From c5e8580e7b6edb6626fca6c42e91f9e3992d1f88 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 24 Sep 2000 17:31:37 +0000 Subject: Update the status and version number to 0.9.7-dev. --- CHANGES | 4 ++++ README | 2 +- STATUS | 3 ++- crypto/opensslv.h | 4 ++-- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 87853c3b29..0801e30048 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ OpenSSL CHANGES _______________ + Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + + *) + Changes between 0.9.5a and 0.9.6 [24 Sep 2000] *) In ssl23_get_client_hello, generate an error message when faced diff --git a/README b/README index d5969e2ad7..3364f62440 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.6 24 Sep 2000 + OpenSSL 0.9.7-dev 24 Sep 2000 Copyright (c) 1998-2000 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/STATUS b/STATUS index 028abb85ab..030800f545 100644 --- a/STATUS +++ b/STATUS @@ -1,9 +1,10 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/24 15:42:34 $ + ______________ $Date: 2000/09/24 17:31:36 $ DEVELOPMENT STATE + o OpenSSL 0.9.7: Under development... o OpenSSL 0.9.6: Released on September 24th, 2000 o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 71b53efd51..cf2055280e 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090600fL -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6 24 Sep 2000" +#define OPENSSL_VERSION_NUMBER 0x00907000L +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7-dev 24 Sep 2000" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT -- cgit v1.2.3 From 393e826ec36d4f792b7127492372a5a39e44b25a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Mon, 25 Sep 2000 05:55:19 +0000 Subject: typo --- doc/crypto/evp.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/evp.pod b/doc/crypto/evp.pod index f089dd49a2..edf47dbde6 100644 --- a/doc/crypto/evp.pod +++ b/doc/crypto/evp.pod @@ -10,7 +10,7 @@ evp - high-level cryptographic functions =head1 DESCRIPTION -The EVP library provided a high-level interface to cryptographic +The EVP library provides a high-level interface to cryptographic functions. BI<...> and BI<...> provide public key encryption -- cgit v1.2.3 From 9ef9e78520eba0fb3d92b581dc4f895a5f464387 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 25 Sep 2000 08:49:13 +0000 Subject: Make the algorithm implementations depend on the corresponding selection macros. --- crypto/evp/evp.h | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index f5b938d2f8..cdf5f3cf89 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -463,12 +463,20 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de); +#ifndef NO_RSA #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ (char *)(rsa)) +#endif + +#ifndef NO_DSA #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ (char *)(dsa)) +#endif + +#ifndef NO_DH #define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ (char *)(dh)) +#endif /* Add some extra combinations */ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) @@ -612,17 +620,29 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, #endif EVP_MD *EVP_md_null(void); +#ifndef NO_MD2 EVP_MD *EVP_md2(void); +#endif +#ifndef NO_MD4 EVP_MD *EVP_md4(void); +#endif +#ifndef NO_MD5 EVP_MD *EVP_md5(void); +#endif +#ifndef NO_SHA EVP_MD *EVP_sha(void); EVP_MD *EVP_sha1(void); EVP_MD *EVP_dss(void); EVP_MD *EVP_dss1(void); +#endif +#ifndef NO_MDC2 EVP_MD *EVP_mdc2(void); +#endif +#ifndef NO_RIPEMD EVP_MD *EVP_ripemd160(void); - +#endif EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +#ifndef NO_DES EVP_CIPHER *EVP_des_ecb(void); EVP_CIPHER *EVP_des_ede(void); EVP_CIPHER *EVP_des_ede3(void); @@ -636,31 +656,43 @@ EVP_CIPHER *EVP_des_cbc(void); EVP_CIPHER *EVP_des_ede_cbc(void); EVP_CIPHER *EVP_des_ede3_cbc(void); EVP_CIPHER *EVP_desx_cbc(void); +#endif +#ifndef NO_RC4 EVP_CIPHER *EVP_rc4(void); EVP_CIPHER *EVP_rc4_40(void); +#endif +#ifndef NO_IDEA EVP_CIPHER *EVP_idea_ecb(void); EVP_CIPHER *EVP_idea_cfb(void); EVP_CIPHER *EVP_idea_ofb(void); EVP_CIPHER *EVP_idea_cbc(void); +#endif +#ifndef NO_RC2 EVP_CIPHER *EVP_rc2_ecb(void); EVP_CIPHER *EVP_rc2_cbc(void); EVP_CIPHER *EVP_rc2_40_cbc(void); EVP_CIPHER *EVP_rc2_64_cbc(void); EVP_CIPHER *EVP_rc2_cfb(void); EVP_CIPHER *EVP_rc2_ofb(void); +#endif +#ifndef NO_BF EVP_CIPHER *EVP_bf_ecb(void); EVP_CIPHER *EVP_bf_cbc(void); EVP_CIPHER *EVP_bf_cfb(void); EVP_CIPHER *EVP_bf_ofb(void); +#endif +#ifndef NO_CAST EVP_CIPHER *EVP_cast5_ecb(void); EVP_CIPHER *EVP_cast5_cbc(void); EVP_CIPHER *EVP_cast5_cfb(void); EVP_CIPHER *EVP_cast5_ofb(void); +#endif +#ifndef NO_RC5 EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); - +#endif void OpenSSL_add_all_algorithms(void); void OpenSSL_add_all_ciphers(void); void OpenSSL_add_all_digests(void); -- cgit v1.2.3 From 4e20a4e688f6d38df1b543f43527afc7b1d0da0b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 25 Sep 2000 08:53:15 +0000 Subject: 'ranlib' doesn't always run on some systems. That's actually acceptable, since all that happens if it fails is a library with an index, which makes linking slower, but still working correctly. --- crypto/Makefile.ssl | 3 ++- crypto/asn1/Makefile.ssl | 3 ++- crypto/bf/Makefile.ssl | 3 ++- crypto/bio/Makefile.ssl | 3 ++- crypto/bn/Makefile.ssl | 3 ++- crypto/buffer/Makefile.ssl | 3 ++- crypto/cast/Makefile.ssl | 3 ++- crypto/comp/Makefile.ssl | 3 ++- crypto/conf/Makefile.ssl | 3 ++- crypto/des/Makefile.ssl | 3 ++- crypto/dh/Makefile.ssl | 3 ++- crypto/dsa/Makefile.ssl | 3 ++- crypto/dso/Makefile.ssl | 3 ++- crypto/err/Makefile.ssl | 3 ++- crypto/evp/Makefile.ssl | 3 ++- crypto/hmac/Makefile.ssl | 3 ++- crypto/idea/Makefile.ssl | 3 ++- crypto/lhash/Makefile.ssl | 3 ++- crypto/md2/Makefile.ssl | 3 ++- crypto/md4/Makefile.ssl | 3 ++- crypto/md5/Makefile.ssl | 3 ++- crypto/mdc2/Makefile.ssl | 3 ++- crypto/objects/Makefile.ssl | 3 ++- crypto/pem/Makefile.ssl | 3 ++- crypto/pkcs12/Makefile.ssl | 3 ++- crypto/pkcs7/Makefile.ssl | 3 ++- crypto/rand/Makefile.ssl | 3 ++- crypto/rc2/Makefile.ssl | 3 ++- crypto/rc4/Makefile.ssl | 3 ++- crypto/rc5/Makefile.ssl | 3 ++- crypto/ripemd/Makefile.ssl | 3 ++- crypto/rsa/Makefile.ssl | 3 ++- crypto/sha/Makefile.ssl | 3 ++- crypto/stack/Makefile.ssl | 3 ++- crypto/txt_db/Makefile.ssl | 3 ++- crypto/x509/Makefile.ssl | 3 ++- crypto/x509v3/Makefile.ssl | 3 ++- rsaref/Makefile.ssl | 3 ++- ssl/Makefile.ssl | 3 ++- 39 files changed, 78 insertions(+), 39 deletions(-) diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index 8c399bbff1..ae761da79f 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -90,7 +90,8 @@ links: lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib libs: diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl index eae97f321d..269af44593 100644 --- a/crypto/asn1/Makefile.ssl +++ b/crypto/asn1/Makefile.ssl @@ -75,7 +75,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/bf/Makefile.ssl b/crypto/bf/Makefile.ssl index adc9eec3c6..2d61ec50f4 100644 --- a/crypto/bf/Makefile.ssl +++ b/crypto/bf/Makefile.ssl @@ -44,7 +44,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/crypto/bio/Makefile.ssl b/crypto/bio/Makefile.ssl index af5998b102..00caa9f7eb 100644 --- a/crypto/bio/Makefile.ssl +++ b/crypto/bio/Makefile.ssl @@ -49,7 +49,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl index 85be16a5b6..ad36267e26 100644 --- a/crypto/bn/Makefile.ssl +++ b/crypto/bn/Makefile.ssl @@ -68,7 +68,8 @@ bnbug: bnbug.c ../../libcrypto.a top lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/crypto/buffer/Makefile.ssl b/crypto/buffer/Makefile.ssl index 4e11038c8b..c088ec6b3c 100644 --- a/crypto/buffer/Makefile.ssl +++ b/crypto/buffer/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/cast/Makefile.ssl b/crypto/cast/Makefile.ssl index afba084e8b..0aa1cbc55a 100644 --- a/crypto/cast/Makefile.ssl +++ b/crypto/cast/Makefile.ssl @@ -47,7 +47,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/crypto/comp/Makefile.ssl b/crypto/comp/Makefile.ssl index 3064df2447..ba705c2a1c 100644 --- a/crypto/comp/Makefile.ssl +++ b/crypto/comp/Makefile.ssl @@ -42,7 +42,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl index ea82d46727..a96212252a 100644 --- a/crypto/conf/Makefile.ssl +++ b/crypto/conf/Makefile.ssl @@ -40,7 +40,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index b3cfe3dab6..28e58f4207 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -57,7 +57,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib des: des.o cbc3_enc.o lib diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl index 30f1b80290..ccee00eeca 100644 --- a/crypto/dh/Makefile.ssl +++ b/crypto/dh/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl index 5df3b1cc43..1dfdb2d769 100644 --- a/crypto/dsa/Makefile.ssl +++ b/crypto/dsa/Makefile.ssl @@ -41,7 +41,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/dso/Makefile.ssl b/crypto/dso/Makefile.ssl index effc46d2dc..33630e0bbb 100644 --- a/crypto/dso/Makefile.ssl +++ b/crypto/dso/Makefile.ssl @@ -41,7 +41,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/err/Makefile.ssl b/crypto/err/Makefile.ssl index d001895cb6..42b9faa559 100644 --- a/crypto/err/Makefile.ssl +++ b/crypto/err/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 747051e4f1..fb9945db16 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -58,7 +58,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/hmac/Makefile.ssl b/crypto/hmac/Makefile.ssl index 430eab4c9a..ed3c8c64d1 100644 --- a/crypto/hmac/Makefile.ssl +++ b/crypto/hmac/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/idea/Makefile.ssl b/crypto/idea/Makefile.ssl index 3bd3e53ef4..d29bcd6874 100644 --- a/crypto/idea/Makefile.ssl +++ b/crypto/idea/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/lhash/Makefile.ssl b/crypto/lhash/Makefile.ssl index d7a51db3ee..60bb6b12e4 100644 --- a/crypto/lhash/Makefile.ssl +++ b/crypto/lhash/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/md2/Makefile.ssl b/crypto/md2/Makefile.ssl index c25ab74a38..8b382c35ff 100644 --- a/crypto/md2/Makefile.ssl +++ b/crypto/md2/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/md4/Makefile.ssl b/crypto/md4/Makefile.ssl index 5341bf5b46..bc38badb0a 100644 --- a/crypto/md4/Makefile.ssl +++ b/crypto/md4/Makefile.ssl @@ -40,7 +40,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/md5/Makefile.ssl b/crypto/md5/Makefile.ssl index 92ffc0b502..e5ec4a21ae 100644 --- a/crypto/md5/Makefile.ssl +++ b/crypto/md5/Makefile.ssl @@ -50,7 +50,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/crypto/mdc2/Makefile.ssl b/crypto/mdc2/Makefile.ssl index a50de0f42a..4b1b3e3696 100644 --- a/crypto/mdc2/Makefile.ssl +++ b/crypto/mdc2/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/objects/Makefile.ssl b/crypto/objects/Makefile.ssl index 47fdc34eec..1b43d8027b 100644 --- a/crypto/objects/Makefile.ssl +++ b/crypto/objects/Makefile.ssl @@ -39,7 +39,8 @@ all: obj_dat.h lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/pem/Makefile.ssl b/crypto/pem/Makefile.ssl index ed89109218..111dbc1ae4 100644 --- a/crypto/pem/Makefile.ssl +++ b/crypto/pem/Makefile.ssl @@ -40,7 +40,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/pkcs12/Makefile.ssl b/crypto/pkcs12/Makefile.ssl index 8f42d3044d..c92dd27639 100644 --- a/crypto/pkcs12/Makefile.ssl +++ b/crypto/pkcs12/Makefile.ssl @@ -45,7 +45,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/pkcs7/Makefile.ssl b/crypto/pkcs7/Makefile.ssl index 1757fc39ac..5e8a6808d3 100644 --- a/crypto/pkcs7/Makefile.ssl +++ b/crypto/pkcs7/Makefile.ssl @@ -58,7 +58,8 @@ verify: verify.o example.o lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl index b3054dc166..e9a6876b5a 100644 --- a/crypto/rand/Makefile.ssl +++ b/crypto/rand/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/rc2/Makefile.ssl b/crypto/rc2/Makefile.ssl index 542397d69a..6966e01b6f 100644 --- a/crypto/rc2/Makefile.ssl +++ b/crypto/rc2/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/rc4/Makefile.ssl b/crypto/rc4/Makefile.ssl index 53eac2064a..8ffff0a74e 100644 --- a/crypto/rc4/Makefile.ssl +++ b/crypto/rc4/Makefile.ssl @@ -47,7 +47,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/crypto/rc5/Makefile.ssl b/crypto/rc5/Makefile.ssl index 3d16856029..cf5d176859 100644 --- a/crypto/rc5/Makefile.ssl +++ b/crypto/rc5/Makefile.ssl @@ -44,7 +44,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/crypto/ripemd/Makefile.ssl b/crypto/ripemd/Makefile.ssl