Commit graph

11378 commits

Author SHA1 Message Date
Dr. Stephen Henson
79a474e8f2 Add an extra 'raw' function r2i to the extension code. Nothing uses this yet and
it is just a place holder for functionality to be added later. Its been added
now so the X509V3_EXT_METHOD structure shouldn't (hopefully) have to change
after the release.
1999-03-06 02:34:07 +00:00
Dr. Stephen Henson
924acc5451 Fix the PKCS#7 stuff: signature verify could fail if attributes reordered, the
detached data encoding was wrong and free up public keys.
1999-03-05 02:05:15 +00:00
Dr. Stephen Henson
d00b7aad5a Workaround for a Win95 console bug triggered by the password read stuff. 1999-03-05 01:07:04 +00:00
Dr. Stephen Henson
9985bed331 Deleted my str_dup() function from X509V3: the same functionality is provided
by BUF_MEM_strdup(). Added text documentation to the BUF_MEM stuff.
1999-03-04 23:29:51 +00:00
Ralf S. Engelschall
789285aa96 Added the new `Includes OpenSSL Cryptography Software' button as
doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
button and can be used by applications based on OpenSSL to show the
relationship to the OpenSSL project.

PS: This beast caused me three hours to create, because
    of the size I had to hand-paint the 7pt fonts in Photoshop.
1999-03-04 12:55:42 +00:00
Ralf S. Engelschall
a06c602e6f Remove confusing variables in function signatures in files
ssl/ssl_lib.c and ssl/ssl.h. At least the double ctx-variable
confused some compilers.

Submitted by: Lennart Bong <lob@kulthea.stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-03-04 07:54:01 +00:00
Ralf S. Engelschall
8d697db1d0 Don't install bss_file.c under PREFIX/include/. It was introduced by Eric
between SSLeay 0.8 and 0.9 and just looks useless and confusing.

Pointed out by: Lennart Bong <lob@kulthea.stacken.kth.se>
Submitted by: Ralf S. Engelschall
1999-03-04 07:47:27 +00:00
Dr. Stephen Henson
06c6849124 Fix the Win32 compile environment and add various changes so it will now compile
under Win32 (9X and NT) again. Note: some signed/unsigned changes recently
checked in were killing the Win32 compile.
1999-03-03 02:01:26 +00:00
Ben Laurie
726bae3f0f Supper's cooking. 1999-02-28 20:51:38 +00:00
Ben Laurie
eb90a483ad Add functions to add certs to stacks, used for CA file/path stuff in servers. 1999-02-28 17:41:55 +00:00
Ben Laurie
49bc262459 More truth in declarations. 1999-02-28 14:39:18 +00:00
Ben Laurie
b4f10a7e92 doxygen configuration file. 1999-02-28 12:42:50 +00:00
Ben Laurie
4f43d0e71f Experiment with doxygen documentation. 1999-02-28 12:41:50 +00:00
Ben Laurie
1efa9c33c0 Update dependencies. 1999-02-27 18:41:04 +00:00
Ralf S. Engelschall
74d7abc2ab Get rid of remaining C++-style comments which strict C compilers hate.
(Pointed out by Carlos Amengual).
1999-02-27 12:17:40 +00:00
Ralf S. Engelschall
c707fb2741 Ops, the logic of the second argument has to be coupled with the != test to
work correctly for the SSL_CTX_xxx situations, too. Now "make test" passes
again fine.
1999-02-26 22:31:54 +00:00
Ralf S. Engelschall
aa2b6baf4f Use consistent and existing addresses 1999-02-26 21:44:17 +00:00
Dr. Stephen Henson
7283ecea22 BN_RECURSION causes the stuff in bn_mont.c to fall over for large keys. For
now change it to BN_RECURSION_MONT so it isn't compiled in.
1999-02-26 01:37:34 +00:00
Ben Laurie
754048577b Perhaps if I do a tiny bit of docco, others may follow? 1999-02-25 17:39:04 +00:00
Ralf S. Engelschall
090db4f475 Remember one more wish from the users 1999-02-25 14:44:55 +00:00
Ralf S. Engelschall
15d21c2df4 Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH
private keys and/or callback functions which directly correspond to their
SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
for applications which have to configure certificates on a per-connection
basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
s_server).

For the RSA certificate situation is makes no difference, but for the DSA
certificate situation this fixes the "no shared cipher" problem where the
OpenSSL cipher selection procedure failed because the temporary keys were not
overtaken from the context and the API provided no way to reconfigure them.

The new functions now let applications reconfigure the stuff and they are in
detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
non-public-API function ssl_cert_instantiate() is used as a helper function
and also to reduce code redundancy inside ssl_rsa.c.

