wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4192 commits 20 branches 302 tags 153 MiB
Commit graph

666 commits

Author SHA1 Message Date
Dr. Stephen Henson
cdc7b8cc60 Initial OCSP SSL support. 2001-02-14 01:12:41 +00:00
Dr. Stephen Henson
67c1801924 New function OCSP_parse_url() and -url option for ocsp utility. 
Doesn't handle SSL URLs yet.
 2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946 Modify OCSP nonce behaviour. 2001-02-12 23:28:45 +00:00
Bodo Möller
620cea37e0 disable stdin buffering in load_cert 2001-02-10 13:12:35 +00:00
Bodo Möller
c15e036398 use case-insensitive comparison in set_table_opts 
(similar to how arguments such as -inform/-outform specifications
are treated)
 2001-02-10 11:21:29 +00:00
Dr. Stephen Henson
ccb08f98ae Fix CRL printing to correctly show when there are no revoked certificates. 
Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
 2001-02-10 00:56:45 +00:00
Lutz Jänicke
836f996010 New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override 
the clients choice; in SSLv2 the client uses the server's preferences.
 2001-02-09 19:56:31 +00:00
Lutz Jänicke
1613c4d3bf Typo 2001-02-09 19:05:49 +00:00
Dr. Stephen Henson
c063f2c5ec Various Win32 related fixed. Make no-krb5 work in mkdef.pl . 
Fix warning in apps/engine.c

Remove definitions of deleted functions.

Add missing definition of X509_VAL.
 2001-02-09 18:16:12 +00:00
Dr. Stephen Henson
b3f2e399d2 Add missing \n's to ocsp usage message. 2001-02-09 03:09:05 +00:00
Dr. Stephen Henson
8c950429a9 Allow various options to be included for signing and verify of 
OCSP responses.

Documentation to follow...

Urgh.. this conflicted with the -VAfile patch I hope I haven't
broken it.
 2001-02-08 19:36:10 +00:00
Richard Levitte
9235adbf47 Add the -VAfile option to 'openssl ocsp'. This option will give the 
client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.
 2001-02-08 17:59:29 +00:00
Lutz Jänicke
73fc98a7bf Fix typo preventing correct usage of -out option. 2001-02-07 14:15:41 +00:00
Ben Laurie
259810e05b Rijdael CBC mode and partial undebugged SSL support. 2001-02-06 14:09:13 +00:00
Bodo Möller
69a03c1799 don't dump core 2001-02-06 09:47:47 +00:00
Ulf Möller
4327aae816 format strings 2001-02-06 02:57:35 +00:00
Ben Laurie
4978361212 Make depend. 2001-02-04 21:06:55 +00:00
Lutz Jänicke
08f3f07212 If the source has already been succesfully queried, do not try to open it 
again as file.
 2001-02-03 10:59:13 +00:00
Dr. Stephen Henson
88ce56f8c1 Various function for commmon operations. 2001-02-02 00:45:54 +00:00
Bodo Möller
a25b265d27 Use OpenSSL_add_all_algorithms instead of the backwards compatibility 
alias SSLeay_add_all_algorithms
 2001-01-23 13:36:57 +00:00
Dr. Stephen Henson
8e8972bb68 Fixes to various ASN1_INTEGER routines for negative case. 
Enhance s2i_ASN1_INTEGER().
 2001-01-19 14:21:48 +00:00
Bodo Möller
57108f0ad5 Fix openssl passwd -1 2001-01-19 07:37:56 +00:00
Dr. Stephen Henson
73758d435b Additional functionality in ocsp utility: print summary 
of status info. Check nonce values. Option to disable
verify. Update usage message.

Rename status to string functions and make them global.
 2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
90f63e8f83 Don't shadow. 2001-01-18 01:36:54 +00:00
Dr. Stephen Henson
e8af92fcb1 Implement remaining OCSP verify checks in 
accordance with RFC2560.
 2001-01-18 01:35:39 +00:00
Richard Levitte
b3466895e6 Keep up with Unix 2001-01-17 01:35:35 +00:00
Dr. Stephen Henson
81f169e95c Initial OCSP certificate verify. Not complete, 
it just supports a "trusted OCSP global root CA".
 2001-01-17 01:31:34 +00:00
Bodo Möller
dfebac32c0 New '-extfile' option for 'openssl ca'. 
This allows keeping extensions in a separate configuration file.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
 2001-01-15 11:35:24 +00:00
Dr. Stephen Henson
8e5b6314ef Fix warning in apps/ca.c 2001-01-14 13:58:49 +00:00
Dr. Stephen Henson
b4b1bdd5d3 Preliminary ocsp utility documentation. 
Fix ocsp usage message.
 2001-01-14 00:52:19 +00:00
Dr. Stephen Henson
5782ceb298 New OCSP utility. This can generate, parse and print 
OCSP requests. It can also query reponders and parse or
print out responses.

