Commit Graph

637 Commits

Author SHA1 Message Date
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Richard Levitte
dd5e774664 Add support for md4WithRSAEncryption. 2001-10-10 21:37:45 +00:00
Richard Levitte
712557128b 'make update' 2001-10-10 08:27:52 +00:00
Richard Levitte
b30245dae0 'make update' 2001-10-10 07:56:20 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our
types.h to ossl_typ.h.
2001-10-04 07:32:46 +00:00
Richard Levitte
3d90a32429 sch isn't an array, how did this pass through gcc? 2001-10-02 11:49:55 +00:00
Geoff Thorpe
4ba163cbf9 Make "openssl engine -c" list any supported digests as well as supported
ciphers.
2001-10-01 15:41:31 +00:00
Richard Levitte
a4a8f7b3ef Change HZ in speed to rely on sysconf() if the clock tick is available
that way.  Synchronise s_time with these changes.
2001-09-28 10:34:48 +00:00
Geoff Thorpe
34c66925aa ENGINE_register_all_complete() will register all implementations of all
algorithms present in all loaded ENGINEs. The result is that if any of
those ENGINEs successfully initialises, and the ENGINE_TABLE_FLAG_NOINIT
flag isn't set, then they will always be used (and cached as defaults) in
preference to software implementations. Ie. accidental auto-detection of
acceleration hardware :-)

This change stops all implementations being automatically registered in
"openssl" sub-commands, so that the "setup_engine()" handler in apps.c
controls which ENGINEs are registered for use. A special case has been
added that will revert to this "auto-detect" logic, ie. if the "-engine"
switch is used as;
   -engine auto
2001-09-28 02:25:14 +00:00
Richard Levitte
7876e4488f Stop thinking arguments starting with - are algorithm identifiers.
Show timing parameters and timing functions used.
It looks like some Linuxen have very weird settings for CLK_TCK.  I'm
very unsure about this change and will investigate further.
2001-09-27 15:43:55 +00:00
Geoff Thorpe
0b4b9a11f5 Put the cipher info back into the "openssl engine" command. 2001-09-25 21:45:03 +00:00
Geoff Thorpe
6dc5d570d0 Make necessary tweaks to apps/ files due to recent ENGINE surgery. See
crypto/engine/README for details.
2001-09-25 20:35:01 +00:00
Geoff Thorpe
10b2328fea "make update" 2001-09-24 17:42:35 +00:00
Bodo Möller
c404ff7955 make update 2001-09-20 22:52:19 +00:00
Geoff Thorpe
8ce2912fbc Updated dependencies from "make update" 2001-09-12 02:43:22 +00:00
Geoff Thorpe
1372965e2e Reduce the header dependencies on engine.h in apps/. 2001-09-12 02:39:06 +00:00
Geoff Thorpe
51ac0cfe44 make update 2001-09-10 21:18:11 +00:00
Geoff Thorpe
16e819e1d8 Put all "common" initialisation in the apps_startup() and apps_shutdown()
macros in apps.h.
2001-09-10 21:04:14 +00:00
Bodo Möller
c2222c2ea2 restore previous revision -- memory leak should be fixed in mem.c 2001-09-10 18:47:33 +00:00
Bodo Möller
336da5642d fix memory leak 2001-09-10 18:13:16 +00:00
Bodo Möller
a52c2fb296 exclude disabled message digests 2001-09-10 17:18:56 +00:00
Bodo Möller
41450b27f2 add AES ciphers 2001-09-10 17:12:31 +00:00
Bodo Möller
e72d5983f2 Update so that progs.h can indeed be automatically generated
(Working file: progs.h
     revision 1.24

     date: 2001/02/19 16:06:03;  author: levitte;  state: Exp;  lines: +59 -59
     Make all configuration macros available for application by making
     sure they are available in opensslconf.h, by giving them names starting
     with "OPENSSL_" to avoid conflicts with other packages and by making
     sure e_os2.h will cover all platform-specific cases together with
     opensslconf.h.

