wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1313 commits 20 branches 302 tags 153 MiB
Commit graph

390 commits

Author SHA1 Message Date
Dr. Stephen Henson
d8223efd04 Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs. 
Also fix a memory leak in PKCS#7 routines.
 1999-12-10 13:46:48 +00:00
Dr. Stephen Henson
5a9a4b299c Merge in my S/MIME library and utility. 1999-12-05 00:40:59 +00:00
Bodo Möller
cddfe788fb Add functions des_set_key_checked, des_set_key_unchecked. 
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
 1999-12-03 20:24:21 +00:00
Dr. Stephen Henson
21131f00d7 New function PKC12_newpass() 1999-12-03 03:46:18 +00:00
Dr. Stephen Henson
dd4134101f Change the trust and purpose code so it doesn't need init 
either and has a static and dynamic mix.
 1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
08cba61011 Modify the X509 V3 extension lookup code. 1999-12-01 01:49:46 +00:00
Ben Laurie
fea9afbfc7 Make salting the default. Fail gracefully if the input is not salted. 1999-11-30 20:15:19 +00:00
Dr. Stephen Henson
bb7cd4e3eb Remainder of SSL purpose and trust code: trust and purpose setting in 
SSL_CTX and SSL, functions to set them and defaults if no values set.
 1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
51630a3706 Add trust setting support to the verify code. It now checks the 
trust settings of the root CA.

After a few fixes it seems to work OK.

Still need to add support to SSL and S/MIME code though.
 1999-11-27 19:43:10 +00:00
Dr. Stephen Henson
9868232ae1 Initial trust code: allow setting of trust checking functions 
in a table. Doesn't do too much yet.

Make the -<digestname> options in 'x509' affect all relevant
options.

Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.

A few constification changes.
 1999-11-27 01:14:04 +00:00
Dr. Stephen Henson
d4cec6a13d New options to the -verify program which can be used for chain verification. 
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.

Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
 1999-11-26 00:27:07 +00:00
Dr. Stephen Henson
1126239111 Initial chain verify code: not tested probably not working 
at present. However nothing enables it yet so this doesn't
matter :-)
 1999-11-24 01:31:49 +00:00
Dr. Stephen Henson
6d3724d3b0 Support for authority information access extension. 
Fix so EVP_PKEY_rset_*() check return codes.
 1999-11-23 18:50:28 +00:00
Dr. Stephen Henson
52664f5081 Transparent support for PKCS#8 private keys in RSA/DSA. 
New universal public key format.

Fix CRL+cert load problem in by_file.c

Make verify report errors when loading files or dirs
 1999-11-21 22:28:31 +00:00
Dr. Stephen Henson
a716d72734 Support for otherName in GeneralName. 1999-11-19 02:19:58 +00:00
Dr. Stephen Henson
f76d8c4747 Modify verify code to handle self signed certificates. 1999-11-17 01:20:29 +00:00
Bodo Möller
b1fe6ca175 Store verify_result with sessions to avoid potential security hole. 1999-11-16 23:15:41 +00:00
Dr. Stephen Henson
91895a5938 Fix for a bug in PKCS#7 code and non-detached data. 
Remove rc4-64 from ciphers since it doesn't exist...
 1999-11-16 14:54:50 +00:00
Dr. Stephen Henson
fd699ac55f Add a salt to the key derivation using the 'enc' program. 1999-11-16 02:49:25 +00:00
Dr. Stephen Henson
e947f39689 New function X509_cmp(). 1999-11-16 00:56:03 +00:00
Mark J. Cox
b7cfcfb7f8 This corrects the reference count handling in SSL_get_session. 
Previously, the returned SSL_SESSION didn't have its reference count
incremented so the SSL_SESSION could be freed at any time causing
seg-faults if the pointer was subsequently used. Code that uses
SSL_get_session must now make a corresponding SSL_SESSION_free() call when
it is done to avoid memory leaks (or blocked up session caches).

Submitted By: Geoff Thorpe <geoff@eu.c2.net>
 1999-11-15 16:31:31 +00:00
Dr. Stephen Henson
06556a1744 'req' fixes. Reinstate length check one request fields. 
Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
 1999-11-14 23:10:50 +00:00
Dr. Stephen Henson
a0e9f529a4 Add support for the 40 and 64 bit RC2 and RC4 ciphers in 'enc' 
add documentation for 'enc'.
 1999-11-14 03:23:17 +00:00
Richard Levitte
71d7526b72 Avoid some silly compiler warnings, and add the change log I forgot :-) 1999-11-12 03:12:46 +00:00
Dr. Stephen Henson
954ef7ef69 Merge some common functionality in the apps, delete 
the encryption option in the pkcs7 utility (they never
did anything) and add a couple more options to pkcs7.
 1999-11-12 01:42:25 +00:00
Dr. Stephen Henson
af29811edd Add password command line options to some utils. Fix and update man 
pages.
 1999-11-11 18:41:31 +00:00
Dr. Stephen Henson
aba3e65f2c Very preliminary POD format documentation for some 
of the openssl utility commands...
 1999-11-10 02:52:17 +00:00
Dr. Stephen Henson
a0ad17bb6c Fix to the -revoke option in ca. It was leaking memory, crashing and just 
plain not working :-(

Also fix some memory leaks in the new X509_NAME code.

Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
 1999-11-08 13:58:08 +00:00
Dr. Stephen Henson
ce1b4fe146 Allow additional information to be attached to a 
certificate: currently this includes trust settings
and a "friendly name".
 1999-11-04 00:45:35 +00:00
Mark J. Cox
ce2c95b2a2 Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). The 
problem was that one of the replacement routines had not been working since
SSLeay releases.  For now the offending routine has been replaced with
non-optimised assembler.  Even so, this now gives around 95% performance
improvement for 1024 bit RSA signs.
 1999-11-03 14:10:10 +00:00
Dr. Stephen Henson
9716a8f9f2 Fix to PKCS#7 routines so it can decrypt some oddball RC2 handling. 1999-10-29 13:06:25 +00:00
Dr. Stephen Henson
74400f7348 Continued multibyte character support. 
Add a bunch of functions to simplify the creation of X509_NAME structures.

Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
 1999-10-27 00:15:11 +00:00
Bodo Möller
62ac293801 Always hash the pid in the first iteration in ssleay_rand_bytes, 
don't try to detect fork()s by looking at getpid().
The reason is that threads sharing the same memory can have different
PIDs; it's inefficient to run RAND_seed each time a different thread
calls RAND_bytes.
 1999-10-26 16:26:48 +00:00
Bodo Möller
c1e744b912 Make md_rand.c more robust. 1999-10-26 14:49:12 +00:00
Bodo Möller
99e87569fd Don't be overly paranoid. 1999-10-26 11:19:42 +00:00
Bodo Möller
a31011e8e0 Various randomness handling bugfixes and improvements -- 
some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.
 1999-10-26 01:56:29 +00:00
Dr. Stephen Henson
462f79ec44 New function ASN1_mbstring_copy() to handle ASN1 string copying. Ultimately 
this will be used to clear up the horrible DN mess.
 1999-10-21 13:20:49 +00:00
Dr. Stephen Henson
08e9c1af6c Replace the macros in asn1.h with function equivalents. Also make UTF8Strings 
tolerated in certificates.
 1999-10-20 01:50:23 +00:00
Dr. Stephen Henson
673b102c5b Initial support for certificate purpose checking: this will 
ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.
 1999-10-13 01:11:56 +00:00
Dr. Stephen Henson
56a3fec1b1 Add EX_DATA support to X509. 
Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.
 1999-10-11 01:30:04 +00:00
Dr. Stephen Henson
4654ef985b New functions to parse and get extensions. 1999-10-09 02:54:10 +00:00
Andy Polyakov
7e102e28e1 RC4 tune-up featuring 30-40% performance improvement on most RISC 
platforms. See crypto/rc4/rc4_enc.c for further details.
 1999-10-07 12:10:26 +00:00
Dr. Stephen Henson
d71c6bc5a4 Fix for bug in pkcs12 program and typo in ASN1_tag2str(). 1999-10-05 13:10:21 +00:00
Dr. Stephen Henson
2d681b779c Fix for bug in pkcs12 program and typo in ASN1_tag2str(). 1999-10-05 12:57:50 +00:00
Dr. Stephen Henson
3908cdf442 New option -dhparam to s_server to allow the DH parameter file to be set 
explicitly. Previously it couldn't be changed because it was hard coded as
"server.pem".
 1999-10-04 23:56:06 +00:00
Dr. Stephen Henson
3ea23631d4 Add support for public key input and output in rsa and dsa utilities with some 
new DSA public key functions that were missing.

Also beginning of a cache for X509_EXTENSION structures: this will allow them
to be accessed more quickly for things like certificate chain verification...
 1999-10-04 21:17:47 +00:00
Dr. Stephen Henson
393f2c651d Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message 
contains no certificates.

Also fix typo in RANLIB changes.
 1999-10-04 12:08:59 +00:00
Dr. Stephen Henson
4579dd5dc6 Fix for base64 BIO decoding bug 1999-10-02 13:33:06 +00:00
Bodo Möller
0f7e6fe10c Fix typo that I introduced when reformatting lines. 1999-09-24 20:24:24 +00:00
Bodo Möller
96c2201bef Keep line lengths < 80 characters. 1999-09-21 13:33:15 +00:00