Commit graph

1133 commits

Author SHA1 Message Date
Dr. Stephen Henson
f23478c314 Fix bug in copy_email() which would not
find emailAddress at start of subject name.
2001-03-01 13:32:11 +00:00
Dr. Stephen Henson
3d2e469cfa Fix a bug which caused BN_div to produce the
wrong result if rm==num and num < 0.
2001-02-28 00:51:48 +00:00
Dr. Stephen Henson
fafc7f9875 Enhance OCSP_request_verify() so it finds the signers certificate
properly and supports several flags.
2001-02-26 14:17:58 +00:00
Dr. Stephen Henson
f196522159 New function and options to check OCSP response validity. 2001-02-24 13:50:06 +00:00
Dr. Stephen Henson
4ff18c8c3e Print out OID of unknown signature or public key
algorithms.
2001-02-24 01:42:21 +00:00
Dr. Stephen Henson
db4a465974 Stop PKCS7_verify() core dumping with unknown public
key algorithms and leaking if the signature verify
fails.
2001-02-24 01:38:56 +00:00
Dr. Stephen Henson
d7c06e9ec7 Make OCSP cert id code tolerate a missing issuer certificate
or serial number.
2001-02-23 13:04:24 +00:00
Dr. Stephen Henson
386828d029 Oops, forgot CHANGES entry for ASN1_ITEM_FUNCTIONS. 2001-02-23 13:02:56 +00:00
Geoff Thorpe
fa2b8db499 Note changes re: session ID generation callbacks, etc. 2001-02-21 18:48:33 +00:00
Richard Levitte
d399fdf877 Modify mkdef.pl to recognise and parse prprocessor conditionals of the
form '#if defined(...) || defined(...) || ...' and '#if !defined(...)
&& !defined(...) && ...'.  This also avoids the growing number of
special cases it was previously handling (some of them wrongly).
2001-02-21 14:12:03 +00:00
Bodo Möller
f2bc668429 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
2001-02-20 08:10:38 +00:00
Ulf Möller
5003a61b9f note OPENSSL_issetugid(). 2001-02-19 23:58:56 +00:00
Richard Levitte
2affbab9fc I forgot to document the system identification macros 2001-02-19 16:15:13 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
acba75c59d New -set_serial options to 'req' and 'x509'.
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.

Fix typo in uid.c
2001-02-19 13:38:32 +00:00
Bodo Möller
934397ec66 Memory leak detection bugfixes for multi-threading. 2001-02-19 10:32:53 +00:00
Dr. Stephen Henson
a6b7ffddac New options to 'ca' utility to support CRL entry extensions.
Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.
2001-02-16 01:35:44 +00:00
Lutz Jänicke
f30d34f3a8 Move entry to match chronologic orderering. 2001-02-15 14:18:53 +00:00
Lutz Jänicke
84a2173797 Don't forget to mention minor change. 2001-02-15 10:35:56 +00:00
Dr. Stephen Henson
f2e5ca84d4 Option to disable standard block padding with EVP API.
Add -nopad option to enc command.

Update docs.
2001-02-14 02:11:52 +00:00
Dr. Stephen Henson
cdc7b8cc60 Initial OCSP SSL support. 2001-02-14 01:12:41 +00:00
Ulf Möller
720235eeec IRIX bugfix 2001-02-14 00:14:09 +00:00
Dr. Stephen Henson
67c1801924 New function OCSP_parse_url() and -url option for ocsp utility.
Doesn't handle SSL URLs yet.
2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946 Modify OCSP nonce behaviour. 2001-02-12 23:28:45 +00:00
Dr. Stephen Henson
94fcd01349 Work around for libsafe "error". 2001-02-12 03:22:49 +00:00
Bodo Möller
620cea37e0 disable stdin buffering in load_cert 2001-02-10 13:12:35 +00:00
Dr. Stephen Henson
ccb08f98ae Fix CRL printing to correctly show when there are no revoked certificates.
Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
2001-02-10 00:56:45 +00:00
Lutz Jänicke
836f996010 New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override
the clients choice; in SSLv2 the client uses the server's preferences.
2001-02-09 19:56:31 +00:00
Dr. Stephen Henson
c47c619680 Various updates to mkdef.pl to cope with new aes
and ASN1 code.
2001-02-09 13:16:21 +00:00
Dr. Stephen Henson
8c950429a9 Allow various options to be included for signing and verify of
OCSP responses.

Documentation to follow...

Urgh.. this conflicted with the -VAfile patch I hope I haven't
broken it.
2001-02-08 19:36:10 +00:00
Richard Levitte
9235adbf47 Add the -VAfile option to 'openssl ocsp'. This option will give the
client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.
2001-02-08 17:59:29 +00:00
Bodo Möller
35ed8cb8b6 Integrate my implementation of a countermeasure against
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
2001-02-08 12:14:51 +00:00
Ulf Möller
57e7d3ce15 Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00
Dr. Stephen Henson
deb2c1a1c5 Fix AES code.
Update Rijndael source to v3.0

Add AES OIDs.

Change most references of Rijndael to AES.

Add new draft AES ciphersuites.
2001-02-07 18:15:18 +00:00
Bodo Möller
9eea2be6f1 Avoid coredumps for CONF_get_...(NULL, ...) 2001-02-06 10:26:34 +00:00
Ulf Möller
741a9690df Fix potential buffer overrun for EBCDIC. 2001-02-06 02:54:02 +00:00
Dr. Stephen Henson
26e083ccb7 New function to copy nonce values from OCSP
request to response.
2001-02-05 00:35:06 +00:00
Dr. Stephen Henson
02e4fbed3d Various OCSP responder utility functions.
Delete obsolete OCSP functions.

Largely untested at present...
2001-02-03 19:20:45 +00:00
Dr. Stephen Henson
88ce56f8c1 Various function for commmon operations. 2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
8cff6331c9 Tolerate some "variations" used in some
certificates.

One is a valid CA which has no basicConstraints
but does have certSign keyUsage.

Other is S/MIME signer with nonRepudiation but
no digitalSignature.
2001-02-01 01:57:32 +00:00
Richard Levitte
903872d65e Document the change. 2001-01-30 13:47:59 +00:00
Dr. Stephen Henson
b847024026 Make sk_sort tolearate a NULL argument. 2001-01-28 14:20:13 +00:00
Dr. Stephen Henson
50d5199120 New OCSP response verify option OCSP_TRUSTOTHER 2001-01-26 01:55:52 +00:00
Dr. Stephen Henson
a342cc5a70 Zero the premaster secret after deriving the master secret in DH
ciphersuites.
2001-01-25 13:15:01 +00:00
Dr. Stephen Henson
a43cf9fae9 Add debugging info to new ASN1 code to trace memory leaks.
Fix PKCS7 and PKCS12 memory leaks.

Initialise encapsulated content type properly.
2001-01-24 18:39:54 +00:00
Bodo Möller
ae0665b8f1 EVP_add_digest_alias additions to SS_library_init 2001-01-23 16:39:59 +00:00
Ulf Möller
75802000c8 There is no C version of bn_div_3_words 2001-01-23 16:26:15 +00:00
Ulf Möller
893b76c544 Mention the ./config script fixes. 2001-01-21 18:45:23 +00:00
Dr. Stephen Henson
ba8e28248f Fix to stop X509_time_adj() using GeneralizedTime. 2001-01-20 13:38:45 +00:00
Dr. Stephen Henson
8e8972bb68 Fixes to various ASN1_INTEGER routines for negative case.
Enhance s2i_ASN1_INTEGER().
2001-01-19 14:21:48 +00:00
Bodo Möller
57108f0ad5 Fix openssl passwd -1 2001-01-19 07:37:56 +00:00
Dr. Stephen Henson
73758d435b Additional functionality in ocsp utility: print summary
of status info. Check nonce values. Option to disable
verify. Update usage message.

Rename status to string functions and make them global.
2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
e8af92fcb1 Implement remaining OCSP verify checks in
accordance with RFC2560.
2001-01-18 01:35:39 +00:00
Richard Levitte
361ef5f4dc Make the change log on the RAND_poll change a bit more explicit. Suggested by Bodo Moeller. 2001-01-17 13:43:18 +00:00
Dr. Stephen Henson
81f169e95c Initial OCSP certificate verify. Not complete,
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Bodo Möller
dfebac32c0 New '-extfile' option for 'openssl ca'.
This allows keeping extensions in a separate configuration file.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
2001-01-15 11:35:24 +00:00
Dr. Stephen Henson
6308af199d Change PKCS#12 key derivation routines to cope with
non null terminated passwords.
2001-01-14 14:07:10 +00:00
Dr. Stephen Henson
5782ceb298 New OCSP utility. This can generate, parse and print
OCSP requests. It can also query reponders and parse or
print out responses.

Still needs some more work: OCSP response checks and
of course documentation.
2001-01-13 01:48:38 +00:00
Bodo Möller
c67cdb50d2 New 'openssl ca -status <serial>' and 'openssl ca -updatedb'
commands.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
2001-01-12 14:50:44 +00:00
Bodo Möller
d199858e89 New -newreq-nodes option to CA.pl.
Submitted by: Damien Miller <djm@mindrot.org>
2001-01-11 13:23:19 +00:00
Richard Levitte
10a2975a27 Add configuration for GNU Hurd. 2001-01-11 12:58:37 +00:00
Dr. Stephen Henson
9b4dc8308f OCSP basic response verify. Very incomplete
but will verify the signatures on a response
and locate the signers certifcate.