Still needs some more work: OCSP response checks and
of course documentation.
 2001-01-13 01:48:38 +00:00
Bodo Möller
c67cdb50d2 New 'openssl ca -status <serial>' and 'openssl ca -updatedb' 
commands.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
 2001-01-12 14:50:44 +00:00
Bodo Möller
d199858e89 New -newreq-nodes option to CA.pl. 
Submitted by: Damien Miller <djm@mindrot.org>
 2001-01-11 13:23:19 +00:00
Bodo Möller
72e2d9138c It's silly to use a different default for PERL than in the top 
Makefile.  (The default is never actually used though because
the top Makefile passes its value of PERL down to sub-Makefiles.)
 2001-01-10 16:46:00 +00:00
Bodo Möller
673b3fde82 Add SSLEAY_DIR argument code for SSLeay_version. 
Add '-d' option for 'openssl version' (included in '-a').
 2001-01-10 15:15:36 +00:00
Bodo Möller
a87e50a945 'char' argument to islower must be converted to 'unsigned char' 2001-01-10 14:58:22 +00:00
Bodo Möller
c06648f7f0 Fix C code generate by 'openssl dsaparam -C'. 2001-01-10 14:26:32 +00:00
Ulf Möller
b2293b1e9b rsa_num is not used with NO_RSA 2001-01-09 21:39:16 +00:00
Dr. Stephen Henson
ecbe07817a Rewrite PKCS#12 code and remove some of the old 
horrible macros.

Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
 2000-12-31 01:13:04 +00:00
Richard Levitte
701adceb12 "make update" plus a rewrite of both .num files. 2000-12-29 00:19:12 +00:00
Bodo Möller
2c0d10123e If CONF_get_string returns NULL and we want to tolerate this 
(e.g., use a default), we have to call ERR_clear_error().
 2000-12-15 16:59:49 +00:00
Bodo Möller
3ac82faae5 Locking issues. 2000-12-15 16:40:35 +00:00
Richard Levitte
8d28d5f81b Constification of the data of a hash table. This means the callback 
functions need to be constified, and therefore meant a number of easy
changes a little everywhere.

Now, if someone could explain to me why OBJ_dup() cheats...
 2000-12-13 17:15:03 +00:00
Richard Levitte
df2c442a6d Make TYPE_RSA the default type instead of just setting it when -new is 
given.  That also allows the arguments to come in any order (-new
last, for example).
 2000-12-09 11:11:35 +00:00
Geoff Thorpe
d0fa136ce2 Next step in tidying up the LHASH code. 
DECLARE/IMPLEMENT macros now exist to create type (and prototype) safe
wrapper functions that avoid the use of function pointer casting yet retain
type-safety for type-specific callbacks. However, most of the usage within
OpenSSL itself doesn't really require the extra function because the hash
and compare callbacks are internal functions declared only for use by the
hash table. So this change catches all those cases and reimplements the
functions using the base-level LHASH prototypes and does per-variable
casting inside those functions to convert to the appropriate item type.

The exception so far is in ssl_lib.c where the hash and compare callbacks
are not static - they're exposed in ssl.h so their prototypes should not be
changed. In this last case, the IMPLEMENT_LHASH_*** macros have been left
intact.
 2000-12-08 20:02:01 +00:00
Dr. Stephen Henson
9d6b1ce644 Merge from the ASN1 branch of new ASN1 code 
to main trunk.

Lets see if the makes it to openssl-cvs :-)
 2000-12-08 19:09:35 +00:00
Ben Laurie
b0dc680f71 Fix warnings. 2000-12-03 10:04:22 +00:00
Geoff Thorpe
35a99b6380 Use the new LHASH macros to declare type-safe wrapper functions that can 
be used as the hash/compare callbacks without function pointer casting.

