Dr. Stephen Henson
c944a9696e
add fips hmac option and fips blocking overrides to command line utilities
2012-02-10 16:46:19 +00:00
Andy Polyakov
9b2a29660b
Sanitize usage of <ctype.h> functions. It's important that characters
...
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
2012-01-12 16:28:03 +00:00
Andy Polyakov
b9cbcaad58
speed.c: typo in pkey_print_message [from HEAD].
...
PR: 2681
Submitted by: Annie Yousar
2012-01-11 21:49:16 +00:00
Bodo Möller
767d3e0054
Update for 0.9.8s and 1.0.0f.
...
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in the 1.0.1 branch, the actual code is here already.)
2012-01-05 13:46:27 +00:00
Dr. Stephen Henson
bd6941cfaa
PR: 2658
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
5c05f69450
make update
2011-12-27 14:38:27 +00:00
Dr. Stephen Henson
b300fb7734
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.
- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
2011-12-27 14:23:22 +00:00
Andy Polyakov
1d05ff2779
apps/speed.c: fix typo in last commit.
2011-12-19 14:33:37 +00:00
Andy Polyakov
941811ccb9
apps/speed.c: Cygwin alarm() fails sometimes.
...
PR: 2655
2011-12-15 22:30:11 +00:00
Dr. Stephen Henson
b8a22c40e0
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Remove unnecessary code for srp and to add some comments to
s_client.
- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable
- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
2011-12-14 22:18:03 +00:00
Dr. Stephen Henson
8173960305
remove old -attime code, new version includes all old functionality
2011-12-10 00:42:48 +00:00
Dr. Stephen Henson
f2e590942e
implement -attime option as a verify parameter then it works with all relevant applications
2011-12-10 00:37:42 +00:00
Dr. Stephen Henson
97d0c596a1
Replace expired test server and client certificates with new ones.
2011-12-08 14:45:15 +00:00
Dr. Stephen Henson
5713411893
The default CN prompt message can be confusing when often the CN needs to
...
be the server FQDN: change it.
[Reported by PSW Group]
2011-12-06 00:00:51 +00:00
Ben Laurie
825e1a7c56
Fix warnings.
2011-12-02 14:39:41 +00:00
Dr. Stephen Henson
a310428527
Workaround so "make depend" works for fips builds.
2011-11-22 12:50:59 +00:00
Ben Laurie
b1d7429186
Add TLS exporter.
2011-11-15 23:51:22 +00:00
Ben Laurie
060a38a2c0
Add DTLS-SRTP.
2011-11-15 23:02:16 +00:00
Andy Polyakov
db896db5a7
speed.c: add ghash benchmark [from HEAD].
2011-11-14 21:09:30 +00:00
Ben Laurie
68b33cc5c7
Add Next Protocol Negotiation.
2011-11-13 21:55:42 +00:00
Ben Laurie
4c02cf8ecc
make depend.
2011-11-13 20:23:34 +00:00
Dr. Stephen Henson
efbb7ee432
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
2011-11-13 13:13:14 +00:00
Dr. Stephen Henson
6bd173fced
Don't disable TLS v1.2 by default any more.
2011-10-09 23:28:25 +00:00
Dr. Stephen Henson
9309ea6617
Backport PSS signature support from HEAD.
2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
dc100d87b5
Backport of password based CMS support from HEAD.
2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
1fe83b4afe
use keyformat for -x509toreq, don't hard code PEM
2011-09-23 21:48:50 +00:00
Dr. Stephen Henson
370385571c
PR: 2347
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve
Fix usage message.
2011-09-23 13:12:41 +00:00
Dr. Stephen Henson
e34a303ce1
make depend
2011-09-16 23:15:22 +00:00
Dr. Stephen Henson
0ae7c43fa5
Improved error checking for DRBG calls.
...
New functionality to allow default DRBG type to be set during compilation
or during runtime.
2011-09-16 23:08:57 +00:00
Dr. Stephen Henson
4a18d5c89b
Don't add trailing slash to FIPSDIR: it causes problems with Windows builds.
2011-06-18 19:02:12 +00:00
Ben Laurie
be23b71e87
Add -attime.
2011-06-09 17:09:31 +00:00
Ben Laurie
78ef9b0205
Fix warnings.
2011-06-09 16:03:18 +00:00
Dr. Stephen Henson
c6fa97a6d6
FIPS low level blocking for AES, RC4 and Camellia. This is complicated by
...
use of assembly language routines: rename the assembly language function
to the private_* variant unconditionally and perform tests from a small
C wrapper.
2011-06-05 17:36:44 +00:00
Dr. Stephen Henson
916bcab28e
Prohibit low level cipher APIs in FIPS mode.
...
Not complete: ciphers with assembly language key setup are not
covered yet.
2011-06-01 16:54:06 +00:00
Dr. Stephen Henson
7207eca1ee
The first of many changes to make OpenSSL 1.0.1 FIPS capable.
