Dr. Stephen Henson [Sat, 8 Jan 2000 13:36:17 +0000 (13:36 +0000)]
Manpages for the DH utils and fix for a memory leak in dh program
Dr. Stephen Henson [Sat, 8 Jan 2000 03:16:04 +0000 (03:16 +0000)]
Add PKCS#12 manpage and use MAC iteration counts by default.
Ulf Möller [Sat, 8 Jan 2000 02:08:13 +0000 (02:08 +0000)]
Install man pages.
Ulf Möller [Sat, 8 Jan 2000 02:07:46 +0000 (02:07 +0000)]
Minor format changes.
Bodo Möller [Fri, 7 Jan 2000 13:06:28 +0000 (13:06 +0000)]
CA.pl is now generated automatically (using CA.pl.in as input)
Bodo Möller [Fri, 7 Jan 2000 13:05:41 +0000 (13:05 +0000)]
apps/openssl.cnf and the documentation say it's "nombstr",
but crypto/asn1/a_strnid.c had "nombchar".
Bodo Möller [Fri, 7 Jan 2000 12:15:54 +0000 (12:15 +0000)]
make no-des and no-rc2 work.
Bodo Möller [Fri, 7 Jan 2000 10:50:54 +0000 (10:50 +0000)]
add V_CRYPTO_MDEBUG_ALL
Submitted by:
Reviewed by:
PR:
Ulf Möller [Fri, 7 Jan 2000 03:30:36 +0000 (03:30 +0000)]
Submitted by:
Reviewed by:
PR:
Ulf Möller [Fri, 7 Jan 2000 03:17:47 +0000 (03:17 +0000)]
Honor the no-xxx Configure options when creating .DEF files.
Dr. Stephen Henson [Fri, 7 Jan 2000 02:23:42 +0000 (02:23 +0000)]
#undef PKCS7_SIGNER_INFO for Win32 to avoid clashes.
Fix so CRLDistributionPoints relativeName option uses
the correct type.
Ulf Möller [Fri, 7 Jan 2000 02:08:20 +0000 (02:08 +0000)]
Remove obsolete SSLeay instructions.
Ulf Möller [Fri, 7 Jan 2000 02:07:13 +0000 (02:07 +0000)]
ispell.
Ulf Möller [Fri, 7 Jan 2000 01:39:59 +0000 (01:39 +0000)]
Add some newlines needed for pod2man, and run ispell.
Submitted by:
Reviewed by:
PR:
Dr. Stephen Henson [Fri, 7 Jan 2000 00:55:54 +0000 (00:55 +0000)]
More X509_ATTRIBUTE changes.
Bodo Möller [Fri, 7 Jan 2000 00:27:15 +0000 (00:27 +0000)]
add "UnixWare", treated like "unixware"
Submitted by: "Gary E. Miller" <gem@rellim.com>
Dr. Stephen Henson [Thu, 6 Jan 2000 01:26:48 +0000 (01:26 +0000)]
Initial automation changes to 'req' and X509_ATTRIBUTE functions.
Bodo Möller [Thu, 6 Jan 2000 01:19:17 +0000 (01:19 +0000)]
New functions SSL_get_finished, SSL_get_peer_finished.
Add short state string for MS SGC.
Bodo Möller [Thu, 6 Jan 2000 00:41:22 +0000 (00:41 +0000)]
Use less complicated arrangement for data strutures related to Finished
messages.
Bodo Möller [Thu, 6 Jan 2000 00:24:24 +0000 (00:24 +0000)]
Use separate arrays for certificate verify and for finished hashes.
Bodo Möller [Wed, 5 Jan 2000 23:31:47 +0000 (23:31 +0000)]
Use prototypes.
Bodo Möller [Wed, 5 Jan 2000 23:11:51 +0000 (23:11 +0000)]
Slight code cleanup for handling finished labels.
Andy Polyakov [Wed, 5 Jan 2000 21:06:56 +0000 (21:06 +0000)]
Further work on MacOS port. See INSTALL.MacOS for details.