Still needs to implement a proper OCSP certificate
verify.

Fix warning in RAND_egd().
2001-01-11 00:52:50 +00:00
Bodo Möller
a5435e8b29 After discussion with Richard, change the new API for extended memory
allocation callbacks so that it is no longer visible to applications
that these live at a different call level than conventional memory
allocation callbacks.
2001-01-10 18:09:57 +00:00
Bodo Möller
673b3fde82 Add SSLEAY_DIR argument code for SSLeay_version.
Add '-d' option for 'openssl version' (included in '-a').
2001-01-10 15:15:36 +00:00
Bodo Möller
c06648f7f0 Fix C code generate by 'openssl dsaparam -C'. 2001-01-10 14:26:32 +00:00
Richard Levitte
65a22e8e4d As response to a user request to be able to use external memory
handling routines that need file name and line number information,
I've added a call level to our memory handling routines to allow that
kind of hooking.
2001-01-10 13:14:58 +00:00
Dr. Stephen Henson
cbf0f45f90 Fix uni2asc() so it can properly convert zero length
unicode strings. Certain PKCS#12 files contain these
in BMPStrings and it used to crash on them.
2001-01-10 01:06:31 +00:00
Lutz Jänicke
599c03530a Add automatic query of EGD sockets to RAND_poll(). The EGD sockets are
only queried when the /dev/[u]random devices did not return enough
entropy. Only the amount of entropy missing to reach the required minimum
is queried, as EGD may be drained.
Queried locations are: /etc/entropy, /var/run/egd-pool
2001-01-09 16:44:59 +00:00
Geoff Thorpe
56a67adb64 It was correctly pointed out to me that my CHANGES entry was a little thin
on details. :-)
2001-01-09 16:39:04 +00:00
Geoff Thorpe
3c91484052 Move all the existing function pointer casts associated with LHASH's two
"doall" functions to using type-safe wrappers. As and where required, this
can be replaced by redeclaring the underlying callbacks to use the
underlying "void"-based prototypes (eg. if performance suffers from an
extra level of function invocation).
2001-01-09 00:24:38 +00:00
Richard Levitte
0c61e299b3 Change RAND_poll for Unix to try a number of devices and only read
them for a short period of time (actually, poll them with select(),
then read() whatever is there), which is about 10ms (hard-coded value)
each.

Separate Windows and Unixly code, and start on a VMS variant that
currently just returns 0.
2001-01-08 10:59:26 +00:00
Dr. Stephen Henson
0b33bc65cd Add set of OCSP client functions. All experimental
and subject to addition, modifcation or deletion.

Add two OCSP nonce utility functions.

Fix typo in status code name.
2001-01-08 01:21:55 +00:00
Dr. Stephen Henson
8e96183506 Modify OCSP API to more closely reflect
application needs.

Add OCSP library name to error code.
2001-01-05 03:31:51 +00:00
Dr. Stephen Henson
bf0d176e48 Update OCSP API.
Remove extensions argument from various functions
because it is not needed with the new extension
code.

New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.

New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.

Fix typo in CRL distribution points extension.

Fix ASN1 code so it adds a final null to constructed
strings.
2001-01-04 01:46:36 +00:00
Dr. Stephen Henson
ec5add8784 Fix the S/MIME code so it now works again and
uses the new ASN1 code.
2000-12-31 17:31:57 +00:00
Dr. Stephen Henson
ecbe07817a Rewrite PKCS#12 code and remove some of the old
horrible macros.

Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
2000-12-31 01:13:04 +00:00
Richard Levitte
a6574c21eb Document. 2000-12-31 00:26:18 +00:00
Dr. Stephen Henson
4e1209ebf8 ASN1_ITEM versions of ASN1_d2i_{fp, bio} and replacement of
most of the old wrappers. A few of the old versions remain
because they are non standard and the corresponding ASN1
code has not been reimplemented yet.
2000-12-30 02:40:26 +00:00
Dr. Stephen Henson
78d3b819f0 Replace the old ASN1_dup() with ASN1_item_dup() and
zap some evil function pointers casts along the way...
2000-12-29 18:23:55 +00:00
Richard Levitte
3f07fe09b5 Enhancements to mkdef.pl:
* detect "unknown" algorithms (any C macro starting with NO_ that is
  not explicitely mentioned in mkdef.pl as a known algorithm) and
  report.
* add a number of algorithms that can be deselected.
* look in ssl/kssl.h as well.
* accept multiple whitespace (not just one SPC) in preprocessor lines.
2000-12-29 00:05:14 +00:00
Dr. Stephen Henson
73e92de577 Add NO_ASN1_OLD to remove some old style functions:
currently OpenSSL itself wont compile with this set
because some old style stuff remains.

Change old functions X509_sign(), X509_verify() etc
to use new item based functions.

Replace OCSP function declarations with DECLARE macros.
2000-12-28 22:24:50 +00:00
Dr. Stephen Henson
09ab755c55 ASN1_ITEM versions of sign, verify, pack and unpack.
The old function pointer versions will eventually go
away.
2000-12-28 19:18:48 +00:00
Dr. Stephen Henson
ec558b6548 New OCSP extension functions. 2000-12-28 01:05:05 +00:00
Bodo Möller
725c88879c Finish SSL_peek/SSL_pending fixes. 2000-12-26 12:07:23 +00:00
Bodo Möller
a0aae68cf6 Fix SSL_peek and SSL_pending. 2000-12-25 18:40:46 +00:00
Dr. Stephen Henson
57d2f21782 New function X509V3_add_i2d() this is used for
encoding, replacing and deleting extensions.

Fix X509V3_get_d2i() so it uses takes note of
new critical behaviour.
2000-12-24 18:02:33 +00:00
Bodo Möller
1456d1860e Split a CHANGES entry so that one of the halves matches the
corresponding new entry in the OpenSSL_0_9_6-stable branch.
2000-12-20 10:09:08 +00:00
Dr. Stephen Henson
5755cab49d Fixes to OCSP print code.
Don't try to print request certificates if signature is not present.

Remove unnecessary test for certificates being NULL.

Fix typos in printed output.

Tidy up output.

Fix for typo in OCSP_SERVICELOC ASN1 template.

Also give a bit more info in CHANGES about the ASN1 revision.
2000-12-20 00:46:44 +00:00
Bodo Möller
126fe085db Don't hold CRYPTO_LOCK_RSA during time-consuming operations. 2000-12-19 12:31:41 +00:00
Bodo Möller
3880cd35ad Import s2_pkt.c wbuf fixes from OpenSSL_0_9_6-stable branch. 2000-12-18 11:35:32 +00:00
Bodo Möller
f640ee90c3 Obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX
structures and setting rsa->_method_mod_{n,p,q}.

Submitted by: "Reddie, Steven" <Steven.Reddie@ca.com>
2000-12-18 09:00:48 +00:00
Dr. Stephen Henson
9c67ab2f26 Make mkdef.pl parse some ASN1 IMPLEMENT macros.
Initial support for variables in DEF files.
2000-12-16 01:19:24 +00:00
Bodo Möller
3ac82faae5 Locking issues. 2000-12-15 16:40:35 +00:00
Dr. Stephen Henson
c08523d862 Implement some standard OCSP extensions in the v3 code. These
are all raw print only extensions at present.
2000-12-15 13:42:00 +00:00
Geoff Thorpe
2a86064f95 Make a note of the new engine. 2000-12-14 21:49:48 +00:00
Dr. Stephen Henson
2c15d426b9 New function X509V3_extensions_print() this removes extension duplication
from the print routines.

Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.

Implement some ASN1 functions needed to compile OCSP code.
2000-12-14 18:42:28 +00:00
Bodo Möller
5a4fbc69c3 First step towards SSL_peek fix. 2000-12-14 17:36:59 +00:00
Dr. Stephen Henson
de487514ae New function X509_signature_print() to remove some duplicate
code from certificate, CRL and request printing routines.
2000-12-14 00:53:10 +00:00
Dr. Stephen Henson
06db4253e2 Change the PKCS7 structure to use SEQUENCE OF for the
authenticated attributes: this is used to retain the
original encoding and not break signatures.

Support for a SET OF which reorders the STACK when
encoding a structure. This will be used with the
PKCS7 code.
2000-12-13 23:54:30 +00:00
Dr. Stephen Henson
36f554d43c Replace the old style OCSP ASN1 module. 2000-12-13 18:21:51 +00:00
Dr. Stephen Henson
2aff7727f7 Rewrite the extension code to use an ASN1_ITEM structure
for its ASN1 operations as well as the old style function
pointers (i2d, d2i, new, free). Change standard extensions
to support this.

Fix a warning in BN_mul(), bn_mul.c about uninitialised 'j'.
2000-12-13 13:47:33 +00:00
Dr. Stephen Henson
9d6b1ce644 Merge from the ASN1 branch of new ASN1 code
to main trunk.

Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00
Bodo Möller
8dea52fa42 Fix some things that look like bugs.
One problem that looked like a problem in bn_recp.c at first turned
out to be a BN_mul bug.  An example is given in bn_recp.c; finding
the bug responsible for this is left as an exercise.
2000-12-07 22:06:09 +00:00
Bodo Möller
80d89e6a6a Sign-related fixes (and tests).
BN_mod_exp_mont does not work properly yet if modulus m
is negative (we want computations to be carried out
modulo |m|).
2000-12-07 08:48:58 +00:00
Bodo Möller
aa66eba7c8 BN_mod_sqrt documentation/comment 2000-12-06 21:33:58 +00:00
Bodo Möller
bac685417a Faster BN_mod_sqrt algorithm for p == 5 (8). 2000-12-06 12:25:33 +00:00
Bodo Möller
a47b505e37 Improve formatting. 2000-12-04 19:04:55 +00:00
Geoff Thorpe
f1919c3df9 Make a note of the LHASH changes. 2000-12-04 03:35:35 +00:00
Ulf Möller
1946cd8bc2 Note the bntest change.
The *_part_words functions are not static.
2000-12-02 07:50:30 +00:00
Richard Levitte
2efff10cfa Correct a mail address... 2000-12-01 16:49:53 +00:00
Richard Levitte
33479d275a Document the addition of Kerberos stuff. 2000-12-01 14:40:45 +00:00
Ulf Möller
a023052580 Borland C fix. 2000-12-01 01:53:08 +00:00
Ulf Möller
4b757c830d typo 2000-12-01 01:51:04 +00:00
Bodo Möller
fc2e05c2d5 Fix BN_rshift, which caused lots of trouble. 2000-11-30 22:34:57 +00:00
Richard Levitte
0ae485dc07 New format for the FAQ. We now have different sections for different
types of questions.  Hopefully, that'll make them easier to spot, and
specially, easier to refer to.
2000-11-30 13:04:14 +00:00
Richard Levitte
20f88b9bd4 Changes to c_zlib.c to make ZLIB.DLL dynamically loadable under
Windows.  Really, this should probably be done on Unix as well, but
that will be a later story...
2000-11-30 10:25:45 +00:00
Bodo Möller
6b5d39e82d BN_mod_sqrt 2000-11-30 00:20:20 +00:00
Geoff Thorpe
ef8b601789 Amend the original CHANGES log entry. The ex_data handling has been
similarly modified now on DH and DSA.
2000-11-29 20:02:00 +00:00
Lutz Jänicke
c6a926d9e2 Log security relevant change. 2000-11-29 18:06:18 +00:00
Bodo Möller
9161672950 BN_bin2bn did *not* contain an off-by-one error;
I'm still investigating what caused the segementation fault
(maybe "make clean; make" will cure it ...).
But BN_bin2bn should always reset ret->neg.
2000-11-29 12:53:41 +00:00
Bodo Möller
a08bcccc67 Expand expspeed.c to make BN_kronecker timings.
This caused a segmentation fault in calls to malloc, so I cleaned up
bn_lib.c a little so that it is easier to see what is going on.
The bug turned out to be an off-by-one error in BN_bin2bn.
2000-11-29 12:32:10 +00:00
Bodo Möller
bdec3c5323 Implement BN_kronecker test.
Modify "CHANGES" entry for BN_mod_inverse (it's not just avoiding BN_div
that increases performance, avoiding BN_mul also helps)
2000-11-29 11:06:50 +00:00
Bodo Möller
499e167fda Improve BN_mod_inverse performance.
Get the BN_mod_exp_mont bugfix (for handling negative inputs) correct
this time.
2000-11-29 09:41:19 +00:00
Bodo Möller
000e21779c Note that SSL_peek has been disabled. 2000-11-28 11:13:06 +00:00
Bodo Möller
dcbd0d74d5 Fix BN_is_... macros.
Fix BN_gcd.
Analyze BN_mod_inverse.
Add BN_kronecker.
"make update".
2000-11-27 21:17:20 +00:00
Geoff Thorpe
0ac87024e3 It was a small change, but it *could* conceivably affect people - so I'm
making a note in the CHANGES file.
2000-11-26 18:39:27 +00:00
Bodo Möller
5acaa49504 More BN_mod_... functions. 2000-11-26 18:31:32 +00:00
Bodo Möller
78a0c1f18d modular arithmetics
"make update"
2000-11-26 16:42:38 +00:00
Richard Levitte
baa257f1ed Remove two bn_wexpand() from BN_mul(), which is a step toward getting
BN_mul() correctly constified, avoids two realloc()'s that aren't
really necessary and saves memory to boot.  This required a small
change in bn_mul_part_recursive() and the addition of variants of
bn_cmp_words(), bn_add_words() and bn_sub_words() that can take arrays
with differing sizes.

The test results show a performance that very closely matches the
original code from before my constification.  This may seem like a
very small win from a performance point of view, but if one remembers
that the variants of bn_cmp_words(), bn_add_words() and bn_sub_words()
are not at all optimized for the moment (and there's no corresponding
assembler code), and that their use may be just as non-optimal, I'm
pretty confident there are possibilities...

This code needs reviewing!
2000-11-18 22:58:26 +00:00
Bodo Möller
db70a3fd6e Improve usability of 'openssl passwd' by including
password verification where it makes sense.
2000-11-17 09:03:02 +00:00
Richard Levitte
ccb9643f02 Remove references to RSAref. The glue library is but a memory to fade
away now...
2000-11-08 17:51:37 +00:00
Bodo Möller
7f7b8d6871 BN_CTX-related fixes. 2000-11-08 10:05:34 +00:00
Richard Levitte
e06433d9ba shl_load() also needs to load along a path given through an
environment variable, SHLIB_PATH.  This change makes that possible.
2000-11-07 11:25:26 +00:00
Richard Levitte
55b3c877c7 Document recent constifications. 2000-11-06 23:29:52 +00:00
Richard Levitte
10e473e930 As a consequence of the BIGNUM constification, the ENGINE code needs a
few small constifying changes, and why not throw in a couple of extras
while I'm at it?
2000-11-06 22:15:50 +00:00
Richard Levitte
e7ef1a561a Make all engines available in the openssl application. 2000-11-06 22:03:00 +00:00
Richard Levitte
020fc820dc Constify the BIGNUM routines a bit more. The only trouble were the
two functions that did expansion on in parameters (BN_mul() and
BN_sqr()).  The problem was solved by making bn_dup_expand() which is
a mix of bn_expand2() and BN_dup().
2000-11-06 21:15:54 +00:00
Richard Levitte
6b77e6d7f3 Make sure that shared libraries get the internal name engine with the
full version number and not just 0.  This should mark the shared
libraries as not backward compatible.  Of course, this should be
changed again when we can guarantee backward binary compatibility.
2000-11-06 06:52:47 +00:00
Richard Levitte
11c0f1201c Change the engine library so the application writer has to explicitely
load the "external" built-in engines (those that require DSO).  This
makes linking with libdl or other dso libraries non-mandatory.

Change 'openssl engine' accordingly.

Change the engine header files so some declarations (that differed at
that!) aren't duplicated, and make sure engine_int.h includes
engine.h.  That way, there should be no way of missing the needed
info.
2000-11-02 20:33:04 +00:00
Richard Levitte
69e7805f54 'openssl engine' can now list engine capabilities. The current
implementation is contained in the application, and the capability
string building part should really be part of the engine library.
This is therefore an experimental hack, and will be changed in the
near future.
2000-11-02 19:24:48 +00:00
Richard Levitte
e264cfe17a Better error reporting in 'openssl engine' 2000-11-02 18:58:43 +00:00
Bodo Möller
15d52ddb55 Never call load_dh_param(NULL) because this leads to an illegal
fopen(NULL).
2000-11-02 10:35:10 +00:00
Richard Levitte
14c6d27d63 Add application to enumerate, list and test engines with. 2000-11-01 02:57:35 +00:00
Richard Levitte
dcea8e12e2 Add support for shared libraries under Irix.
Submitted by Albert Chin-A-Young <china@thewrittenword.com>
2000-11-01 00:05:04 +00:00
Richard Levitte
501ebf16b6 Improvements to openssl.spec.
Submitted by Damien Miller <djm@mindrot.org>
This change has been CC:ed to crypt@bxa.doc.gov
2000-10-31 23:26:32 +00:00
Richard Levitte
815c83f70a Add configuration option to build on Linux on both big-endian and
little-endian MIPS.
Submitted by Ralf Baechle <ralf@uni-koblenz.de>
2000-10-31 23:14:19 +00:00
Richard Levitte
3aba98e787 Document the change. 2000-10-28 22:44:03 +00:00
Richard Levitte
7c155330de Document the OCSP addition. 2000-10-27 11:22:17 +00:00
Ulf Möller
34a1488220 . 2000-10-26 22:24:49 +00:00
Richard Levitte
5270e7025e Merge the engine branch into the main trunk. All conflicts resolved.
At the same time, add VMS support for Rijndael.
2000-10-26 21:07:28 +00:00
Geoff Thorpe
1df586bec2 Add a note about the recent DSO changes in CHANGES. 2000-10-26 20:02:33 +00:00
Richard Levitte
53400da75c Document 2000-10-21 22:53:32 +00:00
Richard Levitte
0fd44e2ddb Add what's needed to get shared libraries on HP-UX.
N.B.: This has not been tested at all, that's my next step.
2000-10-21 21:24:11 +00:00
Richard Levitte
567f17cfe0 Document the change to NCONF. 2000-10-21 20:01:34 +00:00
Dr. Stephen Henson
627ec355d8 Fix for bug (?) in assembly language routines for SHA1. This
causes MASM to complain and not produce valid debug info.
Hopefully this wont break anything else...