For now, this is just happening in the apps/ directory whilst a few people
check the approach. The rest of the library will be moved across to the
same idea if there's no problems with this.
 2000-12-02 23:16:54 +00:00
Ulf Möller
e0c875081e remember the problem with ftime() 2000-12-02 18:50:31 +00:00
Geoff Thorpe
385d81380c First step in tidying up the LHASH code. The callback prototypes (and 
casts) used in the lhash code are about as horrible and evil as they can
be. For starters, the callback prototypes contain empty parameter lists.
Yuck.

This first change defines clearer prototypes - including "typedef"'d
function pointer types to use as "hash" and "compare" callbacks, as well as
the callbacks passed to the lh_doall and lh_doall_arg iteration functions.
Now at least more explicit (and clear) casting is required in all of the
dependant code - and that should be included in this commit.

The next step will be to hunt down and obliterate some of the function
pointer casting being used when it's not necessary - a particularly evil
variant exists in the implementation of lh_doall.
 2000-12-01 20:31:52 +00:00
Bodo Möller
b5a25a430a "make depend" 2000-12-01 08:48:42 +00:00
Richard Levitte
f9b3bff6f7 First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu> 2000-11-30 22:53:34 +00:00
Bodo Möller
53d286797c avoid segmentation fault 2000-11-29 11:04:31 +00:00
Richard Levitte
d53d271728 Addapt the VMS scripts to the changes in the Makefiles. 2000-11-22 18:17:16 +00:00
Ben Laurie
646d56956b Better handling of EVP names, add EVP to speed. 2000-11-20 04:14:19 +00:00
Bodo Möller
db70a3fd6e Improve usability of 'openssl passwd' by including 
password verification where it makes sense.
 2000-11-17 09:03:02 +00:00
Ulf Möller
6a8ba34f9d in some new file names the first 8 characters were not unique 2000-11-12 22:32:18 +00:00
Ben Laurie
757e392d4e Make Rijndael work! Those long flights have some good points. 2000-11-12 02:13:38 +00:00
Richard Levitte
ccb9643f02 Remove references to RSAref. The glue library is but a memory to fade 
away now...
 2000-11-08 17:51:37 +00:00
Richard Levitte
5e4ca4220e The consequence of constification is that to pass the address to a 
pointer to a const double pointe parameter, the pointer must point to
const data as well.
 2000-11-06 23:16:04 +00:00
Richard Levitte
e7ef1a561a Make all engines available in the openssl application. 2000-11-06 22:03:00 +00:00
Richard Levitte
11c0f1201c Change the engine library so the application writer has to explicitely 
load the "external" built-in engines (those that require DSO).  This
makes linking with libdl or other dso libraries non-mandatory.

Change 'openssl engine' accordingly.

Change the engine header files so some declarations (that differed at
that!) aren't duplicated, and make sure engine_int.h includes
engine.h.  That way, there should be no way of missing the needed
info.
 2000-11-02 20:33:04 +00:00
Richard Levitte
69e7805f54 'openssl engine' can now list engine capabilities. The current 
implementation is contained in the application, and the capability
string building part should really be part of the engine library.
This is therefore an experimental hack, and will be changed in the
near future.
 2000-11-02 19:24:48 +00:00
Richard Levitte
e264cfe17a Better error reporting in 'openssl engine' 2000-11-02 18:58:43 +00:00
Richard Levitte
8224b0cbe5 make update 2000-11-02 18:53:25 +00:00
Bodo Möller
15d52ddb55 Never call load_dh_param(NULL) because this leads to an illegal 
fopen(NULL).
 2000-11-02 10:35:10 +00:00
Richard Levitte
d48f487e2c -t is supported, so display some help about it. 2000-11-01 23:55:45 +00:00
Richard Levitte
14c6d27d63 Add application to enumerate, list and test engines with. 2000-11-01 02:57:35 +00:00
Richard Levitte
92125ffaec Make flag variables int instead of char. This avoids getting into trouble on systems where char is unsigned by default 2000-10-31 11:58:56 +00:00
Richard Levitte
32d862ede4 Add the possibility to use keys handled by engines in more 
applications.
 2000-10-28 22:40:40 +00:00
Richard Levitte
a44f26d5c9 Small documentation change 2000-10-28 22:21:04 +00:00
Richard Levitte
5660eb489e NetBSD doesn't use ftime(). 2000-10-27 20:28:37 +00:00
Richard Levitte
eb64730b9c The majority of the OCSP code from CertCo. 2000-10-27 11:05:35 +00:00
Richard Levitte
5270e7025e Merge the engine branch into the main trunk. All conflicts resolved. 
At the same time, add VMS support for Rijndael.
 2000-10-26 21:07:28 +00:00
Bodo Möller
28967cf079 rsautl.c requires RSA. 2000-10-26 12:05:57 +00:00
Bodo Möller
4fb40db932 Don't ever set 'seeded' if RAND_status() returned 0 
(although maybe this static variable should be abolished totally,
it was introduced before RAND_status existed).
 2000-10-23 07:37:03 +00:00
Richard Levitte
2b59a6ac14 There's no reason why app_RAND_load_file() should return 0 when 
RAND_status() hasn't.
Reported by Dale Stimson <dale@accentre.com>.
 2000-10-21 22:43:07 +00:00
Dr. Stephen Henson
51754ec835 Update test server certificate in apps/server.pem (it was expired). 2000-10-16 22:56:10 +00:00
Richard Levitte
3ab5651112 The experimental Rijndael code moved to the main trunk. 
make update done.
 2000-10-14 20:09:54 +00:00
Dr. Stephen Henson
8ca533e378 More code for X509_print_ex() support. 2000-10-06 11:51:47 +00:00
Dr. Stephen Henson
d0c9858914 Global DirectoryString mask fix. 
Add support for X509_NAME_print_ex() in req.