...
Add static build support to openssl utility.
Add new "fips" option to Configure.
Make use of installed fipsld and fips_standalone_sha1
Initialise FIPS error callbacks, locking and DRBG.
Doesn't do anything much yet: no crypto is redirected to the FIPS module.
Doesn't completely build either but the openssl utility can enter FIPS mode:
which doesn't do anything much either.
2011-05-26 14:19:19 +00:00
Dr. Stephen Henson
565c15363c
PR: 2527
...
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve
Set cnf to NULL to avoid possible double free.
2011-05-25 15:05:56 +00:00
Dr. Stephen Henson
57dd2ea808
add FIPS support to openssl utility (backport from HEAD)
2011-05-19 18:23:24 +00:00
Dr. Stephen Henson
7f9ef5621a
Oops, add missing declaration.
2011-05-12 13:02:25 +00:00
Dr. Stephen Henson
39348038df
make kerberos work with OPENSSL_NO_SSL_INTERN
2011-05-11 22:52:34 +00:00
Dr. Stephen Henson
9472baae0d
Backport TLS v1.2 support from HEAD.
...
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
2011-05-11 13:37:52 +00:00
Dr. Stephen Henson
ae17b9ecd5
Typo.
2011-05-11 13:22:54 +00:00
Dr. Stephen Henson
74096890ba
Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN
...
all ssl related structures are opaque and internals cannot be directly
accessed. Many applications will need some modification to support this and
most likely some additional functions added to OpenSSL.
The advantage of this option is that any application supporting it will still
be binary compatible if SSL structures change.
(backport from HEAD).
2011-05-11 12:56:38 +00:00
Richard Levitte
ecff2e5ce1
Corrections to the VMS build system.
...
Submitted by Steven M. Schweda <sms@antinode.info>
2011-03-25 16:21:08 +00:00
Richard Levitte
d135906dbc
For VMS, implement the possibility to choose 64-bit pointers with
...
different options:
"64" The build system will choose /POINTER_SIZE=64=ARGV if
the compiler supports it, otherwise /POINTER_SIZE=64.
"64=" The build system will force /POINTER_SIZE=64.
"64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.
2011-03-25 09:39:46 +00:00
Richard Levitte
9f427a52cb
make update (1.0.1-stable)
...
This meant a slight renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable. However, since there's been no release on
this branch yet, it should be harmless.
2011-03-23 00:06:04 +00:00
Richard Levitte
013f3d999f
* apps/makeapps.com: Add srp.
2011-03-20 17:34:06 +00:00
Richard Levitte
64d30d7adc
* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV
...
with turning trapping back on.
* test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV
here.
* test/clean-test.com: A new script for cleaning up.
2011-03-20 14:01:49 +00:00
Richard Levitte
9d57828d66
* apps/openssl.c: For VMS, take care of copying argv if needed much earlier,
...
directly in main(). 'if needed' also includes when argv is a 32 bit
pointer in an otherwise 64 bit environment.
* apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional
=ARGV, but only if it's supported. Fortunately, DCL is very helpful
telling us in this case.
2011-03-20 13:15:37 +00:00
Richard Levitte
01d2e27a2b
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 09:47:47 +00:00
Dr. Stephen Henson
3393e0c02c
Fix SRP error codes (from HEAD).
2011-03-16 16:55:12 +00:00
Ben Laurie
a149b2466e
Add SRP.
2011-03-16 11:26:40 +00:00
Dr. Stephen Henson
13e230d505
PR: 2469
...
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve
Check mac is present before trying to retrieve mac iteration count.
2011-03-13 18:20:23 +00:00
Dr. Stephen Henson
2eab92f8e3
make no-dsa work again
2011-03-10 18:27:13 +00:00
Richard Levitte
a5c5eb77b5
Part of the IF structure didn't get pasted here...
...
PR: 2393
2010-12-14 21:44:33 +00:00
Richard Levitte
90d02be7c5
First attempt at adding the possibility to set the pointer size for the builds on VMS.
...
PR: 2393
2010-12-14 19:18:58 +00:00
Dr. Stephen Henson
981c0de27a
fix no SIGALRM case in speed.c
2010-11-18 13:22:42 +00:00
Dr. Stephen Henson
251431ff4f
add TLS v1.1 options to s_server
2010-11-13 12:44:17 +00:00
Dr. Stephen Henson
84fbc56fd0
PR: 2366
...
Submitted by: Damien Miller <djm@mindrot.org>
Reviewed by: steve
Stop pkeyutl crashing if some arguments are missing. Also make str2fmt
tolerate NULL parameter.
