Commit graph

1995 commits

Author SHA1 Message Date
Ulf Möller
9c4711c73a *** empty log message *** 1999-04-24 23:39:52 +00:00
Ulf Möller
b0b7b1c5ae New Configure option --openssldir to replace ssldir.pl. 1999-04-24 23:01:36 +00:00
Dr. Stephen Henson
6e781e8e07 Delete the unnecessary ERR and ERRC lines in makefiles, add some functionality
to error code script: it can now find untranslatable function codes (usually
because the function is static and not defined in a header: occasionally because
of a typo...) and unreferenced function and reason codes. To see this try:
perl util/mkerr.pl -recurse -debug
Also fixed some typos in crypto/pkcs12 that this found :-)
Also tidy up some error calls that had to be all on one line: the old error
script couldn't find codes unless the call was all on one line.
1999-04-24 13:28:57 +00:00
Dr. Stephen Henson
6d31193858 Complete rewrite of the error code generation script. It now runs as a single
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
1999-04-24 00:15:18 +00:00
Bodo Möller
018b4ee9bb Submitted by:
Reviewed by:
PR:
1999-04-23 22:38:22 +00:00
Bodo Möller
92df96077e Submitted by:
Reviewed by:
PR:
1999-04-23 22:20:21 +00:00
Bodo Möller
85f48f7e93 Don't return 0 from ssl2_read when a packet with empty payload is received.
Submitted by:
Reviewed by:
PR:
1999-04-22 14:28:38 +00:00
Bodo Möller
90b8bbb8da Submitted by:
Reviewed by:
PR:
1999-04-22 13:38:03 +00:00
Dr. Stephen Henson
4cd401e401 Oops! Fixup CHANGES. 1999-04-21 17:46:23 +00:00
Dr. Stephen Henson
d943e37241 Suppport for CRL distribution points extension. Also document some of
this stuff.
1999-04-21 17:44:45 +00:00
Ulf Möller
8e10f2b3ac Move all autogenerated header file parts to crypto/opensslconf.h. 1999-04-21 17:31:05 +00:00
Ben Laurie
4997138a06 Fix DES export ciphersuites. 1999-04-21 13:24:58 +00:00
Ulf Möller
95dc05bc6d Fix lots of warnings.
Submitted by: Richard Levitte <levitte@stacken.kth.se>
1999-04-20 22:50:42 +00:00
Ulf Möller
8fb04b9803 Problems with 64-bit long.
Pointed out by Andy Polyakov <appro@fy.chalmers.se>.
1999-04-20 16:23:03 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Dr. Stephen Henson
3edd7ed15d Finish off support for Certificate Policies extension. 1999-04-19 17:55:11 +00:00
Ulf Möller
df82f5c85c Fix typos in error codes. 1999-04-19 14:45:02 +00:00
Ulf Möller
22a4f969b9 Defunct assembler files removed; various cleanups.
New Ultrix and Alpha entries submitted by Bernhard Simon
<simon@zid.tuwien.ac.at>.
1999-04-19 13:54:11 +00:00
Ulf Möller
5e85b6abaf SPARC v8 assembler BIGNUM code.
Submitted by: Andy Polyakov <appro@fy.chalmers.se>
1999-04-19 13:41:45 +00:00
Dr. Stephen Henson
41b731f2f8 Initial support for Certificate Policies extension: print out works but setting
isn't fully implemented (yet).
1999-04-18 23:21:03 +00:00
Dr. Stephen Henson
c83e523d7f Allow asn1parse to print out VISIBLESTRING and some code needed for certificate
policies extension.
1999-04-17 23:55:39 +00:00
Ben Laurie
e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Dr. Stephen Henson
d77b3054cd Add support for VISIBLESTRING and UTF8String 1999-04-17 15:53:32 +00:00
Dr. Stephen Henson
1d48dd0019 Add initial support for r2i RAW extensions which can access the config database
add various X509V3_CTX helper functions and support for LHASH as the config
database.
1999-04-16 23:57:04 +00:00
Dr. Stephen Henson
953937bdc6 Fix a horrible BN bug in bn_expand2 which caused BN_add_word() et al to fail
when they cause the destination to expand.

To see how evil this is try this:

#include <pem.h>
main()
{
	BIGNUM *bn = NULL;
        int i;
	bn = BN_new();
	BN_hex2bn(&bn, "FFFFFFFF");
	BN_add_word(bn, 1);
	printf("Value %s\n", BN_bn2hex(bn));
}

This would typically fail before the patch.

