Commit graph

1459 commits

Author SHA1 Message Date
Dr. Stephen Henson
b4c81fb6db Update from 0.9.8-stable 2009-07-24 11:15:55 +00:00
Dr. Stephen Henson
5fda10c6f1 Oops, use right function name... 2009-07-14 15:14:39 +00:00
Dr. Stephen Henson
0190aa7353 Update from HEAD. 2009-07-13 11:40:46 +00:00
Dr. Stephen Henson
a2da5c7daa Make update. 2009-07-08 09:13:24 +00:00
Dr. Stephen Henson
e323afb0ce Update from HEAD. 2009-06-30 16:10:24 +00:00
Dr. Stephen Henson
6e07229564 PR: 1966
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Reviewed by: steve@openssl.org

Make no-ocsp work properly.
2009-06-30 15:08:38 +00:00
Dr. Stephen Henson
fa07f00aaf Update from HEAD. 2009-06-29 16:09:58 +00:00
Dr. Stephen Henson
710c1c34d1 Allow checking of self-signed certifictes if a flag is set. 2009-06-26 11:28:52 +00:00
Dr. Stephen Henson
6178da0142 Update from HEAD. 2009-06-17 12:05:51 +00:00
Dr. Stephen Henson
43dc001b62 Update from HEAD. 2009-06-17 11:33:17 +00:00
Dr. Stephen Henson
67d8ab07e6 Stop warning if dtls disabled. 2009-06-05 14:56:48 +00:00
Dr. Stephen Henson
0454f2c490 PR: 1929
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

Updated DTLS MTU bug fix.
2009-05-17 16:04:21 +00:00
Richard Levitte
006c7c6bb1 Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
2009-05-15 16:37:08 +00:00
Dr. Stephen Henson
756d2074b8 PR: 1924
Submitted by: "Green, Paul" <Paul.Green@stratus.com>
Approved by: steve@openssl.org

Fix _POSIX_C_SOURCE usage.
2009-05-13 11:32:24 +00:00
Richard Levitte
22e1421672 Cast to avoid signedness confusion 2009-04-26 12:16:12 +00:00
Dr. Stephen Henson
7134507de0 Make no-rsa, no-dsa and no-dh compile again. 2009-04-23 17:16:40 +00:00
Dr. Stephen Henson
fe41d9853c Make no-ec work 2009-04-23 16:25:00 +00:00
Dr. Stephen Henson
87a0f4b92e PR: 1902
Add ecdsa/ecdh algorithms to default for speed utility.
2009-04-22 17:31:04 +00:00
Dr. Stephen Henson
71d3eaf358 make update. 2009-04-21 15:02:20 +00:00
Dr. Stephen Henson
9990cb75c1 PR: 1894
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Fix various typos and stuff.
2009-04-16 17:22:51 +00:00
Dr. Stephen Henson
791b7bc715 Fix usage messages and lookup digests later in req command.
(part of PR #1887)
2009-04-10 11:00:12 +00:00
Dr. Stephen Henson
19ae090787 Print out registered digest names in dgst utility instead of hard
coding them. Modify EVP_MD_do_all() to include registered digest name.

This is a modified version of part of PR#1887.
2009-04-10 10:30:27 +00:00
Dr. Stephen Henson
15671a90a9 PR: 1677
Submitted by: Vennemann <rvennemann@cool.ms>
Approved by: steve@openssl.org

Call RSA_new() after ENGINE has been set up.
2009-04-06 21:42:11 +00:00
Dr. Stephen Henson
326794e9c6 Change default openssl.cnf to only use issuer+serial option in AKID if no
SKID.
2009-04-04 18:09:43 +00:00
Dr. Stephen Henson
6abbc68188 PR: 1870
Submitted by: kilroy <kilroy@mail.zutom.sk>
Approved by: steve@openssl.org

Handle pkcs12 format correctly by not assuming PEM format straight away.
2009-04-03 17:06:35 +00:00
Dr. Stephen Henson
9ccd4e224f Add USE_SOCKETS. 2009-04-02 15:19:03 +00:00
Dr. Stephen Henson
417b8d4705 PR:1880
Load config in ts utility.
2009-04-01 14:59:18 +00:00
Dr. Stephen Henson
70b2186e24 Stop warnings. 2009-03-31 19:54:51 +00:00
Dr. Stephen Henson
aaf35f11d7 Allow use of algorithm and cipher names for dgsts and enc utilities instead
of having to manually include each one.
2009-03-30 11:31:50 +00:00
Dr. Stephen Henson
38b6e6c07b Typo in usage message. 2009-03-23 21:04:23 +00:00
Dr. Stephen Henson
e4e949192b Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
Reviewed by: steve@openssl.org

