Commit graph

1008 commits

Author SHA1 Message Date
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Nils Larsch
eb3eab20a8 const fixes 2005-04-07 22:48:33 +00:00
Nils Larsch
7d727231b7 some const fixes 2005-04-05 19:11:19 +00:00
Nils Larsch
69740c2b3f update progs.pl to reflect changes in progs.h 2005-04-05 18:17:13 +00:00
Nils Larsch
12bdb64375 use SHA-1 as the default digest for the apps/openssl commands 2005-04-02 09:29:15 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Nils Larsch
689c6f2542 add new curves to the loop (with some cleanup from me)
Submitted by: Jean-Luc Duval
Reviewed by:  Nils Larsch
2005-03-20 23:12:13 +00:00
Bodo Möller
9f6715d4bb "make depend". This takes into account the algorithms that are now
disabled by default (MDC2 and RC5), which until now were skipped
by "make links" and yet supposedly required by some of the Makefiles,
meaning that the recent snapshots failed to compile.

Problem reported by Nils Larsch.
2005-03-13 19:49:47 +00:00
Andy Polyakov
877dbcb8a0 Shut whiny make's up. 2005-02-03 10:19:59 +00:00
Andy Polyakov
62d27939c2 Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms
and SafeDllSearchMode in Windows.

Submitted by: Richard Levitte
2005-02-01 23:48:37 +00:00
Richard Levitte
4aca9297dc The mix of CFLAGS and LDFLAGS is a bit confusing in my opinion, and
Makefile.shared was a bit overcomplicated.

Make the shell variables LDFLAGS and SHAREDFLAGS in Makefile.shared
get the values of $(CFLAGS) or $(LDFLAGS) as appropriate depending on
the value the shell variables LDCMD and SHAREDCMD get.  That leaves
much less chance of confusion, since those pairs of shell variables
always are defined together.
2005-01-26 23:51:20 +00:00
Andy Polyakov
fbdce13e5a Please BSD make... 2005-01-25 22:09:11 +00:00
Andy Polyakov
02a00bb054 DJGPP update.
PR: 989
Submitted by: Doug Kaufman
2005-01-04 10:28:38 +00:00
Andy Polyakov
3ffb8d42bc Remove naming conflict between variable and label. 2004-12-30 11:10:11 +00:00
Dr. Stephen Henson
e90faddaf8 Prompt for passphrases for PKCS12 input format 2004-12-29 01:07:14 +00:00
Richard Levitte
6951c23afd Add functionality needed to process proxy certificates. 2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
abbc186bd2 Fix s_client so it works without a certificate again. 2004-12-13 18:02:23 +00:00
Richard Levitte
de6859e442 Propagate a few more variables to Makefile.shared when linking
programs.
2004-12-13 17:28:44 +00:00
Dr. Stephen Henson
a37e22d866 Use X509_cmp_time() in -checkend option, to support GeneralizedTime. 2004-12-05 18:26:19 +00:00
Dr. Stephen Henson
5b40d7dd97 Add -passin argument to dgst command. 2004-12-03 12:26:56 +00:00
Richard Levitte
30b415b076 Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)
2004-11-29 11:28:08 +00:00
Dr. Stephen Henson
3fee255102 Typo. 2004-11-23 21:40:10 +00:00
Dr. Stephen Henson
16df5f066a Fix memory leak. 2004-11-23 21:22:21 +00:00
Dr. Stephen Henson
00dd8f6d6e In "req" exit immediately if configuration file is needed and it can't
be loaded instead of giving the misleading:

"unable to find 'distinguised_name' in config"

error message.
2004-11-17 18:36:13 +00:00
Dr. Stephen Henson
826a42a088 PR: 910
Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.