It also screws up if you comment out the BN_hex2bn line above or in any
situation where BN_add_word() causes the number of BN_ULONGs in the result
to change (try doubling the number of FFs).
1999-04-15 23:07:00 +00:00
Dr. Stephen Henson
28a98809d1 Add some utilities to support SXNet extension also add support in DEF files
generator to typesafe stacks.
1999-04-14 23:44:41 +00:00
Ben Laurie
8f7de4f04c Typo. 1999-04-14 11:13:47 +00:00
Dr. Stephen Henson
0490a86d01 Delete all the old X509V3 pack and unpack stuff and various structures and
files associated with them. This stuff is all obsoleted by the new X509V3 code.
1999-04-13 23:56:39 +00:00
Ulf Möller
5fbe91d86b New Configure option "rsaref". 1999-04-13 00:58:49 +00:00
Bodo Möller
5fd4e2b16b Don#t auto-generate crypto/pem/pem.h -- a fixed file is fine for it.
Submitted by:
Reviewed by:
PR:
1999-04-12 19:58:17 +00:00
Ben Laurie
f73e07cf42 Add type-safe STACKs and SETs. 1999-04-12 17:23:57 +00:00
Ralf S. Engelschall
f9a2593163 Add `openssl ca -revoke <certfile>' facility which revokes a certificate
specified in <certfile> by updating the entry in the index.txt file.
This way one no longer has to edit the index.txt file manually for
revoking a certificate. The -revoke option does the gory details now.

Submitted by: Massimiliano Pala <madwolf@openca.org>
Cleaned up and integrated by: Ralf S. Engelschall
1999-04-12 11:45:14 +00:00
Ralf S. Engelschall
2f0cd19533 Fix openssl crl -noout -text' combination where -noout' killed the `-text'
option at all and this way the `-noout -text' combination was inconsistent in
`openssl crl' with the friends in `openssl x509|rsa|dsa'.
1999-04-12 10:36:16 +00:00
Ralf S. Engelschall
268c2102e3 Make sure a corresponding plain text error message exists for the
X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
verify callback function determined that a certificate was revoked.
1999-04-12 09:59:05 +00:00
Bodo Möller
fc8ee06b4d Submitted by:
Reviewed by:
PR:
1999-04-11 02:49:35 +00:00
Bodo Möller
c7ac31e26e Bugfix: s_client occasionally would sleep in select() when it should
have checked SSL_pending() first.
Submitted by:
Reviewed by:
PR:
1999-04-09 20:54:25 +00:00
Ulf Möller
9d892e2855 recent changes. 1999-04-09 17:04:32 +00:00
Dr. Stephen Henson
d2e26dccd1 Add PKCS#5 v2.0 ASN1 structures. 1999-04-08 23:55:42 +00:00
Ulf Möller
99aab1619f New Makefile variables $(RANLIB) and $(PERL). 1999-04-01 12:34:33 +00:00
Ulf Möller
2613c1fa2f New option to generate 80386 code. 1999-03-31 12:38:27 +00:00
Bodo Möller
6d02d8e444 New option "-showcerts" for s_client
Slight cleanup in ssl/
1999-03-31 12:06:30 +00:00
Dr. Stephen Henson
ee0508d411 Include pkcs12 program as part of openssl. This completes most of the PKCS#12
integration.
1999-03-29 17:50:26 +00:00
Dr. Stephen Henson
8d8c7266d4 Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add
them to the build environment.
1999-03-28 23:17:34 +00:00
Dr. Stephen Henson
cfcefcbe2a Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-28 17:46:10 +00:00
Dr. Stephen Henson
4b518c2601 This is the beginning of PKCS#12 integration. This just adds the PKCS#12
objects to objects.h

NOTE: during this integration it will not be possible to compile my PKCS#12
program against OpenSSL because there will be conflicts between the external
functionality and that being added to the core code.
1999-03-28 01:00:56 +00:00
Dr. Stephen Henson
785cdf2048 Add initial support for Thawte strong extranet certificate extensions and
include an 'indent' option to V3 stuff.
1999-03-27 14:06:25 +00:00
Ben Laurie
ba423adddd Linux PPC support. 1999-03-27 13:03:37 +00:00
Ben Laurie
67da3df72e Fix Alpha assembler, remove redundant file. 1999-03-27 12:53:21 +00:00
Ralf S. Engelschall
0e9fc7115b Make sure the RSA OAEP test is skipped under -DRSAref because
OAEP isn't supported when OpenSSL is built with RSAref.

Submitted by: Ulf Moeller <ulf@fitug.de>
Reviewed by: Ralf S. Engelschall
1999-03-25 07:49:33 +00:00
Ralf S. Engelschall
1b276f3012 Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h
so they no longer are missing under -DNOPROTO.

Submitted by: Soren S. Jorvang <soren@t.dk>
Reviewed by: Ralf S. Engelschall
1999-03-24 10:24:35 +00:00
Ralf S. Engelschall
72e442a3a6 function names recently changed - consistency. 1999-03-22 15:50:34 +00:00
Ralf S. Engelschall
e98b5b58a0 Be consistent: 0.9.2b 1999-03-22 14:54:52 +00:00
Ben Laurie
b4cadc6e13 Fix security hole. 1999-03-22 12:22:14 +00:00
Ralf S. Engelschall
afb2306346 Some more source tree cleanups (removed obsolete files crypto/bf/asm/bf586.pl,
test/test.txt and crypto/sha/asm/f.s; changed permission on "config" script to
be executable) and a fix for the INSTALL document.

