Dr. Stephen Henson [Fri, 3 Dec 1999 00:53:48 +0000 (00:53 +0000)]
Fix a bug in the modified purpose code: it wasn't updated to use the
new purpose getting function.
Update the ca-cert.pem and pca-cert.pem "CA" certificates so they
really are CA certificate: that is they have the appropriate extensions.
Dr. Stephen Henson [Thu, 2 Dec 1999 02:33:56 +0000 (02:33 +0000)]
Change the trust and purpose code so it doesn't need init
either and has a static and dynamic mix.
Dr. Stephen Henson [Wed, 1 Dec 1999 01:49:46 +0000 (01:49 +0000)]
Modify the X509 V3 extension lookup code.
Ben Laurie [Tue, 30 Nov 1999 20:15:19 +0000 (20:15 +0000)]
Make salting the default. Fail gracefully if the input is not salted.
Dr. Stephen Henson [Tue, 30 Nov 1999 14:39:58 +0000 (14:39 +0000)]
Document the extension tests performed by the -purpose test
in the x509 utility.
Dr. Stephen Henson [Tue, 30 Nov 1999 02:28:42 +0000 (02:28 +0000)]
Document all possible errors (and some impossible) from the verify program.
Dr. Stephen Henson [Mon, 29 Nov 1999 22:35:00 +0000 (22:35 +0000)]
Remainder of SSL purpose and trust code: trust and purpose setting in
SSL_CTX and SSL, functions to set them and defaults if no values set.
Dr. Stephen Henson [Mon, 29 Nov 1999 01:09:25 +0000 (01:09 +0000)]
Add part of chain verify SSL support code: not complete or doing anything
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
Dr. Stephen Henson [Sat, 27 Nov 1999 19:43:10 +0000 (19:43 +0000)]
Add trust setting support to the verify code. It now checks the
trust settings of the root CA.
After a few fixes it seems to work OK.
Still need to add support to SSL and S/MIME code though.
Richard Levitte [Sat, 27 Nov 1999 15:26:48 +0000 (15:26 +0000)]
Add compilation of x509_trs
Dr. Stephen Henson [Sat, 27 Nov 1999 01:18:39 +0000 (01:18 +0000)]
Oops! Commit died on me :-(
Dr. Stephen Henson [Sat, 27 Nov 1999 01:14:04 +0000 (01:14 +0000)]
Initial trust code: allow setting of trust checking functions
in a table. Doesn't do too much yet.
Make the -<digestname> options in 'x509' affect all relevant
options.
Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.
A few constification changes.
Dr. Stephen Henson [Fri, 26 Nov 1999 00:27:07 +0000 (00:27 +0000)]
New options to the -verify program which can be used for chain verification.
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
Dr. Stephen Henson [Wed, 24 Nov 1999 01:31:49 +0000 (01:31 +0000)]
Initial chain verify code: not tested probably not working
at present. However nothing enables it yet so this doesn't
matter :-)
Dr. Stephen Henson [Tue, 23 Nov 1999 18:50:28 +0000 (18:50 +0000)]
Support for authority information access extension.
Fix so EVP_PKEY_rset_*() check return codes.
Dr. Stephen Henson [Sun, 21 Nov 1999 22:28:31 +0000 (22:28 +0000)]
Transparent support for PKCS#8 private keys in RSA/DSA.
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
Dr. Stephen Henson [Fri, 19 Nov 1999 02:19:58 +0000 (02:19 +0000)]
Support for otherName in GeneralName.
Ben Laurie [Thu, 18 Nov 1999 14:32:54 +0000 (14:32 +0000)]
Update dependencies.
Ben Laurie [Thu, 18 Nov 1999 14:10:53 +0000 (14:10 +0000)]
Fix warning.
Bodo Möller [Wed, 17 Nov 1999 21:36:13 +0000 (21:36 +0000)]
Restore traditional SSL_get_session behaviour so that s_client and s_server
don't leak tons of memory.
