Geoff Thorpe
5148710994
Adds warnings about two curves and fixes the "seed" value for two other
...
curves.
Submitted by: Nils Larsch
2004-03-25 03:03:52 +00:00
Richard Levitte
d342ec3335
o_str.h isn't a public header file, so make sure it will still be
...
included.
2004-03-24 09:43:03 +00:00
Richard Levitte
875a644a90
Constify d2i, s2i, c2i and r2i functions and other associated
...
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Dr. Stephen Henson
3f39976da3
Call autoconfig code in pkcs7 utility.
2004-03-05 23:46:29 +00:00
Geoff Thorpe
6c43032121
minor signed/unsigned warning fixes
2004-02-10 18:46:10 +00:00
Dr. Stephen Henson
37ead9be0b
Fix handling of -offset and -length in asn1parse tool.
...
If -offset exceeds -length of data available exit with an error.
Don't read past end of total data available when -offset supplied.
If -length exceeds total available truncate it.
2004-02-08 13:30:04 +00:00
Andy Polyakov
3a160f1dc6
Fix declaration inconsistency in ecparam.c.
2004-01-24 16:51:59 +00:00
Lutz Jänicke
cdb42bcf0c
Cover all DSA setups when running tests
...
PR: #748
Submitted by: Kirill Kochetkov <kochet@ixbt.com>
2004-01-08 07:46:37 +00:00
Richard Levitte
79b42e7654
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d
Use BUF_strlcpy() instead of strcpy().
...
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Richard Levitte
03ddbdd9b9
Move another common functionality (reproduced so far with cut'n'paste)
...
to apps.c, and give it the hopefully descriptive name parse_yesno().
2003-11-28 14:45:09 +00:00
Richard Levitte
d45a098472
Forgot to change the declaration of do_subject() to one of parse_name()...
2003-11-28 14:18:05 +00:00
Richard Levitte
6d5ffb591b
Move do_subject() to apps.c and rename it to parse_name(). The
...
rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.
2003-11-28 14:07:14 +00:00
Richard Levitte
7ce9e425bc
Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option
...
to 'openssl req' and 'openssl ca'.
PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte
(there will be some follow-up changes)
2003-11-28 14:04:09 +00:00
Richard Levitte
4d8743f490
Netware-specific changes,
...
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
2003-11-28 13:10:58 +00:00
Dr. Stephen Henson
a8287a90ea
Give CRLDP its standard name.
...
Max req -x509 use V1 if extensions section absent.
2003-11-20 22:45:06 +00:00
Lutz Jänicke
95de3d204f
Make sure to initialize AES counters to obtain proper results.
...
Submitted by: Kirill Kochetkov <kochet@ixbt.com>
PR: #748
2003-11-18 18:27:12 +00:00
Lutz Jänicke
f35232e6f3
Catch error condition to prevent NULL pointer dereference.
...
Submitted by: Goetz Babin-Ebell <babin-ebell@trustcenter.de>
PR: #766
2003-11-16 16:30:39 +00:00
Geoff Thorpe
d8ec0dcf45
Avoid some shadowed variable names.
...
Submitted by: Nils Larsch
2003-11-04 00:51:32 +00:00
Richard Levitte
cfd06a6223
Let exit codes propagate from within for loops.
2003-10-31 06:58:24 +00:00
Geoff Thorpe
bc3c578208
Copy-n-paste bug (don't mix variable declarations and code). This sets the
...
callback structure just before it is needed.
2003-10-29 22:30:45 +00:00
Geoff Thorpe
2754597013
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
...
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Geoff Thorpe
0991f07034
For whatever reason (compiler or header bugs), at least one commonly-used
...
linux system (namely mine) chokes on our definitions and uses of the "HZ"
symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast"
(when in fact there is no function casting involved at all). In both cases,
it is easily worked around by not defining a cast into the macro and
jiggling the expressions slightly.
In addition - this highlights some cruft in openssl that needs sorting out.
The tmdiff.h header is exported as part of the openssl API despite the fact
that it is ugly as the driven sludge and not used anywhere in the library,
applications, or utilities. More weird still, almost identical code exists
in apps/speed.c though it looks to be slightly tweaked - so either tmdiff
should be updated and used by speed.c, or it should be dumped because it's
obviously not useful enough.
Rather than removing it for now, I've changed the API for tmdiff to at
least make sense. This involves taking the object type (MS_TM) from the
implementation and using it in the header rather than using "char *" in the
API and casting mercilessly in the code (ugh). If someone doesn't like
"MS_TM" and the "ms_time_***" naming, by all means change it. This should
be a harmless improvement, because the existing API is clearly not very
useful (eg. we reimplement it rather than using it in our own utils).
However, someone still needs to take a hack at consolidating speed.c and
tmdiff.[ch] somehow.
2003-10-29 04:40:13 +00:00
Geoff Thorpe
2aaec9cced
Update any code that was using deprecated functions so that everything builds
...
and links with OPENSSL_NO_DEPRECATED defined.
2003-10-29 04:14:08 +00:00
Dr. Stephen Henson
a08ced78c8
Avoid warnings: add missing prototype, don't shadow.
2003-10-10 23:07:24 +00:00
Richard Levitte
f44e184ec6
s_client should inform the user of any compression/expansion methods used.
2003-10-06 12:19:38 +00:00
Richard Levitte
3d7c4a5a6d
Selected changes for MSDOS, contributed by Gisle Vanem <giva@bgnett.no>.
...
PR: 669
2003-09-27 21:56:08 +00:00
Richard Levitte
253e893c2b
Include the instance in the Kerberos ticket information.