Submitted by: Ulf Moeller <ulf@fitug.de>
Reviewed by: Ralf S. Engelschall
1999-03-20 13:04:12 +00:00
Dr. Stephen Henson
199d59e5a1 Remove some references which called malloc and free instead of Malloc and Free. 1999-03-14 01:16:45 +00:00
Ben Laurie
b4899bb1fa Fail if test fails. 1999-03-12 20:41:09 +00:00
Ben Laurie
29c0fccba8 Solaris shared library support. 1999-03-12 20:26:27 +00:00
Ben Laurie
cadf126b99 Use the right compiler for ctx_size. 1999-03-12 19:58:43 +00:00
Dr. Stephen Henson
bc420ac592 Delete NULL ciphers from 'ALL' in the cipher list aliases. This means that
NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This
prevents cipher lists from inadvertantly having NULL ciphers at the top
of their list (e.g. the default ones) because they didn't have to be taken
into account before.
1999-03-12 01:43:28 +00:00
Dr. Stephen Henson
abd4c91527 Fix for RSA private key encryption if p < q. This took ***ages*** to track down. 1999-03-11 02:42:13 +00:00
Ralf S. Engelschall
7e37e72a3d Be less restrictive and allow also `perl util/perlpath.pl /path/to/bin/perl'
in addition to `perl util/perlpath.pl /path/to/bin', because this way one can
also use an interpreter named `perl5' (which is usually the name of Perl 5.xxx
on platforms where an Perl 4.x is still installed as `perl').

Submitted by: Matthias Loepfe <Matthias.Loepfe@adnovum.ch>
Reviewed by: Ralf S. Engelschall
1999-03-10 19:57:05 +00:00
Ralf S. Engelschall
637691e6b4 Let util/clean-depend.pl work also with older Perl 5.00x versions.
Submitted by: Matthias Loepfe <Matthias.Loepfe@adnovum.ch>
Reviewed by: Ralf S. Engelschall
1999-03-10 19:51:43 +00:00
Dr. Stephen Henson
381380206b Fix couple of ANSI declarations and prototypes 1999-03-10 18:30:48 +00:00
Dr. Stephen Henson
83ec54b40d Make CC,CFLAG etc get passed to make links and various Win32 fixes. 1999-03-10 01:37:33 +00:00
Ben Laurie
b241fefd98 Fix quad checksum bug. 1999-03-09 11:37:23 +00:00
Dr. Stephen Henson
d4d2f98c59 Comment out two unimplemented functions from bio.h. Attempt to get the
Win32 test batch file going again.
1999-03-09 03:01:48 +00:00
Dr. Stephen Henson
0cc395796b Add missing funtions from non ANSI section of header files and add missing
ordinals to libeay.num.
1999-03-08 22:46:56 +00:00
Ralf S. Engelschall
d10f052be5 Make `openssl version' output lines consistent. 1999-03-08 12:35:01 +00:00
Ralf S. Engelschall
c0e538e117 Fix Win32 symbol export lists for BIO functions: Added BIO_get_ex_new_index,
BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data to ms/libeay{16,32}.def.
I'm not a Win32 hacker, but I think I've done it correctly.

Steve or Ben: can you confirm that it's correct?
              I don't want to break any Win32 stuff.
1999-03-08 11:41:26 +00:00
Ralf S. Engelschall
84107e6ca8 Second round of fixing the OpenSSL perl/ stuff. It now at least compiled fine
under Unix and passes some trivial tests I've now added. But the whole stuff
is horribly incomplete, so a README.1ST with a disclaimer was added to make
sure no one expects that this stuff really works in the OpenSSL 0.9.2 release.
Additionally I've started to clean the XS sources up and fixed a few little
bugs and inconsistencies in OpenSSL.{pm,xs} and openssl_bio.xs.

PS: I'm still not convinces whether we should try to make this
    finally running or kick it out and replace it with some
    other module....
1999-03-08 11:25:49 +00:00
Ben Laurie
efadf60f9c Don't make links on Windoze. 1999-03-07 15:21:08 +00:00
Ben Laurie
26a0846fc1 Fix perl assembler. 1999-03-07 15:08:38 +00:00
Ben Laurie
7d3ce7ba37 Linux MIPS support. 1999-03-07 14:17:32 +00:00
Ben Laurie
cba5068d10 Always make links. 1999-03-07 14:05:36 +00:00
Dr. Stephen Henson
1756d405cc Added support for adding extensions to CRLs, also fix a memory leak and
make 'req' check the config file syntax before it adds extensions. Added
info in the documentation as well.
1999-03-06 19:33:29 +00:00
Ralf S. Engelschall
116e315303 Add a useful kludge to allow package maintainers to specify compiler and other
platforms details on the command line without having to patch the Configure
script everytime: One now can use ``perl Configure <id>:<details>'', i.e.
platform ids are allowed to have details appended to them (seperated by
colons). This is treated as there would be a static pre-configured entry in
Configure's %table under key <id> with value <details> and ``perl Configure
<id>'' is called.  So, when you want to perform a quick test-compile under
FreeBSD 3.1 with pgcc and without assembler stuff you can use ``perl Configure
"FreeBSD-elf:pgcc:-O6:::"'' now, which overrides the FreeBSD-elf entry
on-the-fly.

