Ralf S. Engelschall [Thu, 25 Feb 1999 14:40:29 +0000 (14:40 +0000)]
Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH
private keys and/or callback functions which directly correspond to their
SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
for applications which have to configure certificates on a per-connection
basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
s_server).
For the RSA certificate situation is makes no difference, but for the DSA
certificate situation this fixes the "no shared cipher" problem where the
OpenSSL cipher selection procedure failed because the temporary keys were not
overtaken from the context and the API provided no way to reconfigure them.
The new functions now let applications reconfigure the stuff and they are in
detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new
non-public-API function ssl_cert_instantiate() is used as a helper function
and also to reduce code redundancy inside ssl_rsa.c.
Submitted by: Ralf S. Engelschall
Reviewed by: Ben Laurie
Ralf S. Engelschall [Thu, 25 Feb 1999 11:26:26 +0000 (11:26 +0000)]
Move s_server -dcert and -dkey options out of the undocumented feature area
because they are useful for the DSA situation and should be recognized by the
users. Thanks to Steve for the original hint.
Ralf S. Engelschall [Thu, 25 Feb 1999 11:06:52 +0000 (11:06 +0000)]
Typo
Ralf S. Engelschall [Thu, 25 Feb 1999 11:03:18 +0000 (11:03 +0000)]
Fix the cipher decision scheme for export ciphers: the export bits are *not*
within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK. So, the
original variable has to be used instead of the already masked variable.
Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
Ralf S. Engelschall [Thu, 25 Feb 1999 10:54:27 +0000 (10:54 +0000)]
Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
Ralf S. Engelschall [Thu, 25 Feb 1999 10:47:24 +0000 (10:47 +0000)]
Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
from `int' to `unsigned int' because it's a length and initialized by
EVP_DigestFinal() which expects an `unsigned int *'.
Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
Ben Laurie [Thu, 25 Feb 1999 09:43:26 +0000 (09:43 +0000)]
Fix clearly untested "clever" hack.
Ralf S. Engelschall [Thu, 25 Feb 1999 09:06:30 +0000 (09:06 +0000)]
More CVS ignore stuff...
Ralf S. Engelschall [Thu, 25 Feb 1999 08:48:52 +0000 (08:48 +0000)]
Don't hard-code path to Perl interpreter on shebang line of Configure
script. Instead use the usual Shell->Perl transition trick.
Ralf S. Engelschall [Thu, 25 Feb 1999 08:00:57 +0000 (08:00 +0000)]
Remember good pointers to Montgomery multiplication algorithm
descriptions as pointed out by Dave Carman <carman@erols.com>
Ralf S. Engelschall [Wed, 24 Feb 1999 17:17:31 +0000 (17:17 +0000)]
Make `openssl x509 -noout -modulus' functional also for DSA certificates (in
addition to RSA certificates) to match the behaviour of `openssl dsa -noout
-modulus' as it's already the case for `openssl rsa -noout -modulus'. For RSA
the -modulus is the real "modulus" while for DSA currently the public key is
printed (a decision which was already done by `openssl dsa -modulus' in the
past) which serves a similar purpose. Additionally the NO_RSA no longer
completely removes the whole -modulus option; it now only avoids using the RSA
stuff. Same applies to NO_DSA now, too.
Dr. Stephen Henson [Wed, 24 Feb 1999 00:14:21 +0000 (00:14 +0000)]
Remove debugging fprintf from req.c and fix the code so it properly skips over
the first leading XXX. in the DN.
Ben Laurie [Tue, 23 Feb 1999 21:45:23 +0000 (21:45 +0000)]
Code for reliable BIO.
Ben Laurie [Tue, 23 Feb 1999 21:44:34 +0000 (21:44 +0000)]
Add reliable BIO.
Ben Laurie [Tue, 23 Feb 1999 12:53:49 +0000 (12:53 +0000)]
Fix more warnings.
Ralf S. Engelschall [Tue, 23 Feb 1999 08:53:04 +0000 (08:53 +0000)]
Get rid of a nasty debugging message which was forgotten here...
Ralf S. Engelschall [Tue, 23 Feb 1999 08:52:20 +0000 (08:52 +0000)]
Fix usage message on gendsa:
1. The dsaparam argument is mandatory and not optional
2. Add a little text what this actually is: a filename
Ralf S. Engelschall [Tue, 23 Feb 1999 07:47:30 +0000 (07:47 +0000)]
Make gcc -Wall happy ("might be used uninitialized...")