Bodo Möller [Wed, 5 Jan 2000 01:31:22 +0000 (01:31 +0000)]
Rename CA.pl to CA.pl.in (no actual changes), and let Configure
set the #! line with the path to Perl.
Submitted by: Peter Jones
Andy Polyakov [Tue, 4 Jan 2000 03:33:18 +0000 (03:33 +0000)]
Rhapsody 5.5 (a.k.a. MacOS X) compiler bug workaround. At the very least
passes 'make test' now:-)
Andy Polyakov [Sun, 2 Jan 2000 22:03:10 +0000 (22:03 +0000)]
Metrowerks for Motorola tune-up.
Andy Polyakov [Sun, 2 Jan 2000 21:32:02 +0000 (21:32 +0000)]
Alpha Linux update companion.
Andy Polyakov [Sun, 2 Jan 2000 20:46:58 +0000 (20:46 +0000)]
Enhanced support for Alpha Linux. See CHANGES for details.
Dr. Stephen Henson [Sun, 2 Jan 2000 18:52:58 +0000 (18:52 +0000)]
Add support for MS "fast SGC".
Dr. Stephen Henson [Sat, 1 Jan 2000 16:42:49 +0000 (16:42 +0000)]
Fix some of the command line password stuff. New function
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
Bodo Möller [Wed, 29 Dec 1999 17:43:03 +0000 (17:43 +0000)]
Don't request client certificate in anonymous ciphersuites
except when following the specs is bound to fail.
Bodo Möller [Wed, 29 Dec 1999 14:29:32 +0000 (14:29 +0000)]
Fix SSL_CTX_add_session: When two SSL_SESSIONs have the same ID,
they can sometimes be different memory structures.
Bodo Möller [Wed, 29 Dec 1999 14:27:35 +0000 (14:27 +0000)]
Delete NO_PROTO section (which apparently was just a typo for NOPROTO --
if anyone had actually ever needed that they should have fixed this typo)
Bodo Möller [Wed, 29 Dec 1999 14:25:35 +0000 (14:25 +0000)]
fix comment
Dr. Stephen Henson [Wed, 29 Dec 1999 02:59:18 +0000 (02:59 +0000)]
Add OIDs for idea and blowfish. Unfortunately these are in
the middle of the OID table so the diff is rather large :-(
Dr. Stephen Henson [Wed, 29 Dec 1999 00:40:28 +0000 (00:40 +0000)]
Simplify the trust structure: basically zap the bit strings and
represent everything by OIDs.
Andy Polyakov [Sun, 26 Dec 1999 22:46:49 +0000 (22:46 +0000)]
MacOS updates. Initial support for GUSI (MacOS socket implementation)
is added.
Dr. Stephen Henson [Sun, 26 Dec 1999 19:20:03 +0000 (19:20 +0000)]
New {i2d,d2i}_PrivateKey_{bio, fp} functions.
Andy Polyakov [Sat, 25 Dec 1999 16:08:31 +0000 (16:08 +0000)]
Makefile clean-ups, crypto/bn/asm/alpha.s compiles on Alpha Linux.
Dr. Stephen Henson [Fri, 24 Dec 1999 23:53:57 +0000 (23:53 +0000)]
Allow passwords to be included on command line for a few
more utilities.
Dr. Stephen Henson [Fri, 24 Dec 1999 17:26:33 +0000 (17:26 +0000)]
Fixes so NO_RSA works again.
Dr. Stephen Henson [Thu, 23 Dec 1999 02:02:42 +0000 (02:02 +0000)]
Add PKCS#8 utility functions and add PBE options.
Bodo Möller [Wed, 22 Dec 1999 16:10:44 +0000 (16:10 +0000)]
Correct spelling, and don't abuse grave accent as left quote
(which was allowed by old ASCII definitions but is not compatible
with ISO 8859-1, ISO 10646 etc.).
Richard Levitte [Wed, 22 Dec 1999 05:57:00 +0000 (05:57 +0000)]
Synchronising
Dr. Stephen Henson [Wed, 22 Dec 1999 01:39:23 +0000 (01:39 +0000)]
Support for ASN1 NULL type.
Andy Polyakov [Mon, 20 Dec 1999 18:34:56 +0000 (18:34 +0000)]
Minor documentation update.