...
In s_server, print the received Kerberos information.
PR: 693
2003-09-27 17:55:13 +00:00
Dr. Stephen Henson
dfe399e7d9
Add -passin support to rsautl
2003-09-21 02:20:02 +00:00
Dr. Stephen Henson
7068c8b1a6
In order to get the expected self signed error when
...
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
2003-09-21 02:18:15 +00:00
Richard Levitte
e6fa67fa93
Generalise the definition of strcasecmp() and strncasecmp() for
...
platforms that don't (necessarely) have it. In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).
2003-09-09 14:48:36 +00:00
Dr. Stephen Henson
560dfd2a02
New -ignore_err option in ocsp application to stop the server
...
exiting on the first error in a request.
2003-09-03 23:56:01 +00:00
Bodo Möller
563c05e2dc
fix out-of-bounds check in lock_dbg_cb (was too lose to detect all
...
invalid cases)
PR: 674
2003-08-14 10:33:56 +00:00
Bodo Möller
968766cad8
updates for draft-ietf-tls-ecc-03.txt
...
Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller
2003-07-22 12:34:21 +00:00
Richard Levitte
94805c84d1
Add -issuer_hash and make -subject_hash the default way to get the
...
subject hash, with -hash a synonym kept around for backward
compatibility reasons.
PR: 650
2003-07-03 20:45:09 +00:00
Bodo Möller
0fbffe7a71
implement PKCS #8 / SEC1 private key format for ECC
...
Submitted by: Nils Larsch
2003-06-25 21:35:05 +00:00
Richard Levitte
fd4ef69913
Implement CRL numbers.
...
Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com>
PR: 644
2003-06-19 17:40:16 +00:00
Richard Levitte
fadd2246a0
Avoid warnings saying that the format takes a void*.
2003-06-11 22:26:02 +00:00
Dr. Stephen Henson
beab098d53
Various S/MIME bug and compatibility fixes.
2003-06-01 20:51:58 +00:00
Lutz Jänicke
4f17dfcd75
Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before)
...
Submitted by: dg@sunet.ru (Daniel Ginsburg)
PR: #613
2003-05-28 20:24:57 +00:00
Richard Levitte
d1465bac90
make update
2003-05-01 04:10:32 +00:00
Richard Levitte
4c771796d5
Convert save_serial() to work like save_index(), and add a
...
rotate_serial() that works like rotate_index().
2003-04-04 15:10:35 +00:00
Richard Levitte
d6df2b281f
Add documentation on the added functionality in 'openssl ca'.
2003-04-04 14:39:44 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
83b23ed967
One more debug line to conditionalise.
2003-04-03 23:01:20 +00:00
Richard Levitte
16b1b03543
Implement self-signing in 'openssl ca'. This makes it easier to have
...
the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.
2003-04-03 22:33:59 +00:00
Richard Levitte
db598fbce2
Don't try to free NULL values...
2003-04-03 20:03:23 +00:00
Richard Levitte
0998cfaadd
Remove unused variable.
2003-04-03 19:07:27 +00:00
Richard Levitte
c4448f60d6
Reset the version number of the issuer certificate? I believe this
...
hasn't been tested in a long while...
2003-04-03 18:50:15 +00:00
Richard Levitte
63b6fe2bf6
Conditionalise all debug strings.
2003-04-03 18:07:39 +00:00
Richard Levitte
f85b68cd49
Make it possible to have multiple active certificates with the same
...
subject.
2003-04-03 16:33:03 +00:00
Richard Levitte
d678cc07ed
No need to test -setalias twice.
...
PR: 556
2003-03-31 13:56:52 +00:00
Richard Levitte
03eeb07152
Add usage string for -fingerprint.
...
PR: 560
2003-03-31 13:06:24 +00:00
Dr. Stephen Henson
1a15c89988
Multi valued AVA support.
2003-03-30 01:51:16 +00:00
Dr. Stephen Henson
e5b0508a14
Update ocsp usage message and docs.
2003-03-26 00:46:47 +00:00
Richard Levitte
48f1fa7482
Make sure that all the library paths are modified in prepend mode, not
...
replace mode.
PR: 528
2003-03-20 11:37:47 +00:00
Dr. Stephen Henson
12d4e7b8c8
Fix PEDANTIC stuff...
2003-03-13 21:28:03 +00:00
Dr. Stephen Henson
767712fa62
Avoid warnings for no-engine and PEDANTIC
2003-03-12 02:38:57 +00:00
Bodo Möller
176f31ddec
- new ECDH_compute_key interface (KDF is no longer a fixed built-in)
...
- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary
2003-02-28 15:37:10 +00:00
Dr. Stephen Henson
e9ec63961b
Fix indefinite length encoding so EOC correctly updates
...
the buffer pointer.
Rename PKCS7_PARTSIGN to PKCS7_STREAM.
Guess what that's for :-)
2003-02-25 19:03:31 +00:00
Ulf Möller
66ecdf3bfb
more mingw related cleanups.
2003-02-22 18:00:14 +00:00
Richard Levitte
132eaa59da
Allow building applications against static libraries with Makefile.shared.
2003-02-22 14:41:34 +00:00
Dr. Stephen Henson
27068df7e0
Single pass processing to cleartext S/MIME signing.
2003-02-15 00:50:55 +00:00
Richard Levitte
c1269c81fd
Handle krb5 libraries separately and make sure only libssl.so depends
...
on it.
2003-02-14 13:12:00 +00:00
Richard Levitte
e270cf9c5e
Pay attention to disabled SSL versions.
