999-10-05 13:10:21 +00:00
Dr. Stephen Henson
2d681b779c Fix for bug in pkcs12 program and typo in ASN1_tag2str(). 1999-10-05 12:57:50 +00:00
Dr. Stephen Henson
3908cdf442 New option -dhparam to s_server to allow the DH parameter file to be set 
explicitly. Previously it couldn't be changed because it was hard coded as
"server.pem".
 1999-10-04 23:56:06 +00:00
Dr. Stephen Henson
3ea23631d4 Add support for public key input and output in rsa and dsa utilities with some 
new DSA public key functions that were missing.

Also beginning of a cache for X509_EXTENSION structures: this will allow them
to be accessed more quickly for things like certificate chain verification...
 1999-10-04 21:17:47 +00:00
Dr. Stephen Henson
393f2c651d Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message 
contains no certificates.

Also fix typo in RANLIB changes.
 1999-10-04 12:08:59 +00:00
Dr. Stephen Henson
4579dd5dc6 Fix for base64 BIO decoding bug 1999-10-02 13:33:06 +00:00
Bodo Möller
0f7e6fe10c Fix typo that I introduced when reformatting lines. 1999-09-24 20:24:24 +00:00
Bodo Möller
96c2201bef Keep line lengths < 80 characters. 1999-09-21 13:33:15 +00:00
Dr. Stephen Henson
06f4536a61 Fix to make s_client and s_server work under Windows. A bit of a hack but 
an improvement on not working at all.
 1999-09-20 22:09:17 +00:00
Dr. Stephen Henson
1c80019a2c Add new sign and verify members to RSA_METHOD and change SSL code to use sign 
and verify rather than direct encrypt/decrypt.
 1999-09-18 22:37:44 +00:00
Dr. Stephen Henson
090d848ea8 Various CRL enhancements tidies and workaround for broken CRLs. 1999-09-18 01:42:02 +00:00
Bodo Möller
6f7af1524e Use non-copying BIO interface in ssltest.c. 1999-09-10 14:03:21 +00:00
Bodo Möller
396f631458 some more patches for avoiding problems with non-automatic variables 1999-09-08 21:58:13 +00:00
Dr. Stephen Henson
4a61a64f50 This is preliminary support for an "RSA null" cipher. Unfortunately when 
OpenSSL is compiled with NO_RSA, no RSA operations can be used: including
key generation storage and display of RSA keys. Since these operations are
not covered by the RSA patent (my understanding is it only covers encrypt,
decrypt, sign and verify) they can be included: this is an often requested
feature, attempts to use the patented operations return an error code.

This is enabled by setting RSA_NULL. This means that if a particular application
has its own legal US RSA implementation then it can use that instead by setting
it as the default RSA method.