2010-11-11 14:42:34 +00:00
Dr. Stephen Henson
497b4f92d2
i variable is used on some platforms
2010-07-05 11:03:50 +00:00
Dr. Stephen Henson
1eb1cf452b
Backport TLS v1.1 support from HEAD
2010-06-27 14:15:02 +00:00
Dr. Stephen Henson
e97359435e
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
6938440d68
PR: 2262
...
Submitted By: Victor Wagner <vitus@cryptocom.ru>
Fix error reporting in load_key function.
2010-05-27 14:09:13 +00:00
Richard Levitte
1cf12a6350
No need to look for the file if none was entered.
2010-04-13 14:39:58 +00:00
Richard Levitte
d2f098b33d
Spelling
2010-04-13 14:34:48 +00:00
Dr. Stephen Henson
5b0a79a27a
PR: 2220
...
Fixes to make OpenSSL compile with no-rc4
2010-04-06 11:18:32 +00:00
Dr. Stephen Henson
75ece4b5cf
don't leave bogus errors in the queue
2010-03-10 13:48:21 +00:00
Dr. Stephen Henson
3b3f71121b
PR: 2183
...
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
2010-03-03 19:56:17 +00:00
Dr. Stephen Henson
2e630b1847
use supplied ENGINE in genrsa
2010-03-01 14:22:02 +00:00
Dr. Stephen Henson
7366f0b304
PR: 2170
...
Submitted by: Magnus Lilja <lilja.magnus@gmail.com>
Make -c option in dgst work again.
2010-02-12 17:07:24 +00:00
Dr. Stephen Henson
8b354e776b
PR: 2161
...
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.
Make no-dsa, no-ecdsa and no-rsa compile again.
2010-02-02 13:36:05 +00:00
Dr. Stephen Henson
ffa304c838
oops, revert more test code arghh!
2010-01-28 17:52:18 +00:00
Dr. Stephen Henson
df21765a3e
In engine_table_select() don't clear out entire error queue: just clear
...
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:50:23 +00:00
Dr. Stephen Henson
1699389a46
Tolerate PKCS#8 DSA format with negative private key.
2010-01-22 20:17:30 +00:00
Dr. Stephen Henson
93fac08ec3
PR: 2136
...
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>
Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:27:11 +00:00
Andy Polyakov
496cf69e40
Fix compilation on older Linux [from HEAD].
2010-01-06 21:25:22 +00:00
Dr. Stephen Henson
675564835c
New option to enable/disable connection to unpatched servers
2009-12-16 20:28:30 +00:00
Dr. Stephen Henson
b52a2738d4
Add ctrl and macro so we can determine if peer support secure renegotiation.
2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
3d5d81bf39
Replace the broken SPKAC certification with the correct version.
2009-12-02 14:41:24 +00:00
Richard Levitte
370f48da2a
Typo
2009-11-12 14:03:57 +00:00
Dr. Stephen Henson
73582b8117
add missing parts of reneg port, fix apps patch
2009-11-11 14:51:29 +00:00
Dr. Stephen Henson
5c33091cfa
commit missing apps code for reneg fix
2009-11-11 14:10:09 +00:00
Dr. Stephen Henson
4a7f7171f5
Add missing functions to allow access to newer X509_STORE_CTX status
...
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
2009-10-31 19:21:47 +00:00
Dr. Stephen Henson
961092281f
Add option to allow in-band CRL loading in verify utility. Add function
...
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
2009-10-31 13:34:19 +00:00
Dr. Stephen Henson
90528846e8
Add -no_cache option to s_server
2009-10-28 17:49:37 +00:00
Dr. Stephen Henson
c679fb298e
Add new function X509_STORE_set_verify_cb and use it in apps
2009-10-18 14:42:27 +00:00
Dr. Stephen Henson
595e804ae3
Fix for WIN32 (and possibly other platforms) which don't define in_port_t.
2009-10-15 18:48:47 +00:00
Dr. Stephen Henson
28418076b2
PR: 2069
...
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org
IPv6 support for DTLS.
2009-10-15 17:41:44 +00:00
Dr. Stephen Henson
abdfdb029e
PR: 1847
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Integrated patches to CA.sh to bring it into line with CA.pl functionality.
2009-10-15 17:27:47 +00:00
Dr. Stephen Henson
8465b81d50
PR: 2066
...
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org
Add -r option to dgst to produce format compatible with core utilities.
2009-10-15 17:18:03 +00:00
Dr. Stephen Henson
2280f82fc6
Fix warnings about ignoring fgets return value
2009-10-04 16:43:21 +00:00
Dr. Stephen Henson
804196a418
PR: 2061
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct i2b_PVK_bio error handling in rsa.c, dsa.c
2009-10-01 00:26:07 +00:00
Dr. Stephen Henson
0c690586e0
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:41:53 +00:00
Dr. Stephen Henson
bc8c5fe58d
Free SSL_CTX after BIO
2009-09-30 21:35:26 +00:00
Dr. Stephen Henson
80afb40ae3
Submitted by: Julia Lawall <julia@diku.dk>
...
