openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	216e0d5b91	Fix smime -pk7out.	2006-05-22 13:37:16 +00:00
Dr. Stephen Henson	5531192151	Add -resign and -md options to smime command to support resigning an existing structure and using alternative digest for signing.	2006-05-18 23:44:44 +00:00
Dr. Stephen Henson	a6e7fcd140	Multiple signer support in smime application.	2006-05-18 12:41:28 +00:00
Dr. Stephen Henson	76cf3fcb43	Reformat smime.c utility.	2006-05-18 11:54:16 +00:00
Dr. Stephen Henson	121dd39f9f	New option to pkcs12 utility to set alternative MAC digest algorithm.	2006-05-17 18:46:22 +00:00
Dr. Stephen Henson	a263253545	Don't try to print PBE information if it can't be decoded.	2006-05-17 18:24:35 +00:00
Dr. Stephen Henson	8de916bcee	Oops...	2006-05-17 12:29:16 +00:00
Dr. Stephen Henson	1631d5f9b9	HMAC OIDs from RFC4231.	2006-05-17 12:27:45 +00:00
Dr. Stephen Henson	98c82b899e	Gather keygen options in req and only use them after all other options have been processed. This allows any ENGINE changing operations to be processed first (for example a config file).	2006-05-16 12:11:14 +00:00
Dr. Stephen Henson	fbf6643607	Bugfix: the NONE string for PBE algorithms wasn't working.	2006-05-15 13:23:15 +00:00
Dr. Stephen Henson	1bd06bd0c4	In interactive mode only config OpenSSL once.	2006-05-12 17:11:58 +00:00
Richard Levitte	98bf13c36b	make update	2006-05-12 15:31:28 +00:00
Dr. Stephen Henson	759d8ac6ee	Typo.	2006-05-12 00:27:39 +00:00
Dr. Stephen Henson	959e8dfe06	Update 'req' command to use new keygen API.	2006-05-11 21:39:00 +00:00
Dr. Stephen Henson	03919683f9	Add support for default public key digest type ctrl.	2006-05-07 17:09:39 +00:00
Ulf Möller	36e77b1059	Bug fix. PR: 1307 Submitted by: Oliver Tappe <zooey@hirschkaefer.de>	2006-05-01 18:49:26 +00:00
Dr. Stephen Henson	816c2b5a79	Fix from stable branch.	2006-04-28 00:30:49 +00:00
Dr. Stephen Henson	15f80eea31	Fix usage message for pkeyutl.	2006-04-26 15:42:29 +00:00
Dr. Stephen Henson	ee1d9ec019	Remove link between digests and signature algorithms. Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate the need for algorithm specific code.	2006-04-19 17:05:59 +00:00
Dr. Stephen Henson	7bf7333d68	If we include winsock2.h then FD_SET wants an unsigned type for an fd.	2006-04-17 12:22:13 +00:00
Dr. Stephen Henson	b010b7c434	Use more flexible method of determining output length, by setting &outlen value of the passed output buffer is NULL. The old method of using EVP_PKEY_size(pkey) isn't flexible enough to cover all cases where the output length may depend on the operation or the parameters associated with it.	2006-04-15 18:50:56 +00:00
Richard Levitte	51aa7bd321	Got sick and tired of duplicating... Too error-prone (i.e. I forget to update both...)!	2006-04-14 19:56:28 +00:00
Dr. Stephen Henson	ffb1ac674c	Complete key derivation support.	2006-04-13 20:16:56 +00:00
Dr. Stephen Henson	3be34589e8	Update dependencies.	2006-04-13 13:00:45 +00:00
Dr. Stephen Henson	92511cff48	Change the option setting command line switch to "-pkeyopt" to avoid confusion with algorithm parameters.	2006-04-13 12:38:46 +00:00
Richard Levitte	7b82159865	Synchronise what what's happening with the Unix build	2006-04-13 09:59:52 +00:00
Ulf Möller	fb05e1cdf6	declare as in prototype Submitted by: Gisle Vanem	2006-04-12 19:24:45 +00:00
Dr. Stephen Henson	75ef718820	Support for DSA keygen, fix for genpkey.	2006-04-12 11:14:11 +00:00
Ulf Möller	4700aea951	Add BeOS support. PR: 1312 Submitted by: Oliver Tappe <zooey@hirschkaefer.de> Reviewed by: Ulf Moeller	2006-04-11 21:34:21 +00:00
Ulf Möller	9555339007	improve make dclean to remove files generated during build PR: 1308 Submitted by: Oliver Tappe <zooey@hirschkaefer.de> Reviewed by: Ulf Moeller	2006-04-11 20:05:23 +00:00
Dr. Stephen Henson	2fbe371f53	Fix parameter error messages.	2006-04-11 18:30:25 +00:00
Dr. Stephen Henson	15181d7811	Write parameters if -genparam option include.	2006-04-11 18:21:40 +00:00
Dr. Stephen Henson	1edba2110f	Add parameter generation option to genpkey.	2006-04-11 18:18:14 +00:00
Dr. Stephen Henson	f5cda4cbb1	Initial keygen support.	2006-04-11 13:28:52 +00:00
Richard Levitte	25dc89eb9b	Synchronise with the Unix build	2006-04-10 11:39:49 +00:00
Dr. Stephen Henson	4a3dc3c0e3	Add RSA ctrl for padding mode, add ctrl support in pkeyutl.	2006-04-09 12:42:09 +00:00
Dr. Stephen Henson	a2318e86bd	Fix typo. Add EVP_PKEY_CTX control function for later use by command line utilities.	2006-04-09 00:34:00 +00:00
Dr. Stephen Henson	a9164153d1	Reformat pkeyutl.c, add support for verify operation but nothing actually supports it (yet).	2006-04-08 22:25:47 +00:00
Dr. Stephen Henson	8795d38906	Update dependencies.	2006-04-08 13:04:31 +00:00
Dr. Stephen Henson	8cd44e3630	Implement encrypt/decrypt using RSA.	2006-04-08 13:02:04 +00:00
Dr. Stephen Henson	9e4d0f0be2	New utility 'pkeyutl' a general purpose version of 'rsautl'.	2006-04-07 19:33:28 +00:00
Dr. Stephen Henson	53ec8809cf	Add an explicit load_config() call so any added algorithms are visible.	2006-04-04 18:47:20 +00:00
Dr. Stephen Henson	0b33dac310	New function to retrieve ASN1 info on public key algorithms. New command line option to print out info.	2006-04-04 18:16:03 +00:00
Richard Levitte	16f66ae794	Synchronise with recent changes	2006-03-30 04:30:45 +00:00
Bodo Möller	bcbe37b716	Change default curve (for compatibility with a soon-to-be-widely-deployed implementation that doesn't support the previous default) Submitted by: Douglas Stebila	2006-03-30 02:41:30 +00:00
Dr. Stephen Henson	246e09319c	Fix bug where freed OIDs could be accessed in EVP_cleanup() by defering freeing in OBJ_cleanup().	2006-03-28 17:23:48 +00:00
Dr. Stephen Henson	3e4585c8fd	New utility pkeyparam. Enhance and bugfix algorithm specific parameter functions to support it.	2006-03-28 14:35:32 +00:00
Dr. Stephen Henson	3e84b6e15f	New general public key utility 'pkey'.	2006-03-28 12:34:45 +00:00
Nils Larsch	b4e88ccb28	ensure the pointer is valid before using it	2006-03-18 14:27:41 +00:00
Nils Larsch	d916ba1ba1	check if con != NULL before using it	2006-03-18 14:24:02 +00:00
Nils Larsch	67b6f1ca88	fix problems found by coverity: remove useless code	2006-03-15 17:45:43 +00:00
Nils Larsch	e968089485	use BIO_snprintf() instead of snprintf + use BIO_FP_TEXT for text output Submitted by: Gisle Vanem	2006-03-12 22:16:57 +00:00
Nils Larsch	a0aa8b4b61	fix signed vs. unsigned warning	2006-03-11 12:18:11 +00:00
Nils Larsch	ddac197404	add initial support for RFC 4279 PSK SSL ciphersuites PR: 1191 Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation Reviewed by: Nils Larsch	2006-03-10 23:06:27 +00:00
Richard Levitte	8721fc2d0b	Forgot the TSA application...	2006-03-02 13:28:52 +00:00
Ulf Möller	11503177d1	TS bugfixes: Do not hardcode message digest algorithms; fix ASN1 decoding. Submitted by: Zoltan Glozik <zglozik@opentsa.org>	2006-02-26 23:34:53 +00:00
Richard Levitte	9ab899a660	Synchronise with openss.cnf	2006-02-26 10:48:40 +00:00
Nils Larsch	fcfd87168a	fix warning: add missing prototype	2006-02-13 09:43:31 +00:00
Ulf Möller	3b408d83fe	make update	2006-02-12 23:21:56 +00:00
Ulf Möller	c7235be6e3	RFC 3161 compliant time stamp request creation, response generation and response verification. Submitted by: Zoltan Glozik <zglozik@opentsa.org> Reviewed by: Ulf Moeller	2006-02-12 23:11:56 +00:00
Bodo Möller	241520e66d	More TLS extension related changes. Submitted by: Peter Sylvester	2006-01-11 06:10:40 +00:00
Bodo Möller	a13c20f603	Further TLS extension updates Submitted by: Peter Sylvester	2006-01-09 19:49:05 +00:00
Bodo Möller	1aeb3da83f	Fixes for TLS server_name extension Submitted by: Peter Sylvester	2006-01-06 09:08:59 +00:00
Richard Levitte	8de5b7f548	Fix signed/unsigned char clashes.	2006-01-04 12:02:43 +00:00
Bodo Möller	f1fd4544a3	Various changes in the new TLS extension code, including the following: - fix indentation - rename some functions and macros - fix up confusion between SSL_ERROR_... and SSL_AD_... values	2006-01-03 03:27:19 +00:00
Bodo Möller	b1277b9902	C style fix-up	2006-01-02 23:29:12 +00:00
Bodo Möller	ed3883d21b	Support TLS extensions (specifically, HostName) Submitted by: Peter Sylvester	2006-01-02 23:14:37 +00:00
Andy Polyakov	7b1b47a8e6	Mention Whirlpool in dgst -help.	2005-11-30 20:58:41 +00:00
Dr. Stephen Henson	c173d09c56	Typo	2005-11-30 19:25:55 +00:00
Dr. Stephen Henson	cb49a3cfa1	Make CA.pl script use CA extensions when creating a root CA.	2005-11-30 18:31:36 +00:00
Richard Levitte	a53cb070e3	When using POSIXly functions, we need to define _POSIX_C_SOURCE, at least when the source is compiled with ANSI settings.	2005-11-27 15:32:57 +00:00
Andy Polyakov	eed22ac4ac	Eliminate VC compiler warning.	2005-11-06 21:11:41 +00:00
Andy Polyakov	9135fddb0e	Revive app_tminterval for Netware.	2005-11-06 17:11:04 +00:00
Andy Polyakov	d88fcf73f1	Revive app_tminterval for vxworks.	2005-11-06 16:55:44 +00:00
Andy Polyakov	a950f28762	Revive app_tminterval for VMS.	2005-11-06 16:16:38 +00:00
Andy Polyakov	e22f63f231	The typos never stop. Fix one in apps/apps.c.	2005-11-06 12:15:12 +00:00
Andy Polyakov	f530138876	Fix newly introduced typos and warnings in ./apps.	2005-11-06 11:58:22 +00:00
Andy Polyakov	0a39d8f207	Collect timing procedures in apps/apps.c. It's a bit cruel patch, as it temporarily[!] removes support for couple of esoteric platforms [well, Netware, vxWorks and VMS].	2005-11-06 11:40:59 +00:00
Andy Polyakov	a1ad253f17	Eliminate remaining calls to stat in apps/apps.c and unify WIN32_rename for all Windows targets.	2005-11-04 16:12:05 +00:00
Andy Polyakov	ffa101872f	Eliminate dependency on read/write/stat in apps under _WIN32.	2005-11-04 09:30:55 +00:00
Andy Polyakov	53261831f1	Get rid of arcane reference to _fmode in apps/apps.h. Binary open is handles properly by bss_file.c, which renders _fmode redundant.	2005-11-03 16:42:57 +00:00
Andy Polyakov	eff7cb41d1	Disable BIO_s_fd on CE and disable fd:N as password passing option on all _WIN32 [see commentary for clarification].	2005-11-03 15:31:28 +00:00
Nils Larsch	d86b0f1f5f	compile sstrsep only if HAVE_FORK is defined; patch supplied by Johan Gill <johane@lysator.liu.se>	2005-11-02 22:13:43 +00:00
Bodo Möller	ee8836c442	fix stupid typo	2005-10-26 19:30:10 +00:00
Dr. Stephen Henson	3f67e11fab	Add PVK support to dsa utility.	2005-10-08 17:32:07 +00:00
Dr. Stephen Henson	566dda07ba	New option SSL_OP_NO_COMP to disable compression. New ctrls to set maximum send fragment size. Allocate I/O buffers accordingly.	2005-10-08 00:18:53 +00:00
Bodo Möller	13e4670c29	new option "openssl ciphers -V"	2005-10-01 04:08:48 +00:00
Dr. Stephen Henson	09b6c2ef15	Make OPENSSL_NO_COMP compile again.	2005-09-30 23:35:33 +00:00
Nils Larsch	cc29c1204b	successfully updating the db shouldn't result in an error message	2005-09-30 16:47:38 +00:00
Dr. Stephen Henson	29b9763d9f	Change openssl.cnf to use UTF8Strings by default and not always include issuer and serial versions of AKID.	2005-09-16 11:58:28 +00:00
Dr. Stephen Henson	c11c64fbe0	Update to ASN1 printing code.	2005-09-03 00:40:40 +00:00
Nils Larsch	33ac8b3139	don't try to load cert/key when the "-nocert" option is set	2005-09-02 12:44:59 +00:00
Dr. Stephen Henson	9194296de8	Update ASN1 printing code and add a -print option to 'pkcs7' utility for initial testing.	2005-09-01 18:00:56 +00:00
Dr. Stephen Henson	a0156a926f	Integrated support for PVK files.	2005-08-31 16:37:54 +00:00
Ben Laurie	2c2e46dbf5	Generate primes, too.	2005-08-23 13:48:17 +00:00
Ben Laurie	b8e8ccdc79	Fix warning.	2005-08-21 15:59:10 +00:00
Dr. Stephen Henson	eea374fd19	Command line support for RSAPublicKey format.	2005-08-21 00:18:26 +00:00
Dr. Stephen Henson	45e2738585	Remove ASN1_METHOD code replace with new ASN1 alternative.	2005-08-20 18:12:45 +00:00