(PS: Notice that the same effect _cannot_ be achieved by using
     ``make CC=pgcc ..'' etc, because you cannot override all
     things from there.)
1999-03-06 16:07:47 +00:00
Ben Laurie
bc3482442a Disable new TLS1 ciphersuites. 1999-03-06 15:21:02 +00:00
Ralf S. Engelschall
3eb0ed6d91 Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified on the `perl
Configure ...' command line. This way one can compile OpenSSL libraries with
Position Independent Code (PIC) which is needed for linking it into DSOs.
1999-03-06 14:35:03 +00:00
Ben Laurie
f415fa3243 Fix export ciphersuites, again. 1999-03-06 14:09:36 +00:00
Ralf S. Engelschall
2c6ccde1f7 just a little typo 1999-03-06 14:01:29 +00:00
Ralf S. Engelschall
0b903ec018 Cleaned up the LICENSE document: The official contact for any license
questions now is the OpenSSL core team under openssl-core@openssl.org.  And
add a paragraph about the dual-license situation to make sure people recognize
that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply to the OpenSSL
toolkit.
1999-03-06 13:29:09 +00:00
Ralf S. Engelschall
bb8f3c5879 General source tree makefile cleanups: Made `making xxx in yyy...' display
consistent in the source tree and replaced `/bin/rm' by `rm'.  Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.
1999-03-06 12:32:06 +00:00
Ben Laurie
988788f697 Permit null ciphers. 1999-03-06 12:09:36 +00:00
Dr. Stephen Henson
924acc5451 Fix the PKCS#7 stuff: signature verify could fail if attributes reordered, the
detached data encoding was wrong and free up public keys.
1999-03-05 02:05:15 +00:00
Dr. Stephen Henson
d00b7aad5a Workaround for a Win95 console bug triggered by the password read stuff. 1999-03-05 01:07:04 +00:00
Dr. Stephen Henson
9985bed331 Deleted my str_dup() function from X509V3: the same functionality is provided
by BUF_MEM_strdup(). Added text documentation to the BUF_MEM stuff.
1999-03-04 23:29:51 +00:00
Ralf S. Engelschall
789285aa96 Added the new `Includes OpenSSL Cryptography Software' button as
doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
button and can be used by applications based on OpenSSL to show the
relationship to the OpenSSL project.

PS: This beast caused me three hours to create, because
    of the size I had to hand-paint the 7pt fonts in Photoshop.
1999-03-04 12:55:42 +00:00
Ralf S. Engelschall
a06c602e6f Remove confusing variables in function signatures in files
ssl/ssl_lib.c and ssl/ssl.h. At least the double ctx-variable
confused some compilers.

Submitted by: Lennart Bong <lob@kulthea.stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-03-04 07:54:01 +00:00
Ralf S. Engelschall
8d697db1d0 Don't install bss_file.c under PREFIX/include/. It was introduced by Eric
between SSLeay 0.8 and 0.9 and just looks useless and confusing.

Pointed out by: Lennart Bong <lob@kulthea.stacken.kth.se>
Submitted by: Ralf S. Engelschall
1999-03-04 07:47:27 +00:00
Dr. Stephen Henson
06c6849124 Fix the Win32 compile environment and add various changes so it will now compile
under Win32 (9X and NT) again. Note: some signed/unsigned changes recently
checked in were killing the Win32 compile.
1999-03-03 02:01:26 +00:00
Ben Laurie
eb90a483ad Add functions to add certs to stacks, used for CA file/path stuff in servers. 1999-02-28 17:41:55 +00:00
Ben Laurie
4f43d0e71f Experiment with doxygen documentation. 1999-02-28 12:41:50 +00:00
Ralf S. Engelschall
74d7abc2ab Get rid of remaining C++-style comments which strict C compilers hate.
(Pointed out by Carlos Amengual).
1999-02-27 12:17:40 +00:00
Dr. Stephen Henson
7283ecea22 BN_RECURSION causes the stuff in bn_mont.c to fall over for large keys. For
now change it to BN_RECURSION_MONT so it isn't compiled in.
1999-02-26 01:37:34 +00:00
Ralf S. Engelschall
15d21c2df4 Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH
private keys and/or callback functions which directly correspond to their
SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
for applications which have to configure certificates on a per-connection
basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
s_server).