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:27:27 +00:00
Dr. Stephen Henson
e7209103e6
PR: 2038
...
Submitted by: Artem Chuprina <ran@cryptocom.ru>
Approved by: steve@openssl.org
Avoid double call to BIO_free().
2009-09-11 11:03:31 +00:00
Dr. Stephen Henson
b7e3cb31a5
PR: 2031
...
Submitted by: steve@openssl.org
Tolerate application/timestamp-response which some servers send out.
2009-09-07 17:57:02 +00:00
Dr. Stephen Henson
c0688f1aef
Make update, deleting bogus DTLS error code
2009-09-06 15:55:54 +00:00
Dr. Stephen Henson
2e9802b7a7
PR: 2028
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Fix DTLS cookie management bugs.
2009-09-04 17:42:06 +00:00
Dr. Stephen Henson
196dcf93bc
PR: 2020
...
Submitted by: Keith Beckman <kbeckman@mcg.edu>, Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org
Fix improperly capitalized references to WWW::Curl::Easy.
2009-09-02 15:57:12 +00:00
Dr. Stephen Henson
e5eb96c83a
PR: 2013
...
Submitted by: steve@openssl.org
Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.
Add error checking to CRL generation in ca utility when nextUpdate is being
set.
2009-09-02 13:55:22 +00:00
Dr. Stephen Henson
c9add317a9
Tidy up and fix verify callbacks to avoid structure dereference, use of
...
obsolete functions and enhance to handle new conditions such as policy
printing.
2009-09-02 12:45:19 +00:00
Richard Levitte
82f35daaaf
Moving up the inclusion of e_os.h was a bad idea.
...
Put it back where it was and place an inclusion of e_os2.h to get platform
macros defined...
2009-08-26 11:21:50 +00:00
Richard Levitte
cb0d89705b
Define EXE_DIR earlier.
...
Make sure S_SOCKET also gets compiled with _POSIX_C_SOURCE defined.
Submitted by Zoltan Arpadffy <zoli@polarhome.com>
2009-08-25 07:25:55 +00:00
Richard Levitte
f49353b42f
Move up the inclusion of e_os.h so OPENSSL_SYS_VMS_DECC has a chance
...
to be properly defined.
2009-08-25 07:23:21 +00:00
Dr. Stephen Henson
209abea1db
Stop unused variable warning on WIN32 et al.
2009-08-18 11:14:12 +00:00
Dr. Stephen Henson
5a96822f2c
Update default dependency flags.
...
Make error name discrepancies a fatal error.
Fix error codes.
make update
2009-08-12 17:08:44 +00:00
Dr. Stephen Henson
a4bade7aac
PR: 1997
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS timeout handling fix.
2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
e322b5d167
Typo
2009-08-10 15:53:11 +00:00
Dr. Stephen Henson
01af4edcfe
PR: 1999
...
Submitted by: "Bayram Kurumahmut" <kbayram@ubicom.com>
Approved by: steve@openssl.org
Don't use HAVE_FORK in apps/speed.c it can conflict with configured version.
2009-08-10 15:30:29 +00:00
Dr. Stephen Henson
f45e8c7bdd
PR: 2000
...
Submitted by: Vadim Zeitlin <vz-openssl@zeitlins.org>
Approved by: steve@openssl.org
Make no-comp compile without warnings.
2009-08-05 15:29:14 +00:00
Dr. Stephen Henson
4386445c18
Change STRING to OPENSSL_STRING etc as common words such
...
as "STRING" cause conflicts with other headers/libraries.
2009-07-27 21:08:53 +00:00
Dr. Stephen Henson
b4c81fb6db
Update from 0.9.8-stable
2009-07-24 11:15:55 +00:00
Dr. Stephen Henson
5fda10c6f1
Oops, use right function name...
2009-07-14 15:14:39 +00:00
Dr. Stephen Henson
0190aa7353
Update from HEAD.
2009-07-13 11:40:46 +00:00
Dr. Stephen Henson
a2da5c7daa
Make update.
2009-07-08 09:13:24 +00:00
Dr. Stephen Henson
e323afb0ce
Update from HEAD.
2009-06-30 16:10:24 +00:00
Dr. Stephen Henson
6e07229564
PR: 1966
...
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Reviewed by: steve@openssl.org
Make no-ocsp work properly.
2009-06-30 15:08:38 +00:00
Dr. Stephen Henson
fa07f00aaf
Update from HEAD.
2009-06-29 16:09:58 +00:00
Dr. Stephen Henson
710c1c34d1
Allow checking of self-signed certifictes if a flag is set.
2009-06-26 11:28:52 +00:00
Dr. Stephen Henson
6178da0142
Update from HEAD.
2009-06-17 12:05:51 +00:00
Dr. Stephen Henson
43dc001b62
Update from HEAD.