Nils Larsch	4ebb342fcd	Let the TLSv1_method() etc. functions return a const SSL_METHOD pointer and make the SSL_METHOD parameter in SSL_CTX_new, SSL_CTX_set_ssl_version and SSL_set_ssl_method const.	2005-08-14 21:48:33 +00:00
Dr. Stephen Henson	8f2e4fdf86	Allow PKCS7_decrypt() to work if no cert supplied.	2005-08-04 22:15:22 +00:00
Geoff Thorpe	7f0c65703a	"make update"	2005-07-26 04:48:54 +00:00
Nils Larsch	3eeaab4bed	make ./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make depend all test work again PR: 1159	2005-07-16 12:37:36 +00:00
Dr. Stephen Henson	cbdac46d58	Update from stable branch.	2005-07-04 23:12:04 +00:00
Richard Levitte	d2e0c81720	The private key should never have ended up in newreq.pem. Now, it ends up in newkey.pem instead.	2005-07-04 21:44:16 +00:00
Nils Larsch	9e1a112336	initialize newly allocated data PR: 1145	2005-07-01 16:08:14 +00:00
Ben Laurie	a51a97262d	Brought forward from 0.9.8 - 64 bit warning fixes and fussy compiler fixes.	2005-06-29 11:02:15 +00:00
Richard Levitte	417f8973ff	asn1parse doesn't support any TXT format, so let's stop pretending it does.	2005-06-28 15:44:11 +00:00
Andy Polyakov	53bb3bee34	Fix typos in apps/apps.c	2005-06-27 15:56:53 +00:00
Andy Polyakov	2f3c39bc62	Minor (final?) Makefiles polish.	2005-06-26 17:47:44 +00:00
Andy Polyakov	02c31fa461	Jumbo Makfiles update. - eliminate ambiguities between GNU-ish and SysV-ish make flavors; - switch [back] to -e; - fold/unify rules; This is follow-up to the patch introducing common BUILDENV. Idea is to collect as much parameters in $(TOP) as possible and "strip" lower Makefiles for most variables [and thus makes them more readable].	2005-06-23 00:03:26 +00:00
Richard Levitte	b764ab9537	Netware patch submitted by Verdon Walker" <VWalker@novell.com> in PR 1107. He says: This is a followup to the NetWare patch that was applied to beta3. It does the following: - Fixes a problem in the CLib build with undefined symbols. - Adds the ability to use BSD sockets as the default for the OpenSSL socket BIO. NetWare supports 2 flavors of sockets and our Apache developers need BSD sockets as a configurable option when building OpenSSL. This adds that for them. - Updates to the INSTALL.NW file to explain new options. I have tried very hard to make sure all the changes are in NetWare specific files or guarded carefully to make sure they only impact NetWare builds. I have tested the Windows build to make sure it does not break that since we have made changes to mk1mf.pl. We are still working the gcc cross compile for NetWare issue and hope to have a patch for that before beta 6 is released.	2005-06-13 03:23:50 +00:00
Nils Larsch	63d740752f	changes from 0.9.8	2005-05-31 18:22:53 +00:00
Nils Larsch	6e04afb8c5	include opensslconf.h if OPENSSL_NO_* is used	2005-05-31 17:36:06 +00:00
Richard Levitte	b29228836a	DJGPP changes. Contributed by Doug Kaufman <dkaufman@rahul.net>	2005-05-30 22:37:44 +00:00
Richard Levitte	80b168a5a9	We have some source with \r\n as line ends. DEC C informs about that, and I really can't be bothered...	2005-05-29 12:13:51 +00:00
Dr. Stephen Henson	499fca2db3	Update from 0.9.7-stable. Also repatch and rebuild error codes.	2005-05-28 20:44:02 +00:00
Andy Polyakov	4b23506594	OPENSSL_NO_SHA512 to mask even SHA512_CTX declaration. This is done to make no-sha512 more effective on platforms, which don't support 64-bit integer type of any kind.	2005-05-22 08:55:15 +00:00
Andy Polyakov	ea1b02db6a	OPENSSL_Applink update.	2005-05-17 00:08:28 +00:00
Andy Polyakov	ce92b6eb9c	Further BUILDENV refinement, further fool-proofing of Makefiles and [most importantly] put back dependencies accidentaly eliminated in check-in #13342.	2005-05-16 16:55:47 +00:00
Nils Larsch	9dd8405341	ecc api cleanup; summary: - hide the EC_KEY structure definition in ec_lcl.c + add some functions to use/access the EC_KEY fields - change the way how method specific data (ecdsa/ecdh) is attached to a EC_KEY - add ECDSA_sign_ex and ECDSA_do_sign_ex functions with additional parameters for pre-computed values - rebuild libeay.num from 0.9.7	2005-05-16 10:11:04 +00:00
Bodo Möller	46a643763d	Implement fixed-window exponentiation to mitigate hyper-threading timing attacks. BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for RSA/DSA/DH private key computations unless RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/ DH_FLAG_NO_EXP_CONSTTIME is set. Submitted by: Matthew D Wood Reviewed by: Bodo Moeller	2005-05-16 01:43:31 +00:00
Andy Polyakov	734540f887	Consolidate BUILDENV [idea is to keep all variables in one place].	2005-05-15 23:53:34 +00:00
Andy Polyakov	81a86fcf17	Fool-proofing Makefiles	2005-05-15 22:23:26 +00:00
Dr. Stephen Henson	b6995add5c	Make -CSP option work again in pkcs12 utility by checking for attribute in EVP_PKEY structure.	2005-05-15 00:54:45 +00:00
Nils Larsch	8b15c74018	give EC_GROUP_new_by_nid a more meanigful name: EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name	2005-05-10 11:37:47 +00:00
Nils Larsch	3afa6cf866	improve command line argument checking PR: 1061	2005-05-10 09:51:29 +00:00
Bodo Möller	fbeaa3c47d	Update util/ck_errf.pl script, and have it run automatically during "make errors" and thus during "make update". Fix lots of bugs that util/ck_errf.pl can detect automatically. Various others of these are still left to fix; that's why "make update" will complain loudly when run now.	2005-05-09 00:27:37 +00:00
Ben Laurie	0ff469d38d	Add prototype.	2005-05-01 13:49:56 +00:00
Andy Polyakov	4c3a2d64e4	Fold rules in test/Makefiles [from stable].	2005-04-30 21:39:39 +00:00
Richard Levitte	aed14edd12	From branch OpenSSL_0_9_7-stable, 2004-08-11 22:34: Another missing module in the VMS build files.I believe this is the last, though...	2005-04-30 15:21:40 +00:00
Richard Levitte	14a948e6ad	All kinds of changes from branch OpenSSL_0_9_7-stable	2005-04-30 15:17:05 +00:00
Nils Larsch	7ab2d30349	add 192 bit prime curve to the command line options	2005-04-29 15:21:09 +00:00
Dr. Stephen Henson	6c61726b2a	Lots of Win32 fixes for DTLS. 1. "unsigned long long" isn't portable changed: to BN_ULLONG. 2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used. 2. Avoid lots of compiler warnings about signed/unsigned mismatches. 3. Include new library directory pqueue in mk1mf build system. 4. Update symbols.	2005-04-27 16:27:14 +00:00
Dr. Stephen Henson	b08868c48a	Port prime utility across from stable branch.	2005-04-26 23:02:52 +00:00
Bodo Möller	0d5ea7613e	make update	2005-04-26 18:09:21 +00:00
Dr. Stephen Henson	4e321ffaff	Fixes for signed/unsigned warnings and shadows.	2005-04-26 17:43:53 +00:00
Ben Laurie	36d16f8ee0	Add DTLS support.	2005-04-26 16:02:40 +00:00
Nils Larsch	965a1cb92e	change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible	2005-04-23 10:11:16 +00:00
Ben Laurie	e9ad6665a5	Add debug target, remove cast, note possible bug.	2005-04-23 06:05:24 +00:00
Nils Larsch	e7076c5a80	make update	2005-04-22 20:17:17 +00:00
Richard Levitte	7efebab9fd	signed vs. unsigned.	2005-04-20 13:21:10 +00:00
Dr. Stephen Henson	f68854b4c3	Various Win32 and other fixes for warnings and compilation errors. Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.	2005-04-19 00:12:36 +00:00
Nils Larsch	ff990440ee	const fixes	2005-04-15 18:29:33 +00:00
Richard Levitte	4bb61becbb	Add emacs cache files to .cvsignore.	2005-04-11 14:17:07 +00:00
Nils Larsch	eb3eab20a8	const fixes	2005-04-07 22:48:33 +00:00
Nils Larsch	7d727231b7	some const fixes	2005-04-05 19:11:19 +00:00
Nils Larsch	69740c2b3f	update progs.pl to reflect changes in progs.h	2005-04-05 18:17:13 +00:00
Nils Larsch	12bdb64375	use SHA-1 as the default digest for the apps/openssl commands	2005-04-02 09:29:15 +00:00
Ben Laurie	41a15c4f0f	Give everything prototypes (well, everything that's actually used).	2005-03-31 09:26:39 +00:00
Ben Laurie	42ba5d2329	Blow away Makefile.ssl.	2005-03-30 13:05:57 +00:00
Nils Larsch	689c6f2542	add new curves to the loop (with some cleanup from me) Submitted by: Jean-Luc Duval Reviewed by: Nils Larsch	2005-03-20 23:12:13 +00:00
Bodo Möller	9f6715d4bb	"make depend". This takes into account the algorithms that are now disabled by default (MDC2 and RC5), which until now were skipped by "make links" and yet supposedly required by some of the Makefiles, meaning that the recent snapshots failed to compile. Problem reported by Nils Larsch.	2005-03-13 19:49:47 +00:00
Andy Polyakov	877dbcb8a0	Shut whiny make's up.	2005-02-03 10:19:59 +00:00
Andy Polyakov	62d27939c2	Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms and SafeDllSearchMode in Windows. Submitted by: Richard Levitte	2005-02-01 23:48:37 +00:00
Richard Levitte	4aca9297dc	The mix of CFLAGS and LDFLAGS is a bit confusing in my opinion, and Makefile.shared was a bit overcomplicated. Make the shell variables LDFLAGS and SHAREDFLAGS in Makefile.shared get the values of $(CFLAGS) or $(LDFLAGS) as appropriate depending on the value the shell variables LDCMD and SHAREDCMD get. That leaves much less chance of confusion, since those pairs of shell variables always are defined together.	2005-01-26 23:51:20 +00:00
Andy Polyakov	fbdce13e5a	Please BSD make...	2005-01-25 22:09:11 +00:00
Andy Polyakov	02a00bb054	DJGPP update. PR: 989 Submitted by: Doug Kaufman	2005-01-04 10:28:38 +00:00
Andy Polyakov	3ffb8d42bc	Remove naming conflict between variable and label.	2004-12-30 11:10:11 +00:00
Dr. Stephen Henson	e90faddaf8	Prompt for passphrases for PKCS12 input format	2004-12-29 01:07:14 +00:00
Richard Levitte	6951c23afd	Add functionality needed to process proxy certificates.	2004-12-28 00:21:35 +00:00
Dr. Stephen Henson	abbc186bd2	Fix s_client so it works without a certificate again.	2004-12-13 18:02:23 +00:00
Richard Levitte	de6859e442	Propagate a few more variables to Makefile.shared when linking programs.	2004-12-13 17:28:44 +00:00
Dr. Stephen Henson	a37e22d866	Use X509_cmp_time() in -checkend option, to support GeneralizedTime.	2004-12-05 18:26:19 +00:00
Dr. Stephen Henson	5b40d7dd97	Add -passin argument to dgst command.	2004-12-03 12:26:56 +00:00
Richard Levitte	30b415b076	Make an explicit check during certificate validation to see that the CA setting in each certificate on the chain is correct. As a side- effect always do the following basic checks on extensions, not just when there's an associated purpose to the check: - if there is an unhandled critical extension (unless the user has chosen to ignore this fault) - if the path length has been exceeded (if one is set at all) - that certain extensions fit the associated purpose (if one has been given)	2004-11-29 11:28:08 +00:00
Dr. Stephen Henson	3fee255102	Typo.	2004-11-23 21:40:10 +00:00
Dr. Stephen Henson	16df5f066a	Fix memory leak.	2004-11-23 21:22:21 +00:00
Dr. Stephen Henson	00dd8f6d6e	In "req" exit immediately if configuration file is needed and it can't be loaded instead of giving the misleading: "unable to find 'distinguised_name' in config" error message.	2004-11-17 18:36:13 +00:00
Dr. Stephen Henson	826a42a088	PR: 910 Add command line options -certform, -keyform and -pass to s_client and s_server. This supports the use of alternative passphrase sources, key formats and keys handled by an ENGINE. Update docs.	2004-11-16 17:30:59 +00:00
Dr. Stephen Henson	151368ccba	PR: 940 Typo: use prompt_info, not cb_data->prompt_info.	2004-11-14 15:40:00 +00:00
Dr. Stephen Henson	5fee606442	Zap obsolete der_chop script.	2004-11-14 00:08:36 +00:00
Dr. Stephen Henson	78df5a2f1e	Fix x509.c so it creates serial number file again if no serial number is supplied on command line.	2004-11-13 13:26:06 +00:00
Richard Levitte	6c9f57d629	Cut'n'paste mistake. All tested OK now...	2004-11-11 19:36:08 +00:00
Richard Levitte	382342ce1d	Whoops, syntactic mistake...	2004-11-11 18:58:01 +00:00