Initial code for cutomizable X509 print routines.
 2000-10-04 01:16:32 +00:00
Richard Levitte
1cbb729fdc Oops, if the target only had USE_TOD, an error message was issued... 2000-09-21 16:01:08 +00:00
Richard Levitte
c5f8bbbc0b Portability patch for HP MPE/iX. Submitted by Mark Bixby <mark_bixby@hp.com> 2000-09-21 05:42:01 +00:00
Richard Levitte
edb0d64367 AIX doesn't like ftime() either. 2000-09-20 15:10:16 +00:00
Richard Levitte
645749ef98 On VMS, stdout may very well lead to a file that is written to in a 
record-oriented fashion.  That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it.  This can be very confusing.

The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record.  Voila, BIO_f_linebuffer() is born.

Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this.  After
the release, this BIO method will be enabled on all other platforms as
well.
 2000-09-20 13:55:50 +00:00
Richard Levitte
b004872c59 BSDI only supports ftime() through libcompat, which means it's 
better not to use it.
 2000-09-19 23:14:42 +00:00
Dr. Stephen Henson
688fbf5475 Fix a typo in apps/pkcs12.c which was using the wrong part of 
ASN1_TYPE (though they are both ASN1_STRING so it didn't cause
any problems).

Make 'siglen' an int in apps/dgst.c so we can check the return
value of BIO_read() etc.
 2000-09-19 17:51:11 +00:00
Richard Levitte
28178bcf24 FreeBSD only supports ftime() through libcompat, which means it's 
better not to use it.
 2000-09-19 16:13:38 +00:00
Richard Levitte
a3829b8650 ftime() is not supported on SGI. 
Reported by Steve Robb <steve@eu.c2.net>
 2000-09-18 16:52:05 +00:00
Richard Levitte
62324627aa Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care 
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
 2000-09-17 18:21:27 +00:00
Richard Levitte
623eea376a siglen is unsigned, so comparing it to less than 0 is silly, and 
generates a compiler warning with Compaq C.
 2000-09-17 18:08:38 +00:00
Richard Levitte
1c86d93ca5 'make update' 2000-09-15 22:13:38 +00:00
Richard Levitte
095aadc43f Move up inclusion of conf.h, so non-MONOLITH programs can benefit from 
it as well, especially in apps.c.
 2000-09-15 19:37:14 +00:00
Richard Levitte
5614bb91f5 rsa_num2 is no longer used, so remove it. 2000-09-14 11:09:03 +00:00
Richard Levitte
03ea28c985 Better error checking for RSA and DSA signature and verification speed 
tests.  This was required to not get mysterious errors when they
wouldn't quite want to work.
 2000-09-12 08:12:52 +00:00
Richard Levitte
05c2b37176 DSA_verify() and DSA_sign() might return -1... 2000-09-11 22:21:38 +00:00
Richard Levitte
16e91fe8ab OpenBSD doesn't support timeb. 2000-09-11 16:46:35 +00:00
Richard Levitte
ec6a40e278 Last minute update, in time to make it to 0.9.6-beta1 2000-09-11 13:06:48 +00:00
Richard Levitte
97d8e82c4c Marin Kraemer <Martin.Kraemer@MchP.Siemens.De> sent us patches to make 
the OpenSSL commands x50 and req work better on a EBCDIC system.
 2000-09-10 14:45:19 +00:00
Richard Levitte
0baed24c1b More VMS synchronisation 2000-09-09 18:05:27 +00:00
Richard Levitte
eec79f9bab Synchronise the VMS build with the Unix one. 2000-09-08 20:25:49 +00:00
Dr. Stephen Henson
709e85953d Update verify docs. 
New option to verify program to print out diagnostics.
 2000-09-08 00:53:58 +00:00
Richard Levitte
62ab514e98 'make update' 2000-09-07 08:46:51 +00:00
Bodo Möller
61f175f4ba Get rid of ASN1_UTCTIME_get, which cannot work with time_t 
return type (on platforms where time_t is a 32 bit value).