Andy Polyakov [Sun, 19 Dec 1999 23:50:36 +0000 (23:50 +0000)]
Even more late break-in MacOS tidbits (last for today)...
Andy Polyakov [Sun, 19 Dec 1999 22:56:23 +0000 (22:56 +0000)]
Even more late break-in MacOS tidbits...
Andy Polyakov [Sun, 19 Dec 1999 21:35:29 +0000 (21:35 +0000)]
Late break-in patch for MacOS support.
Andy Polyakov [Sun, 19 Dec 1999 16:17:45 +0000 (16:17 +0000)]
Initial support for MacOS is now available
Submitted by: Roy Woods <roy@centricsystems.ca>
Reviewed by: Andy Polyakov
Andy Polyakov [Sun, 19 Dec 1999 16:07:19 +0000 (16:07 +0000)]
MacOS updates.
Bodo Möller [Sat, 18 Dec 1999 13:51:47 +0000 (13:51 +0000)]
Rename
CRYPTO_add_info => CRYPTO_push_info
CRYPTO_remove_info => CRYPTO_pop_info
in the hope that these names are more descriptive;
and "make update".
Bodo Möller [Sat, 18 Dec 1999 13:25:45 +0000 (13:25 +0000)]
fix typos and other little errors ...
Bodo Möller [Sat, 18 Dec 1999 05:22:50 +0000 (05:22 +0000)]
- Don't assume that int and size_t have the same representation
(and that malloc can be called with an int argument).
- Use proper prototypes (with argument list) for various function pointers,
avoid casts (however there are still many such cases left in these files).
- Avoid collissions in app_info_cmp if sizeof int != sizeof long.
- Use CRYPTO_LOCK_MALLOC in mem_dbg.c.
Bodo Möller [Sat, 18 Dec 1999 05:16:30 +0000 (05:16 +0000)]
Avoid shadowing p to make the compiler happy.
Richard Levitte [Sat, 18 Dec 1999 02:34:37 +0000 (02:34 +0000)]
- Added more documentation in CHANGES.
- Made CRYPTO_MDEBUG even less used in crypto.h, giving
MemCheck_start() and MemCheck_stop() only one possible definition.
- Made the values of the debug function pointers in mem.c dependent
on the existence of the CRYPTO_MDEBUG macro, and made the rest of
the code understand the NULL case.
That's it. With this code, the old behvior of the debug functionality
is restored, but you can still opt to have it on, even when the
library wasn't compiled with a defined CRYPTO_MDEBUG.
Richard Levitte [Sat, 18 Dec 1999 01:14:39 +0000 (01:14 +0000)]
- Made sure some changed behavior is documented in CHANGES.
- Moved the handling of compile-time defaults from crypto.h to
mem_dbg.c, since it doesn't make sense for the library users to try
to affect this without recompiling libcrypto.
- Made sure V_CRYPTO_MDEBUG_TIME and V_CRYPTO_MDEBUG_THREAD had clear
and constant definitions.
- Aesthetic correction.
Bodo Möller [Sat, 18 Dec 1999 01:13:30 +0000 (01:13 +0000)]
Point out that openssl-bugs is public.
Bodo Möller [Sat, 18 Dec 1999 00:30:32 +0000 (00:30 +0000)]
Add a comment.
Bodo Möller [Sat, 18 Dec 1999 00:28:21 +0000 (00:28 +0000)]
Add missing semicolon to make compiler happy, and switch back
from MemCheck_start() to CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
because that is what applications should use
(MemCheck_start/stop never really worked for applications
unless CRYPTO_MDEBUG was defined both when compiling the library
and when compiling the application, so probably we should
get rid of it).
Richard Levitte [Fri, 17 Dec 1999 16:49:23 +0000 (16:49 +0000)]
Clear out license confusion.
Richard Levitte [Fri, 17 Dec 1999 12:56:24 +0000 (12:56 +0000)]
Rebuild of the OpenSSL memory allocation and deallocation routines.
With this change, the following is provided and present at all times
(meaning CRYPTO_MDEBUG is no longer required to get this functionality):
- hooks to provide your own allocation and deallocation routines.