Richard Levitte	69c922f5d2	Some find it confusing that environment variables are set when shared libraries aren't built or used. I can see the point, so I'm reorganising a little for clarity.	2004-11-11 18:18:43 +00:00
Dr. Stephen Henson	10c8505734	Use the default_md config file value when signing CRLs. PR:662	2004-11-11 13:47:06 +00:00
Dr. Stephen Henson	10f92aac33	Don't return an error with crl -noout. PR:917 Sumbmitted by: Michael Konietzka <konietzka@schlund.de>	2004-11-11 02:13:08 +00:00
Richard Levitte	8de69cf2c6	Make sure LD_PRELOAD is only set when we build shared libraries (and therefore link with them). Add LD_PRELOAD setting code where it was still missing. PR: 966	2004-11-05 09:12:10 +00:00
Geoff Thorpe	58ae65cd1a	Update ECDSA and ECDH for OPENSSL_NO_ENGINE. Reported by: Maxim Masiutin Submitted by: Nils Larsch	2004-10-21 00:06:14 +00:00
Richard Levitte	d813ff2ac1	make update	2004-09-10 10:30:33 +00:00
Dr. Stephen Henson	c431798e82	Reformat smime utility. Add support for policy checking in verify utility.	2004-09-07 18:38:46 +00:00
Dr. Stephen Henson	fb80794568	Don't use 'explicit' for variable name.	2004-09-07 00:31:08 +00:00
Dr. Stephen Henson	4ec3d785e5	Reformat smime.c	2004-09-07 00:28:17 +00:00
Dr. Stephen Henson	5d7c222db8	New X509_VERIFY_PARAM structure and associated functionality. This tidies up verify parameters and adds support for integrated policy checking. Add support for policy related command line options. Currently only in smime application. WARNING: experimental code subject to change.	2004-09-06 18:43:01 +00:00
Richard Levitte	2549564009	On systems that use case-insensitive symbol names (i.e. they're all converted to upper case or something like that), the application- level bio_dump_cb() has a name clash with the new library function BIO_dump_cb(). The easiest fix is to rename the function at the application level.	2004-08-12 08:58:55 +00:00
Dr. Stephen Henson	b5a93e2250	Call setup_engine after autoconfig.	2004-08-06 12:44:34 +00:00
Dr. Stephen Henson	c128bb0fa2	Don't ignore return value of EVP_DigestInit_ex() in md BIOs and dgst utility.	2004-08-05 18:09:50 +00:00
Andy Polyakov	c88f8f76b5	'apps/openssl dgst -help' update and minor apps/speed.c update.	2004-07-25 18:57:35 +00:00
Dr. Stephen Henson	0efea28dcb	Don't try to parse non string types.	2004-07-01 18:15:33 +00:00
Richard Levitte	28a8003467	Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>. PR: 499	2004-06-28 22:01:37 +00:00
Richard Levitte	563cd0f2b0	Make the tests of EVP operations without padding. As a consequence, there's no need for a larger BUFSIZE any more... PR: 904	2004-06-28 16:32:12 +00:00
Richard Levitte	3ac0f28837	Make sure that the buffers are large enough to contain padding. PR: 904	2004-06-28 12:23:35 +00:00
Richard Levitte	47c1735acd	NetWare fixes provided by Verdon Walker for OpenSSL 0.9.8-dev. The changes have been mailed to <crypt@bis.doc.gov> as well. PR: 903	2004-06-28 11:55:28 +00:00
Dr. Stephen Henson	8a60547896	Reformat pkcs8 source.	2004-06-24 13:10:54 +00:00
Andy Polyakov	bc1ca8605c	Working on HP-UX shared support...	2004-05-31 14:50:19 +00:00
Andy Polyakov	63ba7e293f	Make sha-256/-512 naming in speed.c consistent with their names as they will appear at EVP leyer.	2004-05-31 12:40:22 +00:00
Andy Polyakov	46ceb15c39	SHA-256/-512 test and benchmark.	2004-05-20 21:49:38 +00:00
Geoff Thorpe	9c52d2cc75	After the latest round of header-hacking, regenerate the dependencies in the Makefiles. NB: this commit is probably going to generate a huge posting and it is highly uninteresting to read.	2004-05-17 19:26:06 +00:00
Geoff Thorpe	f0eae953e2	Remove some unnecessary recursive includes from the internal apps.h header, and include bn.h in those C files that need bignum functionality.	2004-05-17 19:05:32 +00:00
Richard Levitte	d1739eb2d6	make update	2004-05-13 21:38:47 +00:00
Dr. Stephen Henson	df368ecce4	Make self signing option of 'x509' use random serial numbers too.	2004-05-12 18:20:37 +00:00
Geoff Thorpe	bcfea9fb25	Allow RSA key-generation to specify an arbitrary public exponent. Jelte proposed the change and submitted the patch, I jiggled it slightly and adjusted the other parts of openssl that were affected. PR: 867 Submitted by: Jelte Jansen Reviewed by: Geoff Thorpe	2004-04-26 15:31:35 +00:00
Dr. Stephen Henson	77475142ec	New option to 'x509' -next_serial. This outputs the certificate serial number plus 1 to the output file. Its purpose is to allow serial number files to be initialized when random serial numbers are used.	2004-04-21 12:46:20 +00:00
Dr. Stephen Henson	90fac84066	Use X509_get_serialNumber() instead of accessing internals in x509.c	2004-04-21 12:43:21 +00:00
Dr. Stephen Henson	64674bcc8c	Reduce chances of issuer and serial number duplication by use of random initial serial numbers. PR: 842	2004-04-20 12:05:26 +00:00
Geoff Thorpe	c57bc2dc51	make update	2004-04-19 18:33:41 +00:00
Geoff Thorpe	823a67b0a9	header cleanup in apps/	2004-04-19 18:13:07 +00:00
Dr. Stephen Henson	ae44fc1ec4	Clear error if unique_subject lookup fails.	2004-04-15 00:32:19 +00:00
Richard Levitte	d530017c00	Move the definition of Win32_rename(), since the macro rename gets undefined in the middle of the code on Windows, and that disrupts operations in functions later that use rename()... PR: 853	2004-03-25 20:09:00 +00:00
Geoff Thorpe	5148710994	Adds warnings about two curves and fixes the "seed" value for two other curves. Submitted by: Nils Larsch	2004-03-25 03:03:52 +00:00
Richard Levitte	d342ec3335	o_str.h isn't a public header file, so make sure it will still be included.	2004-03-24 09:43:03 +00:00
Richard Levitte	875a644a90	Constify d2i, s2i, c2i and r2i functions and other associated functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.	2004-03-15 23:15:26 +00:00
Dr. Stephen Henson	3f39976da3	Call autoconfig code in pkcs7 utility.	2004-03-05 23:46:29 +00:00
Geoff Thorpe	6c43032121	minor signed/unsigned warning fixes	2004-02-10 18:46:10 +00:00
Dr. Stephen Henson	37ead9be0b	Fix handling of -offset and -length in asn1parse tool. If -offset exceeds -length of data available exit with an error. Don't read past end of total data available when -offset supplied. If -length exceeds total available truncate it.	2004-02-08 13:30:04 +00:00
Andy Polyakov	3a160f1dc6	Fix declaration inconsistency in ecparam.c.	2004-01-24 16:51:59 +00:00
Lutz Jänicke	cdb42bcf0c	Cover all DSA setups when running tests PR: #748 Submitted by: Kirill Kochetkov <kochet@ixbt.com>	2004-01-08 07:46:37 +00:00
Richard Levitte	79b42e7654	Use sh explicitely to run point.sh This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 14:59:07 +00:00
Richard Levitte	d420ac2c7d	Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 14:40:17 +00:00
Richard Levitte	03ddbdd9b9	Move another common functionality (reproduced so far with cut'n'paste) to apps.c, and give it the hopefully descriptive name parse_yesno().	2003-11-28 14:45:09 +00:00
Richard Levitte	d45a098472	Forgot to change the declaration of do_subject() to one of parse_name()...	2003-11-28 14:18:05 +00:00
Richard Levitte	6d5ffb591b	Move do_subject() to apps.c and rename it to parse_name(). The rationale behind the move is that it's use by several applications. The rationale behind the name change is that it describes what the function does a bit better.	2003-11-28 14:07:14 +00:00
Richard Levitte	7ce9e425bc	Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option to 'openssl req' and 'openssl ca'. PR: 779 Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de> Reviewed by: Richard Levitte (there will be some follow-up changes)	2003-11-28 14:04:09 +00:00
Richard Levitte	4d8743f490	Netware-specific changes, PR: 780 Submitted by: Verdon Walker <VWalker@novell.com> Reviewed by: Richard Levitte	2003-11-28 13:10:58 +00:00
Dr. Stephen Henson	a8287a90ea	Give CRLDP its standard name. Max req -x509 use V1 if extensions section absent.	2003-11-20 22:45:06 +00:00
Lutz Jänicke	95de3d204f	Make sure to initialize AES counters to obtain proper results. Submitted by: Kirill Kochetkov <kochet@ixbt.com> PR: #748	2003-11-18 18:27:12 +00:00
Lutz Jänicke	f35232e6f3	Catch error condition to prevent NULL pointer dereference. Submitted by: Goetz Babin-Ebell <babin-ebell@trustcenter.de> PR: #766	2003-11-16 16:30:39 +00:00
Geoff Thorpe	d8ec0dcf45	Avoid some shadowed variable names. Submitted by: Nils Larsch	2003-11-04 00:51:32 +00:00
Richard Levitte	cfd06a6223	Let exit codes propagate from within for loops.	2003-10-31 06:58:24 +00:00
Geoff Thorpe	bc3c578208	Copy-n-paste bug (don't mix variable declarations and code). This sets the callback structure just before it is needed.	2003-10-29 22:30:45 +00:00
Geoff Thorpe	2754597013	A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.	2003-10-29 20:24:15 +00:00
Geoff Thorpe	0991f07034	For whatever reason (compiler or header bugs), at least one commonly-used linux system (namely mine) chokes on our definitions and uses of the "HZ" symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast" (when in fact there is no function casting involved at all). In both cases, it is easily worked around by not defining a cast into the macro and jiggling the expressions slightly. In addition - this highlights some cruft in openssl that needs sorting out. The tmdiff.h header is exported as part of the openssl API despite the fact that it is ugly as the driven sludge and not used anywhere in the library, applications, or utilities. More weird still, almost identical code exists in apps/speed.c though it looks to be slightly tweaked - so either tmdiff should be updated and used by speed.c, or it should be dumped because it's obviously not useful enough. Rather than removing it for now, I've changed the API for tmdiff to at least make sense. This involves taking the object type (MS_TM) from the implementation and using it in the header rather than using "char " in the API and casting mercilessly in the code (ugh). If someone doesn't like "MS_TM" and the "ms_time_**" naming, by all means change it. This should be a harmless improvement, because the existing API is clearly not very useful (eg. we reimplement it rather than using it in our own utils). However, someone still needs to take a hack at consolidating speed.c and tmdiff.[ch] somehow.	2003-10-29 04:40:13 +00:00
Geoff Thorpe	2aaec9cced	Update any code that was using deprecated functions so that everything builds and links with OPENSSL_NO_DEPRECATED defined.	2003-10-29 04:14:08 +00:00
Dr. Stephen Henson	a08ced78c8	Avoid warnings: add missing prototype, don't shadow.	2003-10-10 23:07:24 +00:00
Richard Levitte	f44e184ec6	s_client should inform the user of any compression/expansion methods used.	2003-10-06 12:19:38 +00:00
Richard Levitte	3d7c4a5a6d	Selected changes for MSDOS, contributed by Gisle Vanem <giva@bgnett.no>. PR: 669	2003-09-27 21:56:08 +00:00
Richard Levitte	253e893c2b	Include the instance in the Kerberos ticket information. In s_server, print the received Kerberos information. PR: 693	2003-09-27 17:55:13 +00:00
Dr. Stephen Henson	dfe399e7d9	Add -passin support to rsautl	2003-09-21 02:20:02 +00:00
Dr. Stephen Henson	7068c8b1a6	In order to get the expected self signed error when calling X509_verify_cert() in x509.c the cert should not be added to the trusted store.	2003-09-21 02:18:15 +00:00
Richard Levitte	e6fa67fa93	Generalise the definition of strcasecmp() and strncasecmp() for platforms that don't (necessarely) have it. In the case of VMS, this means moving a couple of functions from apps/ to crypto/ and make them general (although only used privately).	2003-09-09 14:48:36 +00:00
Dr. Stephen Henson	560dfd2a02	New -ignore_err option in ocsp application to stop the server exiting on the first error in a request.	2003-09-03 23:56:01 +00:00
Bodo Möller	563c05e2dc	fix out-of-bounds check in lock_dbg_cb (was too lose to detect all invalid cases) PR: 674	2003-08-14 10:33:56 +00:00