...
PR: 500
2003-02-14 05:24:22 +00:00
Richard Levitte
85d686e723
Make it possible to disable OCSP, the speed application, and the use of sockets.
...
PR: 358
2003-02-14 01:02:58 +00:00
Richard Levitte
2d3de726c5
Add full support for -rpath/-R, both in shared libraries and
...
applications, at least on the platforms where it's known how
to do it.
Note: this has only been tested on GNU-based platforms (Linux), and
needs to be tested on all others. Additionally, it's not yet
supported on the following platforms, for lack of information:
Darwin (MacOS X)
Cygwin
OSF1/Alpha
SVR3
ReliantUNIX
Please help out with testing and the platforms we don't yet know well
enough.
2003-02-13 23:52:54 +00:00
Dr. Stephen Henson
33075f229e
Typo.
2003-02-10 17:52:10 +00:00
Bodo Möller
d42d2d1ab6
avoid coredump
...
Submitted by: Nils Larsch
2003-02-08 19:49:16 +00:00
Bodo Möller
37c660ff9b
implement fast point multiplication with precomputation
...
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2003-02-06 19:25:12 +00:00
Richard Levitte
0b13e9f055
Add the possibility to build without the ENGINE framework.
...
PR: 287
2003-01-30 17:39:26 +00:00
Geoff Thorpe
bb3e67f315
"openssl engine" will not display ENGINE/DSO load failure errors when
...
testing availability of engines with "-t" - the old behaviour of is
produced by increasing the feature's verbosity with "-tt".
2003-01-30 14:58:44 +00:00
Richard Levitte
4e78074b39
cert_sk isn't always allocated, so freeing it may cause a crash.
...
PR: 481
2003-01-30 10:27:43 +00:00
Dr. Stephen Henson
d3b5cb5343
Check return value of gmtime() and add error codes
...
where it fails in ASN1_TIME_set().
Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.
Clear error queue in req.c if *_min or *_max is absent.
2003-01-24 01:12:01 +00:00
Bodo Möller
d745af4b0c
avoid potential confusion about curves (prime192v1 and prime256v1 are
...
also known as secp192r1 and secp256r1, respectively)
Submitted by: Nils Larsch, Bodo Moeller
2003-01-16 16:05:23 +00:00
Richard Levitte
8cbb91c857
DJGPP doesn't have DLLs, so skip adding to %PATH% in that environment.
...
PR: 453
2003-01-13 15:16:40 +00:00
Dr. Stephen Henson
09ad2458b8
Typo.
2003-01-09 16:54:21 +00:00
Dr. Stephen Henson
5b7249f302
NULL tofree when it is freed to avoid double free.
...
Make sure key is not NULL before freeing it.
2003-01-09 13:06:49 +00:00
Dr. Stephen Henson
876e96fdbf
Fix leak.
2003-01-04 18:25:24 +00:00
Richard Levitte
5e42f9ab46
make update
2002-12-29 01:38:15 +00:00
Richard Levitte
e235000169
Spelling error.
...
This patch was taken from the OpenBSD copy of OpenSSL 0.9.7 beta3 with patches
2002-12-25 22:16:56 +00:00
Richard Levitte
821951b851
Avoid double definition of config.
...
PR: 420
2002-12-24 23:53:46 +00:00
Richard Levitte
cb661c56b0
Cygwin needs the library locatin for .DLLs to be set in PATH. Unfortunately,
...
the conditional was set to add the library directory to PATH when the
platform is NOT Cygwin. Corrected.
PR: 404
2002-12-24 10:50:11 +00:00
Richard Levitte
49e42a1f60
There was a mixup between INSTALLTOP and OPENSSLDIR...
2002-12-20 07:51:03 +00:00
Richard Levitte
9cd16b1dea
We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies,
...
and then didn't support it very well. And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
2002-12-19 22:10:12 +00:00
Richard Levitte
0b900a5e93
I have no idea what possesed me to compile s_socket.c as POSIXly code.
...
Incidently, it now compiles so much better without _POSIX_C_SOURCE.
2002-12-19 19:42:53 +00:00
Richard Levitte
30c08f2e3d
Update the make system for installations:
...
- define a HERE variable to indicate where the source tree is (used
very little right now)
- make more use of copying and making attribute changes to {file}.new,
and then move it to {file}
- use 'mv -f' to avoid all those questions to the user when the file
in question doesn't have write attributes for that user.
2002-12-15 05:59:13 +00:00
Geoff Thorpe
f92570f00a
This stops a compiler warning from -Wmissing-prototypes.
...
(Noticed by Nils Larsch)
2002-12-11 03:34:26 +00:00
Geoff Thorpe
e189872486
Nils Larsch submitted;
...
- a patch to fix a memory leak in rsa_gen.c
- a note about compiler warnings with unions
- a note about improving structure element names
This applies his patch and implements a solution to the notes.
2002-12-08 16:45:26 +00:00
Geoff Thorpe
5daec7ea0e
Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are
...
being built with it defined - it is not a symbol to affect how openssl
itself builds, but to alter the way openssl headers can be used from an API
point of view. The "deprecated" function wrappers will always remain inside
OpenSSL at least as long as they're still being used internally. :-)
The exception is dsaparam which has been updated to the BN_GENCB-based
functions to test the new functionality. If GENCB_TEST is defined, dsaparam
will support a "-timebomb <n>" switch to cancel parameter-generation if it
gets as far as 'n' seconds without completion.
