Dr. Stephen Henson
77b47b9036
Rename X509_att*() stuff to X509at_*(), add X509_REQ wrappers.
2000-01-19 01:02:13 +00:00
Bodo Möller
a8eeb155b5
Avoid some warnings, and run "make update".
2000-01-14 17:28:48 +00:00
Ulf Möller
eb952088f0
Precautions against using the PRNG uninitialized: RAND_bytes() now
...
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
2000-01-13 20:59:17 +00:00
Dr. Stephen Henson
25f923ddd1
New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code.
...
Remove references to 'TXT' in -inform and -outform switches.
2000-01-09 14:21:40 +00:00
Dr. Stephen Henson
35f4850ae0
More X509_ATTRIBUTE changes.
2000-01-07 00:55:54 +00:00
Dr. Stephen Henson
b38f9f66c3
Initial automation changes to 'req' and X509_ATTRIBUTE functions.
2000-01-06 01:26:48 +00:00
Dr. Stephen Henson
20432eae41
Fix some of the command line password stuff. New function
...
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
2000-01-01 16:42:49 +00:00
Dr. Stephen Henson
6447cce372
Simplify the trust structure: basically zap the bit strings and
...
represent everything by OIDs.
1999-12-29 00:40:28 +00:00
Dr. Stephen Henson
e6f3c5850e
New {i2d,d2i}_PrivateKey_{bio, fp} functions.
1999-12-26 19:20:03 +00:00
Dr. Stephen Henson
36217a9424
Allow passwords to be included on command line for a few
...
more utilities.
1999-12-24 23:53:57 +00:00
Dr. Stephen Henson
12aefe78f0
Fixes so NO_RSA works again.
1999-12-24 17:26:33 +00:00
Dr. Stephen Henson
dd4134101f
Change the trust and purpose code so it doesn't need init
...
either and has a static and dynamic mix.
1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
bb7cd4e3eb
Remainder of SSL purpose and trust code: trust and purpose setting in
...
SSL_CTX and SSL, functions to set them and defaults if no values set.
1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
13938aceca
Add part of chain verify SSL support code: not complete or doing anything
...
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
1999-11-29 01:09:25 +00:00
Dr. Stephen Henson
51630a3706
Add trust setting support to the verify code. It now checks the
...
trust settings of the root CA.
After a few fixes it seems to work OK.
Still need to add support to SSL and S/MIME code though.
1999-11-27 19:43:10 +00:00
Dr. Stephen Henson
21f775522b
Oops! Commit died on me :-(
1999-11-27 01:18:39 +00:00
Dr. Stephen Henson
9868232ae1
Initial trust code: allow setting of trust checking functions
...
in a table. Doesn't do too much yet.
Make the -<digestname> options in 'x509' affect all relevant
options.
Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.
A few constification changes.
1999-11-27 01:14:04 +00:00
Dr. Stephen Henson
d4cec6a13d
New options to the -verify program which can be used for chain verification.
...
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
1999-11-26 00:27:07 +00:00
Dr. Stephen Henson
1126239111
Initial chain verify code: not tested probably not working
...
at present. However nothing enables it yet so this doesn't
matter :-)
1999-11-24 01:31:49 +00:00
Dr. Stephen Henson
52664f5081
Transparent support for PKCS#8 private keys in RSA/DSA.
...
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
1999-11-21 22:28:31 +00:00
Ben Laurie
44eca70641
Update dependencies.
1999-11-18 14:32:54 +00:00
Dr. Stephen Henson
f76d8c4747
Modify verify code to handle self signed certificates.
1999-11-17 01:20:29 +00:00
Bodo Möller
b1fe6ca175
Store verify_result with sessions to avoid potential security hole.
1999-11-16 23:15:41 +00:00
Dr. Stephen Henson
e947f39689
New function X509_cmp().
1999-11-16 00:56:03 +00:00
Dr. Stephen Henson
06556a1744
'req' fixes. Reinstate length check one request fields.
...
Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
1999-11-14 23:10:50 +00:00
Dr. Stephen Henson
a0ad17bb6c
Fix to the -revoke option in ca. It was leaking memory, crashing and just
...
plain not working :-(
Also fix some memory leaks in the new X509_NAME code.
Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
1999-11-08 13:58:08 +00:00
Dr. Stephen Henson
ce1b4fe146
Allow additional information to be attached to a
...
certificate: currently this includes trust settings
and a "friendly name".
1999-11-04 00:45:35 +00:00
Dr. Stephen Henson
74400f7348
Continued multibyte character support.