Dr. Stephen Henson [Tue, 23 Feb 1999 00:07:46 +0000 (00:07 +0000)]
Redo the way 'req' and 'ca' add objects: add support for oid_section.
Ben Laurie [Mon, 22 Feb 1999 21:21:08 +0000 (21:21 +0000)]
Add syslogging BIO.
Dr. Stephen Henson [Mon, 22 Feb 1999 01:26:40 +0000 (01:26 +0000)]
Various changes to make this stuff compile under Win32 and VC++ with and
without -debug option to mk1mf.pl. Change _export to is_export (_export is
a reserved word under VC++). Add yucky function prototype function pointer
casts. Sanitise the included files in crypto/x509v3.
Also changed ssleay.exe target to openssl.exe
Ben Laurie [Sun, 21 Feb 1999 21:58:59 +0000 (21:58 +0000)]
More stuff for new TLS ciphersuites.
Ben Laurie [Sun, 21 Feb 1999 20:07:41 +0000 (20:07 +0000)]
Undo a couple of kludges.
Ben Laurie [Sun, 21 Feb 1999 20:03:24 +0000 (20:03 +0000)]
Add support for new TLS export ciphersuites.
Ben Laurie [Sun, 21 Feb 1999 20:01:39 +0000 (20:01 +0000)]
Fix warning.
Dr. Stephen Henson [Sun, 21 Feb 1999 17:41:08 +0000 (17:41 +0000)]
Add preliminary user level config documentation for extension stuff. Programming
info will come later...
Feel free to reformat and tidy this up...
Dr. Stephen Henson [Sun, 21 Feb 1999 17:39:07 +0000 (17:39 +0000)]
Make RSA_NO_PADDING really use no padding.
Submitted by: Ulf Moeller <ulf@fitug.de>
Ralf S. Engelschall [Sun, 21 Feb 1999 12:33:58 +0000 (12:33 +0000)]
Remember some open issues and available patches
Dr. Stephen Henson [Sun, 21 Feb 1999 01:46:45 +0000 (01:46 +0000)]
Add more functionality to issuer alt name and subject alt name. New options
to include email addresses from DN and copy details from issuer certificate.
Include examples in openssl.cnf, update Win32 ordinals.
Ralf S. Engelschall [Sat, 20 Feb 1999 16:50:53 +0000 (16:50 +0000)]
Ok, propose a release date of March 15th with a code freeze a few days before
so we have enough time for final testing and tarball rolling.
Ben Laurie [Sat, 20 Feb 1999 16:36:28 +0000 (16:36 +0000)]
Fix a warning.
Ben Laurie [Sat, 20 Feb 1999 11:50:07 +0000 (11:50 +0000)]
Generate errors when public/private key check is done.
Dr. Stephen Henson [Sat, 20 Feb 1999 01:15:41 +0000 (01:15 +0000)]
Preliminary support for reason code CRL extension.
Dr. Stephen Henson [Fri, 19 Feb 1999 02:26:21 +0000 (02:26 +0000)]
Patch so the new crl stuff actually compiles this time :-) Also update the
Win32 ordinals.
Dr. Stephen Henson [Fri, 19 Feb 1999 01:29:29 +0000 (01:29 +0000)]
Overhaul 'crl' application, add a proper X509_CRL_print function and start
to support CRL extensions.
Ben Laurie [Thu, 18 Feb 1999 18:26:42 +0000 (18:26 +0000)]
Fix case of new functions in error files.
Dr. Stephen Henson [Wed, 17 Feb 1999 23:22:57 +0000 (23:22 +0000)]
Oops! Remeber to include the other patches this time...
Dr. Stephen Henson [Wed, 17 Feb 1999 23:21:01 +0000 (23:21 +0000)]
Fuller authority key id support, partial support for private key usage extension
and really fix the ASN.1 IMPLICIT bug this time :-)
Ben Laurie [Wed, 17 Feb 1999 21:11:08 +0000 (21:11 +0000)]
Add OAEP.