Also fix typo in e_rd.c
2000-10-20 00:36:45 +00:00
Dr. Stephen Henson
71d525c9f6 Fix for typo in certificate directory lookup code. 2000-10-14 23:51:52 +00:00
Richard Levitte
3ab5651112 The experimental Rijndael code moved to the main trunk.
make update done.
2000-10-14 20:09:54 +00:00
Richard Levitte
a22fb399cb Rework the system to generate shared libraries:
- Make note of the expected extension for the shared libraries and
    if there is a need for symbolic links from for example libcrypto.so.0
    to libcrypto.so.0.9.7.  There is extended info in Configure for
    that.

  - Make as few rebuilds of the shared libraries as possible.

  - Still avoid linking the OpenSSL programs with the shared libraries.

  - When installing, install the shared libraries separately from the
    static ones.
2000-10-13 15:25:06 +00:00
Dr. Stephen Henson
924046ce75 Make non blocking I/O work for accept BIOs. 2000-10-12 01:50:33 +00:00
Dr. Stephen Henson
8ca533e378 More code for X509_print_ex() support. 2000-10-06 11:51:47 +00:00
Dr. Stephen Henson
d0c9858914 Global DirectoryString mask fix.
Add support for X509_NAME_print_ex() in req.

Initial code for cutomizable X509 print routines.
2000-10-04 01:16:32 +00:00
Richard Levitte
ef71cb6daf Document... 2000-10-01 21:46:43 +00:00
Bodo Möller
3a0afe1eed Note read_ahead-flag related fixes. 2000-09-26 11:39:37 +00:00
Richard Levitte
88aeb646bd Document the change. 2000-09-25 11:12:27 +00:00
Richard Levitte
c5e8580e7b Update the status and version number to 0.9.7-dev. 2000-09-24 17:31:37 +00:00
Richard Levitte
0e8f2fdfdd Time to build the release. Bump the version info accordingly. 2000-09-24 15:21:30 +00:00
Ulf Möller
d49da3aa5b Add some missing info. 2000-09-23 05:17:40 +00:00
Bodo Möller
5a5accdd64 typo 2000-09-22 21:45:49 +00:00
Bodo Möller
f1192b7f2e Avoid protocol rollback. 2000-09-22 21:39:33 +00:00
Dr. Stephen Henson
dbba890cf1 Only use the new informational verify codes if we
specifically ask for them.

Fix typo in docs.
2000-09-22 21:32:08 +00:00
Dr. Stephen Henson
6cffb201f3 Fix ASN1_TYPE bug. 2000-09-21 18:57:00 +00:00
Richard Levitte
645749ef98 On VMS, stdout may very well lead to a file that is written to in a
record-oriented fashion.  That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it.  This can be very confusing.

The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record.  Voila, BIO_f_linebuffer() is born.

Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this.  After
the release, this BIO method will be enabled on all other platforms as
well.
2000-09-20 13:55:50 +00:00
Bodo Möller
fe03519704 Totally remove the supposedly 'faster' variant in
BN_mod_mul_montgomery, which calls bn_sqr_recursive
without much preparation.

bn_sqr_recursive requires the length of its argument to be
a power of 2, which is not always the case here.
There's no reason for not using BN_sqr -- if a simpler
approach to squaring made sense, then why not change
BN_sqr?  (Using BN_sqr should also speed up DH where g is chosen
such that it becomes small [e.g., 2] when converted
to Montgomery representation.)

Case closed :-)
2000-09-19 23:25:00 +00:00
Bodo Möller
cb1fbf8e6a Clarification about Montgomery problem 2000-09-19 23:06:14 +00:00
Bodo Möller
a45bd29535 Document BN_mod_mul_montgomery bug;
make disabled code slightly more correct (this does not solve
the problem though).
2000-09-19 18:02:15 +00:00
Dr. Stephen Henson
730e37edb6 Work around for Netscape PKCS#7 signedData bug. 2000-09-18 12:30:57 +00:00
Bodo Möller
07fcf422a1 Rename new BIO_set_shutdown_wr macro to just BIO_shutdown_wr
(it's similar to the shutdown(..., SHUT_WR) system call
for sockets).
2000-09-17 01:23:53 +00:00
Richard Levitte
0e05f54516 A DSO method for VMS was missing, and I had the code lying around... 2000-09-15 21:22:50 +00:00
Ulf Möller
1d84fd64fc Bug fix: Montgomery multiplication could produce results with the wrong
sign.
2000-09-14 18:37:53 +00:00
Richard Levitte
775bcebde5 Add Damien Miller's RPM specification file with a few modifications. 2000-09-14 15:28:44 +00:00
Richard Levitte
cc99526db1 Add a number of documentation files, mostly for SSL routines, but also
for a few BIO routines.
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-14 13:11:56 +00:00
Richard Levitte
72660f5f15 Add a configuration for Sony News 4.
Submitted by NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>
2000-09-14 12:48:48 +00:00
Ulf Möller
523d778aef The other log message should have read "Note the DSA change". 2000-09-13 02:01:35 +00:00
Ulf Möller
5401c4c2bf Not the DSA change. 2000-09-13 01:48:05 +00:00
Bodo Möller
54f10e6adc New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default
behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
2000-09-12 20:28:30 +00:00
Ben Laurie
2959f292db Document an old change. 2000-09-11 17:58:09 +00:00
Richard Levitte
97d8e82c4c Marin Kraemer <Martin.Kraemer@MchP.Siemens.De> sent us patches to make
the OpenSSL commands x50 and req work better on a EBCDIC system.
2000-09-10 14:45:19 +00:00
Dr. Stephen Henson
84b65340e1 Two new PKCS#12 demo programs.
Update PKCS12_parse().

Make the keyid in certificate aux info more usable.
2000-09-07 23:14:26 +00:00
Dr. Stephen Henson
f50c11ca40 Ugh, BIO_find_type() cannot be passed a NULL.
Fix doc example, and fix BIO_find_type().

Fix PKCS7_verify(). It was using 'i' for both the
loop variable and the verify return value.
2000-09-07 17:42:25 +00:00
Richard Levitte
948d0125db Major hack of mkdef.pl. There should be no more need to redo the
process when some symbols are missing.  Instead, all needed info is
saved in the .num files, including what conditions are needed for a
specific symbol to exist.

This was needed for the work I'm doing with shared libraries under
VMS.
2000-09-07 08:43:08 +00:00
Dr. Stephen Henson
bbb720034a Fix typo in rsautl.
Add support for settable verify time in X509_verify_cert().

Document rsautl utility.
2000-09-05 22:30:38 +00:00
Dr. Stephen Henson
2f043896d1 *BIG* verify code reorganisation.
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(
2000-09-05 17:53:58 +00:00
Dr. Stephen Henson
34216c0422 Keep a not of original encoding in certificate requests.
Add new option to PKCS7_sign to exclude S/MIME capabilities.
2000-09-05 13:27:57 +00:00
Bodo Möller
22c7ea4068 Mention fix in bio_lib.c. 2000-09-05 12:46:10 +00:00
Bodo Möller
affadbef0b Consistency 2000-09-04 15:47:17 +00:00
Bodo Möller
bbb8de0966 Avoid abort() throughout the library, except when preprocessor
symbols for debugging are defined.
2000-09-04 15:34:43 +00:00
Dr. Stephen Henson
bd08a2bd0c Add 'rsautl' low level RSA utility.
Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.
2000-09-03 23:13:48 +00:00
Bodo Möller
a545c6f6b1 QNX 4 support. 2000-09-01 09:54:25 +00:00
Ben Laurie
7049ef5f90 Add demo state machine. 2000-08-30 18:14:28 +00:00
Dr. Stephen Henson
7df1c720f6 Fix typo in i2d_ASN1_ENUMERATED
Fix bug in read only memory BIOs so BIO_reset() works.