...
Add a bunch of functions to simplify the creation of X509_NAME structures.
Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
1999-10-27 00:15:11 +00:00
Bodo Möller
38899535f8
Report an error from X509_STORE_load_locations
...
when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
1999-10-26 01:52:16 +00:00
Dr. Stephen Henson
f769ce3ea4
More multibyte character support.
...
Functions to get keys from EVP_PKEY structures.
1999-10-25 02:00:09 +00:00
Dr. Stephen Henson
08e9c1af6c
Replace the macros in asn1.h with function equivalents. Also make UTF8Strings
...
tolerated in certificates.
1999-10-20 01:50:23 +00:00
Dr. Stephen Henson
673b102c5b
Initial support for certificate purpose checking: this will
...
ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.
1999-10-13 01:11:56 +00:00
Dr. Stephen Henson
56a3fec1b1
Add EX_DATA support to X509.
...
Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.
1999-10-11 01:30:04 +00:00
Dr. Stephen Henson
3ea23631d4
Add support for public key input and output in rsa and dsa utilities with some
...
new DSA public key functions that were missing.
Also beginning of a cache for X509_EXTENSION structures: this will allow them
to be accessed more quickly for things like certificate chain verification...
1999-10-04 21:17:47 +00:00
Dr. Stephen Henson
393f2c651d
Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message
...
contains no certificates.
Also fix typo in RANLIB changes.
1999-10-04 12:08:59 +00:00
Andy Polyakov
17f389bbbf
Initial support for MacOS.
...
This will soon be complemented with MacOS specific source code files and
INSTALL.MacOS.
I (Andy) have decided to get rid of a number of #include <sys/types.h>.
I've verified it's ok (both by examining /usr/include/*.h and compiling)
on a number of Unix platforms. Unfortunately I don't have Windows box
to verify this on. I really appreciate if somebody could try to compile
it and contact me a.s.a.p. in case a problem occurs.
Submitted by: Roy Wood <roy@centricsystems.ca>
Reviewed by: Andy Polyakov <appro@fy.chalmers.se>
1999-09-11 17:54:18 +00:00
Ben Laurie
092ec334f0
Fix warnings.
1999-09-06 11:06:54 +00:00
Dr. Stephen Henson
8ce97163a2
Add new 'spkac' utility and several SPKAC utility functions.
1999-09-03 01:08:34 +00:00
Dr. Stephen Henson
fd52057729
Add functions to allow extensions to be added to certificate requests.
...
Modify obj_dat.pl to take its files from the command line. Usage is now
perl obj_dat.pl objects.h obj_dat.h
this should avoid redirection shell escape problems under Win32.
1999-08-11 13:08:58 +00:00
Dr. Stephen Henson
87c49f622e
Support for parsing of certificate extensions in PKCS#10 requests: these are
...
used by things like Xenroll. Also include documentation for extendedKeyUsage
extension.
1999-08-09 22:38:05 +00:00
Bodo Möller
a9642be663
more consistent formatting
1999-08-08 14:06:29 +00:00
Bodo Möller
74678cc2f8
Additional user data argument to pem_password_cb function type
...
and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>
1999-07-21 20:57:16 +00:00
Bodo Möller
16bc9fea4d
slight clean-up
1999-07-21 20:47:51 +00:00
Ulf Möller
5271ebd9a3
More no-xxx option tweaks.
1999-06-30 00:42:56 +00:00
Dr. Stephen Henson
8eb57af5fe
Complete support for PKCS#5 v2.0. Still needs extensive testing.
1999-06-08 00:09:51 +00:00
Dr. Stephen Henson
8e21c14607
More PKCS#5 v2.0 development. Add a function to setup a PKCS#5 v2.0
...
AlgorithmIdentifier and make various ASN1 fixes.
1999-06-06 23:34:44 +00:00
Dr. Stephen Henson
69cbf46811
Rewrite PBE handling read to support PKCS#5 v2.0 and update the function
...
list for Win32.
1999-06-06 13:07:13 +00:00
Dr. Stephen Henson
3cbb7937fa
Add d2i,i2d bio and fp functions for PKCS#8 and add -inform and -outform
...
arguments to pkcs8 application.
1999-06-05 01:45:20 +00:00
Ulf Möller
a53955d8ab
Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
...
Submitted by: Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>
1999-06-04 21:35:58 +00:00
Ben Laurie
5c0a48655f
stack
1999-06-02 22:01:56 +00:00
Ben Laurie
6d114240b9
stack.