Check return codes properly in md BIO and dgst command.
2009-03-18 18:53:08 +00:00
Dr. Stephen Henson
617298dca3 Update from stable branch. 2009-03-12 17:10:26 +00:00
Dr. Stephen Henson
33ab2e31f3 PR: 1854
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.
2009-03-09 13:59:07 +00:00
Ben Laurie
73bfcf2226 Don't ask for -iv for ciphers that need no IV. 2009-03-03 15:14:33 +00:00
Dr. Stephen Henson
0ed6b52687 Stop warning about use of *printf() without a format. 2009-02-15 15:29:59 +00:00
Dr. Stephen Henson
30b1b28aff Return correct exit code. 2009-02-12 18:06:11 +00:00
Dr. Stephen Henson
46400c97a9 Avoid leaks in pkcs8 app, tidy code up. 2009-02-12 18:02:47 +00:00
Dr. Stephen Henson
3859d7ee78 Just to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED... 2009-02-06 16:43:52 +00:00
Bodo Möller
d615bceb2d For -hex, print just one \n 2009-02-02 00:40:29 +00:00
Bodo Möller
7ca1cfbac3 -hex option for openssl rand
PR: 1831
Submitted by: Damien Miller
2009-02-02 00:01:28 +00:00
Richard Levitte
5871ddb016 Because DEC C - sorry, HP C - is picky about features, we need to
define _XOPEN_SOURCE_EXTENDED to reach fd_set and timeval types and
functionality.
2009-01-28 07:38:14 +00:00
Dr. Stephen Henson
bab534057b Updatde from stable branch. 2009-01-07 23:44:27 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should
test for them!
2008-12-29 16:11:58 +00:00
Andy Polyakov
2140659b00 Incidentally http://cvs.openssl.org/chngview?cn=17710 also made it possible
to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit
expands it even to apps catalog and actually omits the macro in question
from Configure.
2008-12-22 14:05:42 +00:00
Dr. Stephen Henson
70531c147c Make no-engine work again. 2008-12-20 17:04:40 +00:00
Lutz Jänicke
d88d941c87 apps/speed.c: children should not inherit buffered I/O
PR: 1787
Submitted by: Artur Klauser <aklauser@google.com>
2008-12-10 08:03:47 +00:00
Bodo Möller
7a76219774 Implement Configure option pattern "experimental-foo"
(specifically, "experimental-jpake").
2008-12-02 01:21:39 +00:00
Dr. Stephen Henson
2900fc8ae1 Don't stop -cipher from working. 2008-11-30 22:01:31 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Ben Laurie
f3b7bdadbc Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. 2008-11-16 12:47:12 +00:00
Ben Laurie
774b2fe700 Aftermath of a clashing size_t fix (now only format changes). 2008-11-13 09:48:47 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
70d71f6185 Fix warnings: printf format mismatches on 64 bit platforms.
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
2008-11-02 15:41:30 +00:00
Dr. Stephen Henson
c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed
not used.
2008-11-02 12:50:48 +00:00
Ben Laurie
4d6e1e4f29 size_tification. 2008-11-01 14:37:00 +00:00
Dr. Stephen Henson
e9eda23ae6 Fix warnings and various issues.
C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile
2008-10-27 12:02:52 +00:00
Ben Laurie
6caa4edd3e Add JPAKE. 2008-10-26 18:40:52 +00:00
Dr. Stephen Henson
ac786241a2 Add support for -crlnumber option in crl utility. 2008-10-22 19:54:55 +00:00
Lutz Jänicke
020d67fb89 Allow detection of input EOF in quiet mode by adding -no_ign_eof option
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-22 06:46:14 +00:00
Lutz Jänicke
1581f82243 Add missing "-d" to option list of openssl version.
Submitted by: Alex Chen <alex_chen@filemaker.com>
2008-10-20 12:53:36 +00:00
Dr. Stephen Henson
640b86cb24 Fix Warning... 2008-10-19 17:22:34 +00:00
Ben Laurie
d5bbead449 Add XMPP STARTTLS support. 2008-10-14 19:11:26 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj()
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Bodo Möller
1a489c9af1 From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
Also, fix CHANGES (consistency with stable branch).
2008-09-15 20:41:24 +00:00
Dr. Stephen Henson
0702150f53 Make no-tlsext compile. 2008-09-03 12:29:57 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate
and CRL signing keys.
2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension.
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
2008-08-12 10:32:56 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs,
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates.
Allow inibit any policy flag to be set in apps.
2008-07-30 15:49:12 +00:00
Ralf S. Engelschall
6bcbac0abb remove a doubled entry for '-binary' in the usage message 2008-07-27 15:51:35 +00:00
Dr. Stephen Henson
db50661fce X509 verification fixes.
Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.
2008-07-13 14:25:36 +00:00
Dr. Stephen Henson
d4cdbab99b Avoid warnings with -pedantic, specifically:
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
version some time soon.
2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
8528128b2a Update from stable branch. 2008-06-26 23:27:31 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
59d2d48f64 Add support for client cert engine setting in s_client app.
Add appropriate #ifdefs round client cert functions in headers.
2008-06-03 11:26:27 +00:00
Dr. Stephen Henson
c451bd828f Avoid case in ca.c fix. 2008-06-02 12:10:06 +00:00
Dr. Stephen Henson
8ecfbedd85 Revert, doesn't fix warning :-( 2008-06-02 10:42:57 +00:00
Dr. Stephen Henson
c173fce4e2 Avoid cast with wrapper function. 2008-06-02 10:37:53 +00:00
Dr. Stephen Henson
c6ddacf7f8 Stop const mismatch warning. 2008-05-31 19:28:57 +00:00
Dr. Stephen Henson
ab3eafd5b5 Stop warning about extra ';' outside of function. 2008-05-31 19:17:25 +00:00
Dr. Stephen Henson
dd043cd501 Stop const mismatch warning in VC++. 2008-05-31 18:55:23 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Lutz Jänicke
51e00db226 Document "openssl s_server" -crl_check* options
Submitted by: Daniel Black <daniel.subs@internode.on.net>
2008-05-19 07:52:15 +00:00
Lutz Jänicke
a92ebf2290 Provide information about "openssl dgst" -hmac option. 2008-05-19 07:43:34 +00:00
Lutz Jänicke
f49c687507 Typo. (From 0.9.8-stable/S. Henson)
PR: 1672
2008-05-19 06:21:05 +00:00
Dr. Stephen Henson
718f8f7a9e Fix from stable branch. 2008-05-12 16:24:31 +00:00
Dr. Stephen Henson
4a954b56c9 Use "cont" consistently in cms-examples.pl
Add a -certsout option to output any certificates in a message.