Dr. Stephen Henson [Wed, 17 Feb 1999 03:09:58 +0000 (03:09 +0000)]
Added code to GENERAL_NAME with support for more options and preliminary
support for assignment in config files.
Mark J. Cox [Tue, 16 Feb 1999 09:22:21 +0000 (09:22 +0000)]
Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Fix so that the version number in the master secret, when passed
via RSA, checks that if TLS was proposed, but we roll back to SSLv3
(because the server will not accept higher), that the version number
is 0x03,0x01, not 0x03,0x00
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Submitted by:
Reviewed by:
PR:
Dr. Stephen Henson [Mon, 15 Feb 1999 21:05:21 +0000 (21:05 +0000)]
Fix various memory leaks in SSL, apps and DSA
Dr. Stephen Henson [Sun, 14 Feb 1999 22:47:21 +0000 (22:47 +0000)]
Patch to Configure script. For some reason the BN_ASM part was truncated to
the first word which broke (at least) the Linux compile. Hopefully this wont
break other platforms.
Dr. Stephen Henson [Sun, 14 Feb 1999 17:21:14 +0000 (17:21 +0000)]
Update error codes.
Dr. Stephen Henson [Sun, 14 Feb 1999 16:48:22 +0000 (16:48 +0000)]
Add support for raw extensions. This means that you can include the DER encoding
of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this
technique currently unsupported extensions can be generated if you know their
DER encoding. Even if the extension is supported in future the raw extension
will still work: that is the raw version can always be used even if it is a
supported extension.
Ralf S. Engelschall [Sun, 14 Feb 1999 13:21:52 +0000 (13:21 +0000)]
Make sure latest Perl versions don't interpret some generated C array as Perl
array code in the crypto/err/err_genc.pl script.
Submitted by: Lars Weber <3weber@informatik.uni-hamburg.de>
Reviewed by: Ralf s. Engelschall
Dr. Stephen Henson [Sun, 14 Feb 1999 02:37:45 +0000 (02:37 +0000)]
Convert ms/do_ms.bat to DOS EOL format of DOS chokes on it.
Dr. Stephen Henson [Sun, 14 Feb 1999 00:40:13 +0000 (00:40 +0000)]
More Win32 fixes and upsdate INSTALL.W32 documentation.
Dr. Stephen Henson [Sat, 13 Feb 1999 23:13:32 +0000 (23:13 +0000)]
Oops... add other changes this time too.
Dr. Stephen Henson [Sat, 13 Feb 1999 23:12:30 +0000 (23:12 +0000)]
Modify configure script to generate some files that Win32 needs and new
script that does the same as 'make files'.
Ben Laurie [Sat, 13 Feb 1999 21:49:34 +0000 (21:49 +0000)]
Finally(?) fix DES stuff.
Ben Laurie [Sat, 13 Feb 1999 19:03:16 +0000 (19:03 +0000)]
Update dependencies.
Ben Laurie [Sat, 13 Feb 1999 18:52:38 +0000 (18:52 +0000)]
Fix ghastly DES declarations, and all consequential warnings.
Dr. Stephen Henson [Sat, 13 Feb 1999 17:15:32 +0000 (17:15 +0000)]
Fix typo in asn1.h (PRINTABLESTRING_STRING) and fix a bug in object creation
perl script. It failed if the OID had any zeros in it.
Ben Laurie [Sat, 13 Feb 1999 15:03:47 +0000 (15:03 +0000)]
Add support for 3DES CBCM mode.
Ben Laurie [Sat, 13 Feb 1999 12:39:50 +0000 (12:39 +0000)]
In the absence of feedback either way, commit the fix that looks right for
wrong keylength with export null ciphers.
Ben Laurie [Sat, 13 Feb 1999 12:38:44 +0000 (12:38 +0000)]
Whoops, missed one.
Ben Laurie [Sat, 13 Feb 1999 12:28:12 +0000 (12:28 +0000)]
Some cleanup.
Ben Laurie [Fri, 12 Feb 1999 19:33:55 +0000 (19:33 +0000)]
Actually use BN when selected!
Ben Laurie [Fri, 12 Feb 1999 19:05:10 +0000 (19:05 +0000)]
Tidy up asm stuff.
