generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,749 Commits 16 Branches 258 Tags 86 MiB
a75b191502
Commit Graph

872 Commits

Author SHA1 Message Date
Geoff Thorpe
4d6115a5cc Make a note of the recent ENGINE developments. 2001-04-18 21:12:02 +00:00
Bodo Möller
3a25b96caf typo 2001-04-18 15:11:42 +00:00
Bodo Möller
6e6d04e29a fix md_rand.c locking bugs 2001-04-18 15:07:35 +00:00
Bodo Möller
f2346808de update so that changes going into the 0.9.6 tree can be logged 2001-04-12 12:42:20 +00:00
Bodo Möller
a9d2bc4902 Add information on 0.9.6a (in a form such that the list can be 
verified by looking at 'diff -u ../openssl-0.9.6a/CHANGES CHANGES')
 2001-04-11 10:35:38 +00:00
Bodo Möller
1f224bf029 Adjust BN_mod_inverse algorithm selection according to experiments on 
Ultra-Sparcs (both 32-bit and 64-bit compilations)
 2001-04-09 09:28:24 +00:00
Bodo Möller
7d0d0996aa binary algorithm for modular inversion 2001-04-08 18:23:44 +00:00
Bodo Möller
5f1fddbbe7 '||', '&&' and 'test -x' apparently don't work on Ultrix; 
also 'test' appears to be available as '[' only in 'if' conditions.
 2001-04-08 13:49:45 +00:00
Richard Levitte
4ac881ede3 Fix couple of memory leaks in PKCS7_dataDecode(). 
(provided by Stephen)
 2001-04-05 10:19:12 +00:00
Bodo Möller
6186ef9338 don't use shell functions 2001-04-04 16:26:31 +00:00
Richard Levitte
967d95f096 Incorporate some changes that make OpenSSL compilable in CygWin. 2001-04-04 15:50:30 +00:00
Dr. Stephen Henson
722ca2781c Rewrite CHOICE field setting code to properly handle 
combine in CHOICE options.

This was causing d2i_DSAPublicKey() to misbehave.
 2001-04-02 00:59:19 +00:00
Ulf Möller
c9fd9152bd Note the Alpha asm change 2001-03-31 01:23:10 +00:00
Bodo Möller
884e26080f Fix bctest, and add a workaround that should solve the problem with 
FreeBSD's /bin/sh.
 2001-03-30 09:19:18 +00:00
Richard Levitte
080b8cadfa Since there has been reports of clashes between OpenSSL's 
des_encrypt() and des_encrypt() defined on some systems (Solaris and
Unixware and maybe others), we rename des_encrypt() to des_encrypt1().
This should have very little impact on external software unless
someone has written a mode of DES, since that's all des_encrypt() is
meant for.
 2001-03-29 07:45:37 +00:00
Ulf Möller
6a5b52efa0 check CRT 2001-03-28 04:56:58 +00:00
Ulf Möller
6d864b7030 mips 2001-03-28 02:41:02 +00:00
Bodo Möller
81a6c7817f Harmonize CHANGES and STATUS files between the 0.9.6a branch and 
the trunk to keep diffs small.
 2001-03-22 10:59:41 +00:00
Dr. Stephen Henson
02ee8626fb Fix PKCS#12 key generation bug. 2001-03-18 02:11:42 +00:00
Richard Levitte
6e6783056e An enhanced bctest submitted by Tim Rice <tim@multitalents.net>. 
It now looks along $PATH for a working bc and returns the absolute
path to one that does work.
 2001-03-16 09:13:11 +00:00
Dr. Stephen Henson
791bd0cd2b Add copy_extensions option to 'ca' utility. 2001-03-16 02:04:17 +00:00
Dr. Stephen Henson
535d79da63 Overhaul the display of certificate details in 
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.

This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
 2001-03-15 19:13:40 +00:00
Bodo Möller
5d8094143e More error_data memory leaks 2001-03-15 11:30:10 +00:00
Bodo Möller
f51cf14b85 fix memory leak in err.c 2001-03-12 18:07:20 +00:00
Bodo Möller
3837491174 Add functions EC_POINT_mul and EC_GROUP_precompute. 
The latter does nothing for now, but its existence means
that applications can request precomputation when appropriate.
 2001-03-11 12:27:24 +00:00
Bodo Möller
6f8f443170 comment and error code update 2001-03-10 23:37:52 +00:00
Bodo Möller
48fe4d6233 More EC stuff, including EC_POINTs_mul() for simultaneous scalar 
multiplication of an arbitrary number of points.
 2001-03-10 23:18:35 +00:00
Richard Levitte
251cb4cfed For some experiments, it is sometimes nice to serve files with complete 
HTTP responses.
 2001-03-10 16:20:52 +00:00
Dr. Stephen Henson
b4f682d32f Add the 'ec' directory to mkdef.pl and mkfiles.pl 
so the Windows build can see it.