For the RSA certificate situation is makes no difference, but for the DSA
certificate situation this fixes the "no shared cipher" problem where the
OpenSSL cipher selection procedure failed because the temporary keys were not
overtaken from the context and the API provided no way to reconfigure them.

The new functions now let applications reconfigure the stuff and they are in
detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
non-public-API function ssl_cert_instantiate() is used as a helper function
and also to reduce code redundancy inside ssl_rsa.c.

Submitted by: Ralf S. Engelschall
Reviewed by: Ben Laurie
1999-02-25 14:40:29 +00:00
Ralf S. Engelschall
ea14a91f64 Move s_server -dcert and -dkey options out of the undocumented feature area
because they are useful for the DSA situation and should be recognized by the
users. Thanks to Steve for the original hint.
1999-02-25 11:26:26 +00:00
Ralf S. Engelschall
90a52cecaf Fix the cipher decision scheme for export ciphers: the export bits are *not*
within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK.  So, the
original variable has to be used instead of the already masked variable.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 11:03:18 +00:00
Ralf S. Engelschall
def9f43151 Fix 'port' variable from int' to unsigned int' in crypto/bio/b_sock.c
Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 10:54:27 +00:00
Ralf S. Engelschall
8aef252bf4 Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
from `int' to `unsigned int' because it's a length and initialized by
EVP_DigestFinal() which expects an `unsigned int *'.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 10:47:24 +00:00
Ralf S. Engelschall
a4ed5532a8 Don't hard-code path to Perl interpreter on shebang line of Configure
script. Instead use the usual Shell->Perl transition trick.
1999-02-25 08:48:52 +00:00
Ralf S. Engelschall
7be304acdb Make `openssl x509 -noout -modulus' functional also for DSA certificates (in
addition to RSA certificates) to match the behaviour of `openssl dsa -noout
-modulus' as it's already the case for `openssl rsa -noout -modulus'.  For RSA
the -modulus is the real "modulus" while for DSA currently the public key is
printed (a decision which was already done by `openssl dsa -modulus' in the
past) which serves a similar purpose.  Additionally the NO_RSA no longer
completely removes the whole -modulus option; it now only avoids using the RSA
stuff. Same applies to NO_DSA now, too.
1999-02-24 17:17:31 +00:00
Ben Laurie
55ab3bf7f9 Add reliable BIO. 1999-02-23 21:44:34 +00:00
Dr. Stephen Henson
a43aa73e3b Redo the way 'req' and 'ca' add objects: add support for oid_section. 1999-02-23 00:07:46 +00:00
Ben Laurie
0849d13811 Add syslogging BIO. 1999-02-22 21:21:08 +00:00
Ben Laurie
06ab81f9f7 Add support for new TLS export ciphersuites. 1999-02-21 20:03:24 +00:00
Dr. Stephen Henson
deff75b634 Add preliminary user level config documentation for extension stuff. Programming
info will come later...

Feel free to reformat and tidy this up...
1999-02-21 17:41:08 +00:00
Dr. Stephen Henson
0c8a1281d0 Make RSA_NO_PADDING really use no padding.
Submitted by: Ulf Moeller <ulf@fitug.de>
1999-02-21 17:39:07 +00:00
Ben Laurie
4004dbb7f6 Generate errors when public/private key check is done. 1999-02-20 11:50:07 +00:00
Dr. Stephen Henson
0ca5f8b15c Overhaul 'crl' application, add a proper X509_CRL_print function and start
to support CRL extensions.
1999-02-19 01:29:29 +00:00
Dr. Stephen Henson
3d8accc3ae Fuller authority key id support, partial support for private key usage extension
and really fix the ASN.1 IMPLICIT bug this time :-)
1999-02-17 23:21:01 +00:00
Ben Laurie
a49498969e Add OAEP. 1999-02-17 21:11:08 +00:00
Mark J. Cox
413c4f45ed Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Fix so that the version number in the master secret, when passed
     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
     (because the server will not accept higher), that the version number
     is 0x03,0x01, not 0x03,0x00
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Submitted by:
Reviewed by:
PR:
1999-02-16 09:22:21 +00:00
Dr. Stephen Henson
a8236c8c32 Fix various memory leaks in SSL, apps and DSA 1999-02-15 21:05:21 +00:00
Dr. Stephen Henson
388ff0b076 Add support for raw extensions. This means that you can include the DER encoding
of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this
technique currently unsupported extensions can be generated if you know their
DER encoding. Even if the extension is supported in future the raw extension
will still work: that is the raw version can always be used even if it is a
supported extension.
1999-02-14 16:48:22 +00:00
Ralf S. Engelschall
6013fa8395 Make sure latest Perl versions don't interpret some generated C array as Perl
array code in the crypto/err/err_genc.pl script.