Bodo Möller	968766cad8	updates for draft-ietf-tls-ecc-03.txt Submitted by: Douglas Stebila Reviewed by: Bodo Moeller	2003-07-22 12:34:21 +00:00
Richard Levitte	94805c84d1	Add -issuer_hash and make -subject_hash the default way to get the subject hash, with -hash a synonym kept around for backward compatibility reasons. PR: 650	2003-07-03 20:45:09 +00:00
Bodo Möller	0fbffe7a71	implement PKCS #8 / SEC1 private key format for ECC Submitted by: Nils Larsch	2003-06-25 21:35:05 +00:00
Richard Levitte	fd4ef69913	Implement CRL numbers. Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com> PR: 644	2003-06-19 17:40:16 +00:00
Richard Levitte	fadd2246a0	Avoid warnings saying that the format takes a void*.	2003-06-11 22:26:02 +00:00
Dr. Stephen Henson	beab098d53	Various S/MIME bug and compatibility fixes.	2003-06-01 20:51:58 +00:00
Lutz Jänicke	4f17dfcd75	Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before) Submitted by: dg@sunet.ru (Daniel Ginsburg) PR: #613	2003-05-28 20:24:57 +00:00
Richard Levitte	d1465bac90	make update	2003-05-01 04:10:32 +00:00
Richard Levitte	4c771796d5	Convert save_serial() to work like save_index(), and add a rotate_serial() that works like rotate_index().	2003-04-04 15:10:35 +00:00
Richard Levitte	d6df2b281f	Add documentation on the added functionality in 'openssl ca'.	2003-04-04 14:39:44 +00:00
Richard Levitte	3ae70939ba	Correct a lot of printing calls. Remove extra arguments...	2003-04-03 23:39:48 +00:00
Richard Levitte	83b23ed967	One more debug line to conditionalise.	2003-04-03 23:01:20 +00:00
Richard Levitte	16b1b03543	Implement self-signing in 'openssl ca'. This makes it easier to have the CA certificate part of the CA database, and combined with 'unique_subject=no', it should make operations like CA certificate roll-over easier.	2003-04-03 22:33:59 +00:00
Richard Levitte	db598fbce2	Don't try to free NULL values...	2003-04-03 20:03:23 +00:00
Richard Levitte	0998cfaadd	Remove unused variable.	2003-04-03 19:07:27 +00:00
Richard Levitte	c4448f60d6	Reset the version number of the issuer certificate? I believe this hasn't been tested in a long while...	2003-04-03 18:50:15 +00:00
Richard Levitte	63b6fe2bf6	Conditionalise all debug strings.	2003-04-03 18:07:39 +00:00
Richard Levitte	f85b68cd49	Make it possible to have multiple active certificates with the same subject.	2003-04-03 16:33:03 +00:00
Richard Levitte	d678cc07ed	No need to test -setalias twice. PR: 556	2003-03-31 13:56:52 +00:00
Richard Levitte	03eeb07152	Add usage string for -fingerprint. PR: 560	2003-03-31 13:06:24 +00:00
Dr. Stephen Henson	1a15c89988	Multi valued AVA support.	2003-03-30 01:51:16 +00:00
Dr. Stephen Henson	e5b0508a14	Update ocsp usage message and docs.	2003-03-26 00:46:47 +00:00
Richard Levitte	48f1fa7482	Make sure that all the library paths are modified in prepend mode, not replace mode. PR: 528	2003-03-20 11:37:47 +00:00
Dr. Stephen Henson	12d4e7b8c8	Fix PEDANTIC stuff...	2003-03-13 21:28:03 +00:00
Dr. Stephen Henson	767712fa62	Avoid warnings for no-engine and PEDANTIC	2003-03-12 02:38:57 +00:00
Bodo Möller	176f31ddec	- new ECDH_compute_key interface (KDF is no longer a fixed built-in) - bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary	2003-02-28 15:37:10 +00:00
Dr. Stephen Henson	e9ec63961b	Fix indefinite length encoding so EOC correctly updates the buffer pointer. Rename PKCS7_PARTSIGN to PKCS7_STREAM. Guess what that's for :-)	2003-02-25 19:03:31 +00:00
Ulf Möller	66ecdf3bfb	more mingw related cleanups.	2003-02-22 18:00:14 +00:00
Richard Levitte	132eaa59da	Allow building applications against static libraries with Makefile.shared.	2003-02-22 14:41:34 +00:00
Dr. Stephen Henson	27068df7e0	Single pass processing to cleartext S/MIME signing.	2003-02-15 00:50:55 +00:00
Richard Levitte	c1269c81fd	Handle krb5 libraries separately and make sure only libssl.so depends on it.	2003-02-14 13:12:00 +00:00
Richard Levitte	e270cf9c5e	Pay attention to disabled SSL versions. PR: 500	2003-02-14 05:24:22 +00:00
Richard Levitte	85d686e723	Make it possible to disable OCSP, the speed application, and the use of sockets. PR: 358	2003-02-14 01:02:58 +00:00
Richard Levitte	2d3de726c5	Add full support for -rpath/-R, both in shared libraries and applications, at least on the platforms where it's known how to do it. Note: this has only been tested on GNU-based platforms (Linux), and needs to be tested on all others. Additionally, it's not yet supported on the following platforms, for lack of information: Darwin (MacOS X) Cygwin OSF1/Alpha SVR3 ReliantUNIX Please help out with testing and the platforms we don't yet know well enough.	2003-02-13 23:52:54 +00:00
Dr. Stephen Henson	33075f229e	Typo.	2003-02-10 17:52:10 +00:00
Bodo Möller	d42d2d1ab6	avoid coredump Submitted by: Nils Larsch	2003-02-08 19:49:16 +00:00
Bodo Möller	37c660ff9b	implement fast point multiplication with precomputation Submitted by: Nils Larsch Reviewed by: Bodo Moeller	2003-02-06 19:25:12 +00:00
Richard Levitte	0b13e9f055	Add the possibility to build without the ENGINE framework. PR: 287	2003-01-30 17:39:26 +00:00
Geoff Thorpe	bb3e67f315	"openssl engine" will not display ENGINE/DSO load failure errors when testing availability of engines with "-t" - the old behaviour of is produced by increasing the feature's verbosity with "-tt".	2003-01-30 14:58:44 +00:00
Richard Levitte	4e78074b39	cert_sk isn't always allocated, so freeing it may cause a crash. PR: 481	2003-01-30 10:27:43 +00:00
Dr. Stephen Henson	d3b5cb5343	Check return value of gmtime() and add error codes where it fails in ASN1_TIME_set(). Edit asn1.h so the new error code is the same in 0.9.7 and 0.9.8, rebuild new error codes. Clear error queue in req.c if _min or _max is absent.	2003-01-24 01:12:01 +00:00
Bodo Möller	d745af4b0c	avoid potential confusion about curves (prime192v1 and prime256v1 are also known as secp192r1 and secp256r1, respectively) Submitted by: Nils Larsch, Bodo Moeller	2003-01-16 16:05:23 +00:00
Richard Levitte	8cbb91c857	DJGPP doesn't have DLLs, so skip adding to %PATH% in that environment. PR: 453	2003-01-13 15:16:40 +00:00
Dr. Stephen Henson	09ad2458b8	Typo.	2003-01-09 16:54:21 +00:00
Dr. Stephen Henson	5b7249f302	NULL tofree when it is freed to avoid double free. Make sure key is not NULL before freeing it.	2003-01-09 13:06:49 +00:00
Dr. Stephen Henson	876e96fdbf	Fix leak.	2003-01-04 18:25:24 +00:00
Richard Levitte	5e42f9ab46	make update	2002-12-29 01:38:15 +00:00
Richard Levitte	e235000169	Spelling error. This patch was taken from the OpenBSD copy of OpenSSL 0.9.7 beta3 with patches	2002-12-25 22:16:56 +00:00
Richard Levitte	821951b851	Avoid double definition of config. PR: 420	2002-12-24 23:53:46 +00:00
Richard Levitte	cb661c56b0	Cygwin needs the library locatin for .DLLs to be set in PATH. Unfortunately, the conditional was set to add the library directory to PATH when the platform is NOT Cygwin. Corrected. PR: 404	2002-12-24 10:50:11 +00:00
Richard Levitte	49e42a1f60	There was a mixup between INSTALLTOP and OPENSSLDIR...	2002-12-20 07:51:03 +00:00
Richard Levitte	9cd16b1dea	We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies, and then didn't support it very well. And that when there already is a useful variable for exactly this kind of thing; EX_LIBS...	2002-12-19 22:10:12 +00:00
Richard Levitte	0b900a5e93	I have no idea what possesed me to compile s_socket.c as POSIXly code. Incidently, it now compiles so much better without _POSIX_C_SOURCE.	2002-12-19 19:42:53 +00:00
Richard Levitte	30c08f2e3d	Update the make system for installations: - define a HERE variable to indicate where the source tree is (used very little right now) - make more use of copying and making attribute changes to {file}.new, and then move it to {file} - use 'mv -f' to avoid all those questions to the user when the file in question doesn't have write attributes for that user.	2002-12-15 05:59:13 +00:00
Geoff Thorpe	f92570f00a	This stops a compiler warning from -Wmissing-prototypes. (Noticed by Nils Larsch)	2002-12-11 03:34:26 +00:00
Geoff Thorpe	e189872486	Nils Larsch submitted; - a patch to fix a memory leak in rsa_gen.c - a note about compiler warnings with unions - a note about improving structure element names This applies his patch and implements a solution to the notes.	2002-12-08 16:45:26 +00:00
Geoff Thorpe	5daec7ea0e	Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are being built with it defined - it is not a symbol to affect how openssl itself builds, but to alter the way openssl headers can be used from an API point of view. The "deprecated" function wrappers will always remain inside OpenSSL at least as long as they're still being used internally. :-) The exception is dsaparam which has been updated to the BN_GENCB-based functions to test the new functionality. If GENCB_TEST is defined, dsaparam will support a "-timebomb <n>" switch to cancel parameter-generation if it gets as far as 'n' seconds without completion.	2002-12-08 05:38:44 +00:00
Richard Levitte	fa63a98ad8	Apparently, bash is more forgiving than sh. To be backward compatible, don't use ==, use = instead...	2002-12-06 08:43:41 +00:00
Richard Levitte	f68bb3c51f	Corrected DJGPP patch	2002-12-05 20:50:25 +00:00
Richard Levitte	1c3e4a3660	EXIT() may mean return(). That's confusing, so let's have it really mean exit() in whatever way works for the intended platform, and define OPENSSL_EXIT() to have the old meaning (the name is of course because it's only used in the openssl program)	2002-12-03 16:33:03 +00:00
Richard Levitte	4579924b7e	Cleanse memory using the new OPENSSL_cleanse() function. I've covered all the memset()s I felt safe modifying, but may have missed some.	2002-11-28 08:04:36 +00:00
Richard Levitte	19aa370573	Disable this module if OPENSSL_NO_SOCK is defined.	2002-11-22 08:45:20 +00:00
Richard Levitte	450cee5c3a	Make sure sysconf exists (it doesn't in the VMS C RTL lesser than version 7).	2002-11-18 23:05:39 +00:00
Bodo Möller	055076cd4f	allocate bio_err before memory debugging is enabled to avoid memory leaks (we can't release it before the CRYPTO_mem_leaks() call!) Submitted by: Nils Larsch	2002-11-18 13:37:40 +00:00
Richard Levitte	0bf23d9b20	WinCE patches	2002-11-15 22:37:18 +00:00
Richard Levitte	6f17f16fd5	Changes to make shared library building and use work better with Cygwin	2002-11-15 16:48:38 +00:00
Richard Levitte	c863201780	Remove warnings.	2002-11-14 15:57:38 +00:00
Richard Levitte	8d6e60486f	Fix to build better with DJGPP. PR: 338 Here's the description, submitted by Gisle Vanem <giva@bgnett.no>: 1. sock_init() renamed to ssl_sock_init() in ./apps/s_socket.c due to name-clash with Watt-32. 2. rand() renamed to Rand() in ./crypto/bn/divtest.c due to name-clash with <stdlib.h> 3. Added calls to dbug_init()/sock_init() in some demo programs. 4. Changed cflags/lflags in configure. Watt-32 install root now taken from $WATT_ROOT.	2002-11-14 11:22:01 +00:00
Richard Levitte	c112323dd5	This didn't get to the 0.9.8-dev thread...	2002-11-13 18:09:27 +00:00
Ben Laurie	54a656ef08	Security fixes brought forward from 0.9.7.	2002-11-13 15:43:43 +00:00
Dr. Stephen Henson	9ea1b87862	Initial ASN1 generation code. This can construct arbitrary encodings from strings and config files. Documentation to follow...	2002-11-12 13:34:51 +00:00
Richard Levitte	06b7c8d5ba	Variables on the stack must be initialized or we can't depend on any initial value. For errline/errorline, we did depend on that, erroneously	2002-11-11 21:34:21 +00:00
Richard Levitte	6722b62b36	Make the programs link against the static library on MacOS X. PR: 335	2002-11-11 20:46:52 +00:00
Richard Levitte	3782350c14	-CAserial does take a filename argument. PR: 332	2002-11-08 21:53:54 +00:00
Richard Levitte	ddff68bee7	Windows doesn't know sys/file.h	2002-11-07 21:40:06 +00:00