Ulf Möller [Wed, 17 Nov 1999 13:03:29 +0000 (13:03 +0000)]
Missing #ifdef NO_DES
Dr. Stephen Henson [Wed, 17 Nov 1999 01:20:29 +0000 (01:20 +0000)]
Modify verify code to handle self signed certificates.
Bodo Möller [Tue, 16 Nov 1999 23:15:41 +0000 (23:15 +0000)]
Store verify_result with sessions to avoid potential security hole.
Dr. Stephen Henson [Tue, 16 Nov 1999 14:54:50 +0000 (14:54 +0000)]
Fix for a bug in PKCS#7 code and non-detached data.
Remove rc4-64 from ciphers since it doesn't exist...
Dr. Stephen Henson [Tue, 16 Nov 1999 02:51:41 +0000 (02:51 +0000)]
Clarify docs.
Dr. Stephen Henson [Tue, 16 Nov 1999 02:49:25 +0000 (02:49 +0000)]
Add a salt to the key derivation using the 'enc' program.
Dr. Stephen Henson [Tue, 16 Nov 1999 00:56:03 +0000 (00:56 +0000)]
New function X509_cmp().
Mark J. Cox [Mon, 15 Nov 1999 16:31:31 +0000 (16:31 +0000)]
This corrects the reference count handling in SSL_get_session.
Previously, the returned SSL_SESSION didn't have its reference count
incremented so the SSL_SESSION could be freed at any time causing
seg-faults if the pointer was subsequently used. Code that uses
SSL_get_session must now make a corresponding SSL_SESSION_free() call when
it is done to avoid memory leaks (or blocked up session caches).
Submitted By: Geoff Thorpe <geoff@eu.c2.net>
Dr. Stephen Henson [Sun, 14 Nov 1999 23:10:50 +0000 (23:10 +0000)]
'req' fixes. Reinstate length check one request fields.
Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
Dr. Stephen Henson [Sun, 14 Nov 1999 13:34:34 +0000 (13:34 +0000)]
Add some examples to the enc man page.
Dr. Stephen Henson [Sun, 14 Nov 1999 03:23:17 +0000 (03:23 +0000)]
Add support for the 40 and 64 bit RC2 and RC4 ciphers in 'enc'
add documentation for 'enc'.
Dr. Stephen Henson [Sat, 13 Nov 1999 21:58:39 +0000 (21:58 +0000)]
Add info about the header and footer lines used in PEM formats
and add an nseq manpage.
Dr. Stephen Henson [Sat, 13 Nov 1999 21:28:01 +0000 (21:28 +0000)]
Correct x509 manpaghe and add a crl manpage
Richard Levitte [Fri, 12 Nov 1999 21:51:24 +0000 (21:51 +0000)]
The info removal code was overcomplicated, and error-prone (references being wrongly decreased). Fixed.
Bodo Möller [Fri, 12 Nov 1999 16:20:30 +0000 (16:20 +0000)]
Avoid deadlock.
Dr. Stephen Henson [Fri, 12 Nov 1999 14:04:41 +0000 (14:04 +0000)]
Add an spkac manual page and fix the pkcs7 manpage.
Richard Levitte [Fri, 12 Nov 1999 03:12:46 +0000 (03:12 +0000)]
Avoid some silly compiler warnings, and add the change log I forgot :-)
Richard Levitte [Fri, 12 Nov 1999 02:51:24 +0000 (02:51 +0000)]
Two changes have been made:
1. Added code to the memory leak detecting code to give the user the
possibility to add information, thereby forming a traceback.
2. Make the memory leak detecting code multithread-safe.
The idea is that we're actually dealing with two separate critical
sections, one containing the hash tables with the information, the
other containing the current memory checking mode. Those should not
be handled with the same lock, especially since their handling overlap.
Hence, the added second lock.
Richard Levitte [Fri, 12 Nov 1999 02:21:49 +0000 (02:21 +0000)]
Some crypto applications are now being built on Unix, so they should on VMS as well. Not by default, however.