Fixup mkdef.pl so it doesn't mess up with function
names longer than 39 characters in length.
 2001-03-10 01:56:48 +00:00
Dr. Stephen Henson
1358835050 Change the EVP_somecipher() and EVP_somedigest() 
functions to return constant EVP_MD and EVP_CIPHER
pointers.

Update docs.
 2001-03-09 02:51:02 +00:00
Bodo Möller
c108108028 ssl23_peek 2001-03-08 21:55:27 +00:00
Bodo Möller
bb62a8b0c5 More method functions for elliptic curves, 
and an ectest.c that actually tests something.
 2001-03-08 19:14:52 +00:00
Ulf Möller
bd9e2e4c53 note the rand_win.c change 2001-03-08 17:00:09 +00:00
Bodo Möller
c62b26fdc6 Hide BN_CTX structure details. 
Incease the number of BIGNUMs in a BN_CTX.
 2001-03-08 15:56:15 +00:00
Dr. Stephen Henson
2dc769a1c1 Make EVP_Digest*() routines return a value. 
TODO: update docs, and make soe other routines
which use EVP_Digest*() check return codes.
 2001-03-08 14:04:22 +00:00
Bodo Möller
5277d7cb7c Fix ERR_R_... problems. 2001-03-07 01:19:07 +00:00
Richard Levitte
757a8b4621 Document the SSLv2 session reuse fix. 2001-03-05 13:59:52 +00:00
Bodo Möller
bad4058574 New option '-subj arg' for 'openssl req' and 'openssl ca'. This 
sets the subject name for a new request or supersedes the
subject name in a given request.

Add options '-batch' and '-verbose' to 'openssl req'.

Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller
 2001-03-05 11:09:43 +00:00
Richard Levitte
62dc5aad06 Introduce the possibility to access global variables through 
functions on platform were that's the best way to handle exporting
global variables in shared libraries.  To enable this functionality,
one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
"OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
is normally done by Configure or something similar).

To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
in the source file (foo.c) like this:

	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
	OPENSSL_IMPLEMENT_GLOBAL(double,bar);

To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:

	OPENSSL_DECLARE_GLOBAL(int,foo);
	#define foo OPENSSL_GLOBAL_REF(foo)
	OPENSSL_DECLARE_GLOBAL(double,bar);
	#define bar OPENSSL_GLOBAL_REF(bar)

The #defines are very important, and therefore so is including the
header file everywere where the defined globals are used.

The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
of ASN.1 items, but that structure is a bt different.

The largest change is in util/mkdef.pl which has been enhanced with
better and easier to understand logic to choose which symbols should
go into the Windows .def files as well as a number of fixes and code
cleanup (among others, algorithm keywords are now sorted
lexicographically to avoid constant rewrites).
 2001-03-02 10:38:19 +00:00
Dr. Stephen Henson
f23478c314 Fix bug in copy_email() which would not 
find emailAddress at start of subject name.
 2001-03-01 13:32:11 +00:00
Dr. Stephen Henson
3d2e469cfa Fix a bug which caused BN_div to produce the 
wrong result if rm==num and num < 0.
 2001-02-28 00:51:48 +00:00
Dr. Stephen Henson
fafc7f9875 Enhance OCSP_request_verify() so it finds the signers certificate 
properly and supports several flags.
 2001-02-26 14:17:58 +00:00
Dr. Stephen Henson
f196522159 New function and options to check OCSP response validity. 2001-02-24 13:50:06 +00:00
Dr. Stephen Henson
4ff18c8c3e Print out OID of unknown signature or public key 
algorithms.
 2001-02-24 01:42:21 +00:00
Dr. Stephen Henson
db4a465974 Stop PKCS7_verify() core dumping with unknown public 
key algorithms and leaking if the signature verify
fails.
 2001-02-24 01:38:56 +00:00
Dr. Stephen Henson
d7c06e9ec7 Make OCSP cert id code tolerate a missing issuer certificate 
or serial number.
 2001-02-23 13:04:24 +00:00
Dr. Stephen Henson
386828d029 Oops, forgot CHANGES entry for ASN1_ITEM_FUNCTIONS. 2001-02-23 13:02:56 +00:00
Geoff Thorpe
fa2b8db499 Note changes re: session ID generation callbacks, etc. 2001-02-21 18:48:33 +00:00
Richard Levitte
d399fdf877 Modify mkdef.pl to recognise and parse prprocessor conditionals of the 
form '#if defined(...) || defined(...) || ...' and '#if !defined(...)
&& !defined(...) && ...'.  This also avoids the growing number of
special cases it was previously handling (some of them wrongly).
 2001-02-21 14:12:03 +00:00
Bodo Möller
f2bc668429 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1. 
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
 2001-02-20 08:10:38 +00:00
Ulf Möller
5003a61b9f note OPENSSL_issetugid(). 2001-02-19 23:58:56 +00:00
Richard Levitte
2affbab9fc I forgot to document the system identification macros 2001-02-19 16:15:13 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making 
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
 2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
acba75c59d New -set_serial options to 'req' and 'x509'. 
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.

