| Age | Commit message (Collapse) | Author |
|---|
|
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.
set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.
remove extraneous '\r' in MIME encoder.
Allow a NULL to be passed to X509_gmtime_adj()
Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
|
|
|
|
found myself needing it a number of times, the latter for completeness.
|
|
|
|
|
|
test utility, I added the bits to get a EVP interface, the command line utility and the speed test
|
|
building a complete chain. Now added through the -CAfile and -CApath
arguments.
|
|
Add warning print out if duplicate names found:
should end up as a fatal error but a warning for
now until they problems are fixed...
|
|
Fix warnings with BIO_dump_indent().
|
|
|
|
test was never triggered due to an off-by-one error.
In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.
|
|
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.
The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).
Still needs to be documented, integrated into other
utilities and extensively tested.
|
|
'openssl asn1parse'. As a side effect, the functions ASN1_parse_dump
and BIO_dump_indent are added.
|
|
ASN1_TIME fixes.
New function c2i_ASN1_OBJECT().
|
|
|
|
there's support for building under Linux and True64 (using examples
from the programming manuals), including versioning that is currently
the same as OpenSSL versions but should really be a different series.
With this change, it's up to the users to decide if they want shared
libraries as well as the static ones. This decision now has to be
done at configuration time (well, not really, those who know what they
do can still do it the same way as before).
The OpenSSL programs (openssl and the test programs) are currently
always linked statically, but this may change in the future in a
configurable manner. The necessary makefile variables to enable this
are in place.
Also note that I have done absolutely nothing about the Windows target
to get something similar. On the other hand, DLLs are already the
default there, but without versioning, and I've no idea what the
possibilities for such a thing are there...
|
|
|
|
an already existing DSA key.
Document the new smime options.
|
|
call the i2c/c2i (they were not using the
content length for the headers).
Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.
New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.
|
|
content octets, not tag+length.
|
|
|
|
The message to everyone is "Do not hack OpenSSL when stressed"...
|
|
|
|
(Still needs to be tested against the original using sample passwords
of different length.)
|
|
|
|
|
|
into lexical order. Previously it depended on
the order of files in the directory.
This should now mean that all systems will
agree on the order of safestack.h and will
not change it needlessly and avoid massive
needless commits to safestack.h in future.
It wont however avoid this one :-(
|
|
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).
Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.
The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.
Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
|
|
casts in the same way as STACK_OF.
|
|
After some messing around this seems to work but needs
a few more tests. Working out the syntax for sk_set_cmp_func()
(cast it to a function that itself returns a function pointer)
was painful :-(
Needs some testing to see what other compilers think of this
syntax.
Also needs similar stuff for ASN1_SET_OF etc etc.
|
|
|
|
Documentation correction.
|
|
to support multiple calls.
New function to retrieve email address from certificates and
requests.
|
|
as expected -- maybe it's the different processor, maybe my
previous timings were too inaccurate.
|
|
Don't give performance gain estimates that appear to be more precise
than they really are, especially when they are wrong
(2/(1/1.15 + 1) = ca. 1.0698).
|
|
marginally faster BN_mod_exp for 1024 bit exponents.
|
|
|
|
because we're only handling words anyway) in BN_mod_exp_mont_word
making it a little faster for very small exponents,
and adjust the performance gain estimate in CHANGES according
to slightly more thorough measurements.
(15% faster than BN_mod_exp_mont for "large" base,
20% faster than BN_mod_exp_mont for small base.)
|
|
|
|
Submitted by: John Jarvie <jjarvie@newsguy.com>
|
|
structures and functions for each stack type. The previous behaviour
can be enabled by configuring with the "-DDEBUG_SAFESTACK" option.
This will also cause "make update" (mkdef.pl in particular) to
update the libeay.num and ssleay.num symbol tables with the number of
extra functions DEBUG_SAFESTACK creates.
The way this change works is to accompany each DECLARE_STACK_OF()
macro with a set of "#define"d versions of the sk_##type##_***
functions that ensures all the existing "type-safe" stack calls are
precompiled into the underlying stack calls. The presence or abscence
of the DEBUG_SAFESTACK symbol controls whether this block of
"#define"s or the DECLARE_STACK_OF() macro is taking effect. The
block of "#define"s is in turn generated and maintained by a perl
script (util/mkstack.pl) that encompasses the block with delimiting
C comments. This works in a similar way to the auto-generated error
codes and, like the other such maintenance utilities, is invoked
by the "make update" target.
A long (but mundane) commit will follow this with the results of
"make update" - this will include all the "#define" blocks for
each DECLARE_STACK_OF() statement, along with stripped down
libeay.num and ssleay.num files.
|
|
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;
X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).
Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
|
|
|
|
Change EVP_SealInit() and EVP_OpenInit() to
handle cipher parameters.
Make it possible to set RC2 and RC5 params.
Make RC2 ASN1 code use the effective key bits
and not the key length.
TODO: document how new API works.
|
|
Declare ciphers in terms of macros. This reduces
the amount of code and places each block cipher EVP
definition in a single file instead of being spread
over 4 files.
|
|
Remove duplicated code in EVP.
|
|
|
|
Change functions like EVP_EncryptUpdate() so they now return a
value. These normally have software only implementations
which cannot fail so this was acceptable. However ciphers
can be implemented in hardware and these could return errors.
|
|
enhance and tidy up the EVP interface.
This patch adds initial support for variable length ciphers
and changes S/MIME code to use this.
Some other library functions need modifying to support use
of modified cipher parameters.
Also need to change all the cipher functions that should
return error codes, but currenly don't.
And of course it needs extensive testing...
|
|
Call dh_tmp_cb with correct 'is_export' flag.
Avoid tabs in CHANGES.
|