2002-12-08 05:38:44 +00:00
Richard Levitte
fa63a98ad8
Apparently, bash is more forgiving than sh. To be backward
...
compatible, don't use ==, use = instead...
2002-12-06 08:43:41 +00:00
Richard Levitte
f68bb3c51f
Corrected DJGPP patch
2002-12-05 20:50:25 +00:00
Richard Levitte
1c3e4a3660
EXIT() may mean return(). That's confusing, so let's have it really mean
...
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
2002-12-03 16:33:03 +00:00
Richard Levitte
4579924b7e
Cleanse memory using the new OPENSSL_cleanse() function.
...
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
19aa370573
Disable this module if OPENSSL_NO_SOCK is defined.
2002-11-22 08:45:20 +00:00
Richard Levitte
450cee5c3a
Make sure sysconf exists (it doesn't in the VMS C RTL lesser than version 7).
2002-11-18 23:05:39 +00:00
Bodo Möller
055076cd4f
allocate bio_err before memory debugging is enabled to avoid memory leaks
...
(we can't release it before the CRYPTO_mem_leaks() call!)
Submitted by: Nils Larsch
2002-11-18 13:37:40 +00:00
Richard Levitte
0bf23d9b20
WinCE patches
2002-11-15 22:37:18 +00:00
Richard Levitte
6f17f16fd5
Changes to make shared library building and use work better with Cygwin
2002-11-15 16:48:38 +00:00
Richard Levitte
c863201780
Remove warnings.
2002-11-14 15:57:38 +00:00
Richard Levitte
8d6e60486f
Fix to build better with DJGPP.
...
PR: 338
Here's the description, submitted by Gisle Vanem <giva@bgnett.no>:
1. sock_init() renamed to ssl_sock_init() in ./apps/s_socket.c due
to name-clash with Watt-32.
2. rand() renamed to Rand() in ./crypto/bn/divtest.c due to name-clash
with <stdlib.h>
3. Added calls to dbug_init()/sock_init() in some demo programs.
4. Changed cflags/lflags in configure. Watt-32 install root now taken
from $WATT_ROOT.
2002-11-14 11:22:01 +00:00
Richard Levitte
c112323dd5
This didn't get to the 0.9.8-dev thread...
2002-11-13 18:09:27 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Dr. Stephen Henson
9ea1b87862
Initial ASN1 generation code. This can construct
...
arbitrary encodings from strings and config files.
Documentation to follow...
2002-11-12 13:34:51 +00:00
Richard Levitte
06b7c8d5ba
Variables on the stack must be initialized or we can't depend on any
...
initial value. For errline/errorline, we did depend on that, erroneously
2002-11-11 21:34:21 +00:00
Richard Levitte
6722b62b36
Make the programs link against the static library on MacOS X.
...
PR: 335
2002-11-11 20:46:52 +00:00
Richard Levitte
3782350c14
-CAserial does take a filename argument.
...
PR: 332
2002-11-08 21:53:54 +00:00
Richard Levitte
ddff68bee7
Windows doesn't know sys/file.h
2002-11-07 21:40:06 +00:00
Richard Levitte
b6d0defb98
Remove all referenses to RSAref, since that's been gone for more than
...
a year.
2002-10-31 16:46:52 +00:00
Bodo Möller
259cdf2af9
Sun has agreed to removing the covenant language from most files.
...
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
2002-10-29 10:59:32 +00:00
Bodo Möller
5c6bf03117
fast reduction for NIST curves
...
Submitted by: Nils Larsch
2002-10-28 13:23:24 +00:00
Richard Levitte
d652a0957f
Make sure toupper() is declared
2002-10-25 09:51:45 +00:00
Richard Levitte
d610d27f30
On certain platforms, we redefine certain symbols using macros in
...
apps.h. For those, it's better to include apps.h after the system
headers where those symbols may be defined, since there's otherwise a
chance that the C compiler will barf when it sees something that looks
like this after expansion:
int VMS_strcasecmp((str1),(str2))(const char *, const char *);
2002-10-24 10:03:55 +00:00
Richard Levitte
96b35c9e26
Signal an error if the entered output password didn't match itself.
...
PR: 314
2002-10-23 15:07:09 +00:00
Bodo Möller
907a8f1e6e
fix warnings, and harmonize indentation
2002-10-23 13:11:38 +00:00
Richard Levitte
677532629d
makedepend complains when a header file is included more than once in
...
the same source file.
2002-10-14 10:02:36 +00:00
Richard Levitte
2245cd87d4
BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the
...
requirement that the serial number always be an even amount of characters.
PR: 248
2002-10-11 09:38:56 +00:00
Richard Levitte
ca80756c70
VMS below version 7 doesn't have strcasecmp, so let's roll our own on VMS.
...
PR: 184
2002-10-10 09:05:05 +00:00
Richard Levitte
0e2cc42cfb
Make sure that the 'config' variable is correctly defined and declared
...
for monolithic as well as non-monolithic biuld.
More work is probably needed in this area.
PR: 144
2002-10-09 15:36:23 +00:00
Richard Levitte
1e5c205ccb
Remove redundancy and use the main makefile better
2002-10-09 15:12:36 +00:00
Richard Levitte
001ab3abad
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Richard Levitte
d7b2342a6a
Add missing LF
2002-10-09 06:35:47 +00:00
Dr. Stephen Henson
9a48b07ee4
Various enhancements to PKCS#12 code, new
...
medium level API, improved PKCS12_create
and additional functionality in pkcs12
utility.