Submitted by: Lars Weber <3weber@informatik.uni-hamburg.de>
Reviewed by: Ralf s. Engelschall
1999-02-14 13:21:52 +00:00
Dr. Stephen Henson
5c00879ef0 More Win32 fixes and upsdate INSTALL.W32 documentation. 1999-02-14 00:40:13 +00:00
Dr. Stephen Henson
9becf66621 Oops... add other changes this time too. 1999-02-13 23:13:32 +00:00
Ben Laurie
4e31df2cd7 Fix ghastly DES declarations, and all consequential warnings. 1999-02-13 18:52:38 +00:00
Dr. Stephen Henson
e4119b9311 Fix typo in asn1.h (PRINTABLESTRING_STRING) and fix a bug in object creation
perl script. It failed if the OID had any zeros in it.
1999-02-13 17:15:32 +00:00
Ben Laurie
4a71b90deb Add support for 3DES CBCM mode. 1999-02-13 15:03:47 +00:00
Ben Laurie
436d318c80 In the absence of feedback either way, commit the fix that looks right for
wrong keylength with export null ciphers.
1999-02-13 12:39:50 +00:00
Dr. Stephen Henson
55a9cc6e47 Make the 'crypto' and 'ssl' options in the perl script mkdef.pl really work,
also add an 'update' option to automatically append any new functions to the
ssleay.num and libeay.num files.
1999-02-11 01:39:30 +00:00
Ralf S. Engelschall
8073036dd6 Overhauled the Perl interface (perl/*):
- ported BN stuff to OpenSSL's different BN library

- made the perl/ source tree CVS-aware

- renamed the package from SSLeay to OpenSSL (the files still contain
  their history because I've copied them in the repository)

- removed obsolete files (the test scripts will be replaced
  by better Test::Harness variants in the future)
1999-02-10 09:38:31 +00:00
Ralf S. Engelschall
483fdf1883 Remember the cleanup 1999-02-10 08:34:01 +00:00
Dr. Stephen Henson
175b0942ec More extension code. Incomplete support for subject and issuer alt
name, issuer and authority key id. Change the i2v function parameters
and add an extra 'crl' parameter in the X509V3_CTX structure: guess
what that's for :-) Fix to ASN1 macro which messed up
IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
1999-02-10 01:12:59 +00:00
Dr. Stephen Henson
bceacf938f Support for ASN1 ENUMERATED type. This copies and duplicates the ASN1_INTEGER
code and adds support to ASN1_TYPE and asn1parse.
1999-02-09 01:29:37 +00:00
Mark J. Cox
351d899878 Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
Submitted by: Eric A Young - from changes to C2Net SSLeay
Reviewed by: Mark Cox
PR:
1999-01-31 12:14:39 +00:00
Ralf S. Engelschall
b621d77258 Make sure make rehash' target really finds the openssl' program. 1999-01-31 11:10:10 +00:00
Ben Laurie
a96e7810e2 Squeeze a bit more speed out of MD5 assembler. 1999-01-30 17:53:00 +00:00
Ralf S. Engelschall
e04a6c2b35 Add CygWin32 platform information to Configure script.
Submitted by: Alan Batie <batie@aahz.jf.intel.com>
1999-01-30 11:50:48 +00:00
Ralf S. Engelschall
0172f988c7 Fixed ms/32all.bat script: no_asm' -> no-asm'
Submitted by: Rainer W. Gerling <gerling@mpg-gv.mpg.de>
Reviewed by: Ralf S. Engelschall
1999-01-30 11:36:05 +00:00
Dr. Stephen Henson
79dfa97555 New program 'nseq' added to apps to allow Netscape certificate sequences to
be pulled apart and built.
1999-01-29 23:34:19 +00:00
Dr. Stephen Henson
9fe84296a4 Allow the -certfile argument to be used multiple times in crl2pkcs7.
Also fix typos in the usage messages: "inout" instead of "input".
1999-01-29 01:53:55 +00:00
Mark J. Cox
a0a5407901 Fixes to BN code. Previously the default was to define BN_RECURSION
but the BN code had some problems that would cause failures when
doing certificate verification and some other functions.

