Dr. Stephen Henson [Mon, 8 Nov 1999 13:58:08 +0000 (13:58 +0000)]
Fix to the -revoke option in ca. It was leaking memory, crashing and just
plain not working :-(
Also fix some memory leaks in the new X509_NAME code.
Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
Dr. Stephen Henson [Thu, 4 Nov 1999 00:45:35 +0000 (00:45 +0000)]
Allow additional information to be attached to a
certificate: currently this includes trust settings
and a "friendly name".
Mark J. Cox [Wed, 3 Nov 1999 14:10:10 +0000 (14:10 +0000)]
Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). The
problem was that one of the replacement routines had not been working since
SSLeay releases. For now the offending routine has been replaced with
non-optimised assembler. Even so, this now gives around 95% performance
improvement for 1024 bit RSA signs.
Ulf Möller [Sat, 30 Oct 1999 19:09:05 +0000 (19:09 +0000)]
*** empty log message ***
Dr. Stephen Henson [Fri, 29 Oct 1999 13:06:25 +0000 (13:06 +0000)]
Fix to PKCS#7 routines so it can decrypt some oddball RC2 handling.
Dr. Stephen Henson [Wed, 27 Oct 1999 00:15:11 +0000 (00:15 +0000)]
Continued multibyte character support.
Add a bunch of functions to simplify the creation of X509_NAME structures.
Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
Bodo Möller [Tue, 26 Oct 1999 16:26:48 +0000 (16:26 +0000)]
Always hash the pid in the first iteration in ssleay_rand_bytes,
don't try to detect fork()s by looking at getpid().
The reason is that threads sharing the same memory can have different
PIDs; it's inefficient to run RAND_seed each time a different thread
calls RAND_bytes.
Bodo Möller [Tue, 26 Oct 1999 14:49:12 +0000 (14:49 +0000)]
Make md_rand.c more robust.
Bodo Möller [Tue, 26 Oct 1999 11:27:42 +0000 (11:27 +0000)]
Warn about RANDFILE being overwritten.
Bodo Möller [Tue, 26 Oct 1999 11:19:42 +0000 (11:19 +0000)]
Don't be overly paranoid.
Bodo Möller [Tue, 26 Oct 1999 01:59:11 +0000 (01:59 +0000)]
New file app_rand.c with some functionality used in various openssl
applications.
Bodo Möller [Tue, 26 Oct 1999 01:56:29 +0000 (01:56 +0000)]
Various randomness handling bugfixes and improvements --
some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.
Bodo Möller [Tue, 26 Oct 1999 01:52:16 +0000 (01:52 +0000)]
Report an error from X509_STORE_load_locations
when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
Bodo Möller [Mon, 25 Oct 1999 21:38:43 +0000 (21:38 +0000)]
Update Borland C++ builder support.
Submitted by: Janez Jere <jj@void.si>
Bodo Möller [Mon, 25 Oct 1999 19:36:01 +0000 (19:36 +0000)]
Improve support for running everything as a monolithic application.
Submitted by: Lennart Bång, Bodo Möller
Bodo Möller [Mon, 25 Oct 1999 19:28:38 +0000 (19:28 +0000)]
Respect PEX_LIBS and EX_LIBS when building binaries
(needed for RSAREF builds)
Dr. Stephen Henson [Mon, 25 Oct 1999 02:00:09 +0000 (02:00 +0000)]
More multibyte character support.
Functions to get keys from EVP_PKEY structures.
Ben Laurie [Sat, 23 Oct 1999 09:30:09 +0000 (09:30 +0000)]
Constification.
Ben Laurie [Sat, 23 Oct 1999 09:19:42 +0000 (09:19 +0000)]
Don't return stuff from void functions.
Dr. Stephen Henson [Thu, 21 Oct 1999 13:20:49 +0000 (13:20 +0000)]
New function ASN1_mbstring_copy() to handle ASN1 string copying. Ultimately
this will be used to clear up the horrible DN mess.