Add sign and verify options to dgst utility, need
to update docs.
2000-08-30 16:14:29 +00:00
Dr. Stephen Henson
d096b524af Add support for 'other' PKCS#7 content types. 2000-08-22 22:20:25 +00:00
Dr. Stephen Henson
469938cb40 Fixes to d2i_ASN1_OBJECT, ASN1_INTEGER_to_BN and a_strex.c 2000-08-22 12:54:21 +00:00
Dr. Stephen Henson
eaa2818189 Various fixes...
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
2000-08-21 22:02:23 +00:00
Richard Levitte
bb531a0a1c Assar wanted an address change. 2000-08-18 09:50:41 +00:00
Richard Levitte
e6629837a9 Added BIO_vprintf() and BIO_vsnprintf(). The former because I've
found myself needing it a number of times, the latter for completeness.
2000-08-18 09:36:59 +00:00
Richard Levitte
6fd5a04729 Document the added diversity to the possible log levels. 2000-08-17 23:27:03 +00:00
Richard Levitte
368f85545e Document the reconfiguratoin option for Configure. 2000-08-17 10:25:46 +00:00
Richard Levitte
3009458e2f MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test 2000-08-14 14:05:53 +00:00
Richard Levitte
88364bc2bc The pkcs12 had no way of getting a CA file or path to be used when
building a complete chain.  Now added through the -CAfile and -CApath
arguments.
2000-08-11 19:43:20 +00:00
Dr. Stephen Henson
d4fbe3182d Fix for bad sorting of object names.
Add warning print out if duplicate names found:
should end up as a fatal error but a warning for
now until they problems are fixed...
2000-08-06 18:43:32 +00:00
Dr. Stephen Henson
2d978cbd30 Changes needed for Tandem NSK, supplied by Scott Uroff (scott@xypro.com).
Fix warnings with BIO_dump_indent().
2000-08-04 00:01:39 +00:00
Bodo Möller
aa826d88e1 Document rollback issues. 2000-07-29 19:27:20 +00:00
Bodo Möller
37569e64e8 Fix SSL 2.0 rollback checking: The previous implementation of the
test was never triggered due to an off-by-one error.

In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.
2000-07-29 18:50:41 +00:00
Dr. Stephen Henson
a657546f9c New ASN1_STRING_print_ex() and X509_NAME_print_ex()
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.

The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).

Still needs to be documented, integrated into other
utilities and extensively tested.
2000-07-28 01:58:15 +00:00
Richard Levitte
ca1e465f6d Add the possibility to get hexdumps of unprintable data when using
'openssl asn1parse'.  As a side effect, the functions ASN1_parse_dump
and BIO_dump_indent are added.
2000-07-27 17:28:25 +00:00
Dr. Stephen Henson
284ef5f357 Make NEG_PUBKEY_BUG on by default.
ASN1_TIME fixes.

New function c2i_ASN1_OBJECT().
2000-07-26 01:18:37 +00:00
Bodo Möller
fa729135d8 crypto/err.c bugfix 2000-07-21 15:17:04 +00:00
Richard Levitte
b436a98257 Redo and enhance the support for building shared libraries. Currently
there's support for building under Linux and True64 (using examples
from the programming manuals), including versioning that is currently
the same as OpenSSL versions but should really be a different series.

With this change, it's up to the users to decide if they want shared
libraries as well as the static ones.  This decision now has to be
done at configuration time (well, not really, those who know what they
do can still do it the same way as before).

The OpenSSL programs (openssl and the test programs) are currently
always linked statically, but this may change in the future in a
configurable manner.  The necessary makefile variables to enable this
are in place.

Also note that I have done absolutely nothing about the Windows target
to get something similar.  On the other hand, DLLs are already the
default there, but without versioning, and I've no idea what the
possibilities for such a thing are there...
2000-07-21 15:08:53 +00:00
Ulf Möller
c0722725f9 Randomness polling function for Win9x. 2000-07-19 21:35:35 +00:00
Dr. Stephen Henson
fd13f0ee52 Make req seed the PRNG if signing with
an already existing DSA key.

Document the new smime options.
2000-07-12 23:55:30 +00:00
Dr. Stephen Henson
094fe66d9f Fix some typose in the i2d/d2i functions that
call the i2c/c2i (they were not using the
content length for the headers).

Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.

New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.
2000-07-10 18:33:05 +00:00
Dr. Stephen Henson
a338e21bd1 New ASN1 functions that just deal with
content octets, not tag+length.
2000-07-07 13:24:36 +00:00
Richard Levitte
d5870bbe23 Document the change. 2000-07-05 02:52:47 +00:00
Richard Levitte
f365611ca3 Undo the changes I just made. I'm not sure what I was thinking of.
The message to everyone is "Do not hack OpenSSL when stressed"...
2000-06-28 16:47:45 +00:00
Richard Levitte
523c83ec9a Document my latest changes. 2000-06-28 16:24:29 +00:00
Bodo Möller
1f4643a2f4 BSD-style MD5-based password algorithm in 'openssl passwd'.
(Still needs to be tested against the original using sample passwords
of different length.)
2000-06-23 18:00:16 +00:00
Richard Levitte
1023b1220e Document the change in req. 2000-06-22 21:17:46 +00:00
Richard Levitte
fb0b844a7d Document the change in req. 2000-06-22 09:19:59 +00:00
Dr. Stephen Henson
4dd4535441 Change mkstack.pl so it now sorts each group
into lexical order. Previously it depended on
the order of files in the directory.

This should now mean that all systems will
agree on the order of safestack.h and will
not change it needlessly and avoid massive
needless commits to safestack.h in future.

It wont however avoid this one :-(
2000-06-22 00:34:27 +00:00
Dr. Stephen Henson
130832150c Fixes for Win32 build.
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).

Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.

The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.

Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
2000-06-21 02:25:30 +00:00
Dr. Stephen Henson
7ef8206859 Handle ASN1_SET_OF and PKCS12_STACK_OF using function
casts in the same way as STACK_OF.
2000-06-20 18:45:28 +00:00
Dr. Stephen Henson
3aceb94b9e Safe stack reorganisation in terms of function casts.
After some messing around this seems to work but needs
a few more tests. Working out the syntax for sk_set_cmp_func()
(cast it to a function that itself returns a function pointer)
was painful :-(

Needs some testing to see what other compilers think of this
syntax.

Also needs similar stuff for ASN1_SET_OF etc etc.
2000-06-16 23:29:26 +00:00
Dr. Stephen Henson
d3ed8ceb3d Add support for the modified SGC key format used in IIS. 2000-06-15 23:48:05 +00:00
Dr. Stephen Henson
e366f2b876 Fix evp_locl.h macros.
Documentation correction.
2000-06-11 15:43:17 +00:00
Dr. Stephen Henson
a91dedca48 Document EVP routines. Change EVP_SealInit() and EVP_OpenInit()
to support multiple calls.

New function to retrieve email address from certificates and
requests.
2000-06-11 12:18:15 +00:00
Bodo Möller
482a9d41b9 In longer tests with g=2, DH exchange does not become quite as fast
as expected -- maybe it's the different processor, maybe my
previous timings were too inaccurate.
2000-06-10 12:05:52 +00:00
Bodo Möller
a71e2621bc BN_mod_exp_mont_word entry:
Don't give performance gain estimates that appear to be more precise
than they really are, especially when they are wrong
(2/(1/1.15 + 1) = ca. 1.0698).
2000-06-10 10:08:31 +00:00
Bodo Möller
dc434bbcb0 Slightly faster DSA verification (BN_mod_exp2_mont),
marginally faster BN_mod_exp for 1024 bit exponents.
2000-06-08 20:26:03 +00:00
Bodo Möller
947b3b8baf Add entry that Richard forgot. 2000-06-08 15:01:14 +00:00
Bodo Möller
f8989a2155 Use the equivalent of a sliding window (without precomputation
because we're only handling words anyway) in BN_mod_exp_mont_word
making it a little faster for very small exponents,
and adjust the performance gain estimate in CHANGES according
to slightly more thorough measurements.
(15% faster than BN_mod_exp_mont for "large" base,
20% faster than BN_mod_exp_mont for small base.)
2000-06-08 09:39:28 +00:00
Bodo Möller
6dad7bd69c Speed up DH with small generator. 2000-06-07 21:29:25 +00:00
Ulf Möller
be5d92e014 CygWin32 support.
Submitted by: John Jarvie <jjarvie@newsguy.com>
2000-06-03 23:23:10 +00:00
Geoff Thorpe
e41c8d6ad4 This change will cause builds (by default) to not use different STACK
structures and functions for each stack type. The previous behaviour
can be enabled by configuring with the "-DDEBUG_SAFESTACK" option.
This will also cause "make update" (mkdef.pl in particular) to
update the libeay.num and ssleay.num symbol tables with the number of
extra functions DEBUG_SAFESTACK creates.

The way this change works is to accompany each DECLARE_STACK_OF()
macro with a set of "#define"d versions of the sk_##type##_***
functions that ensures all the existing "type-safe" stack calls are
precompiled into the underlying stack calls. The presence or abscence
of the DEBUG_SAFESTACK symbol controls whether this block of
"#define"s or the DECLARE_STACK_OF() macro is taking effect. The
block of "#define"s is in turn generated and maintained by a perl
script (util/mkstack.pl) that encompasses the block with delimiting
C comments. This works in a similar way to the auto-generated error
codes and, like the other such maintenance utilities, is invoked
by the "make update" target.

A long (but mundane) commit will follow this with the results of
"make update" - this will include all the "#define" blocks for
each DECLARE_STACK_OF() statement, along with stripped down
libeay.num and ssleay.num files.
2000-06-01 05:13:52 +00:00
Geoff Thorpe
ccd86b68ef The previous commit to crypto/stack/*.[ch] pulled the type-safety strings
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;

X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).

Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
2000-06-01 02:36:58 +00:00
Bodo Möller
361ee9733f Improve PRNG robustness. 2000-05-30 21:44:36 +00:00
Dr. Stephen Henson
49528751b8 More EVP cipher revision.
Change EVP_SealInit() and EVP_OpenInit() to
handle cipher parameters.