     [...])
2001-09-10 17:00:28 +00:00
Bodo Möller
384eff877c Fix apps/openssl.c and ssl/ssltest.c so that they use
CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(),
which is the default implementation of the former and should usually
not be directly used by applications (at least if we assume that the
options accepted by the default implementation will also be meaningful
to any other implementations).

Also fix apps/openssl.c and ssl/ssltest such that environment variable
setting 'OPENSSL_DEBUG_MEMORY=off' actively disables the compiled-in
library defaults (i.e. such that CRYPTO_MDEBUG is ignored in this
case).
2001-09-10 09:50:30 +00:00
Ben Laurie
7d34470458 Look up MD5 by name. 2001-09-07 11:45:42 +00:00
Ulf Möller
9d07fd03e3 Use GCC 2.95/3.0 optimization 2001-09-05 02:18:40 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Ulf Möller
de73cca923 make update 2001-09-01 04:25:50 +00:00
Lutz Jänicke
faacb092f8 -passin argument not used when actually loading the key
(found by Massimiliano Pala <madwolf@hackmasters.net>).
2001-08-24 13:33:15 +00:00
Dr. Stephen Henson
b439a74620 Load OCSP responder key before waiting for an incoming
connection so it can prompt for pass phrase on startup
instead of after the first connection.

Add -port switch to usage message.
2001-08-23 23:54:11 +00:00
Ben Laurie
354c3ace73 Add first cut symmetric crypto support. 2001-08-18 10:22:54 +00:00
Dr. Stephen Henson
b65f851318 Make -passin -passout etc work again.
Fix leak in ca.c when using -passin.
2001-08-17 01:09:54 +00:00
Dr. Stephen Henson
35bf35411c Add CRL utility functions to allow CRLs to be
built up without accessing structures directly.

Update ca.c to use new functions.

Fix ca.c so it now build CRLs correctly again.
2001-08-17 00:33:43 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Lutz Jänicke
e9eb000c53 Oops, one SSL_OP_NON_EXPORT_FIRST was left. 2001-08-03 13:05:44 +00:00
Richard Levitte
99ecb90a99 make update 2001-07-31 06:40:10 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
534a1ed0cb Allow OCSP server to handle multiple requests.
Document new OCSP options.
2001-07-13 13:13:44 +00:00
Dr. Stephen Henson
ee306a1332 Initial OCSP server support, using index.txt format.
This can process internal requests or behave like a
mini responder.

Todo: documentation, update usage info.
2001-07-12 20:41:51 +00:00
Geoff Thorpe
af436bc158 openssl speed is quite useful for testing hardware support (among other
things), especially as the RSA keys are fixed. However, DSA only fixes the
DSA parameters and then generates the public and private components on the
fly each time - this commit hard-codes some sampled key values so that this
is no longer the case.
2001-07-11 18:59:25 +00:00
Richard Levitte
567671e291 make update 2001-07-10 21:00:37 +00:00
Richard Levitte
2a1ef75435 Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in
SSL according to RFC 2712.  His comment is:

This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication.  I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week.  The full kit includes patches
for mod-ssl, apache, and a few text clients.  The sourceforge URL
is http://sourceforge.net/projects/kssl/ .

Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct.  I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field.  I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
2001-07-09 21:46:58 +00:00
Ben Laurie
f82197ad75 Don't update argc, argv for decrypt flag! 2001-07-08 12:58:10 +00:00
Ben Laurie
3f37e73bae Speed test decrypt EVP operations. 2001-07-08 12:14:41 +00:00
Lutz Jänicke
43f9391bcc When only the key is given to "enc", the IV is undefined
(found by Andy Brown <logic@warthog.com>).
2001-07-03 10:31:11 +00:00
Ben Laurie
a169e82065 Fix warning. 2001-07-02 12:50:30 +00:00
Dr. Stephen Henson
b7a26e6daf Modify apps to use NCONF code instead of old CONF code.
Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...
2001-06-28 11:41:50 +00:00
Richard Levitte
ce16450a89 Make better use of load_cert, load_certs and load_key. 2001-06-27 09:12:43 +00:00
Richard Levitte
7953b8ff1b Make better use of load_cert, load_certs and load_key. 2001-06-25 14:23:36 +00:00