Still experimental and needs some fiddling of the other libraries so they have
some options that don't attempt to use RSA if it isn't allowed.
 1999-09-08 18:02:25 +00:00
Bodo Möller
c1082a90bb Non-copying interface to BIO pairs. 
It's still totally untested ...
 1999-09-07 21:37:09 +00:00
Dr. Stephen Henson
a785abc324 New function to convert ASN1 tag values to strings. Also fix typo in asn1.h 1999-09-07 12:16:29 +00:00
Dr. Stephen Henson
aef838fc95 New UTF8 utility functions to parse/generate UTF8 strings. 1999-09-04 17:19:55 +00:00
Bodo Möller
074309b7ee Fix server behaviour when facing backwards-compatible client hellos. 1999-09-03 16:33:11 +00:00
Dr. Stephen Henson
8ce97163a2 Add new 'spkac' utility and several SPKAC utility functions. 1999-09-03 01:08:34 +00:00
Andy Polyakov
2d4287da34 RIPEMD160 shape-up. Final touch. 1999-08-28 13:18:25 +00:00
Dr. Stephen Henson
87a25f9032 Allow the extension section specified in config files to be overridden 
on the command line for various utilities.
 1999-08-27 00:08:17 +00:00
Dr. Stephen Henson
f9150e5421 Allow the 1.OU="my OU" syntax in 'ca' for SPKACs. 1999-08-25 23:18:23 +00:00
Dr. Stephen Henson
c79b16e11d Allow extensions to be added to certificate requests, update the sample 
config file (change RAW to DER).
 1999-08-25 16:59:26 +00:00
Dr. Stephen Henson
7b65c3298f Fix for a bug which meant encrypting BIOs sometimes wouldn't read the final 
block.
 1999-08-24 13:21:35 +00:00
Dr. Stephen Henson
13066cee60 Initial support for DH_METHOD. Also added a DH lock. A few changes made to 
DSA_METHOD to make it more consistent with RSA_METHOD.
 1999-08-23 23:11:32 +00:00
Dr. Stephen Henson
c0711f7f0f Initial support for DSA_METHOD... 1999-08-22 17:57:38 +00:00
Dr. Stephen Henson
8484721adb Allow memory bios to be read only and change PKCS#7 routines to use them. 1999-08-19 13:07:43 +00:00
Bodo Möller
de1915e48c Fix horrible (and hard to track down) bug in ssl23_get_client_hello: 
In case of a restart, v[0] and v[1] were incorrectly initialised.
This was interpreted by ssl3_get_client_key_exchange as an RSA decryption
failure (don't ask me why) and caused it to create a _random_ master key
instead (even weirder), which obviously led to incorrect input to
ssl3_generate_master_secret and thus caused "block cipher pad is
wrong" error messages from ssl3_enc for the client's Finished message.
Arrgh.
 1999-08-18 17:14:42 +00:00
Dr. Stephen Henson
c6c3450643 Fix PKCS7_ENC_CONTENT_new() to include a sensible default content type and add 
support for encrypted content type in PKCS7_set_content().
 1999-08-17 12:58:01 +00:00
Dr. Stephen Henson
fd52057729 Add functions to allow extensions to be added to certificate requests. 
Modify obj_dat.pl to take its files from the command line. Usage is now
perl obj_dat.pl objects.h obj_dat.h
this should avoid redirection shell escape problems under Win32.
 1999-08-11 13:08:58 +00:00
Dr. Stephen Henson
87c49f622e Support for parsing of certificate extensions in PKCS#10 requests: these are 
used by things like Xenroll. Also include documentation for extendedKeyUsage
extension.
 1999-08-09 22:38:05 +00:00
Bodo Möller
1b1a6e7808 -crlf option. 1999-08-09 13:01:48 +00:00
Ralf S. Engelschall
d91e201e96 Bump after tarball rolling. 
Friends, feel free to start again hacking for 0.9.5... ;)
 1999-08-09 11:14:08 +00:00
Bodo Möller
9a577e29e8 spelling 1999-08-08 22:41:24 +00:00
Ralf S. Engelschall
dfbaf95618 Install libRSAglue.a when OpenSSL is build with RSAref. 
This should now finally make the RSAref users happy...
 1999-08-08 19:12:26 +00:00
Ralf S. Engelschall
9639515871 A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency. 
Hint from: Andrija Antonijevic <TheAntony2@bigfoot.com>
 1999-08-08 10:15:43 +00:00
Dr. Stephen Henson
ed7f60fbf9 Fix -startdate and -enddate arguments to 'ca' program. Also update NEWS file 
with some 0.9.4 changes.
 1999-08-06 21:47:09 +00:00