Fix typo in uid.c
 2001-02-19 13:38:32 +00:00
Bodo Möller
934397ec66 Memory leak detection bugfixes for multi-threading. 2001-02-19 10:32:53 +00:00
Dr. Stephen Henson
a6b7ffddac New options to 'ca' utility to support CRL entry extensions. 
Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.
 2001-02-16 01:35:44 +00:00
Lutz Jänicke
f30d34f3a8 Move entry to match chronologic orderering. 2001-02-15 14:18:53 +00:00
Lutz Jänicke
84a2173797 Don't forget to mention minor change. 2001-02-15 10:35:56 +00:00
Dr. Stephen Henson
f2e5ca84d4 Option to disable standard block padding with EVP API. 
Add -nopad option to enc command.

Update docs.
 2001-02-14 02:11:52 +00:00
Dr. Stephen Henson
cdc7b8cc60 Initial OCSP SSL support. 2001-02-14 01:12:41 +00:00
Ulf Möller
720235eeec IRIX bugfix 2001-02-14 00:14:09 +00:00
Dr. Stephen Henson
67c1801924 New function OCSP_parse_url() and -url option for ocsp utility. 
Doesn't handle SSL URLs yet.
 2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946 Modify OCSP nonce behaviour. 2001-02-12 23:28:45 +00:00
Dr. Stephen Henson
94fcd01349 Work around for libsafe "error". 2001-02-12 03:22:49 +00:00
Bodo Möller
620cea37e0 disable stdin buffering in load_cert 2001-02-10 13:12:35 +00:00
Dr. Stephen Henson
ccb08f98ae Fix CRL printing to correctly show when there are no revoked certificates. 
Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
 2001-02-10 00:56:45 +00:00
Lutz Jänicke
836f996010 New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override 
the clients choice; in SSLv2 the client uses the server's preferences.
 2001-02-09 19:56:31 +00:00
Dr. Stephen Henson
c47c619680 Various updates to mkdef.pl to cope with new aes 
and ASN1 code.
 2001-02-09 13:16:21 +00:00
Dr. Stephen Henson
8c950429a9 Allow various options to be included for signing and verify of 
OCSP responses.

Documentation to follow...

Urgh.. this conflicted with the -VAfile patch I hope I haven't
broken it.
 2001-02-08 19:36:10 +00:00
Richard Levitte
9235adbf47 Add the -VAfile option to 'openssl ocsp'. This option will give the 
client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.
 2001-02-08 17:59:29 +00:00
Bodo Möller
35ed8cb8b6 Integrate my implementation of a countermeasure against 
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
 2001-02-08 12:14:51 +00:00
Ulf Möller
57e7d3ce15 Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00
Dr. Stephen Henson
deb2c1a1c5 Fix AES code. 
Update Rijndael source to v3.0

Add AES OIDs.

Change most references of Rijndael to AES.