Richard Levitte [Fri, 12 Nov 1999 02:19:05 +0000 (02:19 +0000)]
It's possible that considering the configuration file as a binary file
works on Unix and MS-DOS/Windows. It does not under VMS, so open it
as text.
Richard Levitte [Fri, 12 Nov 1999 02:10:23 +0000 (02:10 +0000)]
Avoid silly compiler warnings about functions not being declared and an int missing.
Richard Levitte [Fri, 12 Nov 1999 02:04:30 +0000 (02:04 +0000)]
Some new names in asn1.h are longer than 31 chars, which disturbs the VMS C compilers...
Richard Levitte [Fri, 12 Nov 1999 01:59:47 +0000 (01:59 +0000)]
Adjust to changes in apps/openssl.cnf
Richard Levitte [Fri, 12 Nov 1999 01:52:59 +0000 (01:52 +0000)]
Adjust to changes in apps/Makefile.ssl
Richard Levitte [Fri, 12 Nov 1999 01:46:50 +0000 (01:46 +0000)]
DIFFERENCE doesn't handle long (>255 chars) lines well. Use BACKUP instead. No, I'm not joking.
Richard Levitte [Fri, 12 Nov 1999 01:45:04 +0000 (01:45 +0000)]
adjust to changes in test/Makefile.ssl
Richard Levitte [Fri, 12 Nov 1999 01:43:55 +0000 (01:43 +0000)]
adjust to changes in test/testssl
Richard Levitte [Fri, 12 Nov 1999 01:42:59 +0000 (01:42 +0000)]
Make sure installed files are world readable
Dr. Stephen Henson [Fri, 12 Nov 1999 01:42:25 +0000 (01:42 +0000)]
Merge some common functionality in the apps, delete
the encryption option in the pkcs7 utility (they never
did anything) and add a couple more options to pkcs7.
Dr. Stephen Henson [Fri, 12 Nov 1999 01:07:33 +0000 (01:07 +0000)]
Oops forgot the S/MIME v3 RFC.
Dr. Stephen Henson [Fri, 12 Nov 1999 01:04:39 +0000 (01:04 +0000)]
More docs and corrections/updates
Dr. Stephen Henson [Thu, 11 Nov 1999 18:41:31 +0000 (18:41 +0000)]
Add password command line options to some utils. Fix and update man
pages.
Dr. Stephen Henson [Thu, 11 Nov 1999 13:58:41 +0000 (13:58 +0000)]
Fix a couple of outstanding issues: update STATUS file, fix NO_FP_API problems.
Update docs, change 'ca' to use the new callback parameter. Now moved key_callback
into app.c because some other utilities will use it soon.
Dr. Stephen Henson [Thu, 11 Nov 1999 00:48:39 +0000 (00:48 +0000)]
Oops. The pkcs8 man page wasn't finished: this is an updated version
Dr. Stephen Henson [Wed, 10 Nov 1999 02:52:17 +0000 (02:52 +0000)]
Very preliminary POD format documentation for some
of the openssl utility commands...
Bodo Möller [Tue, 9 Nov 1999 16:41:52 +0000 (16:41 +0000)]
Undo silly change.
Ben Laurie [Tue, 9 Nov 1999 12:09:24 +0000 (12:09 +0000)]
Fix (spurious) warnings.
Bodo Möller [Tue, 9 Nov 1999 10:00:15 +0000 (10:00 +0000)]
Avoid some warnings.
Dr. Stephen Henson [Mon, 8 Nov 1999 13:58:08 +0000 (13:58 +0000)]
Fix to the -revoke option in ca. It was leaking memory, crashing and just
plain not working :-(
Also fix some memory leaks in the new X509_NAME code.
Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
Dr. Stephen Henson [Thu, 4 Nov 1999 00:45:35 +0000 (00:45 +0000)]
Allow additional information to be attached to a
certificate: currently this includes trust settings
and a "friendly name".
Mark J. Cox [Wed, 3 Nov 1999 14:10:10 +0000 (14:10 +0000)]
Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). The
problem was that one of the replacement routines had not been working since
SSLeay releases. For now the offending routine has been replaced with
non-optimised assembler. Even so, this now gives around 95% performance
improvement for 1024 bit RSA signs.
Ulf Möller [Sat, 30 Oct 1999 19:09:05 +0000 (19:09 +0000)]
*** empty log message ***
Dr. Stephen Henson [Fri, 29 Oct 1999 13:06:25 +0000 (13:06 +0000)]
Fix to PKCS#7 routines so it can decrypt some oddball RC2 handling.
Dr. Stephen Henson [Wed, 27 Oct 1999 00:15:11 +0000 (00:15 +0000)]
Continued multibyte character support.
Add a bunch of functions to simplify the creation of X509_NAME structures.
Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
Bodo Möller [Tue, 26 Oct 1999 16:26:48 +0000 (16:26 +0000)]
Always hash the pid in the first iteration in ssleay_rand_bytes,
don't try to detect fork()s by looking at getpid().
The reason is that threads sharing the same memory can have different
PIDs; it's inefficient to run RAND_seed each time a different thread
calls RAND_bytes.
Bodo Möller [Tue, 26 Oct 1999 14:49:12 +0000 (14:49 +0000)]
Make md_rand.c more robust.
Bodo Möller [Tue, 26 Oct 1999 11:27:42 +0000 (11:27 +0000)]
Warn about RANDFILE being overwritten.
Bodo Möller [Tue, 26 Oct 1999 11:19:42 +0000 (11:19 +0000)]
Don't be overly paranoid.
Bodo Möller [Tue, 26 Oct 1999 01:59:11 +0000 (01:59 +0000)]
New file app_rand.c with some functionality used in various openssl
applications.
Bodo Möller [Tue, 26 Oct 1999 01:56:29 +0000 (01:56 +0000)]
Various randomness handling bugfixes and improvements --
some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.
Bodo Möller [Tue, 26 Oct 1999 01:52:16 +0000 (01:52 +0000)]
Report an error from X509_STORE_load_locations
when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
Bodo Möller [Mon, 25 Oct 1999 21:38:43 +0000 (21:38 +0000)]
Update Borland C++ builder support.
Submitted by: Janez Jere <jj@void.si>
Bodo Möller [Mon, 25 Oct 1999 19:36:01 +0000 (19:36 +0000)]
Improve support for running everything as a monolithic application.
Submitted by: Lennart Bång, Bodo Möller
Bodo Möller [Mon, 25 Oct 1999 19:28:38 +0000 (19:28 +0000)]
Respect PEX_LIBS and EX_LIBS when building binaries
(needed for RSAREF builds)
Dr. Stephen Henson [Mon, 25 Oct 1999 02:00:09 +0000 (02:00 +0000)]
More multibyte character support.
Functions to get keys from EVP_PKEY structures.
Ben Laurie [Sat, 23 Oct 1999 09:30:09 +0000 (09:30 +0000)]
Constification.
Ben Laurie [Sat, 23 Oct 1999 09:19:42 +0000 (09:19 +0000)]
Don't return stuff from void functions.
Dr. Stephen Henson [Thu, 21 Oct 1999 13:20:49 +0000 (13:20 +0000)]
New function ASN1_mbstring_copy() to handle ASN1 string copying. Ultimately
this will be used to clear up the horrible DN mess.
Dr. Stephen Henson [Wed, 20 Oct 1999 01:50:23 +0000 (01:50 +0000)]
Replace the macros in asn1.h with function equivalents. Also make UTF8Strings
tolerated in certificates.
Bodo Möller [Thu, 14 Oct 1999 17:31:53 +0000 (17:31 +0000)]
Use of DEVRANDOM must be #ifdef'ed (the #ifdef was commented out
between SSLeay 0.8.1b and 0.9.0b with no apparent reason).