Bodo Möller
48c843c367 New function DSA_dup_DH, and fixes for bugs that were found 
while implementing and using it.
 1999-08-05 11:50:18 +00:00
Bodo Möller
41a6fdea80 0.9.4 won't be completed in July ... 1999-08-03 12:24:14 +00:00
Dr. Stephen Henson
922180d794 Allow the PKCS#7 (S/MIME encrypt) application to support more than one 
recipient.
 1999-07-30 01:12:46 +00:00
Bodo Möller
571199434c Always use buildinf.h, which now includes the mk1mfinf.h data. 
Using different files caused problems because the dependencies
in the Makefiles produced by mk1mf.pl were for the standard case,
i.e. mentioned buildinf.h and not mk1mfinf.h.
 1999-07-29 12:57:23 +00:00
Dr. Stephen Henson
3e3d2ea2fc New function OBJ_obj2txt() 1999-07-27 22:22:58 +00:00
Dr. Stephen Henson
770d19b862 New RSA flag RSA_FLAG_EXT_PKEY, to always call rsa_mod_exp. 1999-07-27 21:58:08 +00:00
Bodo Möller
2e0fc87599 Use correct CFLAG definition for makefile.one builds. 1999-07-27 09:10:36 +00:00
Andy Polyakov
a0618e3e5e Added support for SPARC Linux. 1999-07-25 15:13:49 +00:00
Bodo Möller
74678cc2f8 Additional user data argument to pem_password_cb function type 
and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>
 1999-07-21 20:57:16 +00:00
Bodo Möller
664b99853c avoid -DPLATFORM=\"...\" and -DCFLAGS=\"...\" command lines, 
use new file buildinf.h instead.
 1999-07-21 20:49:15 +00:00
Andy Polyakov
7363455fac MIPS III/IV assembler module is reimplemented. 1999-07-20 15:50:20 +00:00
Bodo Möller
9c962484fe SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 
work as intended, both for SSLv2 and TLS.
 1999-07-19 12:59:12 +00:00
Bodo Möller
e391116a48 New compile time option -DCRYPTO_MDEBUG_THREAD. 1999-07-19 10:36:10 +00:00
Bodo Möller
458cddc104 Have CRYPTO_MDEBUG_TIME automatically set CRYPTO_MDEBUG, 
and make it the default for some debugging configurations.
 1999-07-19 09:25:35 +00:00
Ulf Möller
6434450cd6 DES library changes. 1999-07-16 00:50:45 +00:00
Dr. Stephen Henson
b617a5be59 Continues NASM support. This might work now. Its still experimental but it 
passes all the tests. Added documentation in INSTALL.W32.
 1999-07-12 23:35:10 +00:00
Bodo Möller
5059658219 fix memory leak in s3_clnt.c 1999-07-12 17:15:42 +00:00
Bodo Möller
03cd49447f New function RSA_check_key, 
openssl rsa -check
 1999-07-11 22:00:55 +00:00
Dr. Stephen Henson
f598cd13a3 Various changes to stop VC++ choking under Win32. 1999-07-11 17:09:04 +00:00
Dr. Stephen Henson
f513939ebb Add a debugging option to PKCS#5 v2.0 key generation function. 1999-07-11 12:40:46 +00:00
Dr. Stephen Henson
0ab8beb480 Copy flags in ASN1_STRING_dup() 1999-07-11 12:30:55 +00:00
Dr. Stephen Henson
f7daafa442 Fix a bug in x509.c that omitted DSA parameters when they didn't match the 
signers parameters. Changed it to never omit parameters.
 1999-07-11 01:48:21 +00:00
Bodo Möller
777ab7e611 Fix memory checking. 1999-07-09 16:27:30 +00:00
Bodo Möller
975d3dc2ca remove editing artifacts 1999-07-09 13:02:14 +00:00
Bodo Möller
6888f2b35c Mention modification to Configure. 1999-07-09 12:01:40 +00:00
Bodo Möller
e105643595 New functions SSL[_CTX]_{set,get}_mode; the initial set of mode flags is 
SSL_MODE_ENABLE_PARTIAL_WRITE, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
 1999-07-02 13:55:32 +00:00
Ulf Möller
5271ebd9a3 More no-xxx option tweaks. 1999-06-30 00:42:56 +00:00
Dr. Stephen Henson
ce8b257413 New functions to allow RSA_METHODs to be changed without poking round in 
RSA structure internals.
 1999-06-29 22:22:42 +00:00
Bodo Möller
9c729e0a6d Memory leak checks. 1999-06-25 14:04:10 +00:00
Dr. Stephen Henson
034292ad6a Fix d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() so it correctly works out 
the length of negative integers.
 1999-06-24 01:50:27 +00:00
Dr. Stephen Henson
170afce58d New function PKCS7_signatureVerify to allow the signing certificate to 
be explicitly stated with PKCS#7 verify.