Submitted by: Eric A Young from a C2Net version of SSLeay
Reviewed by: Mark J Cox
PR:
1999-01-28 10:40:38 +00:00
Dr. Stephen Henson
92c046cac0 Add ASN1 code for netscape certificate sequences. 1999-01-28 00:16:44 +00:00
Dr. Stephen Henson
a27598bf7e Add a few extended key usage OIDs. 1999-01-26 23:13:14 +00:00
Dr. Stephen Henson
b2347661ce Still more X509 V3 stuff. Modify ca.c to work with the new code and modify
openssl.cnf for the new syntax.
1999-01-26 01:19:27 +00:00
Dr. Stephen Henson
f317aa4c9c More X509 V3 stuff. Add support for extensions in the 'req' application
so that: openssl req -x509 -new -out cert.pem
will take extensions from openssl.cnf a sample for a CA is included.
Also change the directory order so pem is nearer the end. Otherwise 'make links'
wont work because pem.h can't be built.
1999-01-25 01:09:21 +00:00
Dr. Stephen Henson
834eeef995 Continuing adding X509 V3 support. This starts to integrate the code with
the main library, but only with printing at present. To see this try:
openssl x509 -in cert.pem -text
on a certificate with some extensions in it.
1999-01-24 17:50:32 +00:00
Dr. Stephen Henson
9aeaf1b4a7 Initial addition of new X509 V3 files, tidy of old files. 1999-01-24 00:50:01 +00:00
Dr. Stephen Henson
9b5cc156f3 Continued patches so certificates and CRLs now can support and use
GeneralizedTime.
1999-01-20 00:14:40 +00:00
Ben Laurie
8039257dbc Finally lay dependencies to rest (I hope!). 1999-01-19 21:36:31 +00:00
Ben Laurie
b13a155492 Spelling mistake. 1999-01-19 19:18:20 +00:00
Dr. Stephen Henson
6c8abdd744 New err_code.pl script to retain old error codes. This should allow the use
of 'make errors' without causing huge re-organisations of files when a new
code is added.
1999-01-18 22:18:38 +00:00
Ben Laurie
649cdb7be9 Fix major cockup with short keys in CAST-128. 1999-01-17 16:26:24 +00:00
Dr. Stephen Henson
fdd3b64215 Update CHANGES for GeneralizedTime info. 1999-01-17 15:10:33 +00:00
Ben Laurie
dabba1104b Correct Linux 1 recognition.
Contributed by: Ulf Möller <ulf@fitug.de>
1999-01-17 14:20:20 +00:00
Ben Laurie
512d222830 Remove pointless MD5 hash.
Contributed by: Anonymous <nobody@replay.com>
1999-01-17 14:14:41 +00:00
Ben Laurie
2c1ef383ae Generate an error on an invalid directory. 1999-01-17 14:10:08 +00:00
Ben Laurie
c3ae9a4851 More prototypes. 1999-01-16 18:46:23 +00:00
Dr. Stephen Henson
ee13f9b165 Fix parameters to dummy function BN_ref_mod_exp(). 1999-01-14 18:25:07 +00:00
Dr. Stephen Henson
27eb622b78 Submitted by: Neil Costigan <neil.costigan@celocom.com>
PR:
1999-01-14 18:21:57 +00:00
Dr. Stephen Henson
2d723902a0 Fix OBJ_txt2nid(): old function was broken when input used the "dot" form, e.g.
1.2.3.4 . Also added new function OBJ_txt2obj().
1999-01-12 18:40:33 +00:00
Ben Laurie
a6801a91cd Add prototype, fix parameter passing bug. 1999-01-10 20:36:02 +00:00
Ben Laurie
50acf46b92 Sort openssl functions by name. 1999-01-09 19:15:59 +00:00
Dr. Stephen Henson
7f9b7b074d Fix the gendsa program and add it to the app list. The progs.h file is
auto generated but not auto updated so it is included. Also remove the
encryption from the sample DSA keys.
1999-01-09 17:29:34 +00:00
Ben Laurie
e03ddfae7e Accept NULL in *_free. 1999-01-07 19:15:59 +00:00
Ben Laurie
6fa89f94c4 Fix DH key generation.
Contributed by: Anonymous <nobody@replay.com>
1999-01-07 00:37:01 +00:00
Ben Laurie
c13d4799dd Send the right CAs to the client. 1999-01-07 00:16:37 +00:00
Ben Laurie
bc4deee07a Fix numeric -newkey args.
Contributed by: Bodo Moeller <3moeller@informatik.uni-hamburg.de>
1999-01-07 00:10:32 +00:00
Ben Laurie
5b00115ab0 Fix export tests. 1999-01-06 23:18:08 +00:00
Ben Laurie
f8c3c05db9 Make the world a safer place (if people object to this kind of change, speak up
soon - I intend to do a lot of it!).
1999-01-06 22:53:34 +00:00
Dr. Stephen Henson
384c479c85 Oops! update CHANGES file properly. 1999-01-06 01:41:21 +00:00
Dr. Stephen Henson
ad65ce755e Fix things so DH_free() will be no-op when passed NULL, like RSA_free() and
DSA_free(): this was causing crashes when for example an attempt was made
to handle a (currently) unsupported DH public key. Also X509_PUBKEY_set()i
wasn't checking errors from d2i_PublicKey().
1999-01-06 01:39:24 +00:00
Ben Laurie
e416ad9772 Free the right thing. 1999-01-04 21:43:32 +00:00
Ben Laurie
4a18cddd16 Only free if it ain't NULL. 1999-01-04 21:39:34 +00:00
Ben Laurie
bb65e20b1c Remove the bugfix that was really a bug.
Submitted by: Arne Ansper <arne@ats.cyber.ee>
1999-01-04 20:11:31 +00:00
Ben Laurie
b5e406f755 Pass on BIO_CTRL_FLUSH.
Submitted by: Arne Ansper <arne@ats.cyber.ee>
1999-01-04 19:55:12 +00:00
Ralf S. Engelschall
cb0f35d716 Make sure the already existing X509_STORE->depth variable is initialized
in X509_STORE_new(), but document the fact that this variable is still
unused in the certificate verification process.
1999-01-03 15:31:11 +00:00
Dr. Stephen Henson
cfcf645356 Make sure applications free up pkey structures and add netscape extension
handling to x509.c
1999-01-03 01:08:33 +00:00
Ben Laurie
cdbb8c2f26 Fix reference counting. 1999-01-02 19:04:27 +00:00
Ralf S. Engelschall
06d5b16225 First cut of a cleanup for apps/. First the `ssleay' program is now named
`openssl' and second, the shortcut symlinks for the `openssl <command>' are no
longer created. This way we have a single and consistent command line
interface `openssl <command>', similar to `cvs <command>'.

