- Aug 11, 2000
-
-
Richard Levitte authored
building a complete chain. Now added through the -CAfile and -CApath arguments.
-
- Aug 06, 2000
-
-
Dr. Stephen Henson authored
Add warning print out if duplicate names found: should end up as a fatal error but a warning for now until they problems are fixed...
-
- Aug 04, 2000
-
-
Dr. Stephen Henson authored
Fix warnings with BIO_dump_indent().
-
- Jul 29, 2000
-
-
Bodo Möller authored
-
Bodo Möller authored
test was never triggered due to an off-by-one error. In s23_clnt.c, don't use special rollback-attack detection padding (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the client; similarly, in s23_srvr.c, don't do the rollback check if SSL 2.0 is the only protocol enabled in the server.
-
- Jul 28, 2000
-
-
Dr. Stephen Henson authored
New ASN1_STRING_print_ex() and X509_NAME_print_ex() functions. These are intended to be replacements for the ancient ASN1_STRING_print() and X509_NAME_print() functions. The new functions support RFC2253 and various pretty printing options. It is also possible to display international characters if the terminal properly handles UTF8 encoding (Linux seems to tolerate this if the "unicode_start" script is run). Still needs to be documented, integrated into other utilities and extensively tested.
-
- Jul 27, 2000
-
-
Richard Levitte authored
'openssl asn1parse'. As a side effect, the functions ASN1_parse_dump and BIO_dump_indent are added.
-
- Jul 26, 2000
-
-
Dr. Stephen Henson authored
ASN1_TIME fixes. New function c2i_ASN1_OBJECT().
-
- Jul 21, 2000
-
-
Bodo Möller authored
-
Richard Levitte authored
there's support for building under Linux and True64 (using examples from the programming manuals), including versioning that is currently the same as OpenSSL versions but should really be a different series. With this change, it's up to the users to decide if they want shared libraries as well as the static ones. This decision now has to be done at configuration time (well, not really, those who know what they do can still do it the same way as before). The OpenSSL programs (openssl and the test programs) are currently always linked statically, but this may change in the future in a configurable manner. The necessary makefile variables to enable this are in place. Also note that I have done absolutely nothing about the Windows target to get something similar. On the other hand, DLLs are already the default there, but without versioning, and I've no idea what the possibilities for such a thing are there...
-
- Jul 19, 2000
-
-
Ulf Möller authored
-
- Jul 12, 2000
-
-
Dr. Stephen Henson authored
Make req seed the PRNG if signing with an already existing DSA key. Document the new smime options.
-
- Jul 10, 2000
-
-
Dr. Stephen Henson authored
call the i2c/c2i (they were not using the content length for the headers). Fix ASN1 long form tag encoding. This never worked but it was never tested since it is only used for tags > 30. New options to smime program to allow the PKCS#7 format to be specified and the content supplied externally.
-
- Jul 07, 2000
-
-
Dr. Stephen Henson authored
New ASN1 functions that just deal with content octets, not tag+length.
-
- Jul 05, 2000
-
-
Richard Levitte authored
-
- Jun 28, 2000
-
-
Richard Levitte authored
The message to everyone is "Do not hack OpenSSL when stressed"...
-
Richard Levitte authored
-
- Jun 23, 2000
-
-
Bodo Möller authored
(Still needs to be tested against the original using sample passwords of different length.)
-
- Jun 22, 2000
-
-
Richard Levitte authored
-
Richard Levitte authored
-
Dr. Stephen Henson authored
into lexical order. Previously it depended on the order of files in the directory. This should now mean that all systems will agree on the order of safestack.h and will not change it needlessly and avoid massive needless commits to safestack.h in future. It wont however avoid this one :-(
-
- Jun 21, 2000
-
-
Dr. Stephen Henson authored
Fixes for Win32 build. This is mostly a work around for the old VC++ problem that it treats func() as func(void). Various prototypes had been added to 'compare' function pointers that triggered this. This could be fixed by removing the prototype, adding function pointer casts to every call or changing the passed function to use the expected arguments. I mostly did the latter. The mkdef.pl script was modified to remove the typesafe functions which no longer exist. Oh and some functions called OPENSSL_freeLibrary() were changed back to FreeLibrary(), wonder how that happened :-)
-
- Jun 20, 2000
-
-
Dr. Stephen Henson authored
Handle ASN1_SET_OF and PKCS12_STACK_OF using function casts in the same way as STACK_OF.