Add test for example 4.11
2008-05-01 23:30:06 +00:00
Lutz Jänicke
44a877aa88 Fix incorrect return value in apps/apps.c:parse_yesno()
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>
2008-04-17 14:15:27 +00:00
Lutz Jänicke
6b6fe3d8e4 Correctly handle case of bad arguments supplied to rsautl
PR: 1659
2008-04-17 13:36:13 +00:00
Lutz Jänicke
4c1a6e004a Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
2008-04-17 10:19:16 +00:00
Dr. Stephen Henson
a5db50d005 Revert argument swap change... oops CMS_uncompress() was consistent... 2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1 Make CMS_uncompress() argument order consistent with other functions. 2008-04-11 17:34:13 +00:00
Richard Levitte
fc003bcecb Synchronise with Unix build 2008-04-11 01:53:16 +00:00
Dr. Stephen Henson
e0fbd07309 Add additional parameter to CMS_final() to handle detached content. 2008-04-10 11:22:14 +00:00
Dr. Stephen Henson
7f50d9a4b0 Correct references to smime in cms app. 2008-04-09 22:09:45 +00:00
Dr. Stephen Henson
36309aa2be Signed receipt generation code. 2008-03-28 19:43:16 +00:00
Dr. Stephen Henson
eb9d8d8cd4 Support for verification of signed receipts. 2008-03-28 13:15:39 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
f5e2354c9d Add support for signed receipt request printout and generation. 2008-03-26 17:40:22 +00:00
Dr. Stephen Henson
f4cc56f494 Signed Receipt Request utility functions and option on CMS utility to
print out receipt requests.
2008-03-26 13:10:21 +00:00
Dr. Stephen Henson
6205171362 Add support for CMS structure printing in cms utility. 2008-03-24 21:53:07 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Dr. Stephen Henson
054307e7ed Allow alternate eContentType oids to be set in cms utility.
Add id-ct-asciiTextWithCRLF OID.