Also fix for util/mkerr.pl: if the -nostatic option is being used this will be
for an external library so the autogenerated C file should include the
header file as:
#include "any/path/to/header.h"
rather than the internal library form:
#include <openssl/header.h>
 1999-06-22 13:33:22 +00:00
Dr. Stephen Henson
dbd665c210 Change the PEM_* function prototypes to use DECLARE_PEM macros and change 
util/mkdef.pl to handle this. Also do a 'make update'.
 1999-06-22 01:38:31 +00:00
Bodo Möller
f76a8084df Perl variable names are case-sensitive ... 1999-06-21 11:32:25 +00:00
Dr. Stephen Henson
8623f693d9 New functions CONF_load_bio() and CONF_load_fp() to load a configuration 
file from a bio or fp. Added some more constification to the BN library.
 1999-06-20 17:36:11 +00:00
Bodo Möller
11af1a2758 Clarification. 1999-06-18 18:22:38 +00:00
Bodo Möller
a111306bbc New function CRYPTO_num_locks. 1999-06-18 16:14:18 +00:00
Bodo Möller
95d29597b7 BIO pairs. 1999-06-12 01:03:40 +00:00
Dr. Stephen Henson
9bce3070ac Fix to i2d_DSAPublicKey() to return the correct length. 
Submitted by: Jeon KyoungHo <khjeon@sds.samsung.co.kr>
 1999-06-11 22:30:45 +00:00
Dr. Stephen Henson
565d1065c3 Document the X509V3 code and change some of the extension function pointers 
to use 'void *' rather than 'char *' for an "arbitrary extension".
 1999-06-11 01:58:42 +00:00
Dr. Stephen Henson
b7d135b353 Two new functions to write out PKCS#8 private keys. Also fixes for some of 
the the PBE code and a new constant PKCS5_DEFAULT_ITER for the default
iteration count if it is passed as zero.
 1999-06-10 17:32:52 +00:00
Ralf S. Engelschall
9d9b559ef0 Fix determination of Perl interpreter: A perl or perl5 
_directory_ in $PATH was also accepted as the interpreter.
 1999-06-10 08:13:52 +00:00
Dr. Stephen Henson
5f6d0ea210 Reformat and "modernise" the sign.c demo. 1999-06-09 23:33:48 +00:00
Dr. Stephen Henson
f62676b92d Change the PEM function implementation to use a common set of macros: this 
should make modifying them easier.