New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.
 2000-09-06 15:40:52 +00:00
Bodo Möller
1af407e78f typo 2000-09-06 12:18:24 +00:00
Bodo Möller
2b40660ec1 Add OAEP. Seed the PRNG. 2000-09-06 11:49:43 +00:00
Dr. Stephen Henson
bbb720034a Fix typo in rsautl. 
Add support for settable verify time in X509_verify_cert().

Document rsautl utility.
 2000-09-05 22:30:38 +00:00
Dr. Stephen Henson
2f043896d1 *BIG* verify code reorganisation. 
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(
 2000-09-05 17:53:58 +00:00
Dr. Stephen Henson
34216c0422 Keep a not of original encoding in certificate requests. 
Add new option to PKCS7_sign to exclude S/MIME capabilities.
 2000-09-05 13:27:57 +00:00
Bodo Möller
bbb8de0966 Avoid abort() throughout the library, except when preprocessor 
symbols for debugging are defined.
 2000-09-04 15:34:43 +00:00
Dr. Stephen Henson
bd08a2bd0c Add 'rsautl' low level RSA utility. 
Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.
 2000-09-03 23:13:48 +00:00
Dr. Stephen Henson
7df1c720f6 Fix typo in i2d_ASN1_ENUMERATED 
Fix bug in read only memory BIOs so BIO_reset() works.

Add sign and verify options to dgst utility, need
to update docs.
 2000-08-30 16:14:29 +00:00
Dr. Stephen Henson
d428bf8c56 New option to CA.pl to sign request using CA extensions. 
This allows intermediate CAs to be created more easily.

PKCS12_create() now checks private key matches certificate.

Fix typo in x509 app.

Update docs.

New function ASN1_STRING_to_UTF8() converts any ASN1_STRING
type to UTF8.
 2000-08-24 23:24:18 +00:00
Dr. Stephen Henson
eaa2818189 Various fixes... 
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
 2000-08-21 22:02:23 +00:00
Richard Levitte
3009458e2f MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test 2000-08-14 14:05:53 +00:00
Richard Levitte
5ce42a7e68 Memory leaks fix. It now looks like all memory leaks, at least around 
building complete chains, are gone.
 2000-08-11 22:50:08 +00:00
Richard Levitte
9ee1c838cb Memory leaks fix. There seems to be more in other parts of OpenSSL... 2000-08-11 21:41:08 +00:00
Richard Levitte
88364bc2bc The pkcs12 had no way of getting a CA file or path to be used when 
building a complete chain.  Now added through the -CAfile and -CApath
arguments.
 2000-08-11 19:43:20 +00:00
Richard Levitte
3132e196bd Unicos doesn't have sys/timeb.h. Fix it by defining the TIMEB macro unless on Unicos. 2000-08-03 21:54:31 +00:00
Bodo Möller
69764d720a Include SKIP DH parameters with OpenSSL. 
These have been created by a SHA.1 based procedure, see
http://www.skip-vpn.org/spec/numbers.html.
(These values are taken from that document, I have not
implemented the prime generator.)
 2000-08-02 09:04:44 +00:00
Richard Levitte
ee087bb8eb Make it so we can dynamically enable memory allocation debugging through the 
environment variable OPENSSL_DEBUG_MEMORY (existence is sufficient).  At the
same time, it makes sure that CRYPTO_malloc_debug_init() gets expanded some-
where and thereby tested for compilation.
 2000-08-01 17:15:36 +00:00
Bodo Möller
cc244b371d Update 'openssl passwd' documentation on selection of algorithms. 2000-07-31 12:27:44 +00:00
Dr. Stephen Henson
bd4e152791 Document the new DN printing options. 
Change a few names to be more meaningful.