1999-05-31 21:00:25 +00:00
Ben Laurie
426edadf98
Stack.
1999-05-31 20:35:31 +00:00
Ben Laurie
7e258a56da
Yet another stack.
1999-05-30 22:25:19 +00:00
Ben Laurie
fc875472d0
Another stack.
1999-05-30 21:16:24 +00:00
Ben Laurie
e5e932d212
Another safe stack.
1999-05-30 15:40:21 +00:00
Ben Laurie
ee8ba0b26c
Another safe stack.
1999-05-30 15:25:47 +00:00
Dr. Stephen Henson
4b55c2a3a9
Move the Win32 #undefs of X509_NAME and PKCS7_ISSUER_AND_SERIAL so they will
...
always get included with the relevant files.
1999-05-21 12:14:35 +00:00
Bodo Möller
7e70181723
It was a very bad idea to use #include "../e_os.h" -- when this occurs
...
in cryptlib.h (which is often included as "../cryptlib.h"), then the
question remains relative to which directory this is to be interpreted.
gcc went one further directory up, as intended; but makedepend thinks
differently, and so probably do some C compilers. So the ../ must go away;
thus e_os.h goes back into include/openssl (but I now use
#include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) --
and we have another huge bunch of dependency changes. Argh.
1999-05-21 11:16:48 +00:00
Dr. Stephen Henson
31a352d191
The last argument in the d2i_XXX_fp and d2i_XXX_bio functions should be
...
of type XXX ** not XXX *
1999-05-21 01:06:23 +00:00
Bodo Möller
17e3dd1c62
Don't install e_os.h in include/openssl, use it only as a local
...
include file.
1999-05-20 21:59:20 +00:00
Bodo Möller
127640b449
Update dependencies.
1999-05-15 13:38:48 +00:00
Ben Laurie
2adca9cdc6
Update dependencies.
1999-05-13 17:33:27 +00:00
Ulf Möller
7d7d2cbcb0
VMS support.
...
Submitted by: Richard Levitte <richard@levitte.org>
1999-05-13 11:37:32 +00:00
Bodo Möller
d797727b20
Comment.
...
Submitted by:
Reviewed by:
PR:
1999-05-11 22:05:39 +00:00
Ralf S. Engelschall
397f703892
Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow
...
-Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations
-Wnested-externs -Winline'' with EGCS 1.1.2+
1999-05-10 08:33:56 +00:00
Dr. Stephen Henson
c8b4185079
Kill evil casts, fix PKCS#7 and add new X509V3 Function.
1999-05-09 16:39:11 +00:00
Bodo Möller
303c002898
Use "const char *" instead of "char *" for filenames passed to functions.
...
Submitted by:
Reviewed by:
PR:
1999-05-09 10:12:10 +00:00
Dr. Stephen Henson
a5ab0532ca
Various Win32 fixes. Win95 doesn't support MoveFileEx() (which was used for a
...
Win32 version of rename() ). There isn't a precise rename() equivalent under
Win95: the standard rename() complains if the destination already exists so
replaced with a combination of unlink() and MoveFile().
1999-05-08 22:46:51 +00:00
Ralf S. Engelschall
20b85fdd76
Convert casted X509_INFO stacks to type-safe STACK_OF(X509_INFO).
...
PS: Feel free to move the IMPLEMENT_STACK_OF(X509_INFO) from
crypto/asn1/x_info.c to any other place where you think it fits better.
X509_INFO is a structure slightly spreaded over ASN.1, X509 and PEM code,
so I found no definitive location for IMPLEMENT_STACK_OF(X509_INFO). In
crypto/asn1/x_info.c it's at least now bundled with X509_INFO_new() and
friends.
1999-05-04 08:56:51 +00:00
Ben Laurie
0b3f827cf5
Yet another stack.
1999-05-02 21:36:58 +00:00
Ben Laurie
d35ea5b00b
Another stack.
1999-05-01 18:29:59 +00:00
Ben Laurie
d500de1672
Another stack.
1999-05-01 18:08:44 +00:00
Ben Laurie
65d4927b8d
Another safe stack.
1999-05-01 17:40:57 +00:00
Bodo Möller
7f89714e64
Support verify_depth from the SSL API without need for user-defined
...
callbacks.
Submitted by:
Reviewed by:
PR:
1999-05-01 03:20:40 +00:00
Bodo Möller
c9e4bc2f07
Use correct error macro so that error messages make sense.
...