Fix the selfsign demo: it was rather ancient and used deleted functions.
 1999-06-09 18:05:30 +00:00
Bodo Möller
a7bd03960c des_cbc_encrypt / des_ncbc_encrypt issue. 1999-06-09 18:01:49 +00:00
Bodo Möller
c77f47abfa DES CBC change looks dubious to me. 1999-06-09 13:41:51 +00:00
Bodo Möller
8151f52add Mention unistd.h. 1999-06-09 13:29:51 +00:00
Ben Laurie
05861c77e7 I keep forgetting to fix this: update the IV! Most important! 1999-06-09 11:08:36 +00:00
Ben Laurie
233bf734d3 Make "make test" fail if bntest fails an internal selfcheck. 1999-06-09 10:19:53 +00:00
Ulf Möller
908eb7b85a Call our crypt implementation des_crypt(). crypt() now is a wrapper if 
there is no system crypt() available.
 1999-06-08 16:35:11 +00:00
Dr. Stephen Henson
8eb57af5fe Complete support for PKCS#5 v2.0. Still needs extensive testing. 1999-06-08 00:09:51 +00:00
Bodo Möller
d4443edc57 Mention mkdir-p.pl. 1999-06-07 13:34:25 +00:00
Bodo Möller
272c933315 linux-sparc 1999-06-07 00:26:20 +00:00
Dr. Stephen Henson
69cbf46811 Rewrite PBE handling read to support PKCS#5 v2.0 and update the function 
list for Win32.
 1999-06-06 13:07:13 +00:00
Dr. Stephen Henson
e7871ffaa8 More PKCS#8 stuff. Support for unencrypted forms of private key. 1999-06-05 12:39:10 +00:00
Dr. Stephen Henson
600dec1586 Add a 'pkcs8' application for initial PKCS#8 support. Still needs lots more 
options to handle encrypted and unencrypted forms and DER format input and
output.
 1999-06-05 00:32:16 +00:00
Dr. Stephen Henson
ef8335d900 Add PKCS#5 v1.5 compatible algorithms and initial PKCS#8 support. PKCS#8 needs 
more work: need an application and make the private key routines automatically
handle PKCS#8.
 1999-06-04 23:32:14 +00:00
Ben Laurie
84c15db551 Some constification and stacks that slipped through the cracks (how?). 1999-06-04 22:23:10 +00:00
Bodo Möller
af258e0dec remove conflict indicator ... 1999-06-04 21:52:12 +00:00
Bodo Möller
885982dc6e "linux-sparc64-gcc" configuration 
Submitted by: Ray Miller <ray.miller@oucs.ox.ac.uk>
 1999-06-04 21:46:35 +00:00
Ulf Möller
a53955d8ab Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress). 
Submitted by: Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>
 1999-06-04 21:35:58 +00:00
Ben Laurie
b4f76582d4 More evil cast removal. 1999-06-03 18:04:04 +00:00
Ben Laurie
213a75dbf2 Make samples compile. 1999-06-03 16:07:37 +00:00
Bodo Möller
748365eed7 More consistency. 1999-05-31 21:58:18 +00:00
Bodo Möller
0cceb1c708 BSD/OS 4.x support (bsdi-elf-gcc) 1999-05-30 23:54:52 +00:00
Ben Laurie
31fab3e8da Prepare to release 0.9.3a 1999-05-29 14:13:15 +00:00
Bodo Möller
2e36cc41ef sco5-gcc configuration. 
Submitted by: David Greaves
 1999-05-28 20:25:30 +00:00
Bodo Möller
054009a638 Updated C++ SSL demos. 
Submitted (a month ago) by: Wade Scholine
 1999-05-27 23:59:58 +00:00
Bodo Möller
71f080935a Updated some demos. 
Submitted by: Sean O Riordain <Sean.ORiordain@cyrona.com>
 1999-05-27 23:52:31 +00:00
Bodo Möller
e95f626827 *** empty log message *** 1999-05-27 20:55:18 +00:00
Bodo Möller
472bde404f Change function call according to current API. 1999-05-27 20:49:27 +00:00
Bodo Möller
557068c087 Final version for 0.9.3. 1999-05-24 22:38:23 +00:00
Ulf Möller
e14d4443a2 Bignum library bug fix. IRIX 6 passes "make test" now! 
This also avoids the problems with SC4.2 and unpatched SC5.