Make it possible to set RC2 and RC5 params.

Make RC2 ASN1 code use the effective key bits
and not the key length.

TODO: document how new API works.
2000-05-30 18:26:22 +00:00
Dr. Stephen Henson
57ae2e2428 Fourth phase EVP revision.
Declare ciphers in terms of macros. This reduces
the amount of code and places each block cipher EVP
definition in a single file instead of being spread
over 4 files.
2000-05-30 02:10:57 +00:00
Dr. Stephen Henson
360370d953 Third phase of EVP cipher overhaul.
Remove duplicated code in EVP.
2000-05-28 12:44:46 +00:00
Bodo Möller
1fab73ac85 Bugfix: clear error queue after ignoring ssl_verify_cert_chain result. 2000-05-27 22:25:01 +00:00
Dr. Stephen Henson
be06a9348d Second phase of EVP cipher overhaul.
Change functions like EVP_EncryptUpdate() so they now return a
value. These normally have software only implementations
which cannot fail so this was acceptable. However ciphers
can be implemented in hardware and these could return errors.
2000-05-27 12:38:43 +00:00
Dr. Stephen Henson
7f0606016c Beginnings of EVP cipher overhaul. This should eventually
enhance and tidy up the EVP interface.

This patch adds initial support for variable length ciphers
and changes S/MIME code to use this.

Some other library functions need modifying to support use
of modified cipher parameters.

Also need to change all the cipher functions that should
return error codes, but currenly don't.

And of course it needs extensive testing...
2000-05-26 23:51:35 +00:00
Bodo Möller
2c05c494c0 Implement SSL_OP_TLS_ROLLBACK_BUG for servers.
Call dh_tmp_cb with correct 'is_export' flag.

Avoid tabs in CHANGES.
2000-05-25 09:50:40 +00:00
Dr. Stephen Henson
b4b41f48d1 Add DSA library string. Workaround for IIS .key file invalid
ASN1 encoding.
2000-05-24 13:09:59 +00:00
Richard Levitte
6d7cce481e Add a note about the new document. 2000-05-18 21:25:48 +00:00
Dr. Stephen Henson
439df5087f Fix c_rehash script, add -fingerprint option to crl. 2000-05-18 00:33:00 +00:00
Ulf Möller
0e1c06128a Get rid of more non-ANSI declarations. 2000-05-15 22:54:43 +00:00
Dr. Stephen Henson
0cb957a684 Fix for SSL server purpose checking 2000-05-04 23:03:49 +00:00
Dr. Stephen Henson
a331a305e9 Make PKCS#12 code handle missing passwords.
Add a couple of FAQs.
2000-05-04 00:08:35 +00:00
Bodo Möller
316e6a66f2 Note apps/x509.c bugfixes. 2000-05-02 20:29:03 +00:00
Bodo Möller
dcba2534fa Avoid leaking memory in thread_hash (and enable memory leak detection
for it).
2000-04-29 23:58:05 +00:00
Ulf Möller
3973628ea6 Submitted by:
Reviewed by:
PR:
2000-04-27 15:06:26 +00:00
Geoff Thorpe
deb4d50e51 Previously, the default RSA_METHOD was NULL until the first RSA structure was
initialised, at which point an appropriate default was chosen. This meant a
call to RSA_get_default_method might have returned FALSE.

This change fixes that; now any called to RSA_new(), RSA_new_method(NULL), or
RSA_get_default_method() will ensure that a default is chosen if it wasn't
already.
2000-04-20 06:44:18 +00:00
Geoff Thorpe
b9e6391582 This change facilitates name translation for shared libraries. The
technique used is far from perfect and alternatives are welcome.
Basically if the translation flag is set, the string is not too
long, and there appears to be no path information in the string,
then it is converted to whatever the standard should be for the
DSO_METHOD in question, eg;
    blah --> libblah.so   on *nix, and
    blah --> blah.dll     on win32.

This change also introduces the DSO_ctrl() function that is used
by the name translation stuff.
2000-04-19 21:45:17 +00:00
Bodo Möller
e5c84d5152 New function ERR_error_string_n. 2000-04-14 23:36:15 +00:00
Richard Levitte
a9831305d8 I forgot to update the change log 2000-04-10 15:48:16 +00:00
Bodo Möller
1d90f28029 In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites 2000-04-06 22:33:14 +00:00
Geoff Thorpe
6ef4d9d512 Better make a note of what's going on ... :-) 2000-04-04 22:49:27 +00:00
Richard Levitte
c90341a155 Tagging has now been done, update to the next version (it's not quite
as important to keep a low profile here :-))
2000-04-01 11:24:27 +00:00
Richard Levitte
5e61580bbd Version and name changes, and a last minute changelog 2000-04-01 11:15:15 +00:00
Bodo Möller
cf194c1f68 Entry for ssleay_rand_status locking fix. 2000-03-30 08:12:35 +00:00
Bodo Möller
3bc90f2373 Fix typo in -clrext option, but add a compatibility hack because
0.9.5a should not break anything that works in 0.9.5.
2000-03-27 18:10:08 +00:00
Dr. Stephen Henson
b475baffb2 Fix for HMAC. 2000-03-27 00:53:27 +00:00
Dr. Stephen Henson
e77066ea0a Fix a memory leak in PKCS12_parse.
Don't copy private key to X509 etc public key structures.
Fix for warning.
2000-03-22 13:50:23 +00:00
Ulf Möller
7af4816f0e des_quad_cksum() byte order bug fix.
See http://www.pdc.kth.se/kth-krb/

Their solution for CRAY is somewhat awkward.
I'll assume that a "short" is 32 bits on CRAY to avoid the
#ifdef _CRAY
    typedef struct {
        unsigned int a:32;
        unsigned int b:32;
    } XXX;
#else
    typedef DES_LONG XXX;
#endif
2000-03-19 02:06:37 +00:00
Dr. Stephen Henson
80870566cf Make V_ASN1_APP_CHOOSE work again. 2000-03-14 03:29:57 +00:00
Bodo Möller
df1ff3f1b3 Correction. 2000-03-13 21:01:05 +00:00
Bodo Möller
7694ddcbc0 Clarifications for 'no-XXX'. 2000-03-13 20:48:23 +00:00
Bodo Möller
46c4647e3c "openssl no-..." commands for avoiding the need to grep
"openssl list-standard-commands".
2000-03-13 20:31:46 +00:00
Bodo Möller
65b002f399 Update test suite so that 'make test' succeeds in 'no-rsa' configuration. 2000-03-13 19:24:39 +00:00
Bodo Möller
e11f0de67f Copy DH key (if available) in addition to the bare parameters
in SSL_new.
If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh
on computing a DH key that will be ignored anyway.

ssltest -dhe1024dsa (w/ 160-bit sub-prime) had an unfair performance
advantage over -dhe1024 (safe prime): SSL_OP_SINGLE_DH_USE was
effectively always enabled because SSL_new ignored the DH key set in
the SSL_CTX.  Now -dhe1024 takes the server only about twice as long
as -dhe1024dsa instead of three times as long (for 1024 bit RSA
with 1024 bit DH).
2000-03-13 17:07:04 +00:00
Bodo Möller
2d5e449a18 Mention -ign_eof. 2000-03-10 13:49:02 +00:00
Bodo Möller
daf4e53e86 spelling 2000-03-07 15:10:08 +00:00
Dr. Stephen Henson
068fdce877 New compatability trust and purpose settings. 2000-03-07 14:04:29 +00:00
Dr. Stephen Henson
48fe0eec67 Fix the PKCS#8 DSA code so it works again. All the
broken formats worked but the valid didn't :-(
2000-03-07 01:03:33 +00:00
Ulf Möller
4c4d87f95f bug fix release planned 2000-03-06 14:24:25 +00:00
Bodo Möller
59fc2b0fc2 Preserve reason strings in automatically build tables. 2000-03-05 00:19:36 +00:00
Bodo Möller
0a150c5c9f Generate correct error reasons strings for SYSerr. 2000-03-04 01:36:53 +00:00
Bodo Möller
41918458c0 New '-dsaparam' option for 'openssl dhparam', and related fixes. 2000-03-03 22:18:19 +00:00
Dr. Stephen Henson
d9c88a3902 Move the 'file scope' argument in set_label to
the third argument: the second was being used
already.
2000-03-03 00:06:40 +00:00
Bodo Möller
84d14408bf Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts. 2000-03-02 22:44:55 +00:00
Bodo Möller
5eb8ca4d92 Use RAND_METHOD for implementing RAND_status. 2000-03-02 14:34:58 +00:00
Ulf Möller
7a2dfc2a20 Note bug fix for the DSA infinite loop 2000-03-01 19:07:58 +00:00
Bodo Möller
55f7d65db0 Document the 'rand' application. 2000-03-01 07:57:25 +00:00
Ralf S. Engelschall
010712ff23 Added configuration support for Linux/IA64
Submitted by: Rolf Haberrecker <rolf@suse.de>
2000-02-29 15:29:02 +00:00
Ulf Möller
2da0c11926 Support assembler for Mingw32. 2000-02-28 19:16:41 +00:00
Ulf Möller
a4709b3d88 Shared library support for Solaris and HPUX
by Lutz Behnke and by Lutz Jaenicke.