2002-10-03 23:53:52 +00:00
Richard Levitte
5d9470ff8e
-elapsed is also useful when using gettimeofday
2002-09-25 12:41:59 +00:00
Bodo Möller
9226e2187c
Let 'openssl req' fail if an argument to '-newkey' is not
...
recognized instead of using RSA as a default.
2002-09-10 07:34:45 +00:00
Bodo Möller
65b1d31df5
change API for looking at the internal curve list
...
Submitted by: Nils Larsch
2002-09-02 07:08:33 +00:00
Bodo Möller
e2aeb8174b
change 'usage' formatting
2002-08-27 10:38:09 +00:00
Bodo Möller
c96f0fd2d1
fix spacing
2002-08-26 14:50:52 +00:00
Bodo Möller
ad55f581f9
fix offsets
...
Submitted by: Nils Larsch
2002-08-26 11:25:14 +00:00
Bodo Möller
d4a8f90cab
ecdsa => ec
...
Submitted by: Nils Larsch
2002-08-26 11:20:50 +00:00
Dr. Stephen Henson
fc85ac20c7
Make -nameopt work in req and add support for -reqopt
2002-08-22 23:43:48 +00:00
Dr. Stephen Henson
9a2601033d
Fix crahses and leaks in pkcs12 utility -chain option
2002-08-22 21:54:51 +00:00
Bodo Möller
428112ef10
typo
...
Submitted by: Nils Larsch
2002-08-16 11:19:59 +00:00
Bodo Möller
64376cd8ff
'EC' vs. 'ECDSA'
...
Submitted by: Nils Larsch
2002-08-16 11:19:07 +00:00
Bodo Möller
0fd05a2f0f
fix warnings (CHARSET_EBCDIC)
...
Submitted by: Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
2002-08-15 14:52:54 +00:00
Bodo Möller
7eb18f1237
Simplify handling of named curves: get rid of EC_GROUP_new_by_name(),
...
EC_GROUP_new_by_nid() should be enough. This avoids a lot of
redundancy.
Submitted by: Nils Larsch
2002-08-15 09:21:31 +00:00
Richard Levitte
265e892fed
Sometimes, the value of the variable containing the compiler call can
...
become rather large. This becomes a problem when the default 1024
character large buffer that WRITE uses isn't enough. WRITE/SYMBOL
uses a 2048 byte large buffer instead.
2002-08-15 08:28:38 +00:00
Richard Levitte
bf625abe29
The applications 'ecdsa' and 'ecparam' were missing from the VMS
...
build.
2002-08-14 11:16:20 +00:00
Bodo Möller
f17ef241d1
fix previous commit (there's no SSLEAY_VERSION_TEXT)
2002-08-12 11:21:02 +00:00
Bodo Möller
5488bb6197
get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
...
Submitted by: Nils Larsch
2002-08-12 08:47:41 +00:00
Richard Levitte
4fde69b066
In case of shared libraries, we might run one version of the
...
application with a different version of the library. Detect if there
is a difference of versions, and print both versions in that case.
This might prove to be a good enough debugging tool in case of doubt.
2002-08-11 21:48:44 +00:00
Bodo Möller
74cc4903ef
make update
2002-08-09 12:16:15 +00:00
Bodo Möller
41fdcfa71e
fix warnings
2002-08-09 11:58:28 +00:00
Bodo Möller
ea26226046
ECC ciphersuite support
...
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
2002-08-09 08:56:08 +00:00
Bodo Möller
e172d60ddb
Add ECDH support.
...
Additional changes:
- use EC_GROUP_get_degree() in apps/req.c
- add ECDSA and ECDH to apps/speed.c
- adds support for EC curves over binary fields to ECDSA
- new function EC_KEY_up_ref() in crypto/ec/ec_key.c
- reorganize crypto/ecdsa/ecdsatest.c
- add engine support for ECDH
- fix a few bugs in ECDSA engine support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
2002-08-09 08:43:04 +00:00
Bodo Möller
14a7cfb32a
use a generic EC_KEY structure (EC keys are not ECDSA specific)
...
Submitted by: Nils Larsch
2002-08-07 10:49:54 +00:00
Bodo Möller
714df32e33
extend curve list (additional curves over binary fields)
...
Submitted by: Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)
2002-08-02 13:06:17 +00:00
Richard Levitte
456bc309d8
make update
2002-08-01 19:45:54 +00:00
Richard Levitte
da9b972466
Make it possible to load keys from stdin, and restore that
...
functionality in the programs that had that before.
Part fo PR 164
2002-08-01 16:28:40 +00:00
Richard Levitte
5575f781ad
Cut'n'paste error with other reposnder certificates cleared.
...
PR: 190
2002-08-01 13:39:39 +00:00
Richard Levitte
87e8feca95
If the email address is moved from the subject to the subject alternate name,
...
the subject in the certificate would differ from the subject in the index file,
which has quite bad concequences.
PR: 180
2002-07-31 14:05:57 +00:00
Lutz Jänicke
3aecef7697
"make update"
2002-07-30 12:44:33 +00:00
Lutz Jänicke
77c46bbf29
Only use DSA-functions if available.
...
Submitted by: "Hellan,Kim KHE" <KHE@kmd.dk>
Reviewed by:
PR: 167
2002-07-29 13:31:44 +00:00
Bodo Möller
eefa6e4e2b
harmonize options with those for 'ecparam',
...
remove redudant option '-pub'
Submitted by: Nils Larsch
2002-07-23 09:51:57 +00:00
Richard Levitte
402bcde847
Allow subjects with more than 255 characters to be properly printed.
...