Dr. Stephen Henson [Thu, 11 Feb 1999 01:39:30 +0000 (01:39 +0000)]
Make the 'crypto' and 'ssl' options in the perl script mkdef.pl really work,
also add an 'update' option to automatically append any new functions to the
ssleay.num and libeay.num files.
Dr. Stephen Henson [Thu, 11 Feb 1999 00:07:39 +0000 (00:07 +0000)]
Delete a few unused files in apps, restore CAST WIN32 ASM file to main
tree.
Ralf S. Engelschall [Wed, 10 Feb 1999 12:44:27 +0000 (12:44 +0000)]
Remove one more totally bogus source file.
This one is exactly the same as ssl_sess.c.
Thanks to Adam Goodman <adam@a-domain.com> for hint.
Ralf S. Engelschall [Wed, 10 Feb 1999 12:37:59 +0000 (12:37 +0000)]
Remove three more bogus files (2x temp file, 1x trash)
Ralf S. Engelschall [Wed, 10 Feb 1999 09:47:05 +0000 (09:47 +0000)]
What is on my ToDo list...
Ralf S. Engelschall [Wed, 10 Feb 1999 09:38:31 +0000 (09:38 +0000)]
Overhauled the Perl interface (perl/*):
- ported BN stuff to OpenSSL's different BN library
- made the perl/ source tree CVS-aware
- renamed the package from SSLeay to OpenSSL (the files still contain
their history because I've copied them in the repository)
- removed obsolete files (the test scripts will be replaced
by better Test::Harness variants in the future)
Ralf S. Engelschall [Wed, 10 Feb 1999 08:48:10 +0000 (08:48 +0000)]
Ignore mx86unix.cpp which is generated on Intel platforms
Ralf S. Engelschall [Wed, 10 Feb 1999 08:34:01 +0000 (08:34 +0000)]
Remember the cleanup
Ralf S. Engelschall [Wed, 10 Feb 1999 08:26:08 +0000 (08:26 +0000)]
First cut for a very conservative source tree cleanup:
1. merge various obsolete readme texts into doc/ssleay.txt
where we collect the old documents and readme texts.
2. remove the first part of files where I'm already sure that we no longer need
them because of three reasons: either they are just temporary files which
were left by Eric or they are preserved original files where I've verified
that the diff is also available in the CVS via "cvs diff -rSSLeay_0_8_1b"
or they were renamed (as it was definitely the case for the crypto/md/
stuff).
We've still a horrible mess under crypto/bn/asm/. There for a lot of files
I'm sure whether we need them or not. So, when someone knows it better, feel
free to cleanup there.
Ralf S. Engelschall [Wed, 10 Feb 1999 08:21:19 +0000 (08:21 +0000)]
Ops, one more reference to 0.9.1c. Make sure we don't forget it...
Dr. Stephen Henson [Wed, 10 Feb 1999 01:36:45 +0000 (01:36 +0000)]
Oops. Forgot to do a 'make errors'.
Dr. Stephen Henson [Wed, 10 Feb 1999 01:12:59 +0000 (01:12 +0000)]
More extension code. Incomplete support for subject and issuer alt
name, issuer and authority key id. Change the i2v function parameters
and add an extra 'crl' parameter in the X509V3_CTX structure: guess
what that's for :-) Fix to ASN1 macro which messed up
IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
Ben Laurie [Tue, 9 Feb 1999 23:02:47 +0000 (23:02 +0000)]
Update dependencies.
Ben Laurie [Tue, 9 Feb 1999 23:01:08 +0000 (23:01 +0000)]
More exactitude with function arguments.
Dr. Stephen Henson [Tue, 9 Feb 1999 01:30:41 +0000 (01:30 +0000)]
Oops... forgot to add new ENUMERATED file...
Dr. Stephen Henson [Tue, 9 Feb 1999 01:29:37 +0000 (01:29 +0000)]
Support for ASN1 ENUMERATED type. This copies and duplicates the ASN1_INTEGER
code and adds support to ASN1_TYPE and asn1parse.
Dr. Stephen Henson [Mon, 8 Feb 1999 00:48:30 +0000 (00:48 +0000)]
Comment out def of currently unimplemented function to stop warning.
Ben Laurie [Sun, 7 Feb 1999 18:22:15 +0000 (18:22 +0000)]
Minor tweaks to keep Perl 5.001 happy.