Dr. Stephen Henson [Wed, 20 Oct 1999 01:50:23 +0000 (01:50 +0000)]
Replace the macros in asn1.h with function equivalents. Also make UTF8Strings
tolerated in certificates.
Bodo Möller [Thu, 14 Oct 1999 17:31:53 +0000 (17:31 +0000)]
Use of DEVRANDOM must be #ifdef'ed (the #ifdef was commented out
between SSLeay 0.8.1b and 0.9.0b with no apparent reason).
If we *want* an error when DEVRANDOM is not defined (it always is with
the current e_os.h) we should use #error.
Dr. Stephen Henson [Wed, 13 Oct 1999 01:11:56 +0000 (01:11 +0000)]
Initial support for certificate purpose checking: this will
ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.
Dr. Stephen Henson [Mon, 11 Oct 1999 01:30:04 +0000 (01:30 +0000)]
Add EX_DATA support to X509.
Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.
Dr. Stephen Henson [Sat, 9 Oct 1999 02:54:10 +0000 (02:54 +0000)]
New functions to parse and get extensions.
Ulf Möller [Thu, 7 Oct 1999 16:58:08 +0000 (16:58 +0000)]
More patches.
Andy Polyakov [Thu, 7 Oct 1999 12:10:26 +0000 (12:10 +0000)]
RC4 tune-up featuring 30-40% performance improvement on most RISC
platforms. See crypto/rc4/rc4_enc.c for further details.
Andy Polyakov [Thu, 7 Oct 1999 12:03:59 +0000 (12:03 +0000)]
RC4 tune-up featuring 30-40% performance improvement on most RISC
platforms. See crypto/rc4/rc4_enc.c for further details.
Dr. Stephen Henson [Wed, 6 Oct 1999 22:59:21 +0000 (22:59 +0000)]
Fix incorrect usage messages in some commands.
Dr. Stephen Henson [Tue, 5 Oct 1999 13:10:21 +0000 (13:10 +0000)]
Fix for bug in pkcs12 program and typo in ASN1_tag2str().
Dr. Stephen Henson [Tue, 5 Oct 1999 12:57:50 +0000 (12:57 +0000)]
Fix for bug in pkcs12 program and typo in ASN1_tag2str().
Dr. Stephen Henson [Mon, 4 Oct 1999 23:56:06 +0000 (23:56 +0000)]
New option -dhparam to s_server to allow the DH parameter file to be set
explicitly. Previously it couldn't be changed because it was hard coded as
"server.pem".
Dr. Stephen Henson [Mon, 4 Oct 1999 21:17:47 +0000 (21:17 +0000)]
Add support for public key input and output in rsa and dsa utilities with some
new DSA public key functions that were missing.
Also beginning of a cache for X509_EXTENSION structures: this will allow them
to be accessed more quickly for things like certificate chain verification...
Dr. Stephen Henson [Mon, 4 Oct 1999 12:08:59 +0000 (12:08 +0000)]
Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message
contains no certificates.
Also fix typo in RANLIB changes.
Ralf S. Engelschall [Mon, 4 Oct 1999 10:55:04 +0000 (10:55 +0000)]
Add prototypes for new DSA functions Steve added recently.
Bodo Möller [Sun, 3 Oct 1999 22:50:01 +0000 (22:50 +0000)]
Pass $(RANLIB) when doing "make install" in subdirectories;
rsaref needs ist.
Submitted by: Will Day
Ben Laurie [Sun, 3 Oct 1999 18:09:45 +0000 (18:09 +0000)]
Fix warnings.
Dr. Stephen Henson [Sat, 2 Oct 1999 13:33:06 +0000 (13:33 +0000)]
Fix for base64 BIO decoding bug
Dr. Stephen Henson [Sat, 2 Oct 1999 01:18:19 +0000 (01:18 +0000)]
Modify the 'speed' application so it now uses RSA_sign and RSA_verify
instead of RSA_private_encrypt and RSA_public_decrypt
Ulf Möller [Thu, 30 Sep 1999 08:32:54 +0000 (08:32 +0000)]
HPUX 11 flags.