Submitted by: Andy Polyakov <appro@fy.chalmers.se>
 1999-05-20 01:43:07 +00:00
Dr. Stephen Henson
e84240d422 New functions sk_set, sk_value and sk_num to replace existing macros: this is 
to minimise the effects on existing code.
 1999-05-19 12:45:16 +00:00
Dr. Stephen Henson
1b266dabf5 Fix various less obvious bugs in PKCS#7 handling: such as not zeroing 
the secret key before we've encrypted it and using the right NID for RC2-64.
Add various arguments to the experimental programs 'dec' and 'enc' to make
testing less painful.

This stuff has now been tested against Netscape Messenger and it can encrypt
and decrypt S/MIME messages with RC2 (128, 64 and 40 bit) DES and triple DES.

Its still experimental though...
 1999-05-16 17:32:32 +00:00
Bodo Möller
f43c814917 Typo. 1999-05-16 14:20:17 +00:00
Bodo Möller
55519bbb2d DES changes. 1999-05-16 12:29:28 +00:00
Dr. Stephen Henson
84fa704c6f Fix some obvious bugs in the PKCS#7 library handling. It didn't try to 
find the right RecipientInfo based on the recipient certificate (so would
fail a lot of the time) and fixup cipher structures to correctly (maybe)
modify the AlgorithmIdentifiers.  Largely untested at present... this will be
fixed in due course. Well the stuff was broken to begin with so if its broken
now then you haven't lost anything :-)
 1999-05-16 00:25:36 +00:00
Ben Laurie
62bad77124 Add actual testing to bntest... 1999-05-15 15:59:28 +00:00
Dr. Stephen Henson
1ad2ecb66f The encoding of negative ASN1 INTEGERs and the conversion of BNs to negative 
integers was completely broken. Also added a NEG_PUBKEY_BUG compilation option
to compensate for public keys improperly encoded as negative integers.
 1999-05-14 18:21:21 +00:00
Bodo Möller
1b24cca969 Add release dates to the "CHANGES" file, because that's an obvious 
place to look for them.
 1999-05-13 21:17:03 +00:00
Bodo Möller
b56bce4fc7 New structure type SESS_CERT used instead of CERT inside SSL_SESSION. 
While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.
 1999-05-13 15:09:38 +00:00
Ulf Möller
bd3576d2dd Reorganize and speed up MD5. 
Submitted by: Andy Polyakov <appro@fy.chalmers.se>
 1999-05-13 13:16:42 +00:00
Ulf Möller
7d7d2cbcb0 VMS support. 
Submitted by: Richard Levitte <richard@levitte.org>
 1999-05-13 11:37:32 +00:00
Dr. Stephen Henson
f5eac85edc Add new -out option to asn1parse to allow the parsed data to be output. 
Fixed -strparse option: it didn't work if used more than once (this was due
to the d2i_ASN1_TYPE call parsing a freed buffer). On Win32 the file wincrypt.h
#define's X509_NAME and PKCS7_SIGNER_INFO causing clashes so these are #undef'ed
 1999-05-12 01:56:27 +00:00
Bodo Möller
b31b04d951 Make SSL library a little more fool-proof by not requiring any longer 
that SSL_set_{accept,connect}_state be called before
SSL_{accept,connect} may be used.
Submitted by:
Reviewed by:
PR:
 1999-05-11 07:43:16 +00:00
Ulf Möller
d5a2ea4b73 Move openssl.cnf out of lib/. 1999-05-10 23:59:28 +00:00
Ralf S. Engelschall
397f703892 Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow 
-Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations
-Wnested-externs -Winline'' with EGCS 1.1.2+
 1999-05-10 08:33:56 +00:00
Dr. Stephen Henson
884e8ec615 Various PKCS#7 fixes to properly (maybe!) handle PKCS#7 enveloped data. 
Containts elements of code by Sebastian Akerman <sak@parallelconsulting.com>
and made a bit less "naughty" by Steve.
 1999-05-10 00:47:42 +00:00
Bodo Möller
ca8e5b9b8a Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying 
pointers.  The cert_st handling is changed by this in various ways.
Submitted by:
Reviewed by:
PR:
 1999-05-09 20:12:44 +00:00
Dr. Stephen Henson
c8b4185079 Kill evil casts, fix PKCS#7 and add new X509V3 Function. 1999-05-09 16:39:11 +00:00
Dr. Stephen Henson
e40b7abeed Allows PKCS#12 password to be placed on command line and add allow config 
file name for 'ca' to come from the environment.
 1999-05-08 12:59:50 +00:00
Ben Laurie
5b640028cb Make -pedantic work again. 1999-05-07 15:42:23 +00:00
Ben Laurie
135a1dcaac Bodo didn't do that. 1999-05-07 09:18:25 +00:00
Ulf Möller
31a674d8c9 Support additional Win32 compilers. 
Borland C submitted by: Janez Jere <jj@void.si>
 1999-05-06 00:46:34 +00:00
Ulf Möller
8e7f966bf3 SHA-1 cleanups and performance enhancements. 
Submitted by: Andy Polyakov <appro@fy.chalmers.se>
 1999-05-05 00:23:53 +00:00
Ulf Möller
4f5fac8011 Sparc v8plus assembler. 
Submitted by: Andy Polyakov <appro@fy.chalmers.se>
 1999-05-04 20:35:18 +00:00
Ulf Möller
afd1f9e80b Update HPUX config, work around HPUX library incompatibility. 
Submitted by: Anonymous
 1999-05-04 11:52:26 +00:00
Ben Laurie
aeef69b102 Add other people who've done stackification. 1999-05-04 10:34:08 +00:00
Ralf S. Engelschall
9263e88294 Bundle stack'ification entries on Bens request 1999-05-04 10:27:10 +00:00
Ralf S. Engelschall
dee75ecf9c Add missing sk_<type>_unshift() function to safestack.h 1999-05-04 10:15:02 +00:00
Ralf S. Engelschall
20b85fdd76 Convert casted X509_INFO stacks to type-safe STACK_OF(X509_INFO). 
PS: Feel free to move the IMPLEMENT_STACK_OF(X509_INFO) from
    crypto/asn1/x_info.c to any other place where you think it fits better.
    X509_INFO is a structure slightly spreaded over ASN.1, X509 and PEM code,
    so I found no definitive location for IMPLEMENT_STACK_OF(X509_INFO).  In
    crypto/asn1/x_info.c it's at least now bundled with X509_INFO_new() and
    friends.
 1999-05-04 08:56:51 +00:00
Bodo Möller
dc1f607aff Entry for resolved error macro confusion. 
Submitted by:
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR:
 1999-05-01 20:16:35 +00:00
Bodo Möller
b3ca645f47 New function SSL_CTX_use_certificate_chain_file. 
Submitted by:
Reviewed by:
PR:
 1999-05-01 17:43:52 +00:00
Bodo Möller
7f89714e64 Support verify_depth from the SSL API without need for user-defined 
callbacks.