Notice, the openssl.cnf, openssl.c and progs.pl files were changed after a
repository copy, i.e. they still contain the complete file history.
1999-01-02 12:59:33 +00:00
Dr. Stephen Henson
c35f549e8b Move DSA test in ca.c inside #ifdef and make pubkey BIT STRING always have
zero unused bits.
1999-01-02 01:53:06 +00:00
Dr. Stephen Henson
ebc828cad9 Add extended key usage OID and update STATUS file. 1999-01-01 18:43:44 +00:00
Paul C. Sutton
79e259e3ce Make the installation documentation easier to follow. 1999-01-01 14:04:07 +00:00
Paul C. Sutton
56ee3117a5 Makefiles updated to exit if an error occurs in a sub-directory make
(including if user presses ^C)
1999-01-01 12:51:11 +00:00
Ben Laurie
6063b27bb6 Document recent changes. 1998-12-31 17:11:46 +00:00
Ralf S. Engelschall
9cb0969f65 Fix version stuff:
1. The already released version was 0.9.1c and not 0.9.1b

2. The next release should be 0.9.2 and not 0.9.1d, because
   first the changes are already too large, second we should avoid any more
   0.9.1x confusions and third, the Apache version semantics of
   VERSION.REVISION.PATCHLEVEL for the version string is reasonable (and here
   .2 is already just a patchlevel and not major change).
tVS: ----------------------------------------------------------------------
1998-12-31 09:36:40 +00:00
stephen
792a90020f Update CHANGES file for latest additions 1998-12-31 01:35:07 +00:00
Ralf S. Engelschall
88fce97953 MIME encoding and ISO chars at the same time messes up the stuff 1998-12-30 23:09:13 +00:00
Ralf S. Engelschall
ce72df1c6a Ops, forgot to commit the changes entry in recent commit... 1998-12-30 23:07:32 +00:00
Ben Laurie
4098e89cbf Fix incorrect DER encoding of SETs and all knock-ons from that. 1998-12-29 21:43:55 +00:00
Ben Laurie
03f8b04277 Add prototypes. Make Montgomery stuff explicitly for that purpose. 1998-12-29 17:22:31 +00:00
Ben Laurie
8d7ed6ff90 Deal with generated files. 1998-12-28 21:58:19 +00:00
Ben Laurie
9228157c07 Typo. 1998-12-28 17:15:43 +00:00
Ben Laurie
5dcdcd475c Autodetect FreeBSD 3. 1998-12-28 17:14:28 +00:00
Ben Laurie
1641cb6043 Add strictness, fix variable substition bugs. 1998-12-28 17:08:48 +00:00
Ralf S. Engelschall
ae82b46ffb Test for new CVS repository 1998-12-26 12:42:56 +00:00
Ralf S. Engelschall
320a14cb5b *** empty log message *** 1998-12-23 12:09:47 +00:00
Ralf S. Engelschall
f10a5c2a96 *** empty log message *** 1998-12-23 08:18:47 +00:00
Ralf S. Engelschall
9ce5db45be *** empty log message *** 1998-12-23 07:58:53 +00:00
Ralf S. Engelschall
9acc2aa6d1 *** empty log message *** 1998-12-23 07:42:26 +00:00
Ralf S. Engelschall
f1c236f849 Switch to OpenSSL name 1998-12-23 07:38:54 +00:00
Ralf S. Engelschall
13e91dd365 Incorporation of RSEs assembled patches 1998-12-22 15:59:57 +00:00
Ralf S. Engelschall
651d0aff98 Various cleanups and fixed by Marc and Ralf to start the OpenTLS project 1998-12-22 15:04:48 +00:00