Contributed by: Peter Huang <PETER_HUANG@HP-Cupertino-om8.om.hp.com>
Ulf Möller [Wed, 29 Sep 1999 22:14:47 +0000 (22:14 +0000)]
Cosmetic changes.
Ulf Möller [Wed, 29 Sep 1999 22:11:06 +0000 (22:11 +0000)]
VC++ warning.
Ulf Möller [Wed, 29 Sep 1999 21:03:02 +0000 (21:03 +0000)]
Generate obj_dat.h in "make update".
Bodo Möller [Mon, 27 Sep 1999 15:12:30 +0000 (15:12 +0000)]
"make update"
Bodo Möller [Mon, 27 Sep 1999 13:43:59 +0000 (13:43 +0000)]
new control code BIO_C_RESET_READ_REQUEST
Andy Polyakov [Sun, 26 Sep 1999 12:47:17 +0000 (12:47 +0000)]
RC4 tune-up.
See comments in the code (after #if defined(RC4_CHUNK)) for more details.
Bodo Möller [Sat, 25 Sep 1999 11:26:31 +0000 (11:26 +0000)]
Fix typo in error message.
Submitted by: Alan Batie
Bodo Möller [Sat, 25 Sep 1999 11:24:53 +0000 (11:24 +0000)]
Honor BUFSIZZ definition in s_server, don't use tiny 32 byte
buffer (which leads to truncation of client cipher list).
Bodo Möller [Fri, 24 Sep 1999 20:27:20 +0000 (20:27 +0000)]
Bugfix: avoid opening CAfile when it's NULL.
Bodo Möller [Fri, 24 Sep 1999 20:25:34 +0000 (20:25 +0000)]
Use a temporary file, not a pipe, for BN test because there are some
broken bc's around.
Bodo Möller [Fri, 24 Sep 1999 20:24:24 +0000 (20:24 +0000)]
Fix typo that I introduced when reformatting lines.
Ben Laurie [Fri, 24 Sep 1999 19:10:57 +0000 (19:10 +0000)]
Fix warnings.
Ulf Möller [Tue, 21 Sep 1999 17:19:05 +0000 (17:19 +0000)]
More patches.
(Are there any others that have been submitted but not yet reviewed/integrated?)
Bodo Möller [Tue, 21 Sep 1999 14:03:20 +0000 (14:03 +0000)]
typo
Bodo Möller [Tue, 21 Sep 1999 13:33:15 +0000 (13:33 +0000)]
Keep line lengths < 80 characters.
Ulf Möller [Mon, 20 Sep 1999 23:34:01 +0000 (23:34 +0000)]
note a few things that need to be done
Dr. Stephen Henson [Mon, 20 Sep 1999 22:09:17 +0000 (22:09 +0000)]
Fix to make s_client and s_server work under Windows. A bit of a hack but
an improvement on not working at all.
Dr. Stephen Henson [Sun, 19 Sep 1999 00:40:56 +0000 (00:40 +0000)]
Lots of evil casts to stop VC++ choking with "possible loss of data"
warnings :-(
Dr. Stephen Henson [Sat, 18 Sep 1999 22:37:44 +0000 (22:37 +0000)]
Add new sign and verify members to RSA_METHOD and change SSL code to use sign
and verify rather than direct encrypt/decrypt.
Dr. Stephen Henson [Sat, 18 Sep 1999 01:42:02 +0000 (01:42 +0000)]
Various CRL enhancements tidies and workaround for broken CRLs.
Bodo Möller [Fri, 17 Sep 1999 16:35:29 +0000 (16:35 +0000)]
Document -startdate and -enddate in usage summary.
Dr. Stephen Henson [Wed, 15 Sep 1999 21:12:23 +0000 (21:12 +0000)]
Fix typo.