Fix typos in CA.pl docs.
 2000-07-30 01:27:59 +00:00
Dr. Stephen Henson
a657546f9c New ASN1_STRING_print_ex() and X509_NAME_print_ex() 
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.

The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).

Still needs to be documented, integrated into other
utilities and extensively tested.
 2000-07-28 01:58:15 +00:00
Richard Levitte
ca1e465f6d Add the possibility to get hexdumps of unprintable data when using 
'openssl asn1parse'.  As a side effect, the functions ASN1_parse_dump
and BIO_dump_indent are added.
 2000-07-27 17:28:25 +00:00
Bodo Möller
25063f1d9b Document -purpose option in usage string. 2000-07-15 18:10:35 +00:00
Dr. Stephen Henson
fd13f0ee52 Make req seed the PRNG if signing with 
an already existing DSA key.

Document the new smime options.
 2000-07-12 23:55:30 +00:00
Dr. Stephen Henson
094fe66d9f Fix some typose in the i2d/d2i functions that 
call the i2c/c2i (they were not using the
content length for the headers).

Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.

New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.
 2000-07-10 18:33:05 +00:00
Richard Levitte
c2bbf9cf6c I got sick and tired of having to keep track of NIDs when such a thing 
could be done automagically, much like the numbering in libeay.num and
ssleay.num.  The solution works as follows:

  - New object identifiers are inserted in objects.txt, following the
    syntax given in objects.README.
  - objects.pl is used to process obj_mac.num and create a new
    obj_mac.h.
  - obj_dat.pl is used to create a new obj_dat.h, using the data in
    obj_mac.h.

This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended.  The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!).  Additions are OK, as well as consistent name changes.
 2000-07-05 02:45:36 +00:00
Ben Laurie
2bfb4dbce4 Use up-to-date functions. 2000-07-01 16:25:20 +00:00
Richard Levitte
4e74239cca Give the user the option to measure real time instead of user CPU time. 2000-06-30 17:16:46 +00:00
Richard Levitte
f365611ca3 Undo the changes I just made. I'm not sure what I was thinking of. 
The message to everyone is "Do not hack OpenSSL when stressed"...
 2000-06-28 16:47:45 +00:00
Richard Levitte
20d242b0de Make it possible for users of the openssl applications to specify the 
EGD should be used as seeding input, and where the named socket is.
 2000-06-28 16:10:56 +00:00
Bodo Möller
1f4643a2f4 BSD-style MD5-based password algorithm in 'openssl passwd'. 
(Still needs to be tested against the original using sample passwords
of different length.)
 2000-06-23 18:00:16 +00:00
Richard Levitte
431b0cce7d Move add_oid_section to apps.c, so it can be shared by several 
applications.  Also, have it and the certificate and key loading
functions take a BIO argument for error output.
 2000-06-22 22:07:27 +00:00
Richard Levitte
ff4e9d91d9 Change req so the new parameter '-rand file' uses the given file in 
addition to the file given through the RANDFILE option or environment
variable.
 2000-06-22 21:16:01 +00:00
Richard Levitte
90ae4673a5 Move the certificate and key loading functions to apps.c, so they can 
be shared by several applications.
 2000-06-22 17:42:50 +00:00
Richard Levitte
2a98f41708 Forgot the self-documentation within req. 2000-06-22 09:59:21 +00:00
Richard Levitte
ac57d15b75 Small change to accept the command line parameter '-rand file'. This 
parameter takes precedence over the RANDFILE option in the
configuration file.
 2000-06-22 09:13:43 +00:00
Bodo Möller
0f4805f515 Avoid unnecessary links and incomplete program file in apps/. 2000-06-19 17:38:22 +00:00
Dr. Stephen Henson
d3ed8ceb3d Add support for the modified SGC key format used in IIS. 2000-06-15 23:48:05 +00:00
Geoff Thorpe
1c4f90a05d Enable DSO support on alpha (OSF1), cc and gcc. 
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
 2000-06-13 12:59:38 +00:00
Dr. Stephen Henson
a91dedca48 Document EVP routines. Change EVP_SealInit() and EVP_OpenInit() 
to support multiple calls.