2009-06-17 11:33:17 +00:00
Dr. Stephen Henson
67d8ab07e6
Stop warning if dtls disabled.
2009-06-05 14:56:48 +00:00
Dr. Stephen Henson
0454f2c490
PR: 1929
...
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org
Updated DTLS MTU bug fix.
2009-05-17 16:04:21 +00:00
Richard Levitte
006c7c6bb1
Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
...
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
2009-05-15 16:37:08 +00:00
Dr. Stephen Henson
756d2074b8
PR: 1924
...
Submitted by: "Green, Paul" <Paul.Green@stratus.com>
Approved by: steve@openssl.org
Fix _POSIX_C_SOURCE usage.
2009-05-13 11:32:24 +00:00
Richard Levitte
22e1421672
Cast to avoid signedness confusion
2009-04-26 12:16:12 +00:00
Dr. Stephen Henson
7134507de0
Make no-rsa, no-dsa and no-dh compile again.
2009-04-23 17:16:40 +00:00
Dr. Stephen Henson
fe41d9853c
Make no-ec work
2009-04-23 16:25:00 +00:00
Dr. Stephen Henson
87a0f4b92e
PR: 1902
...
Add ecdsa/ecdh algorithms to default for speed utility.
2009-04-22 17:31:04 +00:00
Dr. Stephen Henson
71d3eaf358
make update.
2009-04-21 15:02:20 +00:00
Dr. Stephen Henson
9990cb75c1
PR: 1894
...
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Fix various typos and stuff.
2009-04-16 17:22:51 +00:00
Dr. Stephen Henson
791b7bc715
Fix usage messages and lookup digests later in req command.
...
(part of PR #1887 )
2009-04-10 11:00:12 +00:00
Dr. Stephen Henson
19ae090787
Print out registered digest names in dgst utility instead of hard
...
coding them. Modify EVP_MD_do_all() to include registered digest name.
This is a modified version of part of PR#1887.
2009-04-10 10:30:27 +00:00
Dr. Stephen Henson
15671a90a9
PR: 1677
...
Submitted by: Vennemann <rvennemann@cool.ms>
Approved by: steve@openssl.org
Call RSA_new() after ENGINE has been set up.
2009-04-06 21:42:11 +00:00
Dr. Stephen Henson
326794e9c6
Change default openssl.cnf to only use issuer+serial option in AKID if no
...
SKID.
2009-04-04 18:09:43 +00:00
Dr. Stephen Henson
6abbc68188
PR: 1870
...
Submitted by: kilroy <kilroy@mail.zutom.sk>
Approved by: steve@openssl.org
Handle pkcs12 format correctly by not assuming PEM format straight away.
2009-04-03 17:06:35 +00:00
Dr. Stephen Henson
9ccd4e224f
Add USE_SOCKETS.
2009-04-02 15:19:03 +00:00
Dr. Stephen Henson
417b8d4705
PR:1880
...
Load config in ts utility.
2009-04-01 14:59:18 +00:00
Dr. Stephen Henson
70b2186e24
Stop warnings.
2009-03-31 19:54:51 +00:00
Dr. Stephen Henson
aaf35f11d7
Allow use of algorithm and cipher names for dgsts and enc utilities instead
...
of having to manually include each one.
2009-03-30 11:31:50 +00:00
Dr. Stephen Henson
38b6e6c07b
Typo in usage message.
2009-03-23 21:04:23 +00:00
Dr. Stephen Henson
e4e949192b
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
...
Reviewed by: steve@openssl.org
Check return codes properly in md BIO and dgst command.
2009-03-18 18:53:08 +00:00
Dr. Stephen Henson
617298dca3
Update from stable branch.
2009-03-12 17:10:26 +00:00
Dr. Stephen Henson
33ab2e31f3
PR: 1854
...
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org
Support GeneralizedTime in ca utility.
2009-03-09 13:59:07 +00:00
Ben Laurie
73bfcf2226
Don't ask for -iv for ciphers that need no IV.
2009-03-03 15:14:33 +00:00
Dr. Stephen Henson
0ed6b52687
Stop warning about use of *printf() without a format.
2009-02-15 15:29:59 +00:00
Dr. Stephen Henson
30b1b28aff
Return correct exit code.
2009-02-12 18:06:11 +00:00
Dr. Stephen Henson
46400c97a9
Avoid leaks in pkcs8 app, tidy code up.
2009-02-12 18:02:47 +00:00
Dr. Stephen Henson
3859d7ee78
Just to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED...
2009-02-06 16:43:52 +00:00
Bodo Möller
d615bceb2d
For -hex, print just one \n
2009-02-02 00:40:29 +00:00
Bodo Möller
7ca1cfbac3
-hex option for openssl rand
...
PR: 1831
Submitted by: Damien Miller
2009-02-02 00:01:28 +00:00
Richard Levitte
5871ddb016
Because DEC C - sorry, HP C - is picky about features, we need to
...
define _XOPEN_SOURCE_EXTENDED to reach fd_set and timeval types and
functionality.
