wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
999 commits 20 branches 302 tags 153 MiB
Commit graph

294 commits

Author SHA1 Message Date
Bodo Möller
71f080935a Updated some demos. 
Submitted by: Sean O Riordain <Sean.ORiordain@cyrona.com>
 1999-05-27 23:52:31 +00:00
Bodo Möller
e95f626827 *** empty log message *** 1999-05-27 20:55:18 +00:00
Bodo Möller
472bde404f Change function call according to current API. 1999-05-27 20:49:27 +00:00
Bodo Möller
557068c087 Final version for 0.9.3. 1999-05-24 22:38:23 +00:00
Ulf Möller
e14d4443a2 Bignum library bug fix. IRIX 6 passes "make test" now! 
This also avoids the problems with SC4.2 and unpatched SC5.

Submitted by: Andy Polyakov <appro@fy.chalmers.se>
 1999-05-20 01:43:07 +00:00
Dr. Stephen Henson
e84240d422 New functions sk_set, sk_value and sk_num to replace existing macros: this is 
to minimise the effects on existing code.
 1999-05-19 12:45:16 +00:00
Dr. Stephen Henson
1b266dabf5 Fix various less obvious bugs in PKCS#7 handling: such as not zeroing 
the secret key before we've encrypted it and using the right NID for RC2-64.
Add various arguments to the experimental programs 'dec' and 'enc' to make
testing less painful.

This stuff has now been tested against Netscape Messenger and it can encrypt
and decrypt S/MIME messages with RC2 (128, 64 and 40 bit) DES and triple DES.