Submitted by:
Reviewed by:
PR:
 1999-05-01 03:20:40 +00:00
Bodo Möller
dd1462fd18 Broken line that was too long. 
Submitted by:
Reviewed by:
PR:
 1999-05-01 00:07:42 +00:00
Bodo Möller
4eb77b2679 New function SSL_CTX_set_session_id_context. 
Submitted by:
Reviewed by:
PR:
 1999-04-30 17:15:56 +00:00
Ulf Möller
c66527497c OAEP bug fix. 1999-04-29 21:56:13 +00:00
Bodo Möller
e5f3045fbf Support INSTALL_PREFIX for packagers. 
Submitted by:
Reviewed by:
PR:
 1999-04-29 21:52:08 +00:00
Bodo Möller
87bc2c00f8 Submitted by: 
Reviewed by:
PR:
 1999-04-29 16:10:41 +00:00
Bodo Möller
6e6acfd4b9 Use util/mklink.pl instead of util/mklink.sh. 
Submitted by:
Reviewed by:
PR:
 1999-04-28 22:33:54 +00:00
Bodo Möller
ddeee82c63 Install various scripts to $(OPENSSLDIR)/misc instead of $(INSTALLTOP)/bin. 
Submitted by:
Reviewed by:
PR:
 1999-04-28 22:06:19 +00:00
Ulf Möller
0973910fbb Linux shared libraries. 1999-04-28 16:16:31 +00:00
Ulf Möller
f5d7a031a3 New Configure option no-<cipher> (rsa, idea, rc5, ...). 1999-04-27 01:14:46 +00:00
Dr. Stephen Henson
b64f825671 Add PKCS#12 documentation and new option in x509 to add certificate extensions. 1999-04-27 00:36:20 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Dr. Stephen Henson
47339f6179 Extensively changed the DEF file generator mkdef.pl to use a modified version 
of Ulf's prototype parser, also general tidying and fixing of several problems
with the original. Its still a bit of a hack but should work.

This is the last bit of the old code that uses the K&R prototypes: after some
testing they can finally go away...
 1999-04-26 00:23:10 +00:00
Ulf Möller
9c4711c73a *** empty log message *** 1999-04-24 23:39:52 +00:00
Ulf Möller
b0b7b1c5ae New Configure option --openssldir to replace ssldir.pl. 1999-04-24 23:01:36 +00:00
Dr. Stephen Henson
6e781e8e07 Delete the unnecessary ERR and ERRC lines in makefiles, add some functionality 
to error code script: it can now find untranslatable function codes (usually
because the function is static and not defined in a header: occasionally because
of a typo...) and unreferenced function and reason codes. To see this try:
perl util/mkerr.pl -recurse -debug
Also fixed some typos in crypto/pkcs12 that this found :-)
Also tidy up some error calls that had to be all on one line: the old error
script couldn't find codes unless the call was all on one line.
 1999-04-24 13:28:57 +00:00
Dr. Stephen Henson
6d31193858 Complete rewrite of the error code generation script. It now runs as a single 
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
 1999-04-24 00:15:18 +00:00
Bodo Möller
018b4ee9bb Submitted by: 
Reviewed by:
PR:
 1999-04-23 22:38:22 +00:00
Bodo Möller
92df96077e Submitted by: 
Reviewed by:
PR:
 1999-04-23 22:20:21 +00:00
Bodo Möller
85f48f7e93 Don't return 0 from ssl2_read when a packet with empty payload is received. 
Submitted by:
Reviewed by:
PR:
 1999-04-22 14:28:38 +00:00
Bodo Möller
90b8bbb8da Submitted by: 
Reviewed by:
PR:
 1999-04-22 13:38:03 +00:00
Dr. Stephen Henson
4cd401e401 Oops! Fixup CHANGES. 1999-04-21 17:46:23 +00:00
Dr. Stephen Henson
d943e37241 Suppport for CRL distribution points extension. Also document some of 
this stuff.
 1999-04-21 17:44:45 +00:00
Ulf Möller
8e10f2b3ac Move all autogenerated header file parts to crypto/opensslconf.h. 1999-04-21 17:31:05 +00:00
Ben Laurie
4997138a06 Fix DES export ciphersuites. 1999-04-21 13:24:58 +00:00
Ulf Möller
95dc05bc6d Fix lots of warnings. 
Submitted by: Richard Levitte <levitte@stacken.kth.se>
 1999-04-20 22:50:42 +00:00
Ulf Möller
8fb04b9803 Problems with 64-bit long. 
Pointed out by Andy Polyakov <appro@fy.chalmers.se>.
 1999-04-20 16:23:03 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Dr. Stephen Henson
3edd7ed15d Finish off support for Certificate Policies extension. 1999-04-19 17:55:11 +00:00
Ulf Möller
df82f5c85c Fix typos in error codes. 1999-04-19 14:45:02 +00:00
Ulf Möller
22a4f969b9 Defunct assembler files removed; various cleanups. 
New Ultrix and Alpha entries submitted by Bernhard Simon
<simon@zid.tuwien.ac.at>.
 1999-04-19 13:54:11 +00:00
Ulf Möller
5e85b6abaf SPARC v8 assembler BIGNUM code. 
Submitted by: Andy Polyakov <appro@fy.chalmers.se>
 1999-04-19 13:41:45 +00:00
Dr. Stephen Henson
41b731f2f8 Initial support for Certificate Policies extension: print out works but setting 
isn't fully implemented (yet).
 1999-04-18 23:21:03 +00:00
Dr. Stephen Henson
c83e523d7f Allow asn1parse to print out VISIBLESTRING and some code needed for certificate 
policies extension.
 1999-04-17 23:55:39 +00:00
Ben Laurie
e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Dr. Stephen Henson
d77b3054cd Add support for VISIBLESTRING and UTF8String 1999-04-17 15:53:32 +00:00
Dr. Stephen Henson
1d48dd0019 Add initial support for r2i RAW extensions which can access the config database 
add various X509V3_CTX helper functions and support for LHASH as the config
database.
 1999-04-16 23:57:04 +00:00
Dr. Stephen Henson
953937bdc6 Fix a horrible BN bug in bn_expand2 which caused BN_add_word() et al to fail 
when they cause the destination to expand.