2009-01-28 07:38:14 +00:00
Dr. Stephen Henson
bab534057b
Updatde from stable branch.
2009-01-07 23:44:27 +00:00
Ben Laurie
0eab41fb78
If we're going to return errors (no matter how stupid), then we should
...
test for them!
2008-12-29 16:11:58 +00:00
Andy Polyakov
2140659b00
Incidentally http://cvs.openssl.org/chngview?cn=17710 also made it possible
...
to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit
expands it even to apps catalog and actually omits the macro in question
from Configure.
2008-12-22 14:05:42 +00:00
Dr. Stephen Henson
70531c147c
Make no-engine work again.
2008-12-20 17:04:40 +00:00
Lutz Jänicke
d88d941c87
apps/speed.c: children should not inherit buffered I/O
...
PR: 1787
Submitted by: Artur Klauser <aklauser@google.com>
2008-12-10 08:03:47 +00:00
Bodo Möller
7a76219774
Implement Configure option pattern "experimental-foo"
...
(specifically, "experimental-jpake").
2008-12-02 01:21:39 +00:00
Dr. Stephen Henson
2900fc8ae1
Don't stop -cipher from working.
2008-11-30 22:01:31 +00:00
Dr. Stephen Henson
79bd20fd17
Update from stable-branch.
2008-11-24 17:27:08 +00:00
Ben Laurie
f3b7bdadbc
Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks.
2008-11-16 12:47:12 +00:00
Ben Laurie
774b2fe700
Aftermath of a clashing size_t fix (now only format changes).
2008-11-13 09:48:47 +00:00
Dr. Stephen Henson
ed551cddf7
Update from stable branch.
2008-11-12 17:28:18 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
70d71f6185
Fix warnings: printf format mismatches on 64 bit platforms.
...
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
2008-11-02 15:41:30 +00:00
Dr. Stephen Henson
c76fd290be
Fix warnings about mismatched prototypes, undefined size_t and value computed
...
not used.
2008-11-02 12:50:48 +00:00
Ben Laurie
4d6e1e4f29
size_tification.
2008-11-01 14:37:00 +00:00
Dr. Stephen Henson
e9eda23ae6
Fix warnings and various issues.
...
C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile
2008-10-27 12:02:52 +00:00
Ben Laurie
6caa4edd3e
Add JPAKE.
2008-10-26 18:40:52 +00:00
Dr. Stephen Henson
ac786241a2
Add support for -crlnumber option in crl utility.
2008-10-22 19:54:55 +00:00
Lutz Jänicke
020d67fb89
Allow detection of input EOF in quiet mode by adding -no_ign_eof option
...
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-22 06:46:14 +00:00
Lutz Jänicke
1581f82243
Add missing "-d" to option list of openssl version.
...
Submitted by: Alex Chen <alex_chen@filemaker.com>
2008-10-20 12:53:36 +00:00
Dr. Stephen Henson
640b86cb24
Fix Warning...
2008-10-19 17:22:34 +00:00
Ben Laurie
d5bbead449
Add XMPP STARTTLS support.
2008-10-14 19:11:26 +00:00
Ben Laurie
babb379849
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90
Experimental new date handling routines. These fix issues with X509_time_adj()
...
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Bodo Möller
1a489c9af1
From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
...
Also, fix CHANGES (consistency with stable branch).
2008-09-15 20:41:24 +00:00
Dr. Stephen Henson
0702150f53
Make no-tlsext compile.
2008-09-03 12:29:57 +00:00
Dr. Stephen Henson
d43c4497ce
Initial support for delta CRLs. If "use deltas" flag is set attempt to find
...
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
9d84d4ed5e
Initial support for CRL path validation. This supports distinct certificate
...
and CRL signing keys.
2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
002e66c0e8
Support for policy mappings extension.
...
Delete X509_POLICY_REF code.
Fix handling of invalid policy extensions to return the correct error.
Add command line option to inhibit policy mappings.
2008-08-12 10:32:56 +00:00
Geoff Thorpe
4c3296960d
Remove the dual-callback scheme for numeric and pointer thread IDs,
...
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Dr. Stephen Henson
5cbd203302
Initial support for alternative CRL issuing certificates.
...
Allow inibit any policy flag to be set in apps.
2008-07-30 15:49:12 +00:00
Ralf S. Engelschall
6bcbac0abb
remove a doubled entry for '-binary' in the usage message
2008-07-27 15:51:35 +00:00
Dr. Stephen Henson
db50661fce
X509 verification fixes.
...
Ignore self issued certificates when checking path length constraints.
Duplicate OIDs in policy tree in case they are allocated.
Use anyPolicy from certificate cache and not current tree level.