They have to have the same interface as malloc(), realloc() and
free(). They are registered by calling CRYPTO_set_mem_functions()
with the function pointers.
- hooks to provide your own memory debugging routines. The have to
have the same interface as as the CRYPTO_dbg_*() routines. They
are registered by calling CRYPTO_set_mem_debug_functions() with
the function pointers.
I moved everything that was already built into OpenSSL and did memory
debugging to a separate file (mem_dbg.c), to make it clear what is
what.
With this, the relevance of the CRYPTO_MDEBUG has changed. The only
thing in crypto/crypto.h that it affects is the definition of the
MemCheck_start and MemCheck_stop macros.
Richard Levitte [Fri, 17 Dec 1999 12:50:06 +0000 (12:50 +0000)]
Use MemCheck_start() instead of CRYPTO_mem_ctrl(), and generate a small leak to test (conditional)
Richard Levitte [Thu, 16 Dec 1999 19:57:50 +0000 (19:57 +0000)]
Synchronise VMS scripts with Unix Makefiles
Ulf Möller [Thu, 16 Dec 1999 15:10:29 +0000 (15:10 +0000)]
Update contact information (openssl-bugs, openssl-security).
Dr. Stephen Henson [Wed, 15 Dec 1999 02:36:48 +0000 (02:36 +0000)]
Delete an unused variable and make the PKCS#12 keygen debugging code work
again.
Dr. Stephen Henson [Wed, 15 Dec 1999 01:26:17 +0000 (01:26 +0000)]
Fix the S/MIME code to use canonical MIME format for
encrypted mail. Also update the smime docs.
Ulf Möller [Tue, 14 Dec 1999 15:28:10 +0000 (15:28 +0000)]
Solaris x86 assembler problem is already addressed in ./config
(bug reports keep coming in because that was still missing in 0.9.4)
Dr. Stephen Henson [Tue, 14 Dec 1999 02:44:27 +0000 (02:44 +0000)]
Various S/MIME fixes. Fix for memory leak, recipient list bug
and not excluding parameters with DSA keys.
Dr. Stephen Henson [Mon, 13 Dec 1999 13:14:14 +0000 (13:14 +0000)]
Fix a typo in a_enum.c.
Dr. Stephen Henson [Sat, 11 Dec 1999 20:04:06 +0000 (20:04 +0000)]
Various S/MIME fixes.
Dr. Stephen Henson [Fri, 10 Dec 1999 13:46:48 +0000 (13:46 +0000)]
Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs.
Also fix a memory leak in PKCS#7 routines.
Dr. Stephen Henson [Thu, 9 Dec 1999 01:31:32 +0000 (01:31 +0000)]
Make the PKCS#7 S/MIME functions check for passed NULL pointers.
Fix the usage message of smime utility and sanitise the return
codes.
Add some documentation.
Ulf Möller [Wed, 8 Dec 1999 22:55:06 +0000 (22:55 +0000)]
Don't use inline assembler on x86 Solaris (would need a different syntax).
Bodo Möller [Wed, 8 Dec 1999 18:30:39 +0000 (18:30 +0000)]
Useless files deleted -- they were just copies of files of the same name
in the apps/ directory (which were recently changed).
Dr. Stephen Henson [Wed, 8 Dec 1999 00:56:15 +0000 (00:56 +0000)]
Add i2d_ASN1_PRINTABLESTRING() function, and do 'make update'
Dr. Stephen Henson [Tue, 7 Dec 1999 02:35:52 +0000 (02:35 +0000)]
Modify S/MIME application so the -signer option writes the signer(s)
to a file if we are verifying.
Dr. Stephen Henson [Sun, 5 Dec 1999 00:40:59 +0000 (00:40 +0000)]
Merge in my S/MIME library and utility.
Ulf Möller [Sat, 4 Dec 1999 01:19:23 +0000 (01:19 +0000)]
CORE SDI proposed patch doesn't make any sense. Undo.
Ulf Möller [Sat, 4 Dec 1999 00:13:37 +0000 (00:13 +0000)]
Oops!