Submitted by: Ralf S. Engelschall
Reviewed by: Ben Laurie
1999-02-25 14:40:29 +00:00
Ralf S. Engelschall
ea14a91f64 Move s_server -dcert and -dkey options out of the undocumented feature area
because they are useful for the DSA situation and should be recognized by the
users. Thanks to Steve for the original hint.
1999-02-25 11:26:26 +00:00
Ralf S. Engelschall
4b8f2ce648 Typo 1999-02-25 11:06:52 +00:00
Ralf S. Engelschall
90a52cecaf Fix the cipher decision scheme for export ciphers: the export bits are *not*
within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK.  So, the
original variable has to be used instead of the already masked variable.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 11:03:18 +00:00
Ralf S. Engelschall
def9f43151 Fix 'port' variable from int' to unsigned int' in crypto/bio/b_sock.c
Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 10:54:27 +00:00
Ralf S. Engelschall
8aef252bf4 Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
from `int' to `unsigned int' because it's a length and initialized by
EVP_DigestFinal() which expects an `unsigned int *'.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 10:47:24 +00:00
Ben Laurie
4f9b306ca7 Fix clearly untested "clever" hack. 1999-02-25 09:43:26 +00:00
Ralf S. Engelschall
74cc3698bd More CVS ignore stuff... 1999-02-25 09:06:30 +00:00
Ralf S. Engelschall
a4ed5532a8 Don't hard-code path to Perl interpreter on shebang line of Configure
script. Instead use the usual Shell->Perl transition trick.
1999-02-25 08:48:52 +00:00
Ralf S. Engelschall
1b3b0a54d1 Remember good pointers to Montgomery multiplication algorithm
descriptions as pointed out by Dave Carman <carman@erols.com>
1999-02-25 08:00:57 +00:00
Ralf S. Engelschall
7be304acdb Make `openssl x509 -noout -modulus' functional also for DSA certificates (in
addition to RSA certificates) to match the behaviour of `openssl dsa -noout
-modulus' as it's already the case for `openssl rsa -noout -modulus'.  For RSA
the -modulus is the real "modulus" while for DSA currently the public key is
printed (a decision which was already done by `openssl dsa -modulus' in the
past) which serves a similar purpose.  Additionally the NO_RSA no longer
completely removes the whole -modulus option; it now only avoids using the RSA
stuff. Same applies to NO_DSA now, too.
1999-02-24 17:17:31 +00:00
Dr. Stephen Henson
6b313a7365 Remove debugging fprintf from req.c and fix the code so it properly skips over
the first leading XXX. in the DN.
1999-02-24 00:14:21 +00:00
Ben Laurie
1745a3fb9f Code for reliable BIO. 1999-02-23 21:45:23 +00:00
Ben Laurie
55ab3bf7f9 Add reliable BIO. 1999-02-23 21:44:34 +00:00
Ben Laurie
15799403ad Fix more warnings. 1999-02-23 12:53:49 +00:00
Ralf S. Engelschall
3a1daca9ef Get rid of a nasty debugging message which was forgotten here... 1999-02-23 08:53:04 +00:00
Ralf S. Engelschall
f2f351ce9c Fix usage message on gendsa:
1. The dsaparam argument is mandatory and not optional
2. Add a little text what this actually is: a filename
1999-02-23 08:52:20 +00:00
Ralf S. Engelschall
04fa4cb721 Make gcc -Wall happy ("might be used uninitialized...") 1999-02-23 07:47:30 +00:00
Dr. Stephen Henson
a43aa73e3b Redo the way 'req' and 'ca' add objects: add support for oid_section. 1999-02-23 00:07:46 +00:00
Ben Laurie
0849d13811 Add syslogging BIO. 1999-02-22 21:21:08 +00:00
Dr. Stephen Henson
e527ba09a6 Various changes to make this stuff compile under Win32 and VC++ with and
without -debug option to mk1mf.pl. Change _export to is_export (_export is
a reserved word under VC++). Add yucky function prototype function pointer
casts. Sanitise the included files in crypto/x509v3.

Also changed ssleay.exe target to openssl.exe
1999-02-22 01:26:40 +00:00
Ben Laurie
60e31c3a4b More stuff for new TLS ciphersuites. 1999-02-21 21:58:59 +00:00
Ben Laurie
a040ea8251 Undo a couple of kludges. 1999-02-21 20:07:41 +00:00
Ben Laurie
06ab81f9f7 Add support for new TLS export ciphersuites. 1999-02-21 20:03:24 +00:00
Ben Laurie
abf87f79f7 Fix warning. 1999-02-21 20:01:39 +00:00
Dr. Stephen Henson
deff75b634 Add preliminary user level config documentation for extension stuff. Programming
info will come later...

Feel free to reformat and tidy this up...
1999-02-21 17:41:08 +00:00
Dr. Stephen Henson
0c8a1281d0 Make RSA_NO_PADDING really use no padding.
Submitted by: Ulf Moeller <ulf@fitug.de>
1999-02-21 17:39:07 +00:00
Ralf S. Engelschall
189b6a6062 Remember some open issues and available patches 1999-02-21 12:33:58 +00:00
Dr. Stephen Henson
aa066b9e6e Add more functionality to issuer alt name and subject alt name. New options
to include email addresses from DN and copy details from issuer certificate.
Include examples in openssl.cnf, update Win32 ordinals.
1999-02-21 01:46:45 +00:00
Ralf S. Engelschall
a67a9694f7 Ok, propose a release date of March 15th with a code freeze a few days before
so we have enough time for final testing and tarball rolling.
1999-02-20 16:50:53 +00:00