-
- Jun 16, 2000
-
-
Dr. Stephen Henson authored
After some messing around this seems to work but needs a few more tests. Working out the syntax for sk_set_cmp_func() (cast it to a function that itself returns a function pointer) was painful :-( Needs some testing to see what other compilers think of this syntax. Also needs similar stuff for ASN1_SET_OF etc etc.
-
- Jun 15, 2000
-
-
Dr. Stephen Henson authored
-
- Jun 11, 2000
-
-
Dr. Stephen Henson authored
Documentation correction.
-
Dr. Stephen Henson authored
to support multiple calls. New function to retrieve email address from certificates and requests.
-
- Jun 10, 2000
-
-
Bodo Möller authored
as expected -- maybe it's the different processor, maybe my previous timings were too inaccurate.
-
Bodo Möller authored
Don't give performance gain estimates that appear to be more precise than they really are, especially when they are wrong (2/(1/1.15 + 1) = ca. 1.0698).
-
- Jun 08, 2000
-
-
Bodo Möller authored
marginally faster BN_mod_exp for 1024 bit exponents.
-
Bodo Möller authored
-
Bodo Möller authored
because we're only handling words anyway) in BN_mod_exp_mont_word making it a little faster for very small exponents, and adjust the performance gain estimate in CHANGES according to slightly more thorough measurements. (15% faster than BN_mod_exp_mont for "large" base, 20% faster than BN_mod_exp_mont for small base.)
-
- Jun 07, 2000
-
-
Bodo Möller authored
-
- Jun 03, 2000
-
-
Ulf Möller authored
Submitted by: John Jarvie <jjarvie@newsguy.com>
-
- Jun 01, 2000
-
-
Geoff Thorpe authored
structures and functions for each stack type. The previous behaviour can be enabled by configuring with the "-DDEBUG_SAFESTACK" option. This will also cause "make update" (mkdef.pl in particular) to update the libeay.num and ssleay.num symbol tables with the number of extra functions DEBUG_SAFESTACK creates. The way this change works is to accompany each DECLARE_STACK_OF() macro with a set of "#define"d versions of the sk_##type##_*** functions that ensures all the existing "type-safe" stack calls are precompiled into the underlying stack calls. The presence or abscence of the DEBUG_SAFESTACK symbol controls whether this block of "#define"s or the DECLARE_STACK_OF() macro is taking effect. The block of "#define"s is in turn generated and maintained by a perl script (util/mkstack.pl) that encompasses the block with delimiting C comments. This works in a similar way to the auto-generated error codes and, like the other such maintenance utilities, is invoked by the "make update" target. A long (but mundane) commit will follow this with the results of "make update" - this will include all the "#define" blocks for each DECLARE_STACK_OF() statement, along with stripped down libeay.num and ssleay.num files.
-
Geoff Thorpe authored
yet tighter, and also put some heat on the rest of the library by insisting (correctly) that compare callbacks used in stacks are prototyped with "const" parameters. This has led to a depth-first explosion of compiler warnings in the code where 1 constification has led to 3 or 4 more. Fortunately these have all been resolved to completion and the code seems cleaner as a result - in particular many of the _cmp() functions should have been prototyped with "const"s, and now are. There was one little problem however; X509_cmp() should by rights compare "const X509 *" pointers, and it is now declared as such. However, it's internal workings can involve recalculating hash values and extensions if they have not already been setup. Someone with a more intricate understanding of the flow control of X509 might be able to tighten this up, but for now - this seemed the obvious place to stop the "depth-first" constification of the code by using an evil cast (they have migrated all the way here from safestack.h). Fortunately, this is the only place in the code where this was required to complete these type-safety changes, and it's reasonably clear and commented, and seemed the least unacceptable of the options. Trying to take the constification further ends up exploding out considerably, and indeed leads directly into generalised ASN functions which are not likely to cooperate well with this.
-
- May 30, 2000
-
-
Bodo Möller authored
-
Dr. Stephen Henson authored
More EVP cipher revision. Change EVP_SealInit() and EVP_OpenInit() to handle cipher parameters. Make it possible to set RC2 and RC5 params. Make RC2 ASN1 code use the effective key bits and not the key length. TODO: document how new API works.
-
Dr. Stephen Henson authored
Declare ciphers in terms of macros. This reduces the amount of code and places each block cipher EVP definition in a single file instead of being spread over 4 files.
-
- May 28, 2000
-
-
Dr. Stephen Henson authored
Remove duplicated code in EVP.
-