Its still experimental though...
 1999-05-16 17:32:32 +00:00
Bodo Möller
f43c814917 Typo. 1999-05-16 14:20:17 +00:00
Bodo Möller
55519bbb2d DES changes. 1999-05-16 12:29:28 +00:00
Dr. Stephen Henson
84fa704c6f Fix some obvious bugs in the PKCS#7 library handling. It didn't try to 
find the right RecipientInfo based on the recipient certificate (so would
fail a lot of the time) and fixup cipher structures to correctly (maybe)
modify the AlgorithmIdentifiers.  Largely untested at present... this will be
fixed in due course. Well the stuff was broken to begin with so if its broken
now then you haven't lost anything :-)
 1999-05-16 00:25:36 +00:00
Ben Laurie
62bad77124 Add actual testing to bntest... 1999-05-15 15:59:28 +00:00
Dr. Stephen Henson
1ad2ecb66f The encoding of negative ASN1 INTEGERs and the conversion of BNs to negative 
integers was completely broken. Also added a NEG_PUBKEY_BUG compilation option
to compensate for public keys improperly encoded as negative integers.
 1999-05-14 18:21:21 +00:00
Bodo Möller
1b24cca969 Add release dates to the "CHANGES" file, because that's an obvious 
place to look for them.
 1999-05-13 21:17:03 +00:00
Bodo Möller
b56bce4fc7 New structure type SESS_CERT used instead of CERT inside SSL_SESSION. 
While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.
 1999-05-13 15:09:38 +00:00
Ulf Möller
bd3576d2dd Reorganize and speed up MD5. 
Submitted by: Andy Polyakov <appro@fy.chalmers.se>
 1999-05-13 13:16:42 +00:00
Ulf Möller
7d7d2cbcb0 VMS support. 
Submitted by: Richard Levitte <richard@levitte.org>
 1999-05-13 11:37:32 +00:00
Dr. Stephen Henson
f5eac85edc Add new -out option to asn1parse to allow the parsed data to be output. 
Fixed -strparse option: it didn't work if used more than once (this was due
to the d2i_ASN1_TYPE call parsing a freed buffer). On Win32 the file wincrypt.h
#define's X509_NAME and PKCS7_SIGNER_INFO causing clashes so these are #undef'ed
 1999-05-12 01:56:27 +00:00
Bodo Möller
b31b04d951 Make SSL library a little more fool-proof by not requiring any longer 
that SSL_set_{accept,connect}_state be called before
SSL_{accept,connect} may be used.
Submitted by:
Reviewed by:
PR:
 1999-05-11 07:43:16 +00:00
Ulf Möller
d5a2ea4b73 Move openssl.cnf out of lib/. 1999-05-10 23:59:28 +00:00
Ralf S. Engelschall
397f703892 Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow 
-Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations
-Wnested-externs -Winline'' with EGCS 1.1.2+
 1999-05-10 08:33:56 +00:00
Dr. Stephen Henson
884e8ec615 Various PKCS#7 fixes to properly (maybe!) handle PKCS#7 enveloped data. 
Containts elements of code by Sebastian Akerman <sak@parallelconsulting.com>
and made a bit less "naughty" by Steve.
 1999-05-10 00:47:42 +00:00
Bodo Möller
ca8e5b9b8a Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying 
pointers.  The cert_st handling is changed by this in various ways.
Submitted by:
Reviewed by:
PR:
 1999-05-09 20:12:44 +00:00
Dr. Stephen Henson
c8b4185079 Kill evil casts, fix PKCS#7 and add new X509V3 Function. 1999-05-09 16:39:11 +00:00
Dr. Stephen Henson
e40b7abeed Allows PKCS#12 password to be placed on command line and add allow config 
file name for 'ca' to come from the environment.
 1999-05-08 12:59:50 +00:00
Ben Laurie
5b640028cb Make -pedantic work again. 1999-05-07 15:42:23 +00:00
Ben Laurie
135a1dcaac Bodo didn't do that. 1999-05-07 09:18:25 +00:00
Ulf Möller
31a674d8c9 Support additional Win32 compilers. 
Borland C submitted by: Janez Jere <jj@void.si>
 1999-05-06 00:46:34 +00:00
Ulf Möller
8e7f966bf3 SHA-1 cleanups and performance enhancements. 
Submitted by: Andy Polyakov <appro@fy.chalmers.se>
 1999-05-05 00:23:53 +00:00
Ulf Möller
4f5fac8011 Sparc v8plus assembler. 
Submitted by: Andy Polyakov <appro@fy.chalmers.se>
 1999-05-04 20:35:18 +00:00
Ulf Möller
afd1f9e80b Update HPUX config, work around HPUX library incompatibility. 
Submitted by: Anonymous
 1999-05-04 11:52:26 +00:00
Ben Laurie
aeef69b102 Add other people who've done stackification. 1999-05-04 10:34:08 +00:00
Ralf S. Engelschall
9263e88294 Bundle stack'ification entries on Bens request 1999-05-04 10:27:10 +00:00
Ralf S. Engelschall
dee75ecf9c Add missing sk_<type>_unshift() function to safestack.h 1999-05-04 10:15:02 +00:00
Ralf S. Engelschall
20b85fdd76 Convert casted X509_INFO stacks to type-safe STACK_OF(X509_INFO). 
PS: Feel free to move the IMPLEMENT_STACK_OF(X509_INFO) from
    crypto/asn1/x_info.c to any other place where you think it fits better.
    X509_INFO is a structure slightly spreaded over ASN.1, X509 and PEM code,
    so I found no definitive location for IMPLEMENT_STACK_OF(X509_INFO).  In
    crypto/asn1/x_info.c it's at least now bundled with X509_INFO_new() and
    friends.
 1999-05-04 08:56:51 +00:00
Bodo Möller
dc1f607aff Entry for resolved error macro confusion. 
Submitted by:
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR:
 1999-05-01 20:16:35 +00:00
Bodo Möller
b3ca645f47 New function SSL_CTX_use_certificate_chain_file. 
Submitted by:
Reviewed by:
PR:
 1999-05-01 17:43:52 +00:00
Bodo Möller
7f89714e64 Support verify_depth from the SSL API without need for user-defined 
callbacks.