Richard Levitte	b6d0defb98	Remove all referenses to RSAref, since that's been gone for more than a year.	2002-10-31 16:46:52 +00:00
Bodo Möller	259cdf2af9	Sun has agreed to removing the covenant language from most files. Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>	2002-10-29 10:59:32 +00:00
Bodo Möller	5c6bf03117	fast reduction for NIST curves Submitted by: Nils Larsch	2002-10-28 13:23:24 +00:00
Richard Levitte	d652a0957f	Make sure toupper() is declared	2002-10-25 09:51:45 +00:00
Richard Levitte	d610d27f30	On certain platforms, we redefine certain symbols using macros in apps.h. For those, it's better to include apps.h after the system headers where those symbols may be defined, since there's otherwise a chance that the C compiler will barf when it sees something that looks like this after expansion: int VMS_strcasecmp((str1),(str2))(const char , const char );	2002-10-24 10:03:55 +00:00
Richard Levitte	96b35c9e26	Signal an error if the entered output password didn't match itself. PR: 314	2002-10-23 15:07:09 +00:00
Bodo Möller	907a8f1e6e	fix warnings, and harmonize indentation	2002-10-23 13:11:38 +00:00
Richard Levitte	677532629d	makedepend complains when a header file is included more than once in the same source file.	2002-10-14 10:02:36 +00:00
Richard Levitte	2245cd87d4	BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the requirement that the serial number always be an even amount of characters. PR: 248	2002-10-11 09:38:56 +00:00
Richard Levitte	ca80756c70	VMS below version 7 doesn't have strcasecmp, so let's roll our own on VMS. PR: 184	2002-10-10 09:05:05 +00:00
Richard Levitte	0e2cc42cfb	Make sure that the 'config' variable is correctly defined and declared for monolithic as well as non-monolithic biuld. More work is probably needed in this area. PR: 144	2002-10-09 15:36:23 +00:00
Richard Levitte	1e5c205ccb	Remove redundancy and use the main makefile better	2002-10-09 15:12:36 +00:00
Richard Levitte	001ab3abad	Use double dashes so makedepend doesn't misunderstand the flags we give it. For 0.9.7 and up, that means util/domd needs to remove those double dashes from the argument list when gcc is used to find the dependencies.	2002-10-09 13:25:12 +00:00
Richard Levitte	d7b2342a6a	Add missing LF	2002-10-09 06:35:47 +00:00
Dr. Stephen Henson	9a48b07ee4	Various enhancements to PKCS#12 code, new medium level API, improved PKCS12_create and additional functionality in pkcs12 utility.	2002-10-03 23:53:52 +00:00
Richard Levitte	5d9470ff8e	-elapsed is also useful when using gettimeofday	2002-09-25 12:41:59 +00:00
Bodo Möller	9226e2187c	Let 'openssl req' fail if an argument to '-newkey' is not recognized instead of using RSA as a default.	2002-09-10 07:34:45 +00:00
Bodo Möller	65b1d31df5	change API for looking at the internal curve list Submitted by: Nils Larsch	2002-09-02 07:08:33 +00:00
Bodo Möller	e2aeb8174b	change 'usage' formatting	2002-08-27 10:38:09 +00:00
Bodo Möller	c96f0fd2d1	fix spacing	2002-08-26 14:50:52 +00:00
Bodo Möller	ad55f581f9	fix offsets Submitted by: Nils Larsch	2002-08-26 11:25:14 +00:00
Bodo Möller	d4a8f90cab	ecdsa => ec Submitted by: Nils Larsch	2002-08-26 11:20:50 +00:00
Dr. Stephen Henson	fc85ac20c7	Make -nameopt work in req and add support for -reqopt	2002-08-22 23:43:48 +00:00
Dr. Stephen Henson	9a2601033d	Fix crahses and leaks in pkcs12 utility -chain option	2002-08-22 21:54:51 +00:00
Bodo Möller	428112ef10	typo Submitted by: Nils Larsch	2002-08-16 11:19:59 +00:00
Bodo Möller	64376cd8ff	'EC' vs. 'ECDSA' Submitted by: Nils Larsch	2002-08-16 11:19:07 +00:00
Bodo Möller	0fd05a2f0f	fix warnings (CHARSET_EBCDIC) Submitted by: Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>	2002-08-15 14:52:54 +00:00
Bodo Möller	7eb18f1237	Simplify handling of named curves: get rid of EC_GROUP_new_by_name(), EC_GROUP_new_by_nid() should be enough. This avoids a lot of redundancy. Submitted by: Nils Larsch	2002-08-15 09:21:31 +00:00
Richard Levitte	265e892fed	Sometimes, the value of the variable containing the compiler call can become rather large. This becomes a problem when the default 1024 character large buffer that WRITE uses isn't enough. WRITE/SYMBOL uses a 2048 byte large buffer instead.	2002-08-15 08:28:38 +00:00
Richard Levitte	bf625abe29	The applications 'ecdsa' and 'ecparam' were missing from the VMS build.	2002-08-14 11:16:20 +00:00
Bodo Möller	f17ef241d1	fix previous commit (there's no SSLEAY_VERSION_TEXT)	2002-08-12 11:21:02 +00:00
Bodo Möller	5488bb6197	get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead) Submitted by: Nils Larsch	2002-08-12 08:47:41 +00:00
Richard Levitte	4fde69b066	In case of shared libraries, we might run one version of the application with a different version of the library. Detect if there is a difference of versions, and print both versions in that case. This might prove to be a good enough debugging tool in case of doubt.	2002-08-11 21:48:44 +00:00
Bodo Möller	74cc4903ef	make update	2002-08-09 12:16:15 +00:00
Bodo Möller	41fdcfa71e	fix warnings	2002-08-09 11:58:28 +00:00
Bodo Möller	ea26226046	ECC ciphersuite support Submitted by: Douglas Stebila <douglas.stebila@sun.com> (Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)	2002-08-09 08:56:08 +00:00
Bodo Möller	e172d60ddb	Add ECDH support. Additional changes: - use EC_GROUP_get_degree() in apps/req.c - add ECDSA and ECDH to apps/speed.c - adds support for EC curves over binary fields to ECDSA - new function EC_KEY_up_ref() in crypto/ec/ec_key.c - reorganize crypto/ecdsa/ecdsatest.c - add engine support for ECDH - fix a few bugs in ECDSA engine support Submitted by: Douglas Stebila <douglas.stebila@sun.com>	2002-08-09 08:43:04 +00:00
Bodo Möller	14a7cfb32a	use a generic EC_KEY structure (EC keys are not ECDSA specific) Submitted by: Nils Larsch	2002-08-07 10:49:54 +00:00
Bodo Möller	714df32e33	extend curve list (additional curves over binary fields) Submitted by: Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)	2002-08-02 13:06:17 +00:00
Richard Levitte	456bc309d8	make update	2002-08-01 19:45:54 +00:00
Richard Levitte	da9b972466	Make it possible to load keys from stdin, and restore that functionality in the programs that had that before. Part fo PR 164	2002-08-01 16:28:40 +00:00
Richard Levitte	5575f781ad	Cut'n'paste error with other reposnder certificates cleared. PR: 190	2002-08-01 13:39:39 +00:00
Richard Levitte	87e8feca95	If the email address is moved from the subject to the subject alternate name, the subject in the certificate would differ from the subject in the index file, which has quite bad concequences. PR: 180	2002-07-31 14:05:57 +00:00
Lutz Jänicke	3aecef7697	"make update"	2002-07-30 12:44:33 +00:00
Lutz Jänicke	77c46bbf29	Only use DSA-functions if available. Submitted by: "Hellan,Kim KHE" <KHE@kmd.dk> Reviewed by: PR: 167	2002-07-29 13:31:44 +00:00
Bodo Möller	eefa6e4e2b	harmonize options with those for 'ecparam', remove redudant option '-pub' Submitted by: Nils Larsch	2002-07-23 09:51:57 +00:00
Richard Levitte	402bcde847	Allow subjects with more than 255 characters to be properly printed. PR: 147	2002-07-18 17:59:21 +00:00
Bodo Möller	7e6617611f	Fix bug introduced with revision 1.95 when this filed was modified to use the new X509_CRL_set_issuer_name() function: The CRL issuer should be X509_get_subject_name(x509), not X509_get_issuer_name(x509). Submitted by: Juergen Lesny <lesnyj@informatik.tu-muenchen.de> typo	2002-07-18 11:23:50 +00:00
Richard Levitte	ca6dde5d3d	Reverse the change with the following log, it needs further investigation: Make S/MIME output conform with the mail and MIME standards. PR: 151	2002-07-18 10:39:20 +00:00
Richard Levitte	8e6cbcd7c0	Make S/MIME output conform with the mail and MIME standards. PR: 151	2002-07-18 08:47:33 +00:00
Richard Levitte	9335a5f7c0	Unixware doesn't have strings.h, so we need to declare strcasecmp() differently. Unixware 2 needs to link with libresolv. PR: 148	2002-07-18 07:47:30 +00:00
Richard Levitte	f5db08e57a	On MacOS X, the shared library editor uses DYLD_LIBRARY_PATH	2002-07-17 11:09:44 +00:00
Richard Levitte	cead7f36da	Set up the engine before doing anything random-related, since engine randomness is only used for seeding and doing it in the wrong order will mean seeding is done before the engine randomness is hooked in. Notified by Frederic DONNAT <frederic.donnat@zencod.com>	2002-07-16 06:52:03 +00:00
Bodo Möller	5dbd3efce7	Replace 'ecdsaparam' commandline utility by 'ecparam' (the same keys can be used for ECC schemes other than ECDSA) and add some new options. Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS" in 'PEM' format. Fix ec_asn1.c (take into account the desired conversion form). 'make update'. Submitted by: Nils Larsch	2002-07-14 16:54:31 +00:00
Lutz Jänicke	7b63c0fa8c	Reorder inclusion of header files: des_old.h redefines crypt: #define crypt(b,s)\ DES_crypt((b),(s)) This scheme leads to failure, if header files with the OS's true definition of crypt() are processed _after_ des_old.h was processed. This is e.g. the case on HP-UX with unistd.h. As evp.h now again includes des.h (which includes des_old.h), this problem only came up after this modification. Solution: move header files (indirectly) including e_os.h before the header files (indirectly) including evp.h. Submitted by: Reviewed by: PR:	2002-07-10 07:01:54 +00:00
Richard Levitte	17085b022c	Pass CFLAG to dependency makers, so non-standard system include paths are handled properly. Part of PR 75	2002-06-27 16:39:25 +00:00
Richard Levitte	5585f4eca4	have 'openssl pkcs7' exit with code 1 on error instead of 0. PR: 119	2002-06-27 10:26:40 +00:00
Lutz Jänicke	a947f2d2b6	<sys/select.h> is included for AIX, when USE_SOCKETS is defined. Submitted by: Bernhard Simon <bs@bsws.zid.tuwien.ac.at> Reviewed by: PR:	2002-06-20 20:49:27 +00:00
Geoff Thorpe	407adb5b17	This apparently fixes compilation on OSX that was failing in 0.9.7 betas. Submitted by: Pieter Bowman <bowman@math.utah.edu>	2002-06-20 18:22:51 +00:00
Lutz Jänicke	1c02ca537a	load_netscape_key is static.	2002-06-18 17:44:56 +00:00
Lutz Jänicke	40889b9cd3	Add missing prototypes. Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de> PR: 89	2002-06-13 17:40:27 +00:00
Dr. Stephen Henson	99889b46c9	Fix ext_dat.h extension ordering. Reinstate -reqout code. Avoid coredump in ocsp if setup_verify fails. Fix typo in ocsp usage message.	2002-06-13 12:56:27 +00:00
Bodo Möller	254ef80db1	simplify asn1_flag Submitted by: Nils Larsch Reviewed by: Bodo Moeller	2002-06-12 14:01:17 +00:00
Ben Laurie	d15711efc6	Handle read errors.	2002-06-11 12:41:37 +00:00
Bodo Möller	458c29175e	move ECC ASN1 that is not specific to ECDSA into crypto/ec/, and make some appropriate changes to the EC library. Submitted by: Nils Larsch	2002-06-10 12:18:21 +00:00
Lutz Jänicke	0f7b63c834	Make sure that settings are passed back and forth when walking around in the tree during build. Reinstall default PERL settings in Makefiles, as the real reason for the failure was that the settings were not passed.	2002-06-06 10:16:59 +00:00
Lutz Jänicke	bb0db9c491	The correct PERL interpreter is passed via commandline.	2002-06-05 07:03:17 +00:00
Richard Levitte	a81e9d3dc4	CAformat should not be used for CA key format.	2002-05-30 16:24:18 +00:00
Richard Levitte	c56fb0f1a3	Remove the duplicate description of -out. PR: 28	2002-05-30 06:24:35 +00:00
Richard Levitte	6298bf9073	There is a chance that the input string is larger than size, and on VMS, this wasn't checked and could possibly be exploitable (slim chance, but still)	2002-05-29 08:31:39 +00:00
Richard Levitte	b935754cb0	Allow the use of the TCP/IP stack keyword TCPIP and NONE	2002-05-22 11:37:20 +00:00
Dr. Stephen Henson	eee6c81af8	Reorganise -subj option code, fix buffer overrun.	2002-05-19 16:31:10 +00:00