Give more meaninful error message is attempt to use key ID from a certificate
without a key ID.
2008-03-19 19:34:30 +00:00
Dr. Stephen Henson
eeb9cdfc94 Add support for KEK decrypt in cms utility. 2008-03-19 18:39:51 +00:00
Dr. Stephen Henson
ab12438030 Add support for KEKRecipientInfo in cms application. 2008-03-19 13:53:52 +00:00
Dr. Stephen Henson
c220e58f9e Make 3DES default cipher in cms utility. 2008-03-18 19:03:03 +00:00
Dr. Stephen Henson
e4f0e40eac Various tidies/fixes:
Make streaming support in cms cleaner.

Note errors in various S/MIME functions if CMS_final() fails.

Add streaming support for enveloped data.
2008-03-18 13:45:43 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism,
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
7c337e00d2 Fix some warnings. 2008-03-16 20:59:10 +00:00
Geoff Thorpe
7e8481afd1 Fix a nasty cast issue that my compiler was choking on. 2008-03-16 20:57:12 +00:00
Dr. Stephen Henson
4f1aa191b3 Initial support for enveloped data decrypt. Extent runex.pl to cover these
examples. All RFC4134 examples can not be processed.
2008-03-15 23:21:33 +00:00
Dr. Stephen Henson
d9f5f07e28 Initial support for Encrypted Data type generation. 2008-03-14 23:30:56 +00:00
Dr. Stephen Henson
1021f9aa5e Typos. 2008-03-14 19:38:44 +00:00
Dr. Stephen Henson
b820455c6e Encrypted Data type processing. Add options to cms utility and run section 7
tests in RFC4134.
2008-03-14 13:21:48 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins...
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
52108cecc0 <strings.h> does not exist under WIN32. 2008-01-14 18:10:55 +00:00
Ben Laurie
f12797a447 Missing headers. 2008-01-12 11:22:31 +00:00
Andy Polyakov
637f90621d Cygwin compatibility fix to apps/ocsp.c. 2008-01-05 21:32:29 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support.
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
341e18b497 Handle non-SHA1 digests for certids in OCSP test responder. 2007-12-14 12:43:50 +00:00
Dr. Stephen Henson
cec2538ca9 Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Bodo Möller
15bd07e923 fix typos
Submitted by: Ernst G. Giessmann
2007-11-19 07:24:08 +00:00
Ben Laurie
fdf355878c Fix buffer overflow. 2007-11-16 14:41:09 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Dr. Stephen Henson
b7fcc08976 Typo. 2007-09-28 17:18:18 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Bodo Möller
86d4bc3aea fix length parameter in SSL_set_tlsext_opaque_prf_input() calls 2007-09-23 11:08:59 +00:00
Bodo Möller
761772d7e1 Implement the Opaque PRF Input TLS extension
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way.  In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().

Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
2007-09-21 06:54:24 +00:00
Ben Laurie
9311c4421a Fix dependencies. Make depend. 2007-09-19 14:53:18 +00:00
Ben Laurie
e28eddc51f Typo? Why did this work, anyway? 2007-09-08 15:58:51 +00:00
Dr. Stephen Henson
d82a612a90 Fix warning: print format option not compatible with size_t. 2007-09-07 13:34:46 +00:00
Dr. Stephen Henson
e7e8f4b333 Fix another warning. 2007-09-07 13:27:40 +00:00
Dr. Stephen Henson
014f62b649 Add usage message for -sess_out, -sess_in 2007-08-23 12:20:36 +00:00
Dr. Stephen Henson
d24a9c8f5a Docs and usage messages for RFC4507bis support. 2007-08-23 11:34:48 +00:00
Dr. Stephen Henson
367eb1f125 Fix warning and make no-tlsext work. 2007-08-12 18:56:14 +00:00
Dr. Stephen Henson
710069c19e Fix warnings. 2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
6434abbfc6 RFC4507 (including RFC4507bis) TLS stateless session resumption support
for OpenSSL.
2007-08-11 23:18:29 +00:00
Andy Polyakov
d6c764573c Proper support for shared build under MacOS X. 2007-07-31 18:24:41 +00:00
Bodo Möller
f7b61702a0 document -S and -nopad options in usage information 2007-07-31 09:42:47 +00:00
Dr. Stephen Henson
8dbdf6314c Typo. 2007-05-21 16:36:09 +00:00
Dr. Stephen Henson
9c54e18bf0 Fixes for dgst tool. Initialize md_name, sig_name properly. Return error code
on failure. Keep output format consistent with previous versions.