PR: 147
2002-07-18 17:59:21 +00:00
Bodo Möller
7e6617611f
Fix bug introduced with revision 1.95 when this filed was modified to
...
use the new X509_CRL_set_issuer_name() function:
The CRL issuer should be X509_get_subject_name(x509), not
X509_get_issuer_name(x509).
Submitted by: Juergen Lesny <lesnyj@informatik.tu-muenchen.de>
typo
2002-07-18 11:23:50 +00:00
Richard Levitte
ca6dde5d3d
Reverse the change with the following log, it needs further investigation:
...
Make S/MIME output conform with the mail and MIME standards.
PR: 151
2002-07-18 10:39:20 +00:00
Richard Levitte
8e6cbcd7c0
Make S/MIME output conform with the mail and MIME standards.
...
PR: 151
2002-07-18 08:47:33 +00:00
Richard Levitte
9335a5f7c0
Unixware doesn't have strings.h, so we need to declare strcasecmp()
...
differently.
Unixware 2 needs to link with libresolv.
PR: 148
2002-07-18 07:47:30 +00:00
Richard Levitte
f5db08e57a
On MacOS X, the shared library editor uses DYLD_LIBRARY_PATH
2002-07-17 11:09:44 +00:00
Richard Levitte
cead7f36da
Set up the engine before doing anything random-related, since engine randomness
...
is only used for seeding and doing it in the wrong order will mean seeding
is done before the engine randomness is hooked in.
Notified by Frederic DONNAT <frederic.donnat@zencod.com>
2002-07-16 06:52:03 +00:00
Bodo Möller
5dbd3efce7
Replace 'ecdsaparam' commandline utility by 'ecparam'
...
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Lutz Jänicke
7b63c0fa8c
Reorder inclusion of header files:
...
des_old.h redefines crypt:
#define crypt(b,s)\
DES_crypt((b),(s))
This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
2002-07-10 07:01:54 +00:00
Richard Levitte
17085b022c
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Richard Levitte
5585f4eca4
have 'openssl pkcs7' exit with code 1 on error instead of 0.
...
PR: 119
2002-06-27 10:26:40 +00:00
Lutz Jänicke
a947f2d2b6
<sys/select.h> is included for AIX, when USE_SOCKETS is defined.
...
Submitted by: Bernhard Simon <bs@bsws.zid.tuwien.ac.at>
Reviewed by:
PR:
2002-06-20 20:49:27 +00:00
Geoff Thorpe
407adb5b17
This apparently fixes compilation on OSX that was failing in 0.9.7 betas.
...
Submitted by: Pieter Bowman <bowman@math.utah.edu>
2002-06-20 18:22:51 +00:00
Lutz Jänicke
1c02ca537a
load_netscape_key is static.
2002-06-18 17:44:56 +00:00
Lutz Jänicke
40889b9cd3
Add missing prototypes.
...
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
PR: 89
2002-06-13 17:40:27 +00:00
Dr. Stephen Henson
99889b46c9
Fix ext_dat.h extension ordering.
...
Reinstate -reqout code.
Avoid coredump in ocsp if setup_verify
fails.
Fix typo in ocsp usage message.
2002-06-13 12:56:27 +00:00
Bodo Möller
254ef80db1
simplify asn1_flag
...
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2002-06-12 14:01:17 +00:00
Ben Laurie
d15711efc6
Handle read errors.
2002-06-11 12:41:37 +00:00
Bodo Möller
458c29175e
move ECC ASN1 that is not specific to ECDSA into crypto/ec/,
...
and make some appropriate changes to the EC library.
Submitted by: Nils Larsch
2002-06-10 12:18:21 +00:00
Lutz Jänicke
0f7b63c834
Make sure that settings are passed back and forth when walking around
...
in the tree during build.
Reinstall default PERL settings in Makefiles, as the real reason for the
failure was that the settings were not passed.
2002-06-06 10:16:59 +00:00
Lutz Jänicke
bb0db9c491
The correct PERL interpreter is passed via commandline.
2002-06-05 07:03:17 +00:00
Richard Levitte
a81e9d3dc4
CAformat should not be used for CA key format.
2002-05-30 16:24:18 +00:00
Richard Levitte
c56fb0f1a3
Remove the duplicate description of -out.
...
PR: 28
2002-05-30 06:24:35 +00:00
Richard Levitte
6298bf9073
There is a chance that the input string is larger than size, and on VMS,
...
this wasn't checked and could possibly be exploitable (slim chance, but still)
2002-05-29 08:31:39 +00:00
Richard Levitte
b935754cb0
Allow the use of the TCP/IP stack keyword TCPIP and NONE
2002-05-22 11:37:20 +00:00
Dr. Stephen Henson
eee6c81af8
Reorganise -subj option code, fix buffer overrun.
2002-05-19 16:31:10 +00:00
Richard Levitte
e9a182fa30
Generate an error if rewinding wasn't possible.
...
Notified by Ken Hirsch <kenhirsch@myself.com>.
PR: 23
2002-05-08 15:12:59 +00:00
Dr. Stephen Henson
253ef2187c
Add apps_startup and bio_err init code to smime.c
2002-05-01 20:07:46 +00:00
Lutz Jänicke
c0455cbb18
Fix escaping when using the -subj option of "openssl req", document
...
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
2002-04-30 12:08:18 +00:00
Richard Levitte
6991bf196c
Potential memory leak removed. Notified by <threaded@totalise.co.uk>
2002-04-25 10:11:21 +00:00
Bodo Möller
c6efe6f59e
fix usage (no 'key')
2002-04-23 13:56:14 +00:00
Bodo Möller
1064acafc4
check return values
...