Update docs.
2004-11-16 17:30:59 +00:00
Dr. Stephen Henson
151368ccba PR: 940
Typo: use prompt_info, not cb_data->prompt_info.
2004-11-14 15:40:00 +00:00
Dr. Stephen Henson
5fee606442 Zap obsolete der_chop script. 2004-11-14 00:08:36 +00:00
Dr. Stephen Henson
78df5a2f1e Fix x509.c so it creates serial number file again if no
serial number is supplied on command line.
2004-11-13 13:26:06 +00:00
Richard Levitte
6c9f57d629 Cut'n'paste mistake. All tested OK now... 2004-11-11 19:36:08 +00:00
Richard Levitte
382342ce1d Whoops, syntactic mistake... 2004-11-11 18:58:01 +00:00
Richard Levitte
69c922f5d2 Some find it confusing that environment variables are set when shared
libraries aren't built or used.  I can see the point, so I'm
reorganising a little for clarity.
2004-11-11 18:18:43 +00:00
Dr. Stephen Henson
10c8505734 Use the default_md config file value when signing CRLs.
PR:662
2004-11-11 13:47:06 +00:00
Dr. Stephen Henson
10f92aac33 Don't return an error with crl -noout.
PR:917
Sumbmitted by: Michael Konietzka <konietzka@schlund.de>
2004-11-11 02:13:08 +00:00
Richard Levitte
8de69cf2c6 Make sure LD_PRELOAD is only set when we build shared libraries (and
therefore link with them).  Add LD_PRELOAD setting code where it was
still missing.

PR: 966
2004-11-05 09:12:10 +00:00
Geoff Thorpe
58ae65cd1a Update ECDSA and ECDH for OPENSSL_NO_ENGINE.
Reported by: Maxim Masiutin
Submitted by: Nils Larsch
2004-10-21 00:06:14 +00:00
Richard Levitte
d813ff2ac1 make update 2004-09-10 10:30:33 +00:00
Dr. Stephen Henson
c431798e82 Reformat smime utility.
Add support for policy checking in verify utility.
2004-09-07 18:38:46 +00:00
Dr. Stephen Henson
fb80794568 Don't use 'explicit' for variable name. 2004-09-07 00:31:08 +00:00
Dr. Stephen Henson
4ec3d785e5 Reformat smime.c 2004-09-07 00:28:17 +00:00
Dr. Stephen Henson
5d7c222db8 New X509_VERIFY_PARAM structure and associated functionality.
This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.
2004-09-06 18:43:01 +00:00
Richard Levitte
2549564009 On systems that use case-insensitive symbol names (i.e. they're all
converted to upper case or something like that), the application-
level bio_dump_cb() has a name clash with the new library function
BIO_dump_cb().  The easiest fix is to rename the function at the
application level.
2004-08-12 08:58:55 +00:00
Dr. Stephen Henson
b5a93e2250 Call setup_engine after autoconfig. 2004-08-06 12:44:34 +00:00
Dr. Stephen Henson
c128bb0fa2 Don't ignore return value of EVP_DigestInit_ex() in md BIOs and dgst utility. 2004-08-05 18:09:50 +00:00
Andy Polyakov
c88f8f76b5 'apps/openssl dgst -help' update and minor apps/speed.c update. 2004-07-25 18:57:35 +00:00
Dr. Stephen Henson
0efea28dcb Don't try to parse non string types. 2004-07-01 18:15:33 +00:00
Richard Levitte
28a8003467 Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>.
PR: 499
2004-06-28 22:01:37 +00:00
Richard Levitte
563cd0f2b0 Make the tests of EVP operations without padding. As a consequence,
there's no need for a larger BUFSIZE any more...

PR: 904
2004-06-28 16:32:12 +00:00
Richard Levitte
3ac0f28837 Make sure that the buffers are large enough to contain padding.
PR: 904
2004-06-28 12:23:35 +00:00
Richard Levitte
47c1735acd NetWare fixes provided by Verdon Walker for OpenSSL 0.9.8-dev.
The changes have been mailed to <crypt@bis.doc.gov> as well.