Bodo Möller [Tue, 14 Sep 1999 15:07:22 +0000 (15:07 +0000)]
Update dependencies.
Bodo Möller [Tue, 14 Sep 1999 15:06:25 +0000 (15:06 +0000)]
typo in a comment
Bodo Möller [Tue, 14 Sep 1999 15:05:45 +0000 (15:05 +0000)]
Add some debug-solaris-...-cc configurations.
Bodo Möller [Mon, 13 Sep 1999 13:02:07 +0000 (13:02 +0000)]
Set s->version correctly for "natural" SSL 3.0 client hello
Andy Polyakov [Sat, 11 Sep 1999 17:54:18 +0000 (17:54 +0000)]
Initial support for MacOS.
This will soon be complemented with MacOS specific source code files and
INSTALL.MacOS.
I (Andy) have decided to get rid of a number of #include <sys/types.h>.
I've verified it's ok (both by examining /usr/include/*.h and compiling)
on a number of Unix platforms. Unfortunately I don't have Windows box
to verify this on. I really appreciate if somebody could try to compile
it and contact me a.s.a.p. in case a problem occurs.
Submitted by: Roy Wood <roy@centricsystems.ca>
Reviewed by: Andy Polyakov <appro@fy.chalmers.se>
Bodo Möller [Sat, 11 Sep 1999 10:36:41 +0000 (10:36 +0000)]
Fix yet another bug for client hello handling.
Bodo Möller [Fri, 10 Sep 1999 16:41:01 +0000 (16:41 +0000)]
Repair another bug in s23_get_client_hello:
tls1 did not survive to restarts, so get rid of it.
Ulf Möller [Fri, 10 Sep 1999 16:13:24 +0000 (16:13 +0000)]
Parantheses not needed.
Bodo Möller [Fri, 10 Sep 1999 15:34:55 +0000 (15:34 +0000)]
"make update"
Bodo Möller [Fri, 10 Sep 1999 14:03:21 +0000 (14:03 +0000)]
Use non-copying BIO interface in ssltest.c.
Bodo Möller [Fri, 10 Sep 1999 13:25:25 +0000 (13:25 +0000)]
typo
Ulf Möller [Fri, 10 Sep 1999 11:44:52 +0000 (11:44 +0000)]
Correction for the testapps lines.
Bodo Möller [Fri, 10 Sep 1999 00:29:33 +0000 (00:29 +0000)]
Truncate message about "new" include filenames
Bodo Möller [Thu, 9 Sep 1999 20:21:10 +0000 (20:21 +0000)]
Re-enable message about transition <foo.h> => <openssl/foo.h>
because various programs are not updated that often
and hence still expect header files names without the openssl/ prefix.
Ben Laurie [Thu, 9 Sep 1999 20:15:17 +0000 (20:15 +0000)]
Correct warnings.
Bodo Möller [Wed, 8 Sep 1999 21:58:13 +0000 (21:58 +0000)]
some more patches for avoiding problems with non-automatic variables
Dr. Stephen Henson [Wed, 8 Sep 1999 20:01:28 +0000 (20:01 +0000)]
Fix typo.
Dr. Stephen Henson [Wed, 8 Sep 1999 18:19:45 +0000 (18:19 +0000)]
Oops... forgot the other RSA_NULL patches...
Dr. Stephen Henson [Wed, 8 Sep 1999 18:02:25 +0000 (18:02 +0000)]
This is preliminary support for an "RSA null" cipher. Unfortunately when
OpenSSL is compiled with NO_RSA, no RSA operations can be used: including
key generation storage and display of RSA keys. Since these operations are
not covered by the RSA patent (my understanding is it only covers encrypt,
decrypt, sign and verify) they can be included: this is an often requested
feature, attempts to use the patented operations return an error code.
This is enabled by setting RSA_NULL. This means that if a particular application
has its own legal US RSA implementation then it can use that instead by setting
it as the default RSA method.