Submitted by:
Reviewed by:
PR:
1999-05-01 00:11:15 +00:00
Bodo Möller
e5f3045fbf
Support INSTALL_PREFIX for packagers.
...
Submitted by:
Reviewed by:
PR:
1999-04-29 21:52:08 +00:00
Ulf Möller
d575d2924c
Ignore Makefile.save
...
Submitted by: Anonymous
1999-04-29 16:04:54 +00:00
Bodo Möller
1314c344ac
Obey $(PERL) when running util/mklink.pl.
...
Submitted by:
Reviewed by:
PR:
1999-04-29 12:46:59 +00:00
Bodo Möller
6e6acfd4b9
Use util/mklink.pl instead of util/mklink.sh.
...
Submitted by:
Reviewed by:
PR:
1999-04-28 22:33:54 +00:00
Ulf Möller
f5d7a031a3
New Configure option no-<cipher> (rsa, idea, rc5, ...).
1999-04-27 01:14:46 +00:00
Ulf Möller
a9be3af5ad
Remove NOPROTO definitions and error code comments.
1999-04-26 16:43:10 +00:00
Dr. Stephen Henson
a1e464f94a
Fixes so it will compile again under Win32.
1999-04-25 20:57:09 +00:00
Dr. Stephen Henson
c74b3a6037
Various header consistency fixes.
1999-04-25 16:38:52 +00:00
Dr. Stephen Henson
5043fc9fd5
Fix mkerr.pl to find functions returning function pointers (thanks Ulf!)
...
also add a few missing prototypes.
1999-04-25 11:17:44 +00:00
Bodo Möller
0b86eb3ea6
Fix header files so that any one can be included first.
...
Submitted by:
Reviewed by:
PR:
1999-04-24 18:50:40 +00:00
Dr. Stephen Henson
7393480047
Change the command line options of mkerr.pl so -static is now default and
...
a -write option is needed to actually change anything. Second attempt at
getting rid of ERR, ERRC definitions: it might even work this time :-)
1999-04-24 17:28:43 +00:00
Bodo Möller
c76b0f751f
Restore ERRC definitions that are needed to compile the library.
...
Submitted by:
Reviewed by:
PR:
Submitted by:
Reviewed by:
PR:
1999-04-24 15:57:02 +00:00
Dr. Stephen Henson
6e781e8e07
Delete the unnecessary ERR and ERRC lines in makefiles, add some functionality
...
to error code script: it can now find untranslatable function codes (usually
because the function is static and not defined in a header: occasionally because
of a typo...) and unreferenced function and reason codes. To see this try:
perl util/mkerr.pl -recurse -debug
Also fixed some typos in crypto/pkcs12 that this found :-)
Also tidy up some error calls that had to be all on one line: the old error
script couldn't find codes unless the call was all on one line.
1999-04-24 13:28:57 +00:00
Dr. Stephen Henson
6d31193858
Complete rewrite of the error code generation script. It now runs as a single
...
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
1999-04-24 00:15:18 +00:00
Bodo Möller
bf57da0717
"make depend"
...
Submitted by:
Reviewed by:
PR:
1999-04-23 22:50:50 +00:00
Bodo Möller
ec577822f9
Change #include filenames from <foo.h> to <openssl.h>.
...
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ben Laurie
61f5b6f338
Work with -pedantic!
1999-04-23 15:01:15 +00:00
Ben Laurie
6cda1005f8
Reverse unexplained change.
1999-04-22 14:17:12 +00:00
Ulf Möller
95dc05bc6d
Fix lots of warnings.
...
Submitted by: Richard Levitte <levitte@stacken.kth.se>
1999-04-20 22:50:42 +00:00
Dr. Stephen Henson
f5fedc0497
Various fixes so Win32 compile may work. Convert GeneralNames to use safe stack.
1999-04-20 01:10:33 +00:00
Ulf Möller
6b691a5c85
Change functions to ANSI C.
1999-04-19 21:31:43 +00:00
Bodo Möller
6c5d4168ff
Removed extra semicolons.
...
Submitted by:
Reviewed by:
PR:
1999-04-19 13:37:35 +00:00
Ben Laurie
e778802f53
Massive constification.
1999-04-17 21:25:43 +00:00
Ben Laurie
cfdcfede9c
Another STACK bites the dust.
1999-04-17 10:28:46 +00:00
Dr. Stephen Henson
0490a86d01
Delete all the old X509V3 pack and unpack stuff and various structures and
...
files associated with them. This stuff is all obsoleted by the new X509V3 code.
1999-04-13 23:56:39 +00:00