Add new draft AES ciphersuites.
 2001-02-07 18:15:18 +00:00
Bodo Möller
9eea2be6f1 Avoid coredumps for CONF_get_...(NULL, ...) 2001-02-06 10:26:34 +00:00
Ulf Möller
741a9690df Fix potential buffer overrun for EBCDIC. 2001-02-06 02:54:02 +00:00
Dr. Stephen Henson
26e083ccb7 New function to copy nonce values from OCSP 
request to response.
 2001-02-05 00:35:06 +00:00
Dr. Stephen Henson
02e4fbed3d Various OCSP responder utility functions. 
Delete obsolete OCSP functions.

Largely untested at present...
 2001-02-03 19:20:45 +00:00
Dr. Stephen Henson
88ce56f8c1 Various function for commmon operations. 2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
8cff6331c9 Tolerate some "variations" used in some 
certificates.

One is a valid CA which has no basicConstraints
but does have certSign keyUsage.

Other is S/MIME signer with nonRepudiation but
no digitalSignature.
 2001-02-01 01:57:32 +00:00
Richard Levitte
903872d65e Document the change. 2001-01-30 13:47:59 +00:00
Dr. Stephen Henson
b847024026 Make sk_sort tolearate a NULL argument. 2001-01-28 14:20:13 +00:00
Dr. Stephen Henson
50d5199120 New OCSP response verify option OCSP_TRUSTOTHER 2001-01-26 01:55:52 +00:00
Dr. Stephen Henson
a342cc5a70 Zero the premaster secret after deriving the master secret in DH 
ciphersuites.
 2001-01-25 13:15:01 +00:00
Dr. Stephen Henson
a43cf9fae9 Add debugging info to new ASN1 code to trace memory leaks. 
Fix PKCS7 and PKCS12 memory leaks.

Initialise encapsulated content type properly.
 2001-01-24 18:39:54 +00:00
Bodo Möller
ae0665b8f1 EVP_add_digest_alias additions to SS_library_init 2001-01-23 16:39:59 +00:00
Ulf Möller
75802000c8 There is no C version of bn_div_3_words 2001-01-23 16:26:15 +00:00
Ulf Möller
893b76c544 Mention the ./config script fixes. 2001-01-21 18:45:23 +00:00
Dr. Stephen Henson
ba8e28248f Fix to stop X509_time_adj() using GeneralizedTime. 2001-01-20 13:38:45 +00:00
Dr. Stephen Henson
8e8972bb68 Fixes to various ASN1_INTEGER routines for negative case. 
Enhance s2i_ASN1_INTEGER().
 2001-01-19 14:21:48 +00:00
Bodo Möller
57108f0ad5 Fix openssl passwd -1 2001-01-19 07:37:56 +00:00
Dr. Stephen Henson
73758d435b Additional functionality in ocsp utility: print summary 
of status info. Check nonce values. Option to disable
verify. Update usage message.

Rename status to string functions and make them global.
 2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
e8af92fcb1 Implement remaining OCSP verify checks in 
accordance with RFC2560.
 2001-01-18 01:35:39 +00:00
Richard Levitte
361ef5f4dc Make the change log on the RAND_poll change a bit more explicit. Suggested by Bodo Moeller. 2001-01-17 13:43:18 +00:00
Dr. Stephen Henson
81f169e95c Initial OCSP certificate verify. Not complete, 
it just supports a "trusted OCSP global root CA".
 2001-01-17 01:31:34 +00:00
Bodo Möller
dfebac32c0 New '-extfile' option for 'openssl ca'. 
This allows keeping extensions in a separate configuration file.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
 2001-01-15 11:35:24 +00:00
Dr. Stephen Henson
6308af199d Change PKCS#12 key derivation routines to cope with 
non null terminated passwords.
 2001-01-14 14:07:10 +00:00
Dr. Stephen Henson
5782ceb298 New OCSP utility. This can generate, parse and print 
OCSP requests. It can also query reponders and parse or
print out responses.

Still needs some more work: OCSP response checks and
of course documentation.
 2001-01-13 01:48:38 +00:00
Bodo Möller
c67cdb50d2 New 'openssl ca -status <serial>' and 'openssl ca -updatedb' 
commands.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
 2001-01-12 14:50:44 +00:00
Bodo Möller
d199858e89 New -newreq-nodes option to CA.pl. 
Submitted by: Damien Miller <djm@mindrot.org>
 2001-01-11 13:23:19 +00:00
Richard Levitte
10a2975a27 Add configuration for GNU Hurd. 2001-01-11 12:58:37 +00:00