Still experimental and needs some fiddling of the other libraries so they have
some options that don't attempt to use RSA if it isn't allowed.
Ulf Möller [Wed, 8 Sep 1999 16:14:52 +0000 (16:14 +0000)]
Use proper flags to build the testapps (default CC value causes confusion
on Solaris)
Bodo Möller [Tue, 7 Sep 1999 21:37:09 +0000 (21:37 +0000)]
Non-copying interface to BIO pairs.
It's still totally untested ...
Ulf Möller [Tue, 7 Sep 1999 17:07:45 +0000 (17:07 +0000)]
Correct address in a comment.
Ulf Möller [Tue, 7 Sep 1999 17:07:13 +0000 (17:07 +0000)]
*** empty log message ***
Ulf Möller [Tue, 7 Sep 1999 16:45:04 +0000 (16:45 +0000)]
Check the as version on Solaris x86. People don't read INSTALL anyway. :)
Dr. Stephen Henson [Tue, 7 Sep 1999 12:16:29 +0000 (12:16 +0000)]
New function to convert ASN1 tag values to strings. Also fix typo in asn1.h
Ben Laurie [Mon, 6 Sep 1999 11:06:54 +0000 (11:06 +0000)]
Fix warnings.
Ben Laurie [Mon, 6 Sep 1999 09:29:29 +0000 (09:29 +0000)]
Fix warnings.
Bodo Möller [Sun, 5 Sep 1999 20:53:08 +0000 (20:53 +0000)]
Reinitialize conf to NULL whenver ca application is started.
Submitted by: Lennart Bang
Andy Polyakov [Sun, 5 Sep 1999 14:17:42 +0000 (14:17 +0000)]
SHA clean-up Intel assembler companion.
I've chosen to nest two functions in order to save about 4K. As a result
s1-win32.asm doesn't look right (nested PROC/ENDP SEGMENT/ENDS) and it's
probably impossible to compile. I assume I have to reconsider... But not
today...
Andy Polyakov [Sun, 5 Sep 1999 12:42:04 +0000 (12:42 +0000)]
SHA clean-up and (LP64) tune-up.
"Clean-up" stands for the fact that it's using common message digest
template ../md32_common.h and sha[1_]dgst.c are reduced down to
'#define SHA_[01]' and then '#include "sha_locl.h"'. It stands "(LP64)"
there because it's 64 bit platforms which benefit most from the tune-up.
The updated code exhibits 40% performance improvement on IRIX64
(sounds too good, huh? I probably should double check if it's not
some cache trashing that was holding it back before), 28% - on
Alpha Linux and 12% - Solaris 7/64.
Dr. Stephen Henson [Sat, 4 Sep 1999 17:19:55 +0000 (17:19 +0000)]
New UTF8 utility functions to parse/generate UTF8 strings.
Bodo Möller [Fri, 3 Sep 1999 23:08:45 +0000 (23:08 +0000)]
Reinitialize global variables when necessary (for monolith application).
Bodo Möller [Fri, 3 Sep 1999 22:37:38 +0000 (22:37 +0000)]
use explicit constant 11 just once
Bodo Möller [Fri, 3 Sep 1999 16:49:11 +0000 (16:49 +0000)]
Make previous bugfix actually work
Bodo Möller [Fri, 3 Sep 1999 16:33:11 +0000 (16:33 +0000)]
Fix server behaviour when facing backwards-compatible client hellos.
Bodo Möller [Fri, 3 Sep 1999 16:31:36 +0000 (16:31 +0000)]
-no_dhe option for ssltest.c
Bodo Möller [Fri, 3 Sep 1999 14:06:09 +0000 (14:06 +0000)]
Use closesocket macro consistently, not close directly, for easier
portability.
Submitted by: Lennart Bång
Bodo Möller [Fri, 3 Sep 1999 13:30:47 +0000 (13:30 +0000)]
Handle "#if 0" correctly (I hope)