To see how evil this is try this:

#include <pem.h>
main()
{
	BIGNUM *bn = NULL;
        int i;
	bn = BN_new();
	BN_hex2bn(&bn, "FFFFFFFF");
	BN_add_word(bn, 1);
	printf("Value %s\n", BN_bn2hex(bn));
}

This would typically fail before the patch.

It also screws up if you comment out the BN_hex2bn line above or in any
situation where BN_add_word() causes the number of BN_ULONGs in the result
to change (try doubling the number of FFs).
 1999-04-15 23:07:00 +00:00
Dr. Stephen Henson
28a98809d1 Add some utilities to support SXNet extension also add support in DEF files 
generator to typesafe stacks.
 1999-04-14 23:44:41 +00:00
Ben Laurie
8f7de4f04c Typo. 1999-04-14 11:13:47 +00:00
Dr. Stephen Henson
0490a86d01 Delete all the old X509V3 pack and unpack stuff and various structures and 
files associated with them. This stuff is all obsoleted by the new X509V3 code.
 1999-04-13 23:56:39 +00:00
Ulf Möller
5fbe91d86b New Configure option "rsaref". 1999-04-13 00:58:49 +00:00
Bodo Möller
5fd4e2b16b Don#t auto-generate crypto/pem/pem.h -- a fixed file is fine for it. 
Submitted by:
Reviewed by:
PR:
 1999-04-12 19:58:17 +00:00
Ben Laurie
f73e07cf42 Add type-safe STACKs and SETs. 1999-04-12 17:23:57 +00:00
Ralf S. Engelschall
f9a2593163 Add `openssl ca -revoke <certfile>' facility which revokes a certificate 
specified in <certfile> by updating the entry in the index.txt file.
This way one no longer has to edit the index.txt file manually for
revoking a certificate. The -revoke option does the gory details now.

Submitted by: Massimiliano Pala <madwolf@openca.org>
Cleaned up and integrated by: Ralf S. Engelschall
 1999-04-12 11:45:14 +00:00
Ralf S. Engelschall
2f0cd19533 Fix openssl crl -noout -text' combination where -noout' killed the `-text' 
option at all and this way the `-noout -text' combination was inconsistent in
`openssl crl' with the friends in `openssl x509|rsa|dsa'.
 1999-04-12 10:36:16 +00:00
Ralf S. Engelschall
268c2102e3 Make sure a corresponding plain text error message exists for the 
X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
verify callback function determined that a certificate was revoked.
 1999-04-12 09:59:05 +00:00
Bodo Möller
fc8ee06b4d Submitted by: 
Reviewed by:
PR:
 1999-04-11 02:49:35 +00:00
Bodo Möller
c7ac31e26e Bugfix: s_client occasionally would sleep in select() when it should 
have checked SSL_pending() first.
Submitted by:
Reviewed by:
PR:
 1999-04-09 20:54:25 +00:00
Ulf Möller
9d892e2855 recent changes. 1999-04-09 17:04:32 +00:00
Dr. Stephen Henson
d2e26dccd1 Add PKCS#5 v2.0 ASN1 structures. 1999-04-08 23:55:42 +00:00
Ulf Möller
99aab1619f New Makefile variables $(RANLIB) and $(PERL). 1999-04-01 12:34:33 +00:00