New function to retrieve email address from certificates and
requests.
 2000-06-11 12:18:15 +00:00
Bodo Möller
f1d92d941e Accept -F4 option in lower case, which is what the usage information 
says one should use.
 2000-06-08 22:40:09 +00:00
Bodo Möller
208f3688e0 No need to abort if c_rehash fails here (e.g. because Perl is not where 
it is expected).
 2000-06-07 21:28:15 +00:00
Bodo Möller
b598ea93e7 use consistent indentation 2000-06-07 19:43:44 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names 
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
 2000-06-01 22:19:21 +00:00
Richard Levitte
a9ef75c50d Small fix to enable reading from stdin as well. 
Contributed by Yoichiro Okabe <okabe@wizsoft.co.jp>
 2000-06-01 11:23:20 +00:00
Bodo Möller
d9586857d6 Add required cast. 2000-05-19 12:02:49 +00:00
Dr. Stephen Henson
439df5087f Fix c_rehash script, add -fingerprint option to crl. 2000-05-18 00:33:00 +00:00
Ben Laurie
5de603abc8 Typesafety Thought Police part 3. 2000-05-16 21:22:45 +00:00
Ben Laurie
f2716dada0 Typesafety Thought Police Part 2. 2000-05-16 19:53:50 +00:00
Ben Laurie
b4604683fa Typesafety thought police. 2000-05-16 14:38:29 +00:00
Ulf Möller
0e1c06128a Get rid of more non-ANSI declarations. 2000-05-15 22:54:43 +00:00
Ben Laurie
fd73a2121c Allow UTCTIME objects to be retrieved. Check for imminent cert expiry. 2000-05-14 12:39:53 +00:00
Dr. Stephen Henson
a331a305e9 Make PKCS#12 code handle missing passwords. 
Add a couple of FAQs.
 2000-05-04 00:08:35 +00:00
Bodo Möller
c4d0df0c4f Fix a memory leak, and don't generate inappropriate error message 
when PEM_read_bio_X509_REQ fails.
 2000-05-02 20:18:48 +00:00
Bodo Möller
7fc840cc85 Stylistic changes: Don't use a macro for the malloc'ed length since it 
is not constant.
 2000-04-27 09:11:28 +00:00
Bodo Möller
4adcfa052f Warn about truncation also in the case when a single password is read using 
the password prompt.
 2000-04-27 06:47:23 +00:00
Bodo Möller
e5c84d5152 New function ERR_error_string_n. 2000-04-14 23:36:15 +00:00
Richard Levitte
7a807ad8a7 "make update" 2000-04-09 12:52:40 +00:00
Bodo Möller
1d90f28029 In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites 2000-04-06 22:33:14 +00:00
Bodo Möller
3bc90f2373 Fix typo in -clrext option, but add a compatibility hack because 
0.9.5a should not break anything that works in 0.9.5.
 2000-03-27 18:10:08 +00:00
Ulf Möller
a1a96e54a4 Sample application using RAND_event() to collect entropy from mouse 
movements, keyboard etc. and write it to a seed file.
 2000-03-19 22:58:12 +00:00
Bodo Möller
6e22639f46 Eliminate memory leaks in mem_dbg.c. 2000-03-18 15:18:27 +00:00
Richard Levitte
1f515cfe09 e_os.h: don't do double work with status codes. 
openssl.c: make damn sure e_os.h knows about OPENSSL_C
 2000-03-18 09:09:31 +00:00
Bodo Möller
fb51beb591 Remove CRYPTO_push/pop_info invocations to improve code readability -- 
I hope all memory leaks that may occur here have already been tracked down.
 2000-03-14 21:25:39 +00:00
Bodo Möller
cc497fb04a Avoid a warning. 2000-03-14 16:35:36 +00:00
Richard Levitte
1fff621bd7 Typo corrected 2000-03-14 04:32:24 +00:00
Richard Levitte
8824ec7cd5 Make sure strcmp() gets declared. 2000-03-14 04:09:48 +00:00
Bodo Möller
46c4647e3c "openssl no-..." commands for avoiding the need to grep 
"openssl list-standard-commands".
 2000-03-13 20:31:46 +00:00
Bodo Möller
863fe2ecac cleaning up a little 2000-03-12 23:27:14 +00:00
Ulf Möller
cee814f9d5 make update 2000-03-12 12:49:45 +00:00
Richard Levitte
ce301b6b0b Add the possibility (with -ign_eof) to ignore end of file on input but 
still not be quiet.  Also make it clear that -quiet implicitely means
-ign_eof as well.
 2000-03-10 12:18:28 +00:00
Bodo Möller
0dd3989868 Change to code generated by 'dhparam -C': 
- Move DH parameter components inside the function.
- Automatically #include the required header file if it
  has not already been #included.
 2000-03-10 12:17:37 +00:00
Bodo Möller
a10c512afa another typo 2000-03-10 11:47:58 +00:00
Bodo Möller
9f5d2069a4 typo 2000-03-10 11:43:45 +00:00
Dr. Stephen Henson
e743a5134e Don't Free() password if it was read from config file. 2000-03-09 01:03:44 +00:00
Dr. Stephen Henson
c61252001b Fix typo and make ca get the CA and request fields correct. 2000-03-08 12:44:10 +00:00
Bodo Möller
de83c12253 Add missing include (only MONOLITH builds were possible without it). 
Submitted by: Andrew W. Gray
 2000-03-05 01:11:44 +00:00
Bodo Möller
cf7fa82897 Read complete seed files given in -rand options. 2000-03-04 17:44:07 +00:00
Bodo Möller
0a150c5c9f Generate correct error reasons strings for SYSerr. 2000-03-04 01:36:53 +00:00
Bodo Möller
37634c8bc9 Add an #include. 2000-03-03 23:27:56 +00:00
Bodo Möller
bb2276abf7 Avoid potential memory leak in code generated by 'openssl dhparam -C'. 2000-03-03 22:24:43 +00:00
Bodo Möller
41918458c0 New '-dsaparam' option for 'openssl dhparam', and related fixes. 2000-03-03 22:18:19 +00:00
Richard Levitte
a8883854a3 Synchronise 2000-03-02 23:32:47 +00:00
Ulf Möller
99a97051d4 pseudo-seed for the PRNG before testing DSA 2000-03-01 17:42:06 +00:00
Bodo Möller
afbd0746cf 'rand'/'-rand' documentation. 2000-03-01 11:45:53 +00:00
Bodo Möller
55f7d65db0 Document the 'rand' application. 2000-03-01 07:57:25 +00:00
Bodo Möller
27b782732f 'rand' application for creating pseudo-random files. 2000-02-29 23:47:01 +00:00
Ulf Möller
c9e1fe33be Fix for non-monolithic build. 
Submitted by: Andrew Gray <agray@iconsinc.com>
 2000-02-28 20:16:06 +00:00
Richard Levitte
cde28e18bf New logical names to skip algorithms are now supported. 2000-02-27 10:41:31 +00:00
Bodo Möller
6d0d5431d4 More get0 et al. changes. Also provide fgrep targets in CHANGES 
where the new functions are mentioned.
 2000-02-26 08:36:46 +00:00
Richard Levitte
cb464c38b2 The OpenVMS library is most definitely not built for anything but 
files, unless it's all in unixly syntax.  We can't guarantee that
right now, so let's skip the whole test suit.  There are other places
(like the open()) where errors are detected anyway.
 2000-02-26 03:53:58 +00:00
Dr. Stephen Henson
c7cb16a8ff Rename functions for new convention. 2000-02-26 01:55:33 +00:00
Richard Levitte
1b8b0a8294 Correct small typo 2000-02-26 00:18:48 +00:00
Richard Levitte
3e0f27f3c9 Changes to synchronise with Unix. 
(actually, much more is needed, like a real config script)
 2000-02-25 20:37:46 +00:00
Ulf Möller
fea217f96f EGD bugfix. 
Submitted by: Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
 2000-02-25 14:16:43 +00:00
Ralf S. Engelschall
07fb39c32e Make gcc 2.95.2 happy here, too. 2000-02-24 10:37:58 +00:00
Ulf Möller
4ec2d4d2b3 Support EGD. 2000-02-24 02:51:47 +00:00