index 4bd78dd6fd..0b1cd73941 100644 --- a/crypto/ripemd/Makefile.ssl +++ b/crypto/ripemd/Makefile.ssl @@ -42,7 +42,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl index 22a42b4e1b..1be9a1cd23 100644 --- a/crypto/rsa/Makefile.ssl +++ b/crypto/rsa/Makefile.ssl @@ -41,7 +41,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/sha/Makefile.ssl b/crypto/sha/Makefile.ssl index 0e6e7b8940..75d3e0bf4f 100644 --- a/crypto/sha/Makefile.ssl +++ b/crypto/sha/Makefile.ssl @@ -42,7 +42,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/crypto/stack/Makefile.ssl b/crypto/stack/Makefile.ssl index 69d0a1cf68..2027d3946c 100644 --- a/crypto/stack/Makefile.ssl +++ b/crypto/stack/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/txt_db/Makefile.ssl b/crypto/txt_db/Makefile.ssl index 0e900ce748..567202abb7 100644 --- a/crypto/txt_db/Makefile.ssl +++ b/crypto/txt_db/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/x509/Makefile.ssl b/crypto/x509/Makefile.ssl index f8e59666c9..55356c680b 100644 --- a/crypto/x509/Makefile.ssl +++ b/crypto/x509/Makefile.ssl @@ -49,7 +49,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 483df46fd4..8ed3665049 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -43,7 +43,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/rsaref/Makefile.ssl b/rsaref/Makefile.ssl index 69d41a9a6d..8f27c48a5a 100644 --- a/rsaref/Makefile.ssl +++ b/rsaref/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl index 04dd3e8663..61b9cee090 100644 --- a/ssl/Makefile.ssl +++ b/ssl/Makefile.ssl @@ -55,7 +55,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: -- cgit v1.2.3 From 0acc90e5f790b2b8acfc85a3eb0c26e9db4a023a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 25 Sep 2000 09:30:32 +0000 Subject: echo=off works on NT, but not on W2K. --- ms/test.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ms/test.bat b/ms/test.bat index ef37beaa22..8f69194283 100755 --- a/ms/test.bat +++ b/ms/test.bat @@ -1,4 +1,4 @@ -@echo=off +@echo off set test=..\ms set opath=%PATH% -- cgit v1.2.3 From be054868a12904cde59a63c43baabd061cb83627 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 25 Sep 2000 10:21:23 +0000 Subject: When creating a .def file, be a bit more selective so disabled algorithms do not get in... --- util/mkdef.pl | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/util/mkdef.pl b/util/mkdef.pl index 0ac793555c..8ec1d07989 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -119,7 +119,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-rc4$/) { $no_rc4=1; } elsif (/^no-rc5$/) { $no_rc5=1; } elsif (/^no-idea$/) { $no_idea=1; } - elsif (/^no-des$/) { $no_des=1; } + elsif (/^no-des$/) { $no_des=1; $no_mdc2=1; } elsif (/^no-bf$/) { $no_bf=1; } elsif (/^no-cast$/) { $no_cast=1; } elsif (/^no-md2$/) { $no_md2=1; } @@ -704,7 +704,8 @@ EOF } else { (my $n, my $i) = split /\\/, $nums{$s}; my %pf = (); - my @p = split(/,/, ($i =~ /^.*?:(.*?):/,$1)); + my @p = split(/,/, ($i =~ /^[^:]*:([^:]*):/,$1)); + my @a = split(/,/, ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1)); # @p_purged must contain hardware platforms only my @p_purged = (); foreach $ptmp (@p) { @@ -726,7 +727,26 @@ EOF || (!$negatives && ($rsaref || !grep(/^RSAREF$/,@p))) || ($negatives - && (!$rsaref || !grep(/^!RSAREF$/,@p))))) { + && (!$rsaref || !grep(/^!RSAREF$/,@p)))) + && (!@a || (!$no_rc2 || !grep(/^RC2$/,@a))) + && (!@a || (!$no_rc4 || !grep(/^RC4$/,@a))) + && (!@a || (!$no_rc5 || !grep(/^RC5$/,@a))) + && (!@a || (!$no_idea || !grep(/^IDEA$/,@a))) + && (!@a || (!$no_des || !grep(/^DES$/,@a))) + && (!@a || (!$no_bf || !grep(/^BF$/,@a))) + && (!@a || (!$no_cast || !grep(/^CAST$/,@a))) + && (!@a || (!$no_md2 || !grep(/^MD2$/,@a))) + && (!@a || (!$no_md4 || !grep(/^MD4$/,@a))) + && (!@a || (!$no_md5 || !grep(/^MD5$/,@a))) + && (!@a || (!$no_sha || !grep(/^SHA$/,@a))) + && (!@a || (!$no_ripemd || !grep(/^RIPEMD$/,@a))) + && (!@a || (!$no_mdc2 || !grep(/^MDC2$/,@a))) + && (!@a || (!$no_rsa || !grep(/^RSA$/,@a))) + && (!@a || (!$no_dsa || !grep(/^DSA$/,@a))) + && (!@a || (!$no_dh || !grep(/^DH$/,@a))) + && (!@a || (!$no_hmac || !grep(/^HMAC$/,@a))) + && (!@a || (!$no_fp_api || !grep(/^FP_API$/,@a))) + ) { printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n; # } else { # print STDERR "DEBUG: \"$sym\" (@p):", -- cgit v1.2.3 From 46b1b91309aaf4faf6544247ac5235fd0f4dda62 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 25 Sep 2000 10:22:39 +0000 Subject: Update --- util/libeay.num | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/util/libeay.num b/util/libeay.num index 3a72228d6a..9f0f598860 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -301,8 +301,8 @@ EVP_des_ede_cfb 308 EXIST::FUNCTION:DES EVP_des_ede_ofb 309 EXIST::FUNCTION:DES EVP_des_ofb 310 EXIST::FUNCTION:DES EVP_desx_cbc 311 EXIST::FUNCTION:DES -EVP_dss 312 EXIST::FUNCTION:DSA -EVP_dss1 313 EXIST::FUNCTION:DSA +EVP_dss 312 EXIST::FUNCTION:DSA,SHA +EVP_dss1 313 EXIST::FUNCTION:DSA,SHA EVP_enc_null 314 EXIST::FUNCTION: EVP_get_cipherbyname 315 EXIST::FUNCTION: EVP_get_digestbyname 316 EXIST::FUNCTION: @@ -926,7 +926,7 @@ PKCS7_add_signature 938 EXIST::FUNCTION: PKCS7_cert_from_signer_info 939 EXIST::FUNCTION: PKCS7_get_signer_info 940 EXIST::FUNCTION: EVP_delete_alias 941 NOEXIST::FUNCTION: -EVP_mdc2 942 EXIST::FUNCTION: +EVP_mdc2 942 EXIST::FUNCTION:MDC2 PEM_read_bio_RSAPublicKey 943 EXIST::FUNCTION:RSA PEM_write_bio_RSAPublicKey 944 EXIST::FUNCTION:RSA d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:RSA -- cgit v1.2.3 From 88aeb646bdbefa4da03b7a731a46631c7967ff5c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 25 Sep 2000 11:12:27 +0000 Subject: Document the change. --- CHANGES | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 0801e30048..8b794946d8 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,10 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] - *) + *) Correct util/mkdef.pl to be selective about disabled algorithms. + Previously, it would create entries for disableed algorithms no + matter what. + [Richard Levitte] Changes between 0.9.5a and 0.9.6 [24 Sep 2000] -- cgit v1.2.3 From 6d0dcbedb19a17ce29a068278208d89bdc0b18c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 