Submitted by: Nils Larsch
2002-04-17 09:31:34 +00:00
Bodo Möller
6d498d478e
harmonize capitalization
2002-04-09 12:42:47 +00:00
Richard Levitte
a18894d159
make update (libeay.num has been edited to match 0.9.7-stable)
2002-04-06 19:16:12 +00:00
Richard Levitte
dfee50ecd9
Allow longer program names (VMS allows up to 39 characters).
...
Submitted by Compaq.
2002-04-06 19:00:50 +00:00
Richard Levitte
125cc35b59
Merge in DES changed from 0.9.7-stable.
2002-03-22 02:42:57 +00:00
Bodo Möller
af28dd6c75
Fix bugs and typos.
...
Add some WTLS curves.
New function EC_GROUP_check() (this will probably
be implemented differently soon).
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2002-03-18 13:10:45 +00:00
Dr. Stephen Henson
de941e289e
Initialize cipher context in KRB5
...
("D. Russell" <russelld@aol.net>)
Allow HMAC functions to use an alternative ENGINE.
2002-03-14 18:22:23 +00:00
Bodo Möller
690ecff795
Fixes for 'no-hw' combined with 'no-SOME_CIPHER'.
...
Fix dsaparam usage output.
Submitted by: Nils Larsch
2002-03-14 09:52:03 +00:00
Dr. Stephen Henson
26e1237380
Fix the Win32_rename() function so it correctly
...
returns an error code. Use the same code in Win9X
and NT.
Fix some ca.c options so they work under Win32:
unlink/rename wont work under Win32 unless the file
is closed.
2002-03-08 19:11:15 +00:00
Bodo Möller
4882171df5
EC curve stuff
...
Submitted by: Nils Larsch
2002-03-08 11:10:40 +00:00
Dr. Stephen Henson
0dc092334b
ENGINE module additions.
...
Add "init" command to control ENGINE
initialization.
Call ENGINE_finish on initialized ENGINEs on exit.
Reorder shutdown in apps.c: modules should be shut
down first.
Add test private key loader to openssl ENGINE: this
just loads a private key in PEM format.
Fix print format for dh length parameter.
2002-03-06 14:15:13 +00:00
Bodo Möller
36c194638e
add SECG OIDs
...
Submitted by: Nils Larsch
2002-03-06 13:47:32 +00:00
Bodo Möller
870694b3da
fix 'ecdsaparam -C'
2002-03-05 15:17:17 +00:00
Bodo Möller
87a4b4d1f4
fix printf call
2002-03-05 15:05:00 +00:00
Bodo Möller
2b3aeffbbd
fix 'ecdsaparam -C' output
...
Submitted by: Nils Larsch
2002-03-05 14:56:17 +00:00
Richard Levitte
26414ee013
Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated
2002-02-28 12:42:19 +00:00
Richard Levitte
0d7b9b8b7e
make update, after moving around symbols in libeay.num to match
...
0.9.7-stable.
2002-02-26 14:41:29 +00:00
Dr. Stephen Henson
31188ee1a8
Fix new -aes command argument handling
2002-02-26 13:46:55 +00:00
Dr. Stephen Henson
032c49b8b3
non-Monolith fixes.
...
Submitted by Andrew W. Gray <agray@iconsinc.com>
2002-02-22 21:21:18 +00:00
Dr. Stephen Henson
3647bee263
Config code updates.
...
CONF_modules_unload() now calls CONF_modules_finish()
automatically.
Default use of section openssl_conf moved to
CONF_modules_load()
Load config file in several openssl utilities.
Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.
In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 14:01:21 +00:00
Richard Levitte
b3dfaaa143
Add AES support in the applications that support -des and -des3.
2002-02-20 18:03:07 +00:00
Richard Levitte
cd64618674
gcc chokes on C++ comments in C code.
2002-02-16 11:57:25 +00:00
Richard Levitte
3e83e686ba
Add the configuration target VxWorks.
2002-02-14 15:37:38 +00:00
Bodo Möller
1dea1f4509
'-C' is still quite broken
2002-02-14 14:30:20 +00:00
Bodo Möller
44411db8e0
fix '-C'
2002-02-14 14:25:33 +00:00
Bodo Möller
23ac7a1407
fix memory leak
2002-02-14 14:21:49 +00:00
Bodo Möller
d8309efc72
EC_GROUP_get_group_by_name() is now called EC_GROUP_new_by_name()
2002-02-14 10:23:20 +00:00
Bodo Möller
4d94ae00d5
ECDSA support
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Richard Levitte
de2f6e4dae
'make update'
2002-02-05 17:34:58 +00:00
Lutz Jänicke
f701551f36
HP-UX 32bit:
...
* When linking against shared libraries, the absolute path is remembered.
- When linking against -L.., '..' is remembered inside the executable,
so it will fail after "make install" or when not called from inside the
"apps/" subdirectory of the build tree.
- When using the "+cdp" option of "ld", the ".." information can be
exchanged against $(INSTALL_TOP)/lib. In this case the executable
will however refuse to work before "make install" has been called.
This makes testing the 'openssl' executable a problem.
* Solution 1:
Relink the "openssl" executable, when "make install" is called.
This would however require significant changes to the toplevel Makefile
and the apps/ Makefile.
* Solution 2:
Statically link against libssl and libcrypto, so that the "openssl"
executable is no longer dependant on the openssl shared libraries.
Select option 2 for HP-UX 32bit, as this requires the smallest change.
2002-01-29 16:32:40 +00:00
Richard Levitte
1199e2d8cf
Apply patch from Toomas Kiisk <vix@cyber.ee> and complete it.