Richard Levitte	e9a182fa30	Generate an error if rewinding wasn't possible. Notified by Ken Hirsch <kenhirsch@myself.com>. PR: 23	2002-05-08 15:12:59 +00:00
Dr. Stephen Henson	253ef2187c	Add apps_startup and bio_err init code to smime.c	2002-05-01 20:07:46 +00:00
Lutz Jänicke	c0455cbb18	Fix escaping when using the -subj option of "openssl req", document 'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)	2002-04-30 12:08:18 +00:00
Richard Levitte	6991bf196c	Potential memory leak removed. Notified by <threaded@totalise.co.uk>	2002-04-25 10:11:21 +00:00
Bodo Möller	c6efe6f59e	fix usage (no 'key')	2002-04-23 13:56:14 +00:00
Bodo Möller	1064acafc4	check return values Submitted by: Nils Larsch	2002-04-17 09:31:34 +00:00
Bodo Möller	6d498d478e	harmonize capitalization	2002-04-09 12:42:47 +00:00
Richard Levitte	a18894d159	make update (libeay.num has been edited to match 0.9.7-stable)	2002-04-06 19:16:12 +00:00
Richard Levitte	dfee50ecd9	Allow longer program names (VMS allows up to 39 characters). Submitted by Compaq.	2002-04-06 19:00:50 +00:00
Richard Levitte	125cc35b59	Merge in DES changed from 0.9.7-stable.	2002-03-22 02:42:57 +00:00
Bodo Möller	af28dd6c75	Fix bugs and typos. Add some WTLS curves. New function EC_GROUP_check() (this will probably be implemented differently soon). Submitted by: Nils Larsch Reviewed by: Bodo Moeller	2002-03-18 13:10:45 +00:00
Dr. Stephen Henson	de941e289e	Initialize cipher context in KRB5 ("D. Russell" <russelld@aol.net>) Allow HMAC functions to use an alternative ENGINE.	2002-03-14 18:22:23 +00:00
Bodo Möller	690ecff795	Fixes for 'no-hw' combined with 'no-SOME_CIPHER'. Fix dsaparam usage output. Submitted by: Nils Larsch	2002-03-14 09:52:03 +00:00
Dr. Stephen Henson	26e1237380	Fix the Win32_rename() function so it correctly returns an error code. Use the same code in Win9X and NT. Fix some ca.c options so they work under Win32: unlink/rename wont work under Win32 unless the file is closed.	2002-03-08 19:11:15 +00:00
Bodo Möller	4882171df5	EC curve stuff Submitted by: Nils Larsch	2002-03-08 11:10:40 +00:00
Dr. Stephen Henson	0dc092334b	ENGINE module additions. Add "init" command to control ENGINE initialization. Call ENGINE_finish on initialized ENGINEs on exit. Reorder shutdown in apps.c: modules should be shut down first. Add test private key loader to openssl ENGINE: this just loads a private key in PEM format. Fix print format for dh length parameter.	2002-03-06 14:15:13 +00:00
Bodo Möller	36c194638e	add SECG OIDs Submitted by: Nils Larsch	2002-03-06 13:47:32 +00:00
Bodo Möller	870694b3da	fix 'ecdsaparam -C'	2002-03-05 15:17:17 +00:00
Bodo Möller	87a4b4d1f4	fix printf call	2002-03-05 15:05:00 +00:00
Bodo Möller	2b3aeffbbd	fix 'ecdsaparam -C' output Submitted by: Nils Larsch	2002-03-05 14:56:17 +00:00
Richard Levitte	26414ee013	Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated	2002-02-28 12:42:19 +00:00
Richard Levitte	0d7b9b8b7e	make update, after moving around symbols in libeay.num to match 0.9.7-stable.	2002-02-26 14:41:29 +00:00
Dr. Stephen Henson	31188ee1a8	Fix new -aes command argument handling	2002-02-26 13:46:55 +00:00
Dr. Stephen Henson	032c49b8b3	non-Monolith fixes. Submitted by Andrew W. Gray <agray@iconsinc.com>	2002-02-22 21:21:18 +00:00
Dr. Stephen Henson	3647bee263	Config code updates. CONF_modules_unload() now calls CONF_modules_finish() automatically. Default use of section openssl_conf moved to CONF_modules_load() Load config file in several openssl utilities. Most utilities now load modules from the config file, though in a few (such as version) this isn't done because it couldn't be used for anything. In the case of ca and req the config file used is the same as the utility itself: that is the -config command line option can be used to specify an alternative file.	2002-02-22 14:01:21 +00:00
Richard Levitte	b3dfaaa143	Add AES support in the applications that support -des and -des3.	2002-02-20 18:03:07 +00:00
Richard Levitte	cd64618674	gcc chokes on C++ comments in C code.	2002-02-16 11:57:25 +00:00
Richard Levitte	3e83e686ba	Add the configuration target VxWorks.	2002-02-14 15:37:38 +00:00
Bodo Möller	1dea1f4509	'-C' is still quite broken	2002-02-14 14:30:20 +00:00
Bodo Möller	44411db8e0	fix '-C'	2002-02-14 14:25:33 +00:00
Bodo Möller	23ac7a1407	fix memory leak	2002-02-14 14:21:49 +00:00
Bodo Möller	d8309efc72	EC_GROUP_get_group_by_name() is now called EC_GROUP_new_by_name()	2002-02-14 10:23:20 +00:00
Bodo Möller	4d94ae00d5	ECDSA support Submitted by: Nils Larsch <nla@trustcenter.de>	2002-02-13 18:21:51 +00:00
Richard Levitte	de2f6e4dae	'make update'	2002-02-05 17:34:58 +00:00
Lutz Jänicke	f701551f36	HP-UX 32bit: * When linking against shared libraries, the absolute path is remembered. - When linking against -L.., '..' is remembered inside the executable, so it will fail after "make install" or when not called from inside the "apps/" subdirectory of the build tree. - When using the "+cdp" option of "ld", the ".." information can be exchanged against $(INSTALL_TOP)/lib. In this case the executable will however refuse to work before "make install" has been called. This makes testing the 'openssl' executable a problem. * Solution 1: Relink the "openssl" executable, when "make install" is called. This would however require significant changes to the toplevel Makefile and the apps/ Makefile. * Solution 2: Statically link against libssl and libcrypto, so that the "openssl" executable is no longer dependant on the openssl shared libraries. Select option 2 for HP-UX 32bit, as this requires the smallest change.	2002-01-29 16:32:40 +00:00
Richard Levitte	1199e2d8cf	Apply patch from Toomas Kiisk <vix@cyber.ee> and complete it.	2002-01-29 12:36:01 +00:00
Richard Levitte	80bb905d3d	Apply the following changes by Toomas Kiisk <vix@cyber.ee>: * make openssl rsa work with -engine chil * misc changes, including debug-linux-ppro Configure target and FORMAT_NETSCAPE-aware load_{,pub}key() This completes the application of his changes.	2002-01-25 19:43:52 +00:00
Richard Levitte	404dcc5e8e	I must learn to compile before I commit...	2002-01-25 17:35:19 +00:00
Richard Levitte	17bcb8d465	Add -keyform. Document -engine.	2002-01-25 16:51:46 +00:00
Ben Laurie	45d87a1ffe	Prototype info function.	2002-01-12 15:56:13 +00:00
Richard Levitte	015fbde807	make update	2002-01-02 17:31:23 +00:00
Richard Levitte	ba1b888384	Implement speed measurement for AES. Submitted by Stephen Sprunk <stephen@sprunk.org> as part of his AES integration patch.	2002-01-02 16:57:57 +00:00
Richard Levitte	47cc5525a2	RSA counter should only be defined of RSA is available.	2002-01-02 12:40:38 +00:00
Richard Levitte	206eb6a11d	Change pkcs12 so the certificates coming from -in do not get tossed if -certfile is given as well.	2001-12-12 16:49:02 +00:00
Ben Laurie	ff3fa48fc7	Improve back compatibility.	2001-12-09 21:53:31 +00:00
Bodo Möller	87166e1fb6	fix warnings (one of them was clearly justified)	2001-12-07 17:02:01 +00:00
Dr. Stephen Henson	21a85f1977	Add -pubkey option to req command.	2001-12-01 23:03:30 +00:00
Bodo Möller	4f94d1a8b1	check OPENSSL_NO_... before including header files that might be disabled	2001-11-22 11:13:10 +00:00
Geoff Thorpe	308f028e28	In this particular error condition, the structural reference wasn't being released.	2001-11-22 09:20:08 +00:00
Richard Levitte	83c40e7fc0	Make it possible to give digest names as -evp arguments.	2001-11-15 20:19:40 +00:00
Richard Levitte	e1a00d7d1d	If an engine isn't built in, try loading it as a shareable library instead. This also makes it possible for users to simply give said shareable library as argument for the -engine option.	2001-11-15 18:48:42 +00:00
Richard Levitte	b476df64a1	make update perl util/mkerr.pl -recurse -write -rebuild	2001-11-15 12:25:14 +00:00
Richard Levitte	817dfc18a3	Change the order of events so the capabilities of loaded engines can get listed as well.	2001-11-14 22:30:17 +00:00
Richard Levitte	135c0af1bb	Implement STARTTLS for certain protocols, currently only supporting SMTP.	2001-11-14 13:57:52 +00:00
Bodo Möller	29e0c30c2a	more output for SSL 2.0 in our msg_callback	2001-11-10 01:17:02 +00:00
Dr. Stephen Henson	b83eddc578	Win32 fixes.	2001-11-06 13:40:27 +00:00
Dr. Stephen Henson	6229a5607c	Fix email address delete code.	2001-11-06 01:44:21 +00:00
Richard Levitte	f559f31bef	DOS and Windows do not like unistd.h	2001-11-05 12:43:17 +00:00
Ben Laurie	3210b4fd14	If verify fails, say why.	2001-11-02 13:29:14 +00:00
Richard Levitte	a7b42009c4	Change the shared library support so the shared libraries get built sooner and the programs get built against the shared libraries. This requires a bit more work. Things like -rpath and the possibility to still link the programs statically should be included. Some cleanup is also needed. This will be worked on.	2001-10-30 08:00:59 +00:00
Richard Levitte	7b5ffd6834	Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names	2001-10-29 13:05:28 +00:00
Dr. Stephen Henson	9b55da73ca	Another noemailDN fix.	2001-10-27 17:53:06 +00:00
Dr. Stephen Henson	e7156ff2e8	Allow ca to certify requests containing BMPStrings and UTF8Strings.	2001-10-27 17:04:47 +00:00
Dr. Stephen Henson	437db75b94	Bugfixes for noemailDN option. Make it use the correct name (instead of NULL) if nomailDN is not set, fix memory leaks and retain DN structure when deleting emailAddress.	2001-10-27 17:03:20 +00:00
Dr. Stephen Henson	1fc6d41bf6	New options to allow req to accept UTF8 strings as input.	2001-10-26 12:40:38 +00:00
Richard Levitte	66d3e7481e	Make sure openssl speed is compilable on systems where fork() doesn't exist. For now, that's all the ones we "support" except Unix.	2001-10-25 16:08:17 +00:00
Ben Laurie	0e21156333	Add paralellism to speed - note that this currently causes a weird memory leak.	2001-10-25 14:27:17 +00:00
Bodo Möller	89da653fa6	Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of the e-mail address in the DN (i.e., it will go into a certificate extension only). The new configuration file option 'email_in_dn = no' has the same effect. Submitted by: Massimiliano Pala madwolf@openca.org	2001-10-25 08:25:19 +00:00
Richard Levitte	c2e4f17c1a	Due to an increasing number of clashes between modern OpenSSL and libdes (which is still used out there) or other des implementations, the OpenSSL DES functions are renamed to begin with DES_ instead of des_. Compatibility routines are provided and declared by including openssl/des_old.h. Those declarations are the same as were in des.h when the OpenSSL project started, which is exactly how libdes looked at that time, and hopefully still looks today. The compatibility functions will be removed in some future release, at the latest in version 1.0.	2001-10-24 21:21:12 +00:00
Dr. Stephen Henson	f1558bb424	Reject certificates with unhandled critical extensions.	2001-10-21 02:09:15 +00:00
Dr. Stephen Henson	6ca487992b	Stop spurious "unable to load config info" errors in req	2001-10-21 01:05:53 +00:00
Bodo Möller	a661b65357	New functions SSL[_CTX]_set_msg_callback(). New macros SSL[_CTX]_set_msg_callback_arg(). Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet). New '-msg' option for 'openssl s_client' and 'openssl s_server' that enable a message callback that displays all protocol messages. In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if client_version is smaller than the protocol version in use. Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the client will at least see that alert. Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic pointer). Add/update some OpenSSL copyright notices.	2001-10-20 17:56:36 +00:00
Dr. Stephen Henson	cecd263878	Add missing EVP_CIPHER_CTX_{init,cleanup}	2001-10-20 16:18:03 +00:00
Dr. Stephen Henson	581f1c8494	Modify EVP cipher behaviour in a similar way to digests to retain compatibility.	2001-10-17 00:37:12 +00:00