26 Sep 2000 11:25:44 +0000 Subject: Fix SSL_CTX_set_read_ahead macro. Submitted by: Anders Gertz --- ssl/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl.h b/ssl/ssl.h index fdbdc70ba7..87e609ed37 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1178,7 +1178,7 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void ); #define SSL_CTX_get_read_ahead(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) #define SSL_CTX_set_read_ahead(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) /* NB: the keylength is only applicable when is_export is true */ #ifndef NO_RSA -- cgit v1.2.3 From 544ebbceb49236339d7836cae4aaa7f618817aa3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 26 Sep 2000 11:30:59 +0000 Subject: Don't modify s->read_ahead in SSL_clear, which is called from accept/connect functions; those should not change the read_ahead setting of the SSL structure. --- ssl/ssl_lib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 635b25062e..d77d340388 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -119,7 +119,9 @@ int SSL_clear(SSL *s) s->client_version=s->version; s->rwstate=SSL_NOTHING; s->rstate=SSL_ST_READ_HEADER; +#if 0 s->read_ahead=s->ctx->read_ahead; +#endif if (s->init_buf != NULL) { -- cgit v1.2.3 From 086a32d7542dc8c3211b7da9f0b38fdf4e83b247 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 26 Sep 2000 11:38:05 +0000 Subject: Set s->read_ahead in SSL_new because SSL_clear no longer modifies it. --- ssl/ssl_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d77d340388..fec98dd8f4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -231,6 +231,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; s->options=ctx->options; s->mode=ctx->mode; + s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */ SSL_clear(s); CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data); -- cgit v1.2.3 From 3a0afe1eedb889599afcecf264f104e6f9410798 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 26 Sep 2000 11:39:37 +0000 Subject: Note read_ahead-flag related fixes. --- CHANGES | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGES b/CHANGES index 8b794946d8..030335e2d1 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Fix SSL_CTX_set_read_ahead macro to actually use its argument. + + Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new + and not in SSL_clear because the latter is also used by the + accept/connect functions; previously, the settings made by + SSL_set_read_ahead would be lost during the handshake. + [Bodo Moeller; problems reported by Anders Gertz ] + *) Correct util/mkdef.pl to be selective about disabled algorithms. Previously, it would create entries for disableed algorithms no matter what. -- cgit v1.2.3 From b7af080fb1f1eb56b2594130fc261a3e79f45f19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 26 Sep 2000 12:15:53 +0000 Subject: Add BUGS section. --- doc/ssl/SSL_pending.pod | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod index 744e1855e1..6c03b14caf 100644 --- a/doc/ssl/SSL_pending.pod +++ b/doc/ssl/SSL_pending.pod @@ -25,6 +25,19 @@ L. The number of bytes pending is returned. +=head1 BUGS + +SSL_pending() takes into account only bytes from the TLS/SSL record +that is currently being processed (if any). If the B object's +I flag is set, additional protocol bytes may have been +read containing more TLS/SSL records; these are ignored by +SSL_pending(). + +SSL_pending() does not check if the record type of pending data is +application data. + +=head1 SEE ALSO + L, L =cut -- cgit v1.2.3 From 2eaad87f36915900d50355e09e34c6fe2e487364 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 26 Sep 2000 12:23:55 +0000 Subject: Verbose output when installing manual pages so that you see that something is going on (and what). --- Makefile.org | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.org b/Makefile.org index c6f660954b..0f410c08ae 100644 --- a/Makefile.org +++ b/Makefile.org @@ -473,19 +473,19 @@ install_docs: $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 - @echo installing man 1 and man 5 @for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \ + echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `dirname $$i`; \ $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`) \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ done - @echo installing man 3 and man 7 @for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \ + echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `dirname $$i`; \ $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`) \ -- cgit v1.2.3 From 6df3553255c4f91b2e260b4f7180b1ad0ae6788d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 27 Sep 2000 13:54:28 +0000 Subject: A compiler warning removed. Thanks to the folks at HP! --- crypto/bn/asm/pa-risc2.s | 2 +- crypto/bn/asm/pa-risc2W.s | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s index 7239aa2c76..af9730d062 100644 --- a/crypto/bn/asm/pa-risc2.s +++ b/crypto/bn/asm/pa-risc2.s @@ -1611,7 +1611,7 @@ bn_mul_comba4 .IMPORT $global$,DATA .SPACE $TEXT$ .SUBSPA $CODE$ - .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16 + .SUBSPA $LIT$,ACCESS=0x2c C$7 .ALIGN 8 .STRINGZ "Division would overflow (%d)\n" diff --git a/crypto/bn/asm/pa-risc2W.s b/crypto/bn/asm/pa-risc2W.s index 54b6606252..a99545754d 100644 --- a/crypto/bn/asm/pa-risc2W.s +++ b/crypto/bn/asm/pa-risc2W.s @@ -1598,7 +1598,7 @@ bn_mul_comba4 .IMPORT $global$,DATA .SPACE $TEXT$ .SUBSPA $CODE$ - .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16 + .SUBSPA $LIT$,ACCESS=0x2c C$4 .ALIGN 8 .STRINGZ "Division would overflow (%d)\n" -- cgit v1.2.3 From a87aa87bccc745aac0fbfe8354a03ea09fdca1cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Wed, 27 Sep 2000 21:45:20 +0000 Subject: The des_modes manpage is in section 7. --- doc/crypto/des.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index ab3e26e9ec..99080391b1 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -345,7 +345,7 @@ the MIT Kerberos library. =head1 SEE ALSO -crypt(3), L, L, L +crypt(3), L, L, L =head1 HISTORY -- cgit v1.2.3 From a269d312dae19bfc902c3f24d46e76799c3782f4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 29 Sep 2000 20:14:57 +0000 Subject: Include arpa/inet.h, since that's where htons() and friends are supposed to be defined according to XPG4.2. Found by Evan for the MVS platform. --- e_os.