2008-07-13 14:25:36 +00:00
Dr. Stephen Henson
d4cdbab99b
Avoid warnings with -pedantic, specifically:
...
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00
Geoff Thorpe
5f834ab123
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
...
version some time soon.
2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
8528128b2a
Update from stable branch.
2008-06-26 23:27:31 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
59d2d48f64
Add support for client cert engine setting in s_client app.
...
Add appropriate #ifdefs round client cert functions in headers.
2008-06-03 11:26:27 +00:00
Dr. Stephen Henson
c451bd828f
Avoid case in ca.c fix.
2008-06-02 12:10:06 +00:00
Dr. Stephen Henson
8ecfbedd85
Revert, doesn't fix warning :-(
2008-06-02 10:42:57 +00:00
Dr. Stephen Henson
c173fce4e2
Avoid cast with wrapper function.
2008-06-02 10:37:53 +00:00
Dr. Stephen Henson
c6ddacf7f8
Stop const mismatch warning.
2008-05-31 19:28:57 +00:00
Dr. Stephen Henson
ab3eafd5b5
Stop warning about extra ';' outside of function.
2008-05-31 19:17:25 +00:00
Dr. Stephen Henson
dd043cd501
Stop const mismatch warning in VC++.
2008-05-31 18:55:23 +00:00
Ben Laurie
3c1d6bbc92
LHASH revamp. make depend.
2008-05-26 11:24:29 +00:00
Lutz Jänicke
51e00db226
Document "openssl s_server" -crl_check* options
...
Submitted by: Daniel Black <daniel.subs@internode.on.net>
2008-05-19 07:52:15 +00:00
Lutz Jänicke
a92ebf2290
Provide information about "openssl dgst" -hmac option.
2008-05-19 07:43:34 +00:00
Lutz Jänicke
f49c687507
Typo. (From 0.9.8-stable/S. Henson)
...
PR: 1672
2008-05-19 06:21:05 +00:00
Dr. Stephen Henson
718f8f7a9e
Fix from stable branch.
2008-05-12 16:24:31 +00:00
Dr. Stephen Henson
4a954b56c9
Use "cont" consistently in cms-examples.pl
...
Add a -certsout option to output any certificates in a message.
Add test for example 4.11
2008-05-01 23:30:06 +00:00
Lutz Jänicke
44a877aa88
Fix incorrect return value in apps/apps.c:parse_yesno()
...
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>
2008-04-17 14:15:27 +00:00
Lutz Jänicke
6b6fe3d8e4
Correctly handle case of bad arguments supplied to rsautl
...
PR: 1659
2008-04-17 13:36:13 +00:00
Lutz Jänicke
4c1a6e004a
Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev
...
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
2008-04-17 10:19:16 +00:00
Dr. Stephen Henson
a5db50d005
Revert argument swap change... oops CMS_uncompress() was consistent...
2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1
Make CMS_uncompress() argument order consistent with other functions.
2008-04-11 17:34:13 +00:00
Richard Levitte
fc003bcecb
Synchronise with Unix build
2008-04-11 01:53:16 +00:00
Dr. Stephen Henson
e0fbd07309
Add additional parameter to CMS_final() to handle detached content.
2008-04-10 11:22:14 +00:00
Dr. Stephen Henson
7f50d9a4b0
Correct references to smime in cms app.
2008-04-09 22:09:45 +00:00
Dr. Stephen Henson
36309aa2be
Signed receipt generation code.
2008-03-28 19:43:16 +00:00
Dr. Stephen Henson
eb9d8d8cd4
Support for verification of signed receipts.
2008-03-28 13:15:39 +00:00
Geoff Thorpe
f7ccba3edf
There was a need to support thread ID types that couldn't be reliably cast
...
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
f5e2354c9d
Add support for signed receipt request printout and generation.
2008-03-26 17:40:22 +00:00
Dr. Stephen Henson
f4cc56f494
Signed Receipt Request utility functions and option on CMS utility to
...
print out receipt requests.
2008-03-26 13:10:21 +00:00
Dr. Stephen Henson
6205171362
Add support for CMS structure printing in cms utility.
2008-03-24 21:53:07 +00:00
Dr. Stephen Henson
fe591284be
Update dependencies.
2008-03-22 18:52:03 +00:00
Dr. Stephen Henson
054307e7ed
Allow alternate eContentType oids to be set in cms utility.
...
Add id-ct-asciiTextWithCRLF OID.
Give more meaninful error message is attempt to use key ID from a certificate
without a key ID.
2008-03-19 19:34:30 +00:00
Dr. Stephen Henson
eeb9cdfc94
Add support for KEK decrypt in cms utility.
2008-03-19 18:39:51 +00:00
Dr. Stephen Henson
ab12438030
Add support for KEKRecipientInfo in cms application.
2008-03-19 13:53:52 +00:00
Dr. Stephen Henson
c220e58f9e
Make 3DES default cipher in cms utility.