2002-01-29 12:36:01 +00:00
Richard Levitte
80bb905d3d
Apply the following changes by Toomas Kiisk <vix@cyber.ee>:
...
* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
and FORMAT_NETSCAPE-aware load_{,pub}key()
This completes the application of his changes.
2002-01-25 19:43:52 +00:00
Richard Levitte
404dcc5e8e
I must learn to compile before I commit...
2002-01-25 17:35:19 +00:00
Richard Levitte
17bcb8d465
Add -keyform. Document -engine.
2002-01-25 16:51:46 +00:00
Ben Laurie
45d87a1ffe
Prototype info function.
2002-01-12 15:56:13 +00:00
Richard Levitte
015fbde807
make update
2002-01-02 17:31:23 +00:00
Richard Levitte
ba1b888384
Implement speed measurement for AES.
...
Submitted by Stephen Sprunk <stephen@sprunk.org> as part of his AES
integration patch.
2002-01-02 16:57:57 +00:00
Richard Levitte
47cc5525a2
RSA counter should only be defined of RSA is available.
2002-01-02 12:40:38 +00:00
Richard Levitte
206eb6a11d
Change pkcs12 so the certificates coming from -in do not get tossed if
...
-certfile is given as well.
2001-12-12 16:49:02 +00:00
Ben Laurie
ff3fa48fc7
Improve back compatibility.
2001-12-09 21:53:31 +00:00
Bodo Möller
87166e1fb6
fix warnings (one of them was clearly justified)
2001-12-07 17:02:01 +00:00
Dr. Stephen Henson
21a85f1977
Add -pubkey option to req command.
2001-12-01 23:03:30 +00:00
Bodo Möller
4f94d1a8b1
check OPENSSL_NO_... before including header files that might be
...
disabled
2001-11-22 11:13:10 +00:00
Geoff Thorpe
308f028e28
In this particular error condition, the structural reference wasn't being
...
released.
2001-11-22 09:20:08 +00:00
Richard Levitte
83c40e7fc0
Make it possible to give digest names as -evp arguments.
2001-11-15 20:19:40 +00:00
Richard Levitte
e1a00d7d1d
If an engine isn't built in, try loading it as a shareable library
...
instead. This also makes it possible for users to simply give said
shareable library as argument for the -engine option.
2001-11-15 18:48:42 +00:00
Richard Levitte
b476df64a1
make update
...
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Richard Levitte
817dfc18a3
Change the order of events so the capabilities of loaded engines can
...
get listed as well.
2001-11-14 22:30:17 +00:00
Richard Levitte
135c0af1bb
Implement STARTTLS for certain protocols, currently only supporting SMTP.
2001-11-14 13:57:52 +00:00
Bodo Möller
29e0c30c2a
more output for SSL 2.0 in our msg_callback
2001-11-10 01:17:02 +00:00
Dr. Stephen Henson
b83eddc578
Win32 fixes.
2001-11-06 13:40:27 +00:00
Dr. Stephen Henson
6229a5607c
Fix email address delete code.
2001-11-06 01:44:21 +00:00
Richard Levitte
f559f31bef
DOS and Windows do not like unistd.h
2001-11-05 12:43:17 +00:00
Ben Laurie
3210b4fd14
If verify fails, say why.
2001-11-02 13:29:14 +00:00
Richard Levitte
a7b42009c4
Change the shared library support so the shared libraries get built
...
sooner and the programs get built against the shared libraries.
This requires a bit more work. Things like -rpath and the possibility
to still link the programs statically should be included. Some
cleanup is also needed. This will be worked on.
2001-10-30 08:00:59 +00:00
Richard Levitte
7b5ffd6834
Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names
2001-10-29 13:05:28 +00:00
Dr. Stephen Henson
9b55da73ca
Another noemailDN fix.
2001-10-27 17:53:06 +00:00
Dr. Stephen Henson
e7156ff2e8
Allow ca to certify requests containing BMPStrings and UTF8Strings.
2001-10-27 17:04:47 +00:00
Dr. Stephen Henson
437db75b94
Bugfixes for noemailDN option. Make it use the
...
correct name (instead of NULL) if nomailDN is
not set, fix memory leaks and retain DN structure
when deleting emailAddress.
2001-10-27 17:03:20 +00:00
Dr. Stephen Henson
1fc6d41bf6
New options to allow req to accept UTF8 strings as input.
2001-10-26 12:40:38 +00:00
Richard Levitte
66d3e7481e
Make sure openssl speed is compilable on systems where fork() doesn't
...
exist. For now, that's all the ones we "support" except Unix.
2001-10-25 16:08:17 +00:00
Ben Laurie
0e21156333
Add paralellism to speed - note that this currently causes a weird memory leak.
2001-10-25 14:27:17 +00:00
Bodo Möller
89da653fa6
Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of
...
the e-mail address in the DN (i.e., it will go into a certificate
extension only). The new configuration file option 'email_in_dn = no'
has the same effect.
Submitted by: Massimiliano Pala madwolf@openca.org
2001-10-25 08:25:19 +00:00
Richard Levitte
c2e4f17c1a
Due to an increasing number of clashes between modern OpenSSL and
...
libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_. Compatibility routines are provided and declared by including
openssl/des_old.h. Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.
The compatibility functions will be removed in some future release, at
the latest in version 1.0.
2001-10-24 21:21:12 +00:00
Dr. Stephen Henson
f1558bb424
Reject certificates with unhandled critical extensions.
2001-10-21 02:09:15 +00:00