Hopefully we'll have a unified way of handling shared libraries when
we move to autoconf...
2000-02-28 19:14:46 +00:00
Bodo Möller
865874f2dd Switch to 0.9.6, and finally remove the annoying message
about renamed header files.
2000-02-28 18:03:16 +00:00
Dr. Stephen Henson
82b931860a Ouch! PKCS7_encrypt() was heading MIME text headers twice
because it added them manually and as part of SMIME_crlf_copy().
Removed the manual add.
2000-02-28 14:11:19 +00:00
Richard Levitte
74cdf6f73a Time for a release 2000-02-28 11:59:02 +00:00
Dr. Stephen Henson
587bb0e02e Don't call BN_rand with zero bits in bntest.c 2000-02-27 17:34:30 +00:00
Andy Polyakov
a5770be6ae Statement that it fails only on 32-bit architectures isn't true. 2000-02-27 02:34:37 +00:00
Ulf Möller
688938fbb4 Bug fix! 2000-02-27 02:05:39 +00:00
Dr. Stephen Henson
94de04192d Fix so Win32 assembly language works with MASM.
Add info about where to get MASM.
2000-02-27 01:15:25 +00:00
Dr. Stephen Henson
0202197dbf Make ASN1 types real typedefs.
Rebuild error files.
2000-02-26 19:25:31 +00:00
Bodo Möller
6d0d5431d4 More get0 et al. changes. Also provide fgrep targets in CHANGES
where the new functions are mentioned.
2000-02-26 08:36:46 +00:00
Ulf Möller
234b5e9611 Make clear which naming convention is meant. 2000-02-26 02:24:16 +00:00
Dr. Stephen Henson
c7cb16a8ff Rename functions for new convention. 2000-02-26 01:55:33 +00:00
Dr. Stephen Henson
fbb41ae0ad Allow code which calls RSA temp key callback to cope
with a failure.

Fix typos in some error codes.
2000-02-25 00:23:48 +00:00
Ulf Möller
505b5a0ee0 BIO_printf() change 2000-02-24 22:57:42 +00:00
Ulf Möller
4ec2d4d2b3 Support EGD. 2000-02-24 02:51:47 +00:00
Ulf Möller
cdf20e0839 add missing names. 2000-02-23 21:57:22 +00:00
Dr. Stephen Henson
3142c86d65 Allow ADH to be used but not present in the default cipher
list.

Allow CERTIFICATE to be used in PEM headers for PKCS#7 structures:
some CAs do this.
2000-02-23 01:11:01 +00:00
Dr. Stephen Henson
72b60351f1 Change EVP_MD_CTX_type so it is more logical and add EVP_MD_CTX_md for
the old functionality.

Various warning fixes.

Initial EVP symmetric cipher docs.
2000-02-22 02:59:26 +00:00
Bodo Möller
745c70e565 Move MAC computations for Finished from ssl3_read_bytes into
ssl3_get_message, which is more logical (and avoids a bug,
in addition to the one that I introduced yesterday :-)
and makes Microsoft "fast SGC" less special.
MS SGC should still work now without an extra state of its own
(it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state
for reading the body of a Client Hello message), however this should
be tested to make sure, and I don't have a MS SGC client.
2000-02-21 10:16:30 +00:00
Bodo Möller
b35e9050f2 Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. 2000-02-20 23:04:06 +00:00
Dr. Stephen Henson
d754b3850f Change the 'other' structure in certificate aux info. 2000-02-20 18:27:23 +00:00
Bodo Möller
853f757ece Allow for higher granularity of entropy estimates by using 'double'
instead of 'unsigned' counters.
Seed PRNG in MacOS/GetHTTPS.src/GetHTTPS.cpp.

Partially submitted by Yoram Meroz <yoram@mail.idrive.com>.
2000-02-19 15:22:53 +00:00
Dr. Stephen Henson
8a208cba97 New functions and option to use NEW in certificate requests. 2000-02-18 00:54:21 +00:00
Dr. Stephen Henson
a3fe382e2d Pass phrase reorganisation. 2000-02-16 23:16:01 +00:00
Ben Laurie
bd03b99b9b Add support for Compaq Atalla crypto accelerator. 2000-02-16 22:15:39 +00:00
Dr. Stephen Henson
de469ef21e Fix for Netscape "hang" bug. 2000-02-15 14:19:44 +00:00
Andy Polyakov
bcba6cc60f HP-UX tune-up: new unified configs, HP C compiler bug workaround. 2000-02-12 23:33:01 +00:00
Dr. Stephen Henson
d13e4eb0b5 Make pkcs12 and smime applications seed random number
generator (otherwise they don't work) and add -rand
option. Update docs.
2000-02-12 03:03:04 +00:00
Bodo Möller
3ebf0be142 Corrections. 2000-02-11 17:18:50 +00:00
Bodo Möller
bb325c7d6a 'passwd' tool. 2000-02-10 21:50:52 +00:00
Dr. Stephen Henson
f07fb9b24b Add command line password options to the reamining utilities,
amend docs.
2000-02-08 01:34:59 +00:00
Ulf Möller
cae55bfc68 Improve bntest slightly, and fix another bug in the BN library. 2000-02-06 15:56:59 +00:00
Andy Polyakov
0fad6cb7e7 Support for MacOS X (Rhapsody) is added. Also get rid of volatile
qualifier in asm definitions as it prevents compiler from moving
the instruction(s) during optimization pass.
2000-02-06 11:15:20 +00:00
Ulf Möller
4a6222d71b BN_div bugfix. The q-- loop should not be entered in the n0==d0 case. 2000-02-06 00:25:39 +00:00
Dr. Stephen Henson
66430207a4 Add support for some broken PKCS#8 formats. 2000-02-05 21:07:56 +00:00
Ulf Möller
9b141126d4 New functions BN_CTX_start(), BN_CTX_get(), BN_CTX_end() to access
temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but
the BN_CTX implementation could now easily be changed.
2000-02-05 14:17:32 +00:00
Dr. Stephen Henson
af57d84312 Rename SSLeay_add_all_algorithms() et al to
OpenSSL_add_all_algorithms(). Move these into
separate files so they work properly.
2000-02-04 14:01:38 +00:00
Dr. Stephen Henson
82fc1d9c28 Add new -notext option to 'ca', -pubkey option to spkac.
Remove some "WTF??" casts from applications.

Fixes to keep VC++ happy and avoid warnings.

Docs tidy.
2000-02-03 02:56:48 +00:00
Bodo Möller
e74231ed9e rndsort{Miller, Rabin} primality test. 2000-02-02 21:20:44 +00:00
Bodo Möller
2c5fe5b12a Change log entry completed. 2000-02-01 07:50:42 +00:00
Ulf Möller
8efb60144d EBCDIC support.
Submitted by: Martin Kraemer <martin.kraemer@mch.sni.de>
2000-02-01 02:21:16 +00:00
Ulf Möller
98d0b2e375 Note changes. 2000-01-30 23:34:33 +00:00
Bodo Möller
cdd43b5ba5 Documentation for BN_is_prime_fasttest. 2000-01-30 11:05:39 +00:00
Bodo Möller
1baa94907c Make output of "openssl dsaparam 1024" more interesting :-) 2000-01-30 03:32:28 +00:00
Bodo Möller
7865b871c0 Tiny changes to previous patch (the log message was meant to be
"Make DSA_generate_parameters faster").
2000-01-30 02:40:38 +00:00
Bodo Möller
a87030a1ed Make DSA_generate_parameters, and fix a couple of bug
(including another problem in the s3_srvr.c state machine).
2000-01-30 02:23:03 +00:00
Dr. Stephen Henson
e1314b5716 Fix CRL encoding bug. 2000-01-29 00:00:26 +00:00
Bodo Möller
07e6dbde66 more information on 0.9.5 2000-01-28 21:26:30 +00:00
Dr. Stephen Henson
90644dd74d New -pkcs12 option to CA.pl.
Document CA.pl script.
Initialise and free up the extra DH fields
(nothing uses them yet though).
2000-01-28 01:35:31 +00:00
Ulf Möller
38e33cef15 Document DSA and SHA.
New function BN_pseudo_rand().
Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
generating DSA primes (why not use BN_is_prime()?)
2000-01-27 19:31:26 +00:00
Ulf Möller
e93f9a3284 Run ispell.
Clean up bn_mont.c.
2000-01-27 01:50:42 +00:00
Bodo Möller
2557eaeac8 Avoid a race condition. 2000-01-24 17:57:56 +00:00
Bodo Möller
a46faa2bfd Improve clarity. 2000-01-24 16:02:29 +00:00
Bodo Möller
aabbb7451b Document RAND_load_file change. 2000-01-24 14:42:26 +00:00
Dr. Stephen Henson
dd9d233e2a Tidy up CRYPTO_EX_DATA structures. 2000-01-23 23:41:49 +00:00
Dr. Stephen Henson
fabce04122 Make s_server, s_client check cipher list return codes.
Update docs.
2000-01-23 02:28:08 +00:00
Ulf Möller
4486d0cd7a Document the DH library, and make some minor changes along the way. 2000-01-22 20:05:23 +00:00
Dr. Stephen Henson
09483c58e3 Add new program dhparam and update docs. 2000-01-22 13:58:29 +00:00
Dr. Stephen Henson
bda70ed430 Gets Lutz Jaenicke's name right this time :-)
Apologies to both concerned.
2000-01-22 12:49:48 +00:00
Dr. Stephen Henson
018e57c74d Apply Lutz Behnke's 56 bit cipher patch with a few
minor changes.

Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.
2000-01-22 03:17:06 +00:00
Dr. Stephen Henson
8100490a72 Make -CAcreateserial start from 1 instead of 0 for
serial numbers.
2000-01-21 02:42:14 +00:00
Ulf Möller
e7f97e2d22 Check RAND_bytes() return value or use RAND_pseudo_bytes(). 2000-01-21 01:15:56 +00:00
Dr. Stephen Henson
6e6bc352b1 Finish off the X509_ATTRIBUTE string stuff. 2000-01-20 01:37:17 +00:00
Dr. Stephen Henson
77b47b9036 Rename X509_att*() stuff to X509at_*(), add X509_REQ wrappers. 2000-01-19 01:02:13 +00:00
Ulf Möller
aa82db4fb4 Add missing #ifndefs that caused missing symbols when building libssl
as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.

Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
2000-01-16 21:10:00 +00:00
Ulf Möller
373b575f5a New function RAND_pseudo_bytes() generated pseudorandom numbers that
are not guaranteed to be unpredictable.
2000-01-16 15:58:17 +00:00
Bodo Möller
0983760dfc note about things still to do with RAND_bytes 2000-01-13 21:20:26 +00:00
Bodo Möller
a873356c00 Use CRYPTO_push_info to find a memory leak in pkcs12.c. 2000-01-13 21:10:43 +00:00
Ulf Möller
eb952088f0 Precautions against using the PRNG uninitialized: RAND_bytes() now
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
2000-01-13 20:59:17 +00:00
Bodo Möller
76aa0ddc86 Turn BN_prime_checks into a macro.
Primes p where (p-1)/2 is prime too are called "safe", not "strong".
2000-01-12 11:57:30 +00:00
Richard Levitte
de73e397f8 Added a comment about Win32. 2000-01-11 22:32:37 +00:00
Richard Levitte
cbfa4c32c0 Add more info to the memory allocation change log.
Suggested by Bodo.
2000-01-11 22:16:12 +00:00
Bodo Möller
3cc6cdea0f The buffer in ss3_read_n cannot actually occur because it is never
called with max > n when extend is set.
2000-01-11 08:09:27 +00:00
Bodo Möller
c51ae173a6 Clean up some of the SSL server code. 2000-01-11 01:07:26 +00:00
Dr. Stephen Henson
25f923ddd1 New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code.
Remove references to 'TXT' in -inform and -outform switches.
2000-01-09 14:21:40 +00:00
Dr. Stephen Henson
dad666fbbe Add PKCS#12 manpage and use MAC iteration counts by default. 2000-01-08 03:16:04 +00:00
Ulf Möller
0f583f69f3 Honor the no-xxx Configure options when creating .DEF files. 2000-01-07 03:17:47 +00:00
Dr. Stephen Henson
35f4850ae0 More X509_ATTRIBUTE changes. 2000-01-07 00:55:54 +00:00
Dr. Stephen Henson
b38f9f66c3 Initial automation changes to 'req' and X509_ATTRIBUTE functions. 2000-01-06 01:26:48 +00:00
Bodo Möller
ca03109c3a New functions SSL_get_finished, SSL_get_peer_finished.
Add short state string for MS SGC.
2000-01-06 01:19:17 +00:00
Bodo Möller
f2d9a32cf4 Use separate arrays for certificate verify and for finished hashes. 2000-01-06 00:24:24 +00:00
Andy Polyakov
bdf5e18317 Enhanced support for Alpha Linux. See CHANGES for details. 2000-01-02 20:46:58 +00:00
Dr. Stephen Henson
3d14b9d04a Add support for MS "fast SGC". 2000-01-02 18:52:58 +00:00
Dr. Stephen Henson
20432eae41 Fix some of the command line password stuff. New function
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
2000-01-01 16:42:49 +00:00
Bodo Möller
47134b7864 Don't request client certificate in anonymous ciphersuites
except when following the specs is bound to fail.
1999-12-29 17:43:03 +00:00
Bodo Möller
45fd4dbb84 Fix SSL_CTX_add_session: When two SSL_SESSIONs have the same ID,
they can sometimes be different memory structures.
1999-12-29 14:29:32 +00:00
Dr. Stephen Henson
f45f40ffff Add OIDs for idea and blowfish. Unfortunately these are in
the middle of the OID table so the diff is rather large :-(
1999-12-29 02:59:18 +00:00
Dr. Stephen Henson
6447cce372 Simplify the trust structure: basically zap the bit strings and
represent everything by OIDs.
1999-12-29 00:40:28 +00:00
Dr. Stephen Henson
e6f3c5850e New {i2d,d2i}_PrivateKey_{bio, fp} functions. 1999-12-26 19:20:03 +00:00
Dr. Stephen Henson
36217a9424 Allow passwords to be included on command line for a few
more utilities.
1999-12-24 23:53:57 +00:00
Dr. Stephen Henson
525f51f6c9 Add PKCS#8 utility functions and add PBE options. 1999-12-23 02:02:42 +00:00
Bodo Möller
78baa17ad0 Correct spelling, and don't abuse grave accent as left quote
(which was allowed by old ASCII definitions but is not compatible
with ISO 8859-1, ISO 10646 etc.).
1999-12-22 16:10:44 +00:00
Dr. Stephen Henson
e76f935ead Support for ASN1 NULL type. 1999-12-22 01:39:23 +00:00
Andy Polyakov
099f1b32c8 Initial support for MacOS is now available
Submitted by: Roy Woods <roy@centricsystems.ca>
Reviewed by: Andy Polyakov
1999-12-19 16:17:45 +00:00
Richard Levitte
f3a2a04496 - Added more documentation in CHANGES.
- Made CRYPTO_MDEBUG even less used in crypto.h, giving
   MemCheck_start() and MemCheck_stop() only one possible definition.
 - Made the values of the debug function pointers in mem.c dependent
   on the existence of the CRYPTO_MDEBUG macro, and made the rest of
   the code understand the NULL case.

That's it.  With this code, the old behvior of the debug functionality
is restored, but you can still opt to have it on, even when the
library wasn't compiled with a defined CRYPTO_MDEBUG.
1999-12-18 02:34:37 +00:00
Richard Levitte
d8df48a9bc - Made sure some changed behavior is documented in CHANGES.
- Moved the handling of compile-time defaults from crypto.h to
   mem_dbg.c, since it doesn't make sense for the library users to try
   to affect this without recompiling libcrypto.
 - Made sure V_CRYPTO_MDEBUG_TIME and V_CRYPTO_MDEBUG_THREAD had clear
   and constant definitions.
 - Aesthetic correction.
1999-12-18 01:14:39 +00:00
Richard Levitte
9ac42ed8fc Rebuild of the OpenSSL memory allocation and deallocation routines.
With this change, the following is provided and present at all times
(meaning CRYPTO_MDEBUG is no longer required to get this functionality):

  - hooks to provide your own allocation and deallocation routines.
    They have to have the same interface as malloc(), realloc() and
    free().  They are registered by calling CRYPTO_set_mem_functions()
    with the function pointers.

  - hooks to provide your own memory debugging routines.  The have to
    have the same interface as as the CRYPTO_dbg_*() routines.  They
    are registered by calling CRYPTO_set_mem_debug_functions() with
    the function pointers.

I moved everything that was already built into OpenSSL and did memory
debugging to a separate file (mem_dbg.c), to make it clear what is
what.

With this, the relevance of the CRYPTO_MDEBUG has changed.  The only
thing in crypto/crypto.h that it affects is the definition of the
MemCheck_start and MemCheck_stop macros.
1999-12-17 12:56:24 +00:00
Dr. Stephen Henson
b216664f66 Various S/MIME fixes. 1999-12-11 20:04:06 +00:00
Dr. Stephen Henson
d8223efd04 Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs.
Also fix a memory leak in PKCS#7 routines.
1999-12-10 13:46:48 +00:00
Dr. Stephen Henson
5a9a4b299c Merge in my S/MIME library and utility. 1999-12-05 00:40:59 +00:00
Bodo Möller
cddfe788fb Add functions des_set_key_checked, des_set_key_unchecked.
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
1999-12-03 20:24:21 +00:00
Dr. Stephen Henson
21131f00d7 New function PKC12_newpass() 1999-12-03 03:46:18 +00:00
Dr. Stephen Henson
dd4134101f Change the trust and purpose code so it doesn't need init
either and has a static and dynamic mix.
1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
08cba61011 Modify the X509 V3 extension lookup code. 1999-12-01 01:49:46 +00:00
Ben Laurie
fea9afbfc7 Make salting the default. Fail gracefully if the input is not salted. 1999-11-30 20:15:19 +00:00