Ulf Möller [Fri, 3 Dec 1999 23:56:08 +0000 (23:56 +0000)]
Circumvent an exploitable buffer overrun error in RSA Security's RSAREF
library. See: http://www.CORE-SDI.COM/english/ssh/index.html
Submitted by:
Reviewed by:
PR:
Bodo Möller [Fri, 3 Dec 1999 20:26:20 +0000 (20:26 +0000)]
Use des_set_key_unchecked, not des_set_key.
Bodo Möller [Fri, 3 Dec 1999 20:24:21 +0000 (20:24 +0000)]
Add functions des_set_key_checked, des_set_key_unchecked.
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
Dr. Stephen Henson [Fri, 3 Dec 1999 03:46:18 +0000 (03:46 +0000)]
New function PKC12_newpass()
Dr. Stephen Henson [Fri, 3 Dec 1999 00:53:48 +0000 (00:53 +0000)]
Fix a bug in the modified purpose code: it wasn't updated to use the
new purpose getting function.
Update the ca-cert.pem and pca-cert.pem "CA" certificates so they
really are CA certificate: that is they have the appropriate extensions.
Dr. Stephen Henson [Thu, 2 Dec 1999 02:33:56 +0000 (02:33 +0000)]
Change the trust and purpose code so it doesn't need init
either and has a static and dynamic mix.
Dr. Stephen Henson [Wed, 1 Dec 1999 01:49:46 +0000 (01:49 +0000)]
Modify the X509 V3 extension lookup code.
Ben Laurie [Tue, 30 Nov 1999 20:15:19 +0000 (20:15 +0000)]
Make salting the default. Fail gracefully if the input is not salted.
Dr. Stephen Henson [Tue, 30 Nov 1999 14:39:58 +0000 (14:39 +0000)]
Document the extension tests performed by the -purpose test
in the x509 utility.
Dr. Stephen Henson [Tue, 30 Nov 1999 02:28:42 +0000 (02:28 +0000)]
Document all possible errors (and some impossible) from the verify program.
Dr. Stephen Henson [Mon, 29 Nov 1999 22:35:00 +0000 (22:35 +0000)]
Remainder of SSL purpose and trust code: trust and purpose setting in
SSL_CTX and SSL, functions to set them and defaults if no values set.
Dr. Stephen Henson [Mon, 29 Nov 1999 01:09:25 +0000 (01:09 +0000)]
Add part of chain verify SSL support code: not complete or doing anything
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
Dr. Stephen Henson [Sat, 27 Nov 1999 19:43:10 +0000 (19:43 +0000)]
Add trust setting support to the verify code. It now checks the
trust settings of the root CA.
After a few fixes it seems to work OK.
Still need to add support to SSL and S/MIME code though.
Richard Levitte [Sat, 27 Nov 1999 15:26:48 +0000 (15:26 +0000)]
Add compilation of x509_trs
Dr. Stephen Henson [Sat, 27 Nov 1999 01:18:39 +0000 (01:18 +0000)]
Oops! Commit died on me :-(
Dr. Stephen Henson [Sat, 27 Nov 1999 01:14:04 +0000 (01:14 +0000)]
Initial trust code: allow setting of trust checking functions
in a table. Doesn't do too much yet.
Make the -<digestname> options in 'x509' affect all relevant
options.
Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.
A few constification changes.
Dr. Stephen Henson [Fri, 26 Nov 1999 00:27:07 +0000 (00:27 +0000)]
New options to the -verify program which can be used for chain verification.
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
Dr. Stephen Henson [Wed, 24 Nov 1999 01:31:49 +0000 (01:31 +0000)]
Initial chain verify code: not tested probably not working
at present. However nothing enables it yet so this doesn't
matter :-)
Dr. Stephen Henson [Tue, 23 Nov 1999 18:50:28 +0000 (18:50 +0000)]
Support for authority information access extension.
Fix so EVP_PKEY_rset_*() check return codes.
Dr. Stephen Henson [Sun, 21 Nov 1999 22:28:31 +0000 (22:28 +0000)]
Transparent support for PKCS#8 private keys in RSA/DSA.
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs