Commit graph

102 commits

Author SHA1 Message Date
Nils Larsch
4ebb342fcd Let the TLSv1_method() etc. functions return a const SSL_METHOD
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-14 21:48:33 +00:00
Nils Larsch
3eeaab4bed make
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159
2005-07-16 12:37:36 +00:00
Richard Levitte
b29228836a DJGPP changes. Contributed by Doug Kaufman <dkaufman@rahul.net> 2005-05-30 22:37:44 +00:00
Nils Larsch
9dd8405341 ecc api cleanup; summary:
- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Nils Larsch
8b15c74018 give EC_GROUP_new_by_nid a more meanigful name:
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Dr. Stephen Henson
4e321ffaff Fixes for signed/unsigned warnings and shadows. 2005-04-26 17:43:53 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Ben Laurie
e9ad6665a5 Add debug target, remove cast, note possible bug. 2005-04-23 06:05:24 +00:00
Nils Larsch
eb3eab20a8 const fixes 2005-04-07 22:48:33 +00:00
Nils Larsch
7d727231b7 some const fixes 2005-04-05 19:11:19 +00:00
Dr. Stephen Henson
826a42a088 PR: 910
Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.

Update docs.
2004-11-16 17:30:59 +00:00
Richard Levitte
2549564009 On systems that use case-insensitive symbol names (i.e. they're all
converted to upper case or something like that), the application-
level bio_dump_cb() has a name clash with the new library function
BIO_dump_cb().  The easiest fix is to rename the function at the
application level.
2004-08-12 08:58:55 +00:00
Geoff Thorpe
bcfea9fb25 Allow RSA key-generation to specify an arbitrary public exponent. Jelte
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
2004-04-26 15:31:35 +00:00
Richard Levitte
4d8743f490 Netware-specific changes,
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
2003-11-28 13:10:58 +00:00
Geoff Thorpe
2aaec9cced Update any code that was using deprecated functions so that everything builds
and links with OPENSSL_NO_DEPRECATED defined.
2003-10-29 04:14:08 +00:00
Richard Levitte
3d7c4a5a6d Selected changes for MSDOS, contributed by Gisle Vanem <giva@bgnett.no>.
PR: 669
2003-09-27 21:56:08 +00:00
Richard Levitte
253e893c2b Include the instance in the Kerberos ticket information.
In s_server, print the received Kerberos information.
PR: 693
2003-09-27 17:55:13 +00:00
Richard Levitte
3ae70939ba Correct a lot of printing calls. Remove extra arguments... 2003-04-03 23:39:48 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:39:26 +00:00
Geoff Thorpe
5daec7ea0e Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are
being built with it defined - it is not a symbol to affect how openssl
itself builds, but to alter the way openssl headers can be used from an API
point of view. The "deprecated" function wrappers will always remain inside
OpenSSL at least as long as they're still being used internally. :-)

The exception is dsaparam which has been updated to the BN_GENCB-based
functions to test the new functionality. If GENCB_TEST is defined, dsaparam
will support a "-timebomb <n>" switch to cancel parameter-generation if it
gets as far as 'n' seconds without completion.
2002-12-08 05:38:44 +00:00
Richard Levitte
1c3e4a3660 EXIT() may mean return(). That's confusing, so let's have it really mean
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
2002-12-03 16:33:03 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
0bf23d9b20 WinCE patches 2002-11-15 22:37:18 +00:00
Richard Levitte
8d6e60486f Fix to build better with DJGPP.
PR: 338

Here's the description, submitted by Gisle Vanem <giva@bgnett.no>:

1. sock_init() renamed to ssl_sock_init() in ./apps/s_socket.c due
   to name-clash with Watt-32.

2. rand() renamed to Rand() in ./crypto/bn/divtest.c due to name-clash
   with <stdlib.h>

3. Added calls to dbug_init()/sock_init() in some demo programs.

4. Changed cflags/lflags in configure. Watt-32 install root now taken
   from $WATT_ROOT.
2002-11-14 11:22:01 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Bodo Möller
0fd05a2f0f fix warnings (CHARSET_EBCDIC)
Submitted by: Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
2002-08-15 14:52:54 +00:00
Bodo Möller
7eb18f1237 Simplify handling of named curves: get rid of EC_GROUP_new_by_name(),
EC_GROUP_new_by_nid() should be enough.  This avoids a lot of
redundancy.

Submitted by: Nils Larsch
2002-08-15 09:21:31 +00:00
Bodo Möller
ea26226046 ECC ciphersuite support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
2002-08-09 08:56:08 +00:00
Richard Levitte
cead7f36da Set up the engine before doing anything random-related, since engine randomness
is only used for seeding and doing it in the wrong order will mean seeding
is done before the engine randomness is hooked in.
Notified by Frederic DONNAT <frederic.donnat@zencod.com>
2002-07-16 06:52:03 +00:00
Dr. Stephen Henson
3647bee263 Config code updates.
CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 14:01:21 +00:00
Bodo Möller
4d94ae00d5 ECDSA support
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Geoff Thorpe
1372965e2e Reduce the header dependencies on engine.h in apps/. 2001-09-12 02:39:06 +00:00
Lutz Jänicke
e9eb000c53 Oops, one SSL_OP_NON_EXPORT_FIRST was left. 2001-08-03 13:05:44 +00:00
Richard Levitte
2a1ef75435 Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in
SSL according to RFC 2712.  His comment is:

This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication.  I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week.  The full kit includes patches
for mod-ssl, apache, and a few text clients.  The sourceforge URL
is http://sourceforge.net/projects/kssl/ .

Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct.  I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field.  I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
2001-07-09 21:46:58 +00:00
Richard Levitte
c04f8cf44a Use apps_shutdown() in all applications, in case someone decides not
to go the monolith way (does anyone do that these days?).

NOTE: a few applications are missing in this commit.  I've a few more
changes in them that I haven't tested yet.
2001-06-23 16:37:32 +00:00
Richard Levitte
531d630b5c Provide an application-common setup function for engines and use it
everywhere.
2001-06-18 06:22:33 +00:00
Dr. Stephen Henson
bdee69f718 Allow various X509_STORE_CTX properties to be
inherited from X509_STORE.

Add CRL checking options to other applications.
2001-05-09 00:30:39 +00:00
Bodo Möller
50b8ba0201 avoid buffer overflow 2001-03-31 07:48:07 +00:00
Bodo Möller
b10ae320f7 this time *really* fix the /../ check ... 2001-03-30 14:55:50 +00:00
Bodo Möller
5d3ab9b096 For -WWW, fix test for ".." directory references (and avoid warning for
index -1).
2001-03-30 10:47:21 +00:00
Richard Levitte
251cb4cfed For some experiments, it is sometimes nice to serve files with complete
HTTP responses.
2001-03-10 16:20:52 +00:00
Geoff Thorpe
e3a9164073 I missed one. 2001-02-23 00:09:50 +00:00
Geoff Thorpe
1aa0d94781 This adds command-line support to s_server for controlling the generation
of session IDs. Namely, passing "-id_prefix <text>" will set a
generate_session_id() callback that generates session IDs as random data
with <text> block-copied over the top of the start of the ID. This can be
viewed by watching the session ID s_client's output when it connects.

This is mostly useful for testing any SSL/TLS code (eg. proxies) that wish
to deal with multiple servers, when each of which might be generating a
unique range of session IDs (eg. with a certain prefix).
2001-02-21 18:38:48 +00:00
Richard Levitte
be1bd9239f Get e_os2.h to get all the system definitions correctly. 2001-02-20 14:07:03 +00:00
Richard Levitte
56dde3ebe6 Include opensslconf.h or the like early to make sure system macros get
correctly defined.
2001-02-20 13:11:54 +00:00
Bodo Möller
ff055b5c89 honour '-no_tmp_rsa' 2001-02-20 12:59:48 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Lutz Jänicke
52b621db88 Add "-rand" option to s_client and s_server. 2001-02-15 10:22:07 +00:00