Lutz Jänicke	41ebed27fa	Flush buffers to prevent mixed output (Adam Back <adam@cypherspace.org>).	2001-10-16 14:24:46 +00:00
Dr. Stephen Henson	20d2186c87	Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() with existing code. Modify library to use digest *_ex() functions.	2001-10-16 01:24:29 +00:00
Richard Levitte	dd5e774664	Add support for md4WithRSAEncryption.	2001-10-10 21:37:45 +00:00
Richard Levitte	712557128b	'make update'	2001-10-10 08:27:52 +00:00
Richard Levitte	b30245dae0	'make update'	2001-10-10 07:56:20 +00:00
Richard Levitte	f8000b9345	'make update'	2001-10-04 07:49:09 +00:00
Richard Levitte	2aa9043ad3	Because there's chances we clash with the system's types.h, rename our types.h to ossl_typ.h.	2001-10-04 07:32:46 +00:00
Richard Levitte	3d90a32429	sch isn't an array, how did this pass through gcc?	2001-10-02 11:49:55 +00:00
Geoff Thorpe	4ba163cbf9	Make "openssl engine -c" list any supported digests as well as supported ciphers.	2001-10-01 15:41:31 +00:00
Richard Levitte	a4a8f7b3ef	Change HZ in speed to rely on sysconf() if the clock tick is available that way. Synchronise s_time with these changes.	2001-09-28 10:34:48 +00:00
Geoff Thorpe	34c66925aa	ENGINE_register_all_complete() will register all implementations of all algorithms present in all loaded ENGINEs. The result is that if any of those ENGINEs successfully initialises, and the ENGINE_TABLE_FLAG_NOINIT flag isn't set, then they will always be used (and cached as defaults) in preference to software implementations. Ie. accidental auto-detection of acceleration hardware :-) This change stops all implementations being automatically registered in "openssl" sub-commands, so that the "setup_engine()" handler in apps.c controls which ENGINEs are registered for use. A special case has been added that will revert to this "auto-detect" logic, ie. if the "-engine" switch is used as; -engine auto	2001-09-28 02:25:14 +00:00
Richard Levitte	7876e4488f	Stop thinking arguments starting with - are algorithm identifiers. Show timing parameters and timing functions used. It looks like some Linuxen have very weird settings for CLK_TCK. I'm very unsure about this change and will investigate further.	2001-09-27 15:43:55 +00:00
Geoff Thorpe	0b4b9a11f5	Put the cipher info back into the "openssl engine" command.	2001-09-25 21:45:03 +00:00
Geoff Thorpe	6dc5d570d0	Make necessary tweaks to apps/ files due to recent ENGINE surgery. See crypto/engine/README for details.	2001-09-25 20:35:01 +00:00
Geoff Thorpe	10b2328fea	"make update"	2001-09-24 17:42:35 +00:00
Bodo Möller	c404ff7955	make update	2001-09-20 22:52:19 +00:00
Geoff Thorpe	8ce2912fbc	Updated dependencies from "make update"	2001-09-12 02:43:22 +00:00
Geoff Thorpe	1372965e2e	Reduce the header dependencies on engine.h in apps/.	2001-09-12 02:39:06 +00:00
Geoff Thorpe	51ac0cfe44	make update	2001-09-10 21:18:11 +00:00
Geoff Thorpe	16e819e1d8	Put all "common" initialisation in the apps_startup() and apps_shutdown() macros in apps.h.	2001-09-10 21:04:14 +00:00
Bodo Möller	c2222c2ea2	restore previous revision -- memory leak should be fixed in mem.c	2001-09-10 18:47:33 +00:00
Bodo Möller	336da5642d	fix memory leak	2001-09-10 18:13:16 +00:00
Bodo Möller	a52c2fb296	exclude disabled message digests	2001-09-10 17:18:56 +00:00
Bodo Möller	41450b27f2	add AES ciphers	2001-09-10 17:12:31 +00:00
Bodo Möller	e72d5983f2	Update so that progs.h can indeed be automatically generated (Working file: progs.h revision 1.24 date: 2001/02/19 16:06:03; author: levitte; state: Exp; lines: +59 -59 Make all configuration macros available for application by making sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. [...])	2001-09-10 17:00:28 +00:00
Bodo Möller	384eff877c	Fix apps/openssl.c and ssl/ssltest.c so that they use CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(), which is the default implementation of the former and should usually not be directly used by applications (at least if we assume that the options accepted by the default implementation will also be meaningful to any other implementations). Also fix apps/openssl.c and ssl/ssltest such that environment variable setting 'OPENSSL_DEBUG_MEMORY=off' actively disables the compiled-in library defaults (i.e. such that CRYPTO_MDEBUG is ignored in this case).	2001-09-10 09:50:30 +00:00
Ben Laurie	7d34470458	Look up MD5 by name.	2001-09-07 11:45:42 +00:00
Ulf Möller	9d07fd03e3	Use GCC 2.95/3.0 optimization	2001-09-05 02:18:40 +00:00
Geoff Thorpe	79aa04ef27	Make the necessary changes to work with the recent "ex_data" overhaul. See the commit log message for that for more information. NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented (initialisation by "memset" won't/can't/doesn't work). This fixes that but requires that X509_STORE_CTX_init() be able to handle errors - so its prototype has been changed to return 'int' rather than 'void'. All uses of that function throughout the source code have been tracked down and adjusted.	2001-09-01 20:02:13 +00:00
Ulf Möller	de73cca923	make update	2001-09-01 04:25:50 +00:00
Lutz Jänicke	faacb092f8	-passin argument not used when actually loading the key (found by Massimiliano Pala <madwolf@hackmasters.net>).	2001-08-24 13:33:15 +00:00
Dr. Stephen Henson	b439a74620	Load OCSP responder key before waiting for an incoming connection so it can prompt for pass phrase on startup instead of after the first connection. Add -port switch to usage message.	2001-08-23 23:54:11 +00:00
Ben Laurie	354c3ace73	Add first cut symmetric crypto support.	2001-08-18 10:22:54 +00:00
Dr. Stephen Henson	b65f851318	Make -passin -passout etc work again. Fix leak in ca.c when using -passin.	2001-08-17 01:09:54 +00:00
Dr. Stephen Henson	35bf35411c	Add CRL utility functions to allow CRLs to be built up without accessing structures directly. Update ca.c to use new functions. Fix ca.c so it now build CRLs correctly again.	2001-08-17 00:33:43 +00:00
Ben Laurie	d66ace9da5	Start to reduce some of the header bloat.	2001-08-05 18:02:16 +00:00
Lutz Jänicke	e9eb000c53	Oops, one SSL_OP_NON_EXPORT_FIRST was left.	2001-08-03 13:05:44 +00:00
Richard Levitte	99ecb90a99	make update	2001-07-31 06:40:10 +00:00
Ben Laurie	dbad169019	Really add the EVP and all of the DES changes.	2001-07-30 23:57:25 +00:00
Dr. Stephen Henson	534a1ed0cb	Allow OCSP server to handle multiple requests. Document new OCSP options.	2001-07-13 13:13:44 +00:00
Dr. Stephen Henson	ee306a1332	Initial OCSP server support, using index.txt format. This can process internal requests or behave like a mini responder. Todo: documentation, update usage info.	2001-07-12 20:41:51 +00:00
Geoff Thorpe	af436bc158	openssl speed is quite useful for testing hardware support (among other things), especially as the RSA keys are fixed. However, DSA only fixes the DSA parameters and then generates the public and private components on the fly each time - this commit hard-codes some sampled key values so that this is no longer the case.	2001-07-11 18:59:25 +00:00
Richard Levitte	567671e291	make update	2001-07-10 21:00:37 +00:00
Richard Levitte	2a1ef75435	Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in SSL according to RFC 2712. His comment is: This is a patch to openssl-SNAP-20010702 to support Kerberized SSL authentication. I'm expecting to have the full kssl-0.5 kit up on sourceforge by the end of the week. The full kit includes patches for mod-ssl, apache, and a few text clients. The sourceforge URL is http://sourceforge.net/projects/kssl/ . Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ message with a real KerberosWrapper struct. I think this is fully RFC 2712 compliant now, including support for the optional authenticator field. I also added openssl-style ASN.1 macros for a few Kerberos structs; see crypto/krb5/ if you're interested.	2001-07-09 21:46:58 +00:00
Ben Laurie	f82197ad75	Don't update argc, argv for decrypt flag!	2001-07-08 12:58:10 +00:00
Ben Laurie	3f37e73bae	Speed test decrypt EVP operations.	2001-07-08 12:14:41 +00:00
Lutz Jänicke	43f9391bcc	When only the key is given to "enc", the IV is undefined (found by Andy Brown <logic@warthog.com>).	2001-07-03 10:31:11 +00:00
Ben Laurie	a169e82065	Fix warning.	2001-07-02 12:50:30 +00:00
Dr. Stephen Henson	b7a26e6daf	Modify apps to use NCONF code instead of old CONF code. Add new extension functions which work with NCONF. Tidy up extension config routines and remove redundant code. Fix NCONF_get_number(). Todo: more testing of apps to see they still work...	2001-06-28 11:41:50 +00:00
Richard Levitte	ce16450a89	Make better use of load_cert, load_certs and load_key.	2001-06-27 09:12:43 +00:00
Richard Levitte	7953b8ff1b	Make better use of load_cert, load_certs and load_key.	2001-06-25 14:23:36 +00:00
Richard Levitte	5abc8ae6f9	Make better use of load_cert, load_certs and load_key.	2001-06-25 14:00:47 +00:00
Richard Levitte	3d5e97f560	Call apps_shutdown() to take down what apps_startup() set up.	2001-06-25 08:35:59 +00:00
Richard Levitte	55dcfa421c	make update	2001-06-23 16:43:03 +00:00
Richard Levitte	c04f8cf44a	Use apps_shutdown() in all applications, in case someone decides not to go the monolith way (does anyone do that these days?). NOTE: a few applications are missing in this commit. I've a few more changes in them that I haven't tested yet.	2001-06-23 16:37:32 +00:00
Richard Levitte	870d986131	apps_startup() needs a corresponding apps_shutdown().	2001-06-23 16:31:41 +00:00
Richard Levitte	4f272c17f5	Make use of new features in UI's. Among others, the application password callbak doesn't need to check for sizes any more.	2001-06-23 16:30:14 +00:00
Dr. Stephen Henson	2c7bc88d78	Fix UI leak in apps.	2001-06-23 12:48:46 +00:00
Richard Levitte	2cd3ad9bdd	Modify "openssl engine" to handle and display internal control commands appropriately.	2001-06-20 06:35:46 +00:00
Dr. Stephen Henson	323f289c48	Change all calls to low level digest routines in the library and applications to use EVP. Add missing calls to HMAC_cleanup() and don't assume HMAC_CTX can be copied using memcpy(). Note: this is almost identical to the patch submitted to openssl-dev by Verdon Walker <VWalker@novell.com> except some redundant EVP_add_digest_()/EVP_cleanup() calls were removed and some changes made to avoid compiler warnings.	2001-06-19 22:30:40 +00:00
Dr. Stephen Henson	a45e4a5537	Fix memory leaks.	2001-06-19 17:13:48 +00:00
Richard Levitte	6dcd1c9109	Do a proof of concept. "openssl genrsa" will make the name of the file part of the password prompt unless it's standard input... More will be added...	2001-06-19 16:34:53 +00:00
Richard Levitte	2fe5adc36c	Change the common application routines to use a UI_METHOD for password prompting, even when done through the callback.	2001-06-19 16:26:30 +00:00
Dr. Stephen Henson	a3376fe8fc	make apps compile again	2001-06-19 00:23:47 +00:00
Richard Levitte	c6c0035ea5	One feature wasn't quite commited yet	2001-06-18 06:30:12 +00:00
Richard Levitte	531d630b5c	Provide an application-common setup function for engines and use it everywhere.	2001-06-18 06:22:33 +00:00
Dr. Stephen Henson	f2a253e0dd	Add support for MS CSP Name PKCS#12 attribute.	2001-06-11 00:43:20 +00:00
Richard Levitte	2b49dd1e8f	'make update'	2001-06-05 20:32:36 +00:00
Richard Levitte	30b4c2724e	Extend all the loading functions to take an engine pointer, a pass string (some engines may have certificates protected by a PIN!) and a description to put into error messages. Also, have our own password callback that we can send both a password and some prompt info to. The default password callback in EVP assumes that the passed parameter is a password, which isn't always the right thing, and the ENGINE code (at least the nCipher one) makes other assumptions... Also, in spite of having the functions to load keys, some utilities did the loading all by themselves... That's changed too.	2001-05-30 15:29:28 +00:00