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/e_os.h b/e_os.h index 0c0784f9a9..4f9c983ef1 100644 --- a/e_os.h +++ b/e_os.h @@ -355,12 +355,14 @@ extern HINSTANCE _hInstance; # if defined(VMS) && !defined(__DECC) # include # include +# include # else # include # ifdef FILIO_H # include /* Added for FIONBIO under unixware */ # endif # include +# include # endif # if defined(NeXT) || defined(_NEXT_SOURCE) -- cgit v1.2.3 From 2e7e3d6ce9910495eb66a6e77597dd2ebd43f815 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 1 Oct 2000 21:28:07 +0000 Subject: Remove what was described by someone as "an EAY hack for compiling SSLeay with Colin Plumb's MD5 implementation instead of his one". --- e_os.h | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/e_os.h b/e_os.h index 4f9c983ef1..f44f39300c 100644 --- a/e_os.h +++ b/e_os.h @@ -450,19 +450,6 @@ extern char *sys_errlist[]; extern int sys_nerr; #define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from the same bug.*/ #endif -#ifdef NO_MD2 -#define MD2_Init MD2Init -#define MD2_Update MD2Update -#define MD2_Final MD2Final -#define MD2_DIGEST_LENGTH 16 -#endif -#ifdef NO_MD5 -#define MD5_Init MD5Init -#define MD5_Update MD5Update -#define MD5_Final MD5Final -#define MD5_DIGEST_LENGTH 16 -#endif - #ifdef __cplusplus } #endif -- cgit v1.2.3 From ef71cb6dafe78a8286892d205e0009e8c36557cd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 1 Oct 2000 21:46:43 +0000 Subject: Document... --- CHANGES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index 030335e2d1..8643bda1c4 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Clean old EAY MD5 hack from e_os.h. + [Richard Levitte] + *) Fix SSL_CTX_set_read_ahead macro to actually use its argument. Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new -- cgit v1.2.3 From 356c06c7767e7bc4387c8fb3b955ae2c0a661f5b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 3 Oct 2000 22:02:28 +0000 Subject: More SSL functions documented. Submitted by Lutz Jaenicke --- doc/ssl/SSL_CTX_load_verify_locations.pod | 93 +++++++++++++++++++++++++++++++ doc/ssl/SSL_CTX_set_client_CA_list.pod | 90 ++++++++++++++++++++++++++++++ doc/ssl/SSL_get_client_CA_list.pod | 52 +++++++++++++++++ doc/ssl/SSL_load_client_CA_file.pod | 62 +++++++++++++++++++++ doc/ssl/ssl.pod | 10 +++- 5 files changed, 305 insertions(+), 2 deletions(-) create mode 100644 doc/ssl/SSL_CTX_load_verify_locations.pod create mode 100644 doc/ssl/SSL_CTX_set_client_CA_list.pod create mode 100644 doc/ssl/SSL_get_client_CA_list.pod create mode 100644 doc/ssl/SSL_load_client_CA_file.pod diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod new file mode 100644 index 0000000000..66bb6f33b6 --- /dev/null +++ b/doc/ssl/SSL_CTX_load_verify_locations.pod @@ -0,0 +1,93 @@ +=pod + +=head1 NAME + +SSL_CTX_load_verify_locations - set default locations for trusted CA +certificates + +=head1 SYNOPSIS + + #include + + int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); + +=head1 DESCRIPTION + +SSL_CTX_load_verify_locations() specifies the locations for B, at +which CA certificates for verification purposes are located. The certificates +available via B and B are trusted. + +=head1 NOTES + +If B is not NULL, it points to a file of CA certificates in PEM +format. The file can contain several CA certificates identified by + + -----BEGIN CERTIFICATE----- + ... (CA certificate in base64 encoding) ... + -----END CERTIFICATE----- + +sequences. Before, between, and after the certificates text is allowed +which can be used e.g. for descriptions of the certificates. + +The B is processed on execution of the SSL_CTX_load_verify_locations() +function. + +If on an TLS/SSL server no special setting is perfomed using *client_CA_list() +functions, the certificates contained in B are listed to the client +as available CAs during the TLS/SSL handshake. + +If B is not NULL, it points to a directory containing CA certificates +in PEM format. The files each contain one CA certificate. The files are +looked up by the CA subject name hash value, which must hence be available. +Use the B utility to create the necessary links. + +The certificates in B are only looked up when required, e.g. when +building the certificate chain or when actually performing the verification +of a peer certificate. + +On a server, the certificates in B are not listed as available +CA certificates to a client during a TLS/SSL handshake. + +=head1 EXAMPLES + +Generate a CA certificate file with descriptive text from the CA certificates +ca1.pem ca2.pem ca3.pem: + + #!/bin/sh + rm CAfile.pem + for i in ca1.pem ca2.pem ca3.pem ; do + openssl x509 -in $i -text >> CAfile.pem + done + +Prepare the directory /some/where/certs containing several CA certificates +for use as B: + + cd /some/where/certs + c_rehash + +=head1 RETURN VALUES + +The following return values can occur: + +=over 4 + +=item 0 + +The operation failed because B and B are NULL or the +processing at one of the locations specified failed. Check the error +stack to find out the reason. + +=item 1 + +The operation succeeded. + +=back + +=head1 SEE ALSO + +L, +L, +L + +=cut diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod new file mode 100644 index 0000000000..f27a291cb6 --- /dev/null +++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod @@ -0,0 +1,90 @@ +=pod + +=head1 NAME + +SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, +SSL_add_client_CA - set list of CAs sent to the client when requesting a +client certificate + +=head1 SYNOPSIS + + #include + + void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); + void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); + int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); + int SSL_add_client_CA(SSL *ssl, X509 *cacert); + +=head1 DESCRIPTION + +SSL_CTX_set_client_CA_list() sets the B of CAs sent to the client when +requesting a client certificate for B. + +SSL_set_client_CA_list() sets the B of CAs sent to the client when +requesting a client certificate for the