If we *want* an error when DEVRANDOM is not defined (it always is with
the current e_os.h) we should use #error.
Dr. Stephen Henson [Wed, 13 Oct 1999 01:11:56 +0000 (01:11 +0000)]
Initial support for certificate purpose checking: this will
ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.
Dr. Stephen Henson [Mon, 11 Oct 1999 01:30:04 +0000 (01:30 +0000)]
Add EX_DATA support to X509.
Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.
Dr. Stephen Henson [Sat, 9 Oct 1999 02:54:10 +0000 (02:54 +0000)]
New functions to parse and get extensions.
Ulf Möller [Thu, 7 Oct 1999 16:58:08 +0000 (16:58 +0000)]
More patches.
Andy Polyakov [Thu, 7 Oct 1999 12:10:26 +0000 (12:10 +0000)]
RC4 tune-up featuring 30-40% performance improvement on most RISC
platforms. See crypto/rc4/rc4_enc.c for further details.
Andy Polyakov [Thu, 7 Oct 1999 12:03:59 +0000 (12:03 +0000)]
RC4 tune-up featuring 30-40% performance improvement on most RISC
platforms. See crypto/rc4/rc4_enc.c for further details.
Dr. Stephen Henson [Wed, 6 Oct 1999 22:59:21 +0000 (22:59 +0000)]
Fix incorrect usage messages in some commands.
Dr. Stephen Henson [Tue, 5 Oct 1999 13:10:21 +0000 (13:10 +0000)]
Fix for bug in pkcs12 program and typo in ASN1_tag2str().
Dr. Stephen Henson [Tue, 5 Oct 1999 12:57:50 +0000 (12:57 +0000)]
Fix for bug in pkcs12 program and typo in ASN1_tag2str().
Dr. Stephen Henson [Mon, 4 Oct 1999 23:56:06 +0000 (23:56 +0000)]
New option -dhparam to s_server to allow the DH parameter file to be set
explicitly. Previously it couldn't be changed because it was hard coded as
"server.pem".
Dr. Stephen Henson [Mon, 4 Oct 1999 21:17:47 +0000 (21:17 +0000)]
Add support for public key input and output in rsa and dsa utilities with some
new DSA public key functions that were missing.
Also beginning of a cache for X509_EXTENSION structures: this will allow them
to be accessed more quickly for things like certificate chain verification...
Dr. Stephen Henson [Mon, 4 Oct 1999 12:08:59 +0000 (12:08 +0000)]
Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message
contains no certificates.
Also fix typo in RANLIB changes.
Ralf S. Engelschall [Mon, 4 Oct 1999 10:55:04 +0000 (10:55 +0000)]
Add prototypes for new DSA functions Steve added recently.
Bodo Möller [Sun, 3 Oct 1999 22:50:01 +0000 (22:50 +0000)]
Pass $(RANLIB) when doing "make install" in subdirectories;
rsaref needs ist.
Submitted by: Will Day
Ben Laurie [Sun, 3 Oct 1999 18:09:45 +0000 (18:09 +0000)]
Fix warnings.
Dr. Stephen Henson [Sat, 2 Oct 1999 13:33:06 +0000 (13:33 +0000)]
Fix for base64 BIO decoding bug
Dr. Stephen Henson [Sat, 2 Oct 1999 01:18:19 +0000 (01:18 +0000)]
Modify the 'speed' application so it now uses RSA_sign and RSA_verify
instead of RSA_private_encrypt and RSA_public_decrypt
Ulf Möller [Thu, 30 Sep 1999 08:32:54 +0000 (08:32 +0000)]
HPUX 11 flags.
Contributed by: Peter Huang <PETER_HUANG@HP-Cupertino-om8.om.hp.com>
Ulf Möller [Wed, 29 Sep 1999 22:14:47 +0000 (22:14 +0000)]
Cosmetic changes.
Ulf Möller [Wed, 29 Sep 1999 22:11:06 +0000 (22:11 +0000)]
VC++ warning.