PR: 903
2004-06-28 11:55:28 +00:00
Dr. Stephen Henson
8a60547896 Reformat pkcs8 source. 2004-06-24 13:10:54 +00:00
Andy Polyakov
bc1ca8605c Working on HP-UX shared support... 2004-05-31 14:50:19 +00:00
Andy Polyakov
63ba7e293f Make sha-256/-512 naming in speed.c consistent with their names as they
will appear at EVP leyer.
2004-05-31 12:40:22 +00:00
Andy Polyakov
46ceb15c39 SHA-256/-512 test and benchmark. 2004-05-20 21:49:38 +00:00
Geoff Thorpe
9c52d2cc75 After the latest round of header-hacking, regenerate the dependencies in
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
f0eae953e2 Remove some unnecessary recursive includes from the internal apps.h header,
and include bn.h in those C files that need bignum functionality.
2004-05-17 19:05:32 +00:00
Richard Levitte
d1739eb2d6 make update 2004-05-13 21:38:47 +00:00
Dr. Stephen Henson
df368ecce4 Make self signing option of 'x509' use random serial numbers too. 2004-05-12 18:20:37 +00:00
Geoff Thorpe
bcfea9fb25 Allow RSA key-generation to specify an arbitrary public exponent. Jelte
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
2004-04-26 15:31:35 +00:00
Dr. Stephen Henson
77475142ec New option to 'x509' -next_serial. This outputs the certificate
serial number plus 1 to the output file. Its purpose is to allow
serial number files to be initialized when random serial numbers
are used.
2004-04-21 12:46:20 +00:00
Dr. Stephen Henson
90fac84066 Use X509_get_serialNumber() instead of accessing internals in x509.c 2004-04-21 12:43:21 +00:00
Dr. Stephen Henson
64674bcc8c Reduce chances of issuer and serial number duplication by use of random
initial serial numbers.

PR: 842
2004-04-20 12:05:26 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Geoff Thorpe
823a67b0a9 header cleanup in apps/ 2004-04-19 18:13:07 +00:00
Dr. Stephen Henson
ae44fc1ec4 Clear error if unique_subject lookup fails. 2004-04-15 00:32:19 +00:00
Richard Levitte
d530017c00 Move the definition of Win32_rename(), since the macro rename gets undefined
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853
2004-03-25 20:09:00 +00:00
Geoff Thorpe
5148710994 Adds warnings about two curves and fixes the "seed" value for two other
curves.

Submitted by: Nils Larsch
2004-03-25 03:03:52 +00:00
Richard Levitte
d342ec3335 o_str.h isn't a public header file, so make sure it will still be
included.
2004-03-24 09:43:03 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Dr. Stephen Henson
3f39976da3 Call autoconfig code in pkcs7 utility. 2004-03-05 23:46:29 +00:00
Geoff Thorpe
6c43032121 minor signed/unsigned warning fixes 2004-02-10 18:46:10 +00:00
Dr. Stephen Henson
37ead9be0b Fix handling of -offset and -length in asn1parse tool.
If -offset exceeds -length of data available exit with an error.

Don't read past end of total data available when -offset supplied.

If -length exceeds total available truncate it.
2004-02-08 13:30:04 +00:00
Andy Polyakov
3a160f1dc6 Fix declaration inconsistency in ecparam.c. 2004-01-24 16:51:59 +00:00
Lutz Jänicke
cdb42bcf0c Cover all DSA setups when running tests
PR: #748
Submitted by: Kirill Kochetkov <kochet@ixbt.com>
2004-01-08 07:46:37 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Richard Levitte
03ddbdd9b9 Move another common functionality (reproduced so far with cut'n'paste)
to apps.c, and give it the hopefully descriptive name parse_yesno().
2003-11-28 14:45:09 +00:00
Richard Levitte
d45a098472 Forgot to change the declaration of do_subject() to one of parse_name()... 2003-11-28 14:18:05 +00:00
Richard Levitte
6d5ffb591b Move do_subject() to apps.c and rename it to parse_name(). The
rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.
2003-11-28 14:07:14 +00:00
Richard Levitte
7ce9e425bc Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option
to 'openssl req' and 'openssl ca'.

PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte

(there will be some follow-up changes)
2003-11-28 14:04:09 +00:00
Richard Levitte
4d8743f490 Netware-specific changes,
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
2003-11-28 13:10:58 +00:00
Dr. Stephen Henson
a8287a90ea Give CRLDP its standard name.
Max req -x509 use V1 if extensions section absent.
2003-11-20 22:45:06 +00:00
Lutz Jänicke
95de3d204f Make sure to initialize AES counters to obtain proper results.
Submitted by: Kirill Kochetkov <kochet@ixbt.com>

PR: #748
2003-11-18 18:27:12 +00:00
Lutz Jänicke
f35232e6f3 Catch error condition to prevent NULL pointer dereference.
Submitted by: Goetz Babin-Ebell <babin-ebell@trustcenter.de>

PR: #766
2003-11-16 16:30:39 +00:00
Geoff Thorpe
d8ec0dcf45 Avoid some shadowed variable names.
Submitted by: Nils Larsch
2003-11-04 00:51:32 +00:00
Richard Levitte
cfd06a6223 Let exit codes propagate from within for loops. 2003-10-31 06:58:24 +00:00
Geoff Thorpe
bc3c578208 Copy-n-paste bug (don't mix variable declarations and code). This sets the
callback structure just before it is needed.
2003-10-29 22:30:45 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Geoff Thorpe
0991f07034 For whatever reason (compiler or header bugs), at least one commonly-used
linux system (namely mine) chokes on our definitions and uses of the "HZ"
symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast"
(when in fact there is no function casting involved at all). In both cases,
it is easily worked around by not defining a cast into the macro and
jiggling the expressions slightly.

In addition - this highlights some cruft in openssl that needs sorting out.
The tmdiff.h header is exported as part of the openssl API despite the fact
that it is ugly as the driven sludge and not used anywhere in the library,
applications, or utilities. More weird still, almost identical code exists
in apps/speed.c though it looks to be slightly tweaked - so either tmdiff
should be updated and used by speed.c, or it should be dumped because it's
obviously not useful enough.

Rather than removing it for now, I've changed the API for tmdiff to at
least make sense. This involves taking the object type (MS_TM) from the
implementation and using it in the header rather than using "char *" in the
API and casting mercilessly in the code (ugh). If someone doesn't like
"MS_TM" and the "ms_time_***" naming, by all means change it. This should
be a harmless improvement, because the existing API is clearly not very
useful (eg. we reimplement it rather than using it in our own utils).

However, someone still needs to take a hack at consolidating speed.c and
tmdiff.[ch] somehow.
2003-10-29 04:40:13 +00:00
Geoff Thorpe
2aaec9cced Update any code that was using deprecated functions so that everything builds
and links with OPENSSL_NO_DEPRECATED defined.
2003-10-29 04:14:08 +00:00
Dr. Stephen Henson
a08ced78c8 Avoid warnings: add missing prototype, don't shadow. 2003-10-10 23:07:24 +00:00
Richard Levitte
f44e184ec6 s_client should inform the user of any compression/expansion methods used. 2003-10-06 12:19:38 +00:00
Richard Levitte
3d7c4a5a6d Selected changes for MSDOS, contributed by Gisle Vanem <giva@bgnett.no>.
PR: 669
2003-09-27 21:56:08 +00:00
Richard Levitte
253e893c2b Include the instance in the Kerberos ticket information.
In s_server, print the received Kerberos information.
PR: 693
2003-09-27 17:55:13 +00:00
Dr. Stephen Henson
dfe399e7d9 Add -passin support to rsautl 2003-09-21 02:20:02 +00:00
Dr. Stephen Henson
7068c8b1a6 In order to get the expected self signed error when
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
2003-09-21 02:18:15 +00:00
Richard Levitte
e6fa67fa93 Generalise the definition of strcasecmp() and strncasecmp() for
platforms that don't (necessarely) have it.  In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).
2003-09-09 14:48:36 +00:00
Dr. Stephen Henson
560dfd2a02 New -ignore_err option in ocsp application to stop the server
exiting on the first error in a request.
2003-09-03 23:56:01 +00:00
Bodo Möller
563c05e2dc fix out-of-bounds check in lock_dbg_cb (was too lose to detect all
invalid cases)

PR: 674
2003-08-14 10:33:56 +00:00
Bodo Möller
968766cad8 updates for draft-ietf-tls-ecc-03.txt
Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller
2003-07-22 12:34:21 +00:00