chosen B, overriding the +setting valid for B's SSL_CTX object. + +SSL_CTX_add_client_CA() adds the CA name extracted from B to the +list of CAs sent to the client when requesting a client certificate for +B. + +SSL_add_client_CA() adds the CA name extracted from B to the +list of CAs sent to the client when requesting a client certificate for +the chosen B, overriding the setting valid for B's SSL_CTX object. + +=head1 NOTES + +When a TLS/SSL server requests a client certificate (see +B), it sends a list of CAs, for which +it will accept certificates, to the client. If no special list is provided, +the CAs available using the B option in +L +are sent. + +This list can be explicitely set using the SSL_CTX_set_client_CA_list() for +B and SSL_set_client_CA_list() for the specific B. The list +specified overrides the previous setting. The CAs listed do not become +trusted (B only contains the names, not the complete certificates); use +L +to additionally load them for verification. + +SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional +items the list of client CAs. If no list was specified before using +SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client +CA list for B or B (as appropriate) is opened. The CAs implicitly +specified using +L +are no longer used automatically. + +These functions are only useful for TLS/SSL servers. + +=head1 RETURN VALUES + +SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return +diagnostic information. + +SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return +values: + +=over 4 + +=item 1 + +The operation succeeded. + +=item 0 + +A failure while manipulating the STACK_OF(X509_NAME) object occured or +the X509_NAME could not be extracted from B. Check the error stack +to find out the reason. + +=back + +=head1 SEE ALSO + +L, +L, +L +L + +=cut diff --git a/doc/ssl/SSL_get_client_CA_list.pod b/doc/ssl/SSL_get_client_CA_list.pod new file mode 100644 index 0000000000..d358bc352e --- /dev/null +++ b/doc/ssl/SSL_get_client_CA_list.pod @@ -0,0 +1,52 @@ +=pod + +=head1 NAME + +SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs + +=head1 SYNOPSIS + + #include + + STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); + STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx); + +=head1 DESCRIPTION + +SSL_CTX_get_client_CA_list() returns the list of client CAs explicitely set for +B using L. + +SSL_get_client_CA_list() returns the list of client CAs explicitely +set for B using SSL_set_client_CA_list() or B's SSL_CTX object with +L, when in +server mode. In client mode, SSL_get_client_CA_list returns the list of +client CAs sent from the server, if any. + +=head1 RETURN VALUES + +SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return +diagnostic information. + +SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return +values: + +=over 4 + +=item STACK_OF(X509_NAMES) + +List of CA names explicitely set (for B or in server mode) or send +by the server (client mode). + +=item NULL + +No client CA list was explicitely set (for B or in server mode) or +the server did not send a list of CAs (client mode). + +=back + +=head1 SEE ALSO + +L, +L + +=cut diff --git a/doc/ssl/SSL_load_client_CA_file.pod b/doc/ssl/SSL_load_client_CA_file.pod new file mode 100644 index 0000000000..02527dc2ed --- /dev/null +++ b/doc/ssl/SSL_load_client_CA_file.pod @@ -0,0 +1,62 @@ +=pod + +=head1 NAME + +SSL_load_client_CA_file - load certificate names from file + +=head1 SYNOPSIS + + #include + + STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); + +=head1 DESCRIPTION + +SSL_load_client_CA_file() reads certificates from B and returns +a STACK_OF(X509_NAME) with the subject names found. + +=head1 NOTES + +SSL_load_client_CA_file() reads a file of PEM formatted certificates and +extracts the X509_NAMES of the certificates found. While the name suggests +the specific usage as support function for +L, +it is not limited to CA certificates. + +=head1 EXAMPLES + +Load names of CAs from file and use it as a client CA list: + + SSL_CTX *ctx; + STACK_OF(X509_NAME) *cert_names; + + ... + cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); + if (cert_names != NULL) + SSL_CTX_set_client_CA_list(ctx, cert_names); + else + error_handling(); + ... + +=head1 RETURN VALUES + +The following return values can occur: + +=over 4 + +=item NULL + +The operation failed, check out the error stack for the reason. + +=item Pointer to STACK_OF(X509_NAME) + +Pointer to the subject names of the successfully read certificates. + +=back + +=head1 SEE ALSO + +L, +L + +=cut diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 8ffe5904d5..a4a3959dc0 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -625,15 +625,21 @@ connection defined in the B structure. L, L, L, L, -L, L, +L, +L +L, +L L, L, +L, L, L, L, L, L, L, -L, L, +L, +L, +L, L, L, L, L, L, -- cgit v1.2.3 From d0c98589146d79f1059638057dad9bb80d662339 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 4 Oct 2000 01:16:32 +0000 Subject: Global DirectoryString mask fix. Add support for X509_NAME_print_ex() in req. Initial code for cutomizable X509 print routines. --- CHANGES | 5 ++ apps/req.c | 20 ++++- crypto/asn1/a_strex.c | 12 +++ crypto/asn1/a_strnid.c | 2 +- crypto/asn1/t_x509.c | 205 ++++++++++++++++++++++++++++++------------------- crypto/x509/x509.h | 17 ++++ 6 files changed, 180 insertions(+), 81 deletions(-) diff --git a/CHANGES b/CHANGES index 8643bda1c4..aeea390f77 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Fix for bug in DirectoryString mask setting. Add support for + X509_NAME_print_ex() in 'req' and initial X509_print_ex() function + to allow certificate printing to more controllable. + [Steve Henson] + *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] diff --git a/apps/req.c b/apps/req.c index 1aab38d9d7..4d707e83ed 100644 --- a/apps/req.c +++ b/apps/req.c @@ -143,6 +143,7 @@ int MAIN(int argc, char **argv) #ifndef NO_DSA DSA *dsa_params=NULL; #endif + unsigned long nmflag = 0; int ex=1,x509=0,days=30; X509 *x509ss=NULL; X509_REQ *req=NULL; @@ -150,7 +151,7 @@ int MAIN(int argc, char **argv) int i,badops=0,newreq=0,newkey= -1,pkey_type=0; BIO *in=NULL,*out=NULL; int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; - int nodes=0,kludge=0,newhdr=0; + int nodes=0,kludge=0,newhdr=0,subject=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; char *extensions = NULL; char *req_exts = NULL; @@ -322,6 +323,13 @@ int MAIN(int argc, char **argv) nodes=1; else if (strcmp(*argv,"-noout") == 0) noout=1; + else if (strcmp(*argv,"-nameopt") == 0) + { + if (--argc < 1) goto bad; + if (!set_name_ex(&nmflag, *(++argv))) goto bad; + } + else if (strcmp(*argv,"-subject") == 0) + subject=1; else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-x509") == 0) @@ -803,7 +811,7 @@ loop: BIO_printf(bio_err,"verify OK\n"); } - if (noout && !text && !modulus) + if (noout && !text && !modulus && !subject) { ex=0; goto end; @@ -840,6 +848,14 @@ loop: X509_REQ_print(out,req); } + if(subject) + { + if(x509) + print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag); + else + print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag); + } + if (modulus) { EVP_PKEY *pubkey; diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 569b811998..5335538ae0 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -491,12 +491,24 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) { + if(flags == XN_FLAG_COMPAT) + return X509_NAME_print(out, nm, indent); return do_name_ex(send_bio_chars, out, nm, indent, flags); } int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) { + if(flags == XN_FLAG_COMPAT) + { + BIO *btmp; + int ret; + btmp = BIO_new_fp(fp, BIO_NOCLOSE); + if(!btmp) return -1; + ret = X509_NAME_print(btmp, nm, indent); + BIO_free(btmp); + return ret; + } return do_name_ex(send_fp_chars, fp, nm, indent, flags); } diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 6b10cff994..732e68fe46 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -133,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, if(tbl) { mask = tbl->mask; if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; - ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask, + ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, tbl->minsize, tbl->maxsize); } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); if(ret <= 0) return NULL; diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 314bdfb1c7..189e5bdce8 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -72,6 +72,11 @@ #ifndef NO_FP_API int X509_print_fp(FILE *fp, X509 *x) + { + return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); + } + +int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag) { BIO *b; int ret; @@ -82,17 +87,22 @@ int X509_print_fp(FILE *fp, X509 *x) return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=X509_print(b, x); + ret=X509_print_ex(b, x, nmflag, cflag); BIO_free(b); return(ret); } #endif int X509_print(BIO *bp, X509 *x) +{ + return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); +} + +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) { long l; int ret=0,i,j,n; - char *m=NULL,*s; + char *m=NULL,*s, mlch = ' '; X509_CINF *ci; ASN1_INTEGER *bs; EVP_PKEY *pkey=NULL; @@ -100,89 +110,122 @@ int X509_print(BIO *bp, X509 *x) X509_EXTENSION *ex; ASN1_STRING *str=NULL; + if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) + mlch = '\n'; + ci=x->cert_info; - if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; - if (BIO_write(bp," Data:\n",10) <= 0) goto err; - l=X509_get_version(x); - if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; - if (BIO_write(bp," Serial Number:",22) <= 0) goto err; - - bs=X509_get_serialNumber(x); - if (bs->length <= 4) + if(!(cflag & X509_FLAG_NO_HEADER)) { - l=ASN1_INTEGER_get(bs); - if (l < 0) - { - l= -l; - neg="-"; - } - else - neg=""; - if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) - goto err; + if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; + if (BIO_write(bp," Data:\n",10) <= 0) goto err; } - else + if(!(cflag & X509_FLAG_NO_VERSION)) + { + l=X509_get_version(x); + if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; + } + if(!(cflag & X509_FLAG_NO_SERIAL)) { - neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; - if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; - for (i=0; ilength; i++) + if (BIO_write(bp," Serial Number:",22) <= 0) goto err; + + bs=X509_get_serialNumber(x); + if (bs->length <= 4) { - if (BIO_printf(bp,"%02x%c",bs->data[i], - ((i+1 == bs->length)?'\n':':')) <= 0) + l=ASN1_INTEGER_get(bs); + if (l < 0) + { + l= -l; + neg="-"; + } + else + neg=""; + if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) goto err; } + else + { + neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; + if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; + + for (i=0; ilength; i++) + { + if (BIO_printf(bp,"%02x%c",bs->data[i], + ((i+1 == bs->length)?'\n':':')) <= 0) + goto err; + } + } + } - i=OBJ_obj2nid(ci->signature->algorithm); - if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) - goto err; - - if (BIO_write(bp," Issuer: ",16) <= 0) goto err; - if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err; - if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err; - if (BIO_write(bp," Not Before: ",24) <= 0) goto err; - if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err; - if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; - if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err; - if (BIO_write(bp,"\n Subject: ",18) <= 0) goto err; - if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err; - if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0) - goto err; - i=OBJ_obj2nid(ci->key->algor->algorithm); - if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; - - pkey=X509_get_pubkey(x); - if (pkey == NULL) + if(!(cflag & X509_FLAG_NO_SIGNAME)) { - BIO_printf(bp,"%12sUnable to load Public Key\n",""); - ERR_print_errors(bp); + i=OBJ_obj2nid(ci->signature->algorithm); + if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","", + (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) + goto err; } - else -#ifndef NO_RSA - if (pkey->type == EVP_PKEY_RSA) + + if(!