Submitted by:
Reviewed by:
PR:
 1999-05-01 03:20:40 +00:00
Bodo Möller
dd1462fd18 Broken line that was too long. 
Submitted by:
Reviewed by:
PR:
 1999-05-01 00:07:42 +00:00
Bodo Möller
4eb77b2679 New function SSL_CTX_set_session_id_context. 
Submitted by:
Reviewed by:
PR:
 1999-04-30 17:15:56 +00:00
Ulf Möller
c66527497c OAEP bug fix. 1999-04-29 21:56:13 +00:00
Bodo Möller
e5f3045fbf Support INSTALL_PREFIX for packagers. 
Submitted by:
Reviewed by:
PR:
 1999-04-29 21:52:08 +00:00
Bodo Möller
87bc2c00f8 Submitted by: 
Reviewed by:
PR:
 1999-04-29 16:10:41 +00:00
Bodo Möller
6e6acfd4b9 Use util/mklink.pl instead of util/mklink.sh. 
Submitted by:
Reviewed by:
PR:
 1999-04-28 22:33:54 +00:00
Bodo Möller
ddeee82c63 Install various scripts to $(OPENSSLDIR)/misc instead of $(INSTALLTOP)/bin. 
Submitted by:
Reviewed by:
PR:
 1999-04-28 22:06:19 +00:00
Ulf Möller
0973910fbb Linux shared libraries. 1999-04-28 16:16:31 +00:00
Ulf Möller
f5d7a031a3 New Configure option no-<cipher> (rsa, idea, rc5, ...). 1999-04-27 01:14:46 +00:00
Dr. Stephen Henson
b64f825671 Add PKCS#12 documentation and new option in x509 to add certificate extensions. 1999-04-27 00:36:20 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Dr. Stephen Henson
47339f6179 Extensively changed the DEF file generator mkdef.pl to use a modified version 
of Ulf's prototype parser, also general tidying and fixing of several problems
with the original. Its still a bit of a hack but should work.