2008-03-18 19:03:03 +00:00
Dr. Stephen Henson
e4f0e40eac
Various tidies/fixes:
...
Make streaming support in cms cleaner.
Note errors in various S/MIME functions if CMS_final() fails.
Add streaming support for enveloped data.
2008-03-18 13:45:43 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
7c337e00d2
Fix some warnings.
2008-03-16 20:59:10 +00:00
Geoff Thorpe
7e8481afd1
Fix a nasty cast issue that my compiler was choking on.
2008-03-16 20:57:12 +00:00
Dr. Stephen Henson
4f1aa191b3
Initial support for enveloped data decrypt. Extent runex.pl to cover these
...
examples. All RFC4134 examples can not be processed.
2008-03-15 23:21:33 +00:00
Dr. Stephen Henson
d9f5f07e28
Initial support for Encrypted Data type generation.
2008-03-14 23:30:56 +00:00
Dr. Stephen Henson
1021f9aa5e
Typos.
2008-03-14 19:38:44 +00:00
Dr. Stephen Henson
b820455c6e
Encrypted Data type processing. Add options to cms utility and run section 7
...
tests in RFC4134.
2008-03-14 13:21:48 +00:00
Dr. Stephen Henson
8931b30d84
And so it begins...
...
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
52108cecc0
<strings.h> does not exist under WIN32.
2008-01-14 18:10:55 +00:00
Ben Laurie
f12797a447
Missing headers.
2008-01-12 11:22:31 +00:00
Andy Polyakov
637f90621d
Cygwin compatibility fix to apps/ocsp.c.
2008-01-05 21:32:29 +00:00
Dr. Stephen Henson
eef0c1f34c
Netware support.
...
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
341e18b497
Handle non-SHA1 digests for certids in OCSP test responder.
2007-12-14 12:43:50 +00:00
Dr. Stephen Henson
cec2538ca9
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
...
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Bodo Möller
15bd07e923
fix typos
...
Submitted by: Ernst G. Giessmann
2007-11-19 07:24:08 +00:00
Ben Laurie
fdf355878c
Fix buffer overflow.
2007-11-16 14:41:09 +00:00
Dr. Stephen Henson
0e1dba934f
1. Changes for s_client.c to make it return non-zero exit code in case
...
of handshake failure
2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).
3. Changes to EVP
- adding of function EVP_PKEY_CTX_get0_peerkey
- Make function EVP_PKEY_derive_set_peerkey work for context with
ENCRYPT operation, because we use peerkey field in the context to
pass non-ephemeral secret key to GOST encrypt operation.
- added EVP_PKEY_CTRL_SET_IV control command. It is really
GOST-specific, but it is used in SSL code, so it has to go
in some header file, available during libssl compilation
4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data
5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
make debugging output which depends on constants defined there, work
and other KSSL_DEBUG output fixes
6. Declaration of real GOST ciphersuites, two authentication methods
SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST
7. Implementation of these methods.
8. Support for sending unsolicited serverhello extension if GOST
ciphersuite is selected. It is require for interoperability with
CryptoPro CSP 3.0 and 3.6 and controlled by
SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
This constant is added to SSL_OP_ALL, because it does nothing, if
non-GOST ciphersuite is selected, and all implementation of GOST
include compatibility with CryptoPro.
9. Support for CertificateVerify message without length field. It is
another CryptoPro bug, but support is made unconditional, because it
does no harm for draft-conforming implementation.
10. In tls1_mac extra copy of stream mac context is no more done.
When I've written currently commited code I haven't read
EVP_DigestSignFinal manual carefully enough and haven't noticed that
it does an internal digest ctx copying.
This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Dr. Stephen Henson
b7fcc08976
Typo.
2007-09-28 17:18:18 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Bodo Möller
86d4bc3aea
fix length parameter in SSL_set_tlsext_opaque_prf_input() calls
2007-09-23 11:08:59 +00:00
Bodo Möller
761772d7e1
Implement the Opaque PRF Input TLS extension
...
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way. In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().
Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
2007-09-21 06:54:24 +00:00
Ben Laurie
9311c4421a
Fix dependencies. Make depend.
2007-09-19 14:53:18 +00:00
Ben Laurie
e28eddc51f
Typo? Why did this work, anyway?
2007-09-08 15:58:51 +00:00
Dr. Stephen Henson
d82a612a90
Fix warning: print format option not compatible with size_t.
2007-09-07 13:34:46 +00:00
Dr. Stephen Henson
e7e8f4b333
Fix another warning.
2007-09-07 13:27:40 +00:00
Dr. Stephen Henson
014f62b649
Add usage message for -sess_out, -sess_in
2007-08-23 12:20:36 +00:00
Dr. Stephen Henson
d24a9c8f5a
Docs and usage messages for RFC4507bis support.
2007-08-23 11:34:48 +00:00