(cflag & X509_FLAG_NO_ISSUER)) { - BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", - BN_num_bits(pkey->pkey.rsa->n)); - RSA_print(bp,pkey->pkey.rsa,16); + if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err; + if (!X509_NAME_print_ex(bp,X509_get_issuer_name(x),16, nmflags)) goto err; } - else -#endif -#ifndef NO_DSA - if (pkey->type == EVP_PKEY_DSA) + if(!(cflag & X509_FLAG_NO_VALIDITY)) { - BIO_printf(bp,"%12sDSA Public Key:\n",""); - DSA_print(bp,pkey->pkey.dsa,16); + if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err; + if (BIO_write(bp," Not Before: ",24) <= 0) goto err; + if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err; + if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; + if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err; + if (BIO_write(bp,"\n",1) <= 0) goto err; } - else + if(!(cflag & X509_FLAG_NO_SUBJECT)) + { + if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; + if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err; + } + if(!(cflag & X509_FLAG_NO_PUBKEY)) + { + if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0) + goto err; + i=OBJ_obj2nid(ci->key->algor->algorithm); + if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","", + (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; + + pkey=X509_get_pubkey(x); + if (pkey == NULL) + { + BIO_printf(bp,"%12sUnable to load Public Key\n",""); + ERR_print_errors(bp); + } + else +#ifndef NO_RSA + if (pkey->type == EVP_PKEY_RSA) + { + BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", + BN_num_bits(pkey->pkey.rsa->n)); + RSA_print(bp,pkey->pkey.rsa,16); + } + else +#endif +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + { + BIO_printf(bp,"%12sDSA Public Key:\n",""); + DSA_print(bp,pkey->pkey.dsa,16); + } + else #endif - BIO_printf(bp,"%12sUnknown Public Key:\n",""); + BIO_printf(bp,"%12sUnknown Public Key:\n",""); - EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey); + } - n=X509_get_ext_count(x); + if (cflag & X509_FLAG_NO_EXTENSIONS) + n = 0; + else + n=X509_get_ext_count(x); if (n > 0) { BIO_printf(bp,"%8sX509v3 extensions:\n",""); @@ -205,21 +248,27 @@ int X509_print(BIO *bp, X509 *x) } } - i=OBJ_obj2nid(x->sig_alg->algorithm); - if (BIO_printf(bp,"%4sSignature Algorithm: %s","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; + if(!(cflag & X509_FLAG_NO_SIGDUMP)) + { + i=OBJ_obj2nid(x->sig_alg->algorithm); + if (BIO_printf(bp,"%4sSignature Algorithm: %s","", + (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; - n=x->signature->length; - s=(char *)x->signature->data; - for (i=0; isignature->length; + s=(char *)x->signature->data; + for (i=0; iaux, 0)) goto err; } - if (BIO_write(bp,"\n",1) != 1) goto err; - if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err; ret=1; err: if (str != NULL) ASN1_STRING_free(str); diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 813c8adffd..6b053359b7 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -320,6 +320,21 @@ DECLARE_STACK_OF(X509_TRUST) #define X509_TRUST_REJECTED 2 #define X509_TRUST_UNTRUSTED 3 +/* Flags for X509_print_ex() */ + +#define X509_FLAG_COMPAT 0 +#define X509_FLAG_NO_HEADER 1L +#define X509_FLAG_NO_VERSION (1L << 1) +#define X509_FLAG_NO_SERIAL (1L << 2) +#define X509_FLAG_NO_SIGNAME (1L << 3) +#define X509_FLAG_NO_ISSUER (1L << 4) +#define X509_FLAG_NO_VALIDITY (1L << 5) +#define X509_FLAG_NO_SUBJECT (1L << 6) +#define X509_FLAG_NO_PUBKEY (1L << 7) +#define X509_FLAG_NO_EXTENSIONS (1L << 8) +#define X509_FLAG_NO_SIGDUMP (1L << 9) +#define X509_FLAG_NO_AUX (1L << 10) + /* Flags specific to X509_NAME_print_ex() */ /* The field separator information */ @@ -1034,6 +1049,7 @@ unsigned long X509_NAME_hash(X509_NAME *x); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); #ifndef NO_FP_API +int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print_fp(FILE *bp,X509 *x); int X509_CRL_print_fp(FILE *bp,X509_CRL *x); int X509_REQ_print_fp(FILE *bp,X509_REQ *req); @@ -1043,6 +1059,7 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long fla #ifndef NO_BIO int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); +int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print(BIO *bp,X509 *x); int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); int X509_CRL_print(BIO *bp,X509_CRL *x); -- cgit v1.2.3 From 8ca533e37824a308e5b897486fc92c199bdf79a9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 6 Oct 2000 11:51:47 +0000 Subject: More code for X509_print_ex() support. --- CHANGES | 6 ++++-- apps/apps.c | 57 +++++++++++++++++++++++++++++++++++++++++++------- apps/apps.h | 1 + apps/x509.c | 10 +++++++-- crypto/asn1/t_x509.c | 14 +++++++++---- crypto/x509v3/v3_prn.c | 36 ++++++++++++++++++++++++++++--- crypto/x509v3/x509v3.h | 14 ++++++++++++- 7 files changed, 118 insertions(+), 20 deletions(-) diff --git a/CHANGES b/CHANGES index aeea390f77..929431cb02 100644 --- a/CHANGES +++ b/CHANGES @@ -5,8 +5,10 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] *) Fix for bug in DirectoryString mask setting. Add support for - X509_NAME_print_ex() in 'req' and initial X509_print_ex() function - to allow certificate printing to more controllable. + X509_NAME_print_ex() in 'req' and X509_print_ex() function + to allow certificate printing to more controllable, additional + 'certopt' option to 'x509' to allow new printing options to be + set. [Steve Henson] *) Clean old EAY MD5 hack from e_os.h. diff --git a/apps/apps.c b/apps/apps.c index c22550b294..03bd9e2d3f 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -74,6 +74,14 @@ # include "bss_file.c" #endif +typedef struct { + char *name; + unsigned long flag; + unsigned long mask; +} NAME_EX_TBL; + +static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); + int app_init(long mesgwin); #ifdef undef /* never finished - probably never will be :-) */ int args_from_file(char *file, int *argc, char **argv[]) @@ -694,16 +702,43 @@ end: return(othercerts); } -typedef struct { - char *name; - unsigned long flag; - unsigned long mask; -} NAME_EX_TBL; + +#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +#define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +int set_cert_ex(unsigned long *flags, const char *arg) +{ + static const NAME_EX_TBL cert_tbl[] = { + { "compatible", X509_FLAG_COMPAT, 0xffffffffl}, + { "no_header", X509_FLAG_NO_HEADER, 0},