This is the last bit of the old code that uses the K&R prototypes: after some
testing they can finally go away...
 1999-04-26 00:23:10 +00:00
Ulf Möller
9c4711c73a *** empty log message *** 1999-04-24 23:39:52 +00:00
Ulf Möller
b0b7b1c5ae New Configure option --openssldir to replace ssldir.pl. 1999-04-24 23:01:36 +00:00
Dr. Stephen Henson
6e781e8e07 Delete the unnecessary ERR and ERRC lines in makefiles, add some functionality 
to error code script: it can now find untranslatable function codes (usually
because the function is static and not defined in a header: occasionally because
of a typo...) and unreferenced function and reason codes. To see this try:
perl util/mkerr.pl -recurse -debug
Also fixed some typos in crypto/pkcs12 that this found :-)
Also tidy up some error calls that had to be all on one line: the old error
script couldn't find codes unless the call was all on one line.
 1999-04-24 13:28:57 +00:00
Dr. Stephen Henson
6d31193858 Complete rewrite of the error code generation script. It now runs as a single 
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
 1999-04-24 00:15:18 +00:00
Bodo Möller
018b4ee9bb Submitted by: 
Reviewed by:
PR:
 1999-04-23 22:38:22 +00:00
Bodo Möller
92df96077e Submitted by: 
Reviewed by:
PR:
 1999-04-23 22:20:21 +00:00
Bodo Möller
85f48f7e93 Don't return 0 from ssl2_read when a packet with empty payload is received. 
Submitted by:
Reviewed by:
PR:
 1999-04-22 14:28:38 +00:00
Bodo Möller
90b8bbb8da Submitted by: 
Reviewed by:
PR:
 1999-04-22 13:38:03 +00:00
Dr. Stephen Henson
4cd401e401 Oops! Fixup CHANGES. 1999-04-21 17:46:23 +00:00
Dr. Stephen Henson
d943e37241 Suppport for CRL distribution points extension. Also document some of 
this stuff.
 1999-04-21 17:44:45 +00:00
Ulf Möller
8e10f2b3ac Move all autogenerated header file parts to crypto/opensslconf.h. 1999-04-21 17:31:05 +00:00
Ben Laurie
4997138a06 Fix DES export ciphersuites. 1999-04-21 13:24:58 +00:00
Ulf Möller
95dc05bc6d Fix lots of warnings. 
Submitted by: Richard Levitte <levitte@stacken.kth.se>
 1999-04-20 22:50:42 +00:00
Ulf Möller
8fb04b9803 Problems with 64-bit long. 
Pointed out by Andy Polyakov <appro@fy.chalmers.se>.
 1999-04-20 16:23:03 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Dr. Stephen Henson
3edd7ed15d Finish off support for Certificate Policies extension. 1999-04-19 17:55:11 +00:00
Ulf Möller
df82f5c85c Fix typos in error codes. 1999-04-19 14:45:02 +00:00
Ulf Möller
22a4f969b9 Defunct assembler files removed; various cleanups. 
New Ultrix and Alpha entries submitted by Bernhard Simon
<simon@zid.tuwien.ac.at>.
 1999-04-19 13:54:11 +00:00
Ulf Möller
5e85b6abaf SPARC v8 assembler BIGNUM code. 
Submitted by: Andy Polyakov <appro@fy.chalmers.se>
 1999-04-19 13:41:45 +00:00
Dr. Stephen Henson
41b731f2f8 Initial support for Certificate Policies extension: print out works but setting 
isn't fully implemented (yet).
 1999-04-18 23:21:03 +00:00
Dr. Stephen Henson
c83e523d7f Allow asn1parse to print out VISIBLESTRING and some code needed for certificate 
policies extension.
 1999-04-17 23:55:39 +00:00
Ben Laurie
e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Dr. Stephen Henson
d77b3054cd Add support for VISIBLESTRING and UTF8String 1999-04-17 15:53:32 +00:00
Dr. Stephen Henson
1d48dd0019 Add initial support for r2i RAW extensions which can access the config database 
add various X509V3_CTX helper functions and support for LHASH as the config
database.
 1999-04-16 23:57:04 +00:00
Dr. Stephen Henson
953937bdc6 Fix a horrible BN bug in bn_expand2 which caused BN_add_word() et al to fail 
when they cause the destination to expand.

To see how evil this is try this:

#include <pem.h>
main()
{
	BIGNUM *bn = NULL;
        int i;
	bn = BN_new();
	BN_hex2bn(&bn, "FFFFFFFF");
	BN_add_word(bn, 1);
	printf("Value %s\n", BN_bn2hex(bn));
}

This would typically fail before the patch.

It also screws up if you comment out the BN_hex2bn line above or in any
situation where BN_add_word() causes the number of BN_ULONGs in the result
to change (try doubling the number of FFs).
 1999-04-15 23:07:00 +00:00
Dr. Stephen Henson
28a98809d1 Add some utilities to support SXNet extension also add support in DEF files 
generator to typesafe stacks.
 1999-04-14 23:44:41 +00:00
Ben Laurie
8f7de4f04c Typo. 1999-04-14 11:13:47 +00:00
Dr. Stephen Henson
0490a86d01 Delete all the old X509V3 pack and unpack stuff and various structures and 
files associated with them. This stuff is all obsoleted by the new X509V3 code.
 1999-04-13 23:56:39 +00:00
Ulf Möller
5fbe91d86b New Configure option "rsaref". 1999-04-13 00:58:49 +00:00
Bodo Möller
5fd4e2b16b Don#t auto-generate crypto/pem/pem.h -- a fixed file is fine for it. 
Submitted by:
Reviewed by:
PR:
 1999-04-12 19:58:17 +00:00
Ben Laurie
f73e07cf42 Add type-safe STACKs and SETs. 1999-04-12 17:23:57 +00:00
Ralf S. Engelschall
f9a2593163 Add `openssl ca -revoke <certfile>' facility which revokes a certificate 
specified in <certfile> by updating the entry in the index.txt file.
This way one no longer has to edit the index.txt file manually for
revoking a certificate. The -revoke option does the gory details now.