Also flush stdout after printing ACCEPT in s_server.
2007-05-21 15:53:30 +00:00
Dr. Stephen Henson
0f9e0abbee Set len to buffer size. 2007-05-17 16:42:05 +00:00
Dr. Stephen Henson
e77dbf325f Prepend signature name in dgst output. 2007-05-17 16:19:17 +00:00
Dr. Stephen Henson
f03620ea15 Use default md if none specified in dgst utility. 2007-05-17 12:55:03 +00:00
Dr. Stephen Henson
47b2e238e5 Use EVP_DigestVerify() in dgst.c if verifying. 2007-05-17 12:35:32 +00:00
Dr. Stephen Henson
ad35cdac74 PR: 1516
Revert change in 1516 because it breaks Windows build. Use a modified version
of the headers from s_client.c which has used similar functionality without
any problems.
2007-05-16 12:16:49 +00:00
Ben Laurie
69ab085290 More IGE speedup. 2007-05-13 15:14:38 +00:00
Ben Laurie
5f09d0ecc2 AES IGE mode speedup. 2007-05-13 12:57:59 +00:00
Dr. Stephen Henson
6217896145 Improve error detection when streaming S/MIME.
Only use streaming when appropriate for detached data in smime utility.
2007-05-10 17:37:15 +00:00
Andy Polyakov
6ef18c21c9 Bug in apps/dgst.c. 2007-04-30 15:20:10 +00:00
Bodo Möller
96afc1cfd5 Add SEED encryption algorithm.
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
9cfc8a9d5c Update smime utility to support streaming for -encrypt and -sign -nodetach
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.