Dr. Stephen Henson [Sun, 7 Feb 1999 01:34:26 +0000 (01:34 +0000)]
Fix filename in comment.
Dr. Stephen Henson [Sun, 7 Feb 1999 00:14:12 +0000 (00:14 +0000)]
Add support for GeneralName and GeneralNames extensions. Also preliminary
support for subject and issuer alt name. Add a new ASN1 macro and fix a
nasty bug that left an ASN1 buffer modified on an error condition with
IMPLICIT tagging.
Dr. Stephen Henson [Sat, 6 Feb 1999 20:30:40 +0000 (20:30 +0000)]
Delete legacy file.
Ben Laurie [Sat, 6 Feb 1999 18:09:13 +0000 (18:09 +0000)]
Slightly improved diagnostics.
Ben Laurie [Sat, 6 Feb 1999 17:46:23 +0000 (17:46 +0000)]
Process extensions when they are there.
Ben Laurie [Sat, 6 Feb 1999 15:20:44 +0000 (15:20 +0000)]
Diagnose errors.
Ben Laurie [Sat, 6 Feb 1999 15:19:16 +0000 (15:19 +0000)]
Typo in arguments.
Ben Laurie [Sat, 6 Feb 1999 13:30:37 +0000 (13:30 +0000)]
Clear error we don't care about.
Dr. Stephen Henson [Sat, 6 Feb 1999 12:35:53 +0000 (12:35 +0000)]
Rename v3_bitstr.c to v3_bitst.c to fit in 8+3. Rebuild MINFO to reflect
change.
Mark J. Cox [Mon, 1 Feb 1999 08:18:31 +0000 (08:18 +0000)]
add what I'm doing and a vote
Submitted by:
Reviewed by:
PR:
Dr. Stephen Henson [Mon, 1 Feb 1999 01:25:19 +0000 (01:25 +0000)]
Oops! Restore ssleay.num: it got overwritten with libeay.num :-(
Dr. Stephen Henson [Mon, 1 Feb 1999 01:17:53 +0000 (01:17 +0000)]
Delete bogus V3 prototype and update the *.num files to include ordinals for
the new functions. Update MINFO.
Dr. Stephen Henson [Mon, 1 Feb 1999 00:43:14 +0000 (00:43 +0000)]
More Win32 fixes. The Configure script used to give *lots* of warnings about
use of undefined variables: kludge so they all get initialised. Also avoid use
of POSIX module.
Dr. Stephen Henson [Sun, 31 Jan 1999 17:30:18 +0000 (17:30 +0000)]
Fix various stuff: that VC++ 5.0 chokes on:
1. Add *lots* of missing prototypes for static ssl functions.
2. VC++ doesn't understand the 'LL' suffix for 64 bits constants: change bn.org
3. Add a few missing prototypes in pem.org
Fix mk1mf.pl so it outputs a Makefile that doesn't choke Win95.
Fix mkdef.pl so it doesn't truncate longer names.
Ben Laurie [Sun, 31 Jan 1999 15:00:12 +0000 (15:00 +0000)]
Yet more pissing about to get PEM built at the right moment.
Mark J. Cox [Sun, 31 Jan 1999 12:14:39 +0000 (12:14 +0000)]
Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
Submitted by: Eric A Young - from changes to C2Net SSLeay
Reviewed by: Mark Cox
PR:
Ralf S. Engelschall [Sun, 31 Jan 1999 11:19:17 +0000 (11:19 +0000)]
Reflect correct filename
Ralf S. Engelschall [Sun, 31 Jan 1999 11:15:44 +0000 (11:15 +0000)]
Update README file a little bit...
Ralf S. Engelschall [Sun, 31 Jan 1999 11:10:10 +0000 (11:10 +0000)]
Make sure `make rehash' target really finds the `openssl' program.
Mark J. Cox [Sun, 31 Jan 1999 09:59:54 +0000 (09:59 +0000)]
Fix some more typos
Submitted by:
Reviewed by:
PR:
Mark J. Cox [Sun, 31 Jan 1999 09:57:00 +0000 (09:57 +0000)]
fix typo
Submitted by:
Reviewed by:
PR:
Ben Laurie [Sat, 30 Jan 1999 17:53:00 +0000 (17:53 +0000)]
Squeeze a bit more speed out of MD5 assembler.