Submitted by: Massimiliano Pala <madwolf@openca.org>
Cleaned up and integrated by: Ralf S. Engelschall
 1999-04-12 11:45:14 +00:00
Ralf S. Engelschall
2f0cd19533 Fix openssl crl -noout -text' combination where -noout' killed the `-text' 
option at all and this way the `-noout -text' combination was inconsistent in
`openssl crl' with the friends in `openssl x509|rsa|dsa'.
 1999-04-12 10:36:16 +00:00
Ralf S. Engelschall
268c2102e3 Make sure a corresponding plain text error message exists for the 
X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
verify callback function determined that a certificate was revoked.
 1999-04-12 09:59:05 +00:00
Bodo Möller
fc8ee06b4d Submitted by: 
Reviewed by:
PR:
 1999-04-11 02:49:35 +00:00
Bodo Möller
c7ac31e26e Bugfix: s_client occasionally would sleep in select() when it should 
have checked SSL_pending() first.
Submitted by:
Reviewed by:
PR:
 1999-04-09 20:54:25 +00:00
Ulf Möller
9d892e2855 recent changes. 1999-04-09 17:04:32 +00:00
Dr. Stephen Henson
d2e26dccd1 Add PKCS#5 v2.0 ASN1 structures. 1999-04-08 23:55:42 +00:00
Ulf Möller
99aab1619f New Makefile variables $(RANLIB) and $(PERL). 1999-04-01 12:34:33 +00:00
Ulf Möller
2613c1fa2f New option to generate 80386 code. 1999-03-31 12:38:27 +00:00
Bodo Möller
6d02d8e444 New option "-showcerts" for s_client 
Slight cleanup in ssl/
 1999-03-31 12:06:30 +00:00
Dr. Stephen Henson
ee0508d411 Include pkcs12 program as part of openssl. This completes most of the PKCS#12 
integration.
 1999-03-29 17:50:26 +00:00
Dr. Stephen Henson
8d8c7266d4 Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add 
them to the build environment.
 1999-03-28 23:17:34 +00:00
Dr. Stephen Henson
cfcefcbe2a Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-28 17:46:10 +00:00
Dr. Stephen Henson
4b518c2601 This is the beginning of PKCS#12 integration. This just adds the PKCS#12 
objects to objects.h

NOTE: during this integration it will not be possible to compile my PKCS#12
program against OpenSSL because there will be conflicts between the external
functionality and that being added to the core code.
 1999-03-28 01:00:56 +00:00
Dr. Stephen Henson
785cdf2048 Add initial support for Thawte strong extranet certificate extensions and 
include an 'indent' option to V3 stuff.
 1999-03-27 14:06:25 +00:00
Ben Laurie
ba423adddd Linux PPC support. 1999-03-27 13:03:37 +00:00
Ben Laurie
67da3df72e Fix Alpha assembler, remove redundant file. 1999-03-27 12:53:21 +00:00
Ralf S. Engelschall
0e9fc7115b Make sure the RSA OAEP test is skipped under -DRSAref because 
OAEP isn't supported when OpenSSL is built with RSAref.

Submitted by: Ulf Moeller <ulf@fitug.de>
Reviewed by: Ralf S. Engelschall
 1999-03-25 07:49:33 +00:00
Ralf S. Engelschall
1b276f3012 Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h 
so they no longer are missing under -DNOPROTO.

Submitted by: Soren S. Jorvang <soren@t.dk>
Reviewed by: Ralf S. Engelschall
 1999-03-24 10:24:35 +00:00
Ralf S. Engelschall
72e442a3a6 function names recently changed - consistency. 1999-03-22 15:50:34 +00:00