These all process content on the fly without storing it all in memory.
2007-04-13 01:06:41 +00:00
Dr. Stephen Henson
2022cfe07e New -mac and -macopt options to dgst utility. Reimplement -hmac option in
terms of new API.
2007-04-11 17:20:40 +00:00
Dr. Stephen Henson
d952c79a7b New -sigopt option for dgst utility. 2007-04-08 12:47:18 +00:00
Ben Laurie
3dfb6b3353 Yet another resource leak. Coverity ID 123. 2007-04-07 13:20:09 +00:00
Ben Laurie
44907e6064 Free memory. Coverity ID 62. 2007-04-05 15:45:22 +00:00
Ben Laurie
231671b9ff Resource leak. 2007-04-04 16:00:03 +00:00
Ben Laurie
313fce7b61 Don't free a NULL. Coverity ID 112. 2007-04-04 14:59:20 +00:00
Ben Laurie
309fa55bbb Return an error if the serial number is badly formed. (Coverity ID 116). 2007-04-04 14:35:56 +00:00
Ben Laurie
4b8747e440 Die if serial number is invalid. 2007-04-04 13:41:33 +00:00
Richard Levitte
a1d915990b Apply a more modern way to get the definition of select(), except for VMS.
Submitted by Corinna Vinschen <vinschen@redhat.com>
2007-03-29 18:34:57 +00:00
Dr. Stephen Henson
9981a51e42 Stage 1 GOST ciphersuite support.
Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org
2007-03-23 17:04:05 +00:00
Lutz Jänicke
ee373e7f19 Fix problem with multi line responses in -starttls by using a buffering
BIO and BIO_gets().
2007-02-22 17:39:47 +00:00
Lutz Jänicke
8d72476e2b Extend SMTP and IMAP protocol handling to perform the required
EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
2007-02-21 18:20:41 +00:00
Dr. Stephen Henson
5d5ca32fa1 Updates from 0.9.8-stable branch. 2007-02-18 18:21:57 +00:00
Richard Levitte
85c6749216 Add STARTTLS support for IMAP and FTP.
Submitted by Kees Cook <kees@outflux.net>
2007-02-16 18:12:16 +00:00
Dr. Stephen Henson
52cfa39716 Add -hmac option to dgst from 0.9.7 stable branch. 2007-02-08 19:07:43 +00:00
Nils Larsch
123b23fa95 fix return value of get_cert_chain()
PR: 1441
2006-12-27 09:40:52 +00:00
Richard Levitte
8bbf6bcf17 Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see
the declarations of fd_set, select() and so on.
2006-12-25 10:54:14 +00:00
Nils Larsch
ec1edeb5fa update pkcs12 help message + manpage
PR: 1443
Submitted by: Artem Chuprina <ran@cryptocom.ru>
2006-12-21 20:36:15 +00:00
Nils Larsch
5dfe910023 properly initialize SSL context, check return value 2006-12-13 22:06:37 +00:00
Nils Larsch
10a10fb834 return 0 if 'noout' is used and no error has occurred
PR: 1435
Submitted by: "Haridharan" <haridharan@gmail.com>
2006-12-05 20:09:25 +00:00
Nils Larsch
ae93dc13ab add support for whirlpool in apps/speed
PR: 1338
Submitted by: justin@soze.net
2006-12-01 21:42:55 +00:00
Nils Larsch
7806f3dd4b replace macros with functions
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:54:57 +00:00
Ben Laurie
96ea4ae91c Add RFC 3779 support. 2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
5456583294 Don't add the TS EKU by default in openssl.cnf because it then
makes certificates genereated by ca, CA.pl etc useless for anything else.
2006-11-07 14:27:55 +00:00
Nils Larsch
224328e404 fix warning 2006-11-06 20:10:44 +00:00
Andy Polyakov
5b50f99e1e Further mingw build procedure updates. 2006-10-24 22:14:20 +00:00
Andy Polyakov
cbfb39d1be Rudimentary support for cross-compiling. 2006-10-21 13:38:16 +00:00
Dr. Stephen Henson
347ed3b93c Buffer size handling fix for enc.
PR:1374
2006-09-22 17:14:22 +00:00
Dr. Stephen Henson
5d20c4fb35 Overhaul of by_dir code to handle dynamic loading of CRLs. 2006-09-17 17:16:28 +00:00
Richard Levitte
5776c3c4c6 According to documentation, including time.h declares select() on
OpenVMS, and possibly more.

Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select
2006-08-20 05:54:35 +00:00
Richard Levitte
0c3d346cb7 Correct warnings about signedness. 2006-08-20 05:18:12 +00:00
Dr. Stephen Henson
f6e7d01450 Support for multiple CRLs with same issuer name in X509_STORE. Modify
verify logic to try to use an unexpired CRL if possible.
2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
1aa44cc797 Avoid WIN32 warning. 2006-07-21 22:28:48 +00:00
Dr. Stephen Henson
37c8fd0eba Avoid warnings. 2006-07-21 22:26:31 +00:00
Dr. Stephen Henson
b589427941 WIN32 fixes signed/unsigned issues and slightly socket semantics. 2006-07-17 18:52:51 +00:00
Dr. Stephen Henson
454dbbc593 Add -timeout option to ocsp utility. 2006-07-17 13:26:54 +00:00
Dr. Stephen Henson
f253a058d3 There is should be no need to rewind the input stream any more.
For S/MIME multipart/signed type the signature is calculated on the fly.

For other detached data forms the stream isn't used after the single pass to
calculate signatures.

For non-detached the data is stored in a memory BIO.
2006-07-13 20:29:55 +00:00
Dr. Stephen Henson
b3c6a33185 In genpkey, also look for algorithm string name in any supplied ENGINE. 2006-07-12 18:00:20 +00:00
Dr. Stephen Henson
105f6a6323 Update some usage messages. 2006-07-10 22:49:08 +00:00
Dr. Stephen Henson
5ba4bf35c5 New functions to enumerate digests and ciphers. 2006-07-09 00:53:45 +00:00
Bodo Möller
b166f13eb5 Call 'print_stuff' even if a handshake failed. 2006-06-15 19:00:34 +00:00
Bodo Möller
6a983d4287 Fix a bug recently introduced when updating this file to use the new
keygen API: make sure that 'pkey_type' is actually visible to MAIN().
2006-06-14 01:16:22 +00:00
Bodo Möller
f3dea9a595 Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00