Richard Levitte	98405f240b	VMS doesn't support more than on period in a file name	2001-05-22 12:47:38 +00:00
Dr. Stephen Henson	bdee69f718	Allow various X509_STORE_CTX properties to be inherited from X509_STORE. Add CRL checking options to other applications.	2001-05-09 00:30:39 +00:00
Dr. Stephen Henson	b545dc6775	Initial CRL based revocation checking.	2001-05-07 22:52:50 +00:00
Dr. Stephen Henson	c2e45f6ddf	Win32 fixes: define LLONG properly for VC++. stop compiler complaining about signed/unsigned mismatch in apps/engine.c	2001-04-29 16:30:59 +00:00
Richard Levitte	21023745e2	Clean up ENGINE before exiting.	2001-04-26 16:08:10 +00:00
Geoff Thorpe	f11bc84080	Changes to "openssl engine" to support the new control command code in ENGINE. * Extra verbosity can be added with more "v"'s, eg. '-vvv' gives information about input flags and descriptions for each control command in each ENGINE. Check the output of "openssl engine -vvv" for example. * '-pre <cmd>' and '-post <cmd>' can be used to invoke control commands on the specified ENGINE (or on all of them if no engine id is specified, although that usually gets pretty ugly). '-post' commands are only attempted if '-t' is specified and the engine successfully initialises. '-pre' commands are always attempted whether or not '-t' causes an initialisation to be tried afterwards. Multiple '-pre' and/or '-post' commands can be specified and they will be called in the order they occur on the command line. Parameterised commands (the normal case, there are currently no unparameterised ones) are split into command and argument via a separating colon. Eg. "openssl engine -pre SO_PATH:/lib/libdriver.so <id>" results in the call; ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libdriver.so", 0); Application code should similarly allow arbitrary name-value string pairs to be passed into ENGINEs in a manner matching that in apps/engine.c, either using the same colon-separated format, or entered as two distinct strings. Eg. as stored in a registry. The last parameter of ENGINE_ctrl_cmd_string can be changed from 0 to 1 if the command should only be attempted if it's supported by the specified ENGINE (eg. for commands like "FORK_CHECK:1" that may or may not apply to the run-time ENGINE).	2001-04-19 02:08:26 +00:00
Richard Levitte	9237ba8b66	Correct typo.	2001-04-11 14:14:54 +00:00
Richard Levitte	95874603b0	Add -keyform.	2001-04-11 14:11:55 +00:00
Richard Levitte	ed2e24d564	Show an example of moving the emailAddress object from the subkect DN to subjectAltName when signing a certificate.	2001-04-11 13:04:20 +00:00
Richard Levitte	c3bdbcf639	NetBSD and OpenBSD use TOD as well	2001-04-11 10:06:02 +00:00
Lutz Jänicke	93f117003e	Add forgotten "-passin" option to smime.c usage help.	2001-04-08 10:51:14 +00:00
Richard Levitte	967d95f096	Incorporate some changes that make OpenSSL compilable in CygWin.	2001-04-04 15:50:30 +00:00
Bodo Möller	50b8ba0201	avoid buffer overflow	2001-03-31 07:48:07 +00:00
Bodo Möller	b10ae320f7	this time really fix the /../ check ...	2001-03-30 14:55:50 +00:00
Bodo Möller	5d3ab9b096	For -WWW, fix test for ".." directory references (and avoid warning for index -1).	2001-03-30 10:47:21 +00:00
Richard Levitte	812cb5638c	make update	2001-03-24 12:39:59 +00:00
Bodo Möller	f89aebb1c4	Add missing '#ifndef OPENSSL_NO_DSA'.	2001-03-22 15:06:19 +00:00
Richard Levitte	51740b12ae	Correct a typo which might have lead to a dump. Noted by Martin Kraemer <Martin.Kraemer@Fujitsu-Siemens.com>	2001-03-16 10:30:10 +00:00
Dr. Stephen Henson	791bd0cd2b	Add copy_extensions option to 'ca' utility.	2001-03-16 02:04:17 +00:00
Dr. Stephen Henson	e890dcdb19	Add 'align' option to nameopt. Add default values for display by the 'ca' utility to openssl.cnf Update docs.	2001-03-15 22:45:20 +00:00
Dr. Stephen Henson	535d79da63	Overhaul the display of certificate details in the 'ca' utility. This can now be extensively customised in the configuration file and handles multibyte strings and extensions properly. This is required when extensions copying from certificate requests is supported: the user must be able to view the extensions before allowing a certificate to be issued.	2001-03-15 19:13:40 +00:00
Dr. Stephen Henson	0a3ea5d34a	Document the -certopt option to the x509 utility. Add no_issuer option. Fix X509_print_ex() so it prints out newlines when certain fields are omitted.	2001-03-15 01:15:54 +00:00
Bodo Möller	cad4b840c8	Fix: return 0 if no error occured.	2001-03-13 22:17:10 +00:00
Bodo Möller	10654d3a74	Forcibly enable memory leak checking during "make test"	2001-03-11 14:49:46 +00:00
Richard Levitte	251cb4cfed	For some experiments, it is sometimes nice to serve files with complete HTTP responses.	2001-03-10 16:20:52 +00:00
Dr. Stephen Henson	1358835050	Change the EVP_somecipher() and EVP_somedigest() functions to return constant EVP_MD and EVP_CIPHER pointers. Update docs.	2001-03-09 02:51:02 +00:00
Bodo Möller	a75d8bebd2	Bugfix: previously the serial number file could turn negative because an incompletely initialized ASN1_INTEGER was used.	2001-03-08 19:13:24 +00:00
Bodo Möller	3285076c8e	Integrate ec_err.[co]. "make depend"	2001-03-08 12:30:12 +00:00
Richard Levitte	70d70a3c81	Code for better build under Darwin (MacOS X). Submitted by Brad Dominy <jdominy@darwinuser.org>	2001-03-07 10:04:00 +00:00
Bodo Möller	65e8167079	Move ec.h to ec2.h because it is not compatible with what we will use. Add EC vaporware: change relevant Makefiles and add some empty source files. "make update".	2001-03-05 20:13:37 +00:00
Bodo Möller	bad4058574	New option '-subj arg' for 'openssl req' and 'openssl ca'. This sets the subject name for a new request or supersedes the subject name in a given request. Add options '-batch' and '-verbose' to 'openssl req'. Submitted by: Massimiliano Pala <madwolf@hackmasters.net> Reviewed by: Bodo Moeller	2001-03-05 11:09:43 +00:00
Bodo Möller	d8c2adae57	increase emailAddress_max	2001-03-04 01:33:55 +00:00
Richard Levitte	7f19d42e9d	MacOSX doesn't have ftime(). Spotted by Pieter Bowman <bowman@math.utah.edu>	2001-02-27 08:14:32 +00:00
Dr. Stephen Henson	f196522159	New function and options to check OCSP response validity.	2001-02-24 13:50:06 +00:00
Geoff Thorpe	e3a9164073	I missed one.	2001-02-23 00:09:50 +00:00
Richard Levitte	41d2a336ee	e_os.h does not belong with the exported headers. Do not put it there and make all files the depend on it include it without prefixing it with openssl/. This means that all Makefiles will have $(TOP) as one of the include directories.	2001-02-22 14:45:02 +00:00
Richard Levitte	19f2192136	Windows does not know of strigs.h or strcasecmp, so when in Windows, make strcasecmp a macro to _stricmp.	2001-02-22 14:21:06 +00:00
Geoff Thorpe	1aa0d94781	This adds command-line support to s_server for controlling the generation of session IDs. Namely, passing "-id_prefix <text>" will set a generate_session_id() callback that generates session IDs as random data with <text> block-copied over the top of the start of the ID. This can be viewed by watching the session ID s_client's output when it connects. This is mostly useful for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple servers, when each of which might be generating a unique range of session IDs (eg. with a certain prefix).	2001-02-21 18:38:48 +00:00
Richard Levitte	14565bedaf	Some functions, like strdup() and strcasecmp(), are defined in strings.h according to X/Open.	2001-02-20 19:05:59 +00:00
Richard Levitte	02cc82ff8a	I forgot there was a reason why the inclusions and definition of u_int was made in a certain sequence. This change restores the earlier "chain of command".	2001-02-20 17:37:02 +00:00
Richard Levitte	38f3b3e29c	OpenVMS catches up.	2001-02-20 17:14:30 +00:00
Richard Levitte	be1bd9239f	Get e_os2.h to get all the system definitions correctly.	2001-02-20 14:07:03 +00:00
Dr. Stephen Henson	569afce4b0	Fix typo.	2001-02-20 13:30:28 +00:00
Richard Levitte	56dde3ebe6	Include opensslconf.h or the like early to make sure system macros get correctly defined.	2001-02-20 13:11:54 +00:00
Bodo Möller	ff055b5c89	honour '-no_tmp_rsa'	2001-02-20 12:59:48 +00:00
Richard Levitte	bc36ee6227	Use new-style system-id macros everywhere possible. I hope I haven't missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.	2001-02-20 08:13:47 +00:00
Ulf Möller	28143c66e1	Fix warning.	2001-02-20 00:43:03 +00:00
Richard Levitte	cf1b7d9664	Make all configuration macros available for application by making sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing.	2001-02-19 16:06:34 +00:00
Richard Levitte	07247321c6	make update	2001-02-19 14:00:38 +00:00
Dr. Stephen Henson	acba75c59d	New -set_serial options to 'req' and 'x509'. Remove the old broken bio read of serial numbers in the 'ca' index file. This would choke if a revoked certificate was specified with a negative serial number. Fix typo in uid.c	2001-02-19 13:38:32 +00:00
Dr. Stephen Henson	a6b7ffddac	New options to 'ca' utility to support CRL entry extensions. Add revelant new X509V3 extensions. Add OIDs. Fix ASN1 memory leak code to pop info if external allocation used.	2001-02-16 01:35:44 +00:00
Lutz Jänicke	52b621db88	Add "-rand" option to s_client and s_server.	2001-02-15 10:22:07 +00:00
Dr. Stephen Henson	f2e5ca84d4	Option to disable standard block padding with EVP API. Add -nopad option to enc command. Update docs.	2001-02-14 02:11:52 +00:00
Dr. Stephen Henson	cdc7b8cc60	Initial OCSP SSL support.	2001-02-14 01:12:41 +00:00
Dr. Stephen Henson	67c1801924	New function OCSP_parse_url() and -url option for ocsp utility. Doesn't handle SSL URLs yet.	2001-02-13 00:37:44 +00:00
Dr. Stephen Henson	46a58ab946	Modify OCSP nonce behaviour.	2001-02-12 23:28:45 +00:00
Bodo Möller	620cea37e0	disable stdin buffering in load_cert	2001-02-10 13:12:35 +00:00
Bodo Möller	c15e036398	use case-insensitive comparison in set_table_opts (similar to how arguments such as -inform/-outform specifications are treated)	2001-02-10 11:21:29 +00:00
Dr. Stephen Henson	ccb08f98ae	Fix CRL printing to correctly show when there are no revoked certificates. Make ca.c correctly initialize the revocation date. Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the string type: so they can initialize ASN1_TIME structures properly.	2001-02-10 00:56:45 +00:00
Lutz Jänicke	836f996010	New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override the clients choice; in SSLv2 the client uses the server's preferences.	2001-02-09 19:56:31 +00:00
Lutz Jänicke	1613c4d3bf	Typo	2001-02-09 19:05:49 +00:00
Dr. Stephen Henson	c063f2c5ec	Various Win32 related fixed. Make no-krb5 work in mkdef.pl . Fix warning in apps/engine.c Remove definitions of deleted functions. Add missing definition of X509_VAL.	2001-02-09 18:16:12 +00:00
Dr. Stephen Henson	b3f2e399d2	Add missing \n's to ocsp usage message.	2001-02-09 03:09:05 +00:00
Dr. Stephen Henson	8c950429a9	Allow various options to be included for signing and verify of OCSP responses. Documentation to follow... Urgh.. this conflicted with the -VAfile patch I hope I haven't broken it.	2001-02-08 19:36:10 +00:00
Richard Levitte	9235adbf47	Add the -VAfile option to 'openssl ocsp'. This option will give the client code certificates to use to only check response signatures. I'm not entirely sure if the way I just implemented the verification is the right way to do it, and would be happy if someone would like to review this.	2001-02-08 17:59:29 +00:00
Lutz Jänicke	73fc98a7bf	Fix typo preventing correct usage of -out option.	2001-02-07 14:15:41 +00:00
Ben Laurie	259810e05b	Rijdael CBC mode and partial undebugged SSL support.	2001-02-06 14:09:13 +00:00
Bodo Möller	69a03c1799	don't dump core	2001-02-06 09:47:47 +00:00

... 10 11 12 13 14 ...

1651 commits