Commit graph

86 commits

Author SHA1 Message Date
Dr. Stephen Henson
1139eeecbc Merge from 0.9.8 stable branch. 2007-04-24 11:30:51 +00:00
Dr. Stephen Henson
aeb9ccfaad And so it begins... 2007-03-22 00:39:24 +00:00
Nils Larsch
3a4cf918bf fix return value of get_cert_chain()
PR: 1441
2006-12-27 09:39:51 +00:00
Dr. Stephen Henson
1a5e414863 Fix but in apps/pkcs12.c
PR: 1377
2006-09-22 00:28:37 +00:00
Bodo Möller
e18eef3d7a Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:42:21 +00:00
Dr. Stephen Henson
83231cb376 Fix from HEAD. 2006-05-17 18:25:59 +00:00
Nils Larsch
5467ddf0e1 include opensslconf.h if OPENSSL_NO_* is used 2005-05-31 17:31:50 +00:00
Dr. Stephen Henson
b6995add5c Make -CSP option work again in pkcs12 utility by checking for
attribute in EVP_PKEY structure.
2005-05-15 00:54:45 +00:00
Nils Larsch
7d727231b7 some const fixes 2005-04-05 19:11:19 +00:00
Dr. Stephen Henson
3fee255102 Typo. 2004-11-23 21:40:10 +00:00
Dr. Stephen Henson
16df5f066a Fix memory leak. 2004-11-23 21:22:21 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Richard Levitte
3ae70939ba Correct a lot of printing calls. Remove extra arguments... 2003-04-03 23:39:48 +00:00
Dr. Stephen Henson
33075f229e Typo. 2003-02-10 17:52:10 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:39:26 +00:00
Richard Levitte
1c3e4a3660 EXIT() may mean return(). That's confusing, so let's have it really mean
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
2002-12-03 16:33:03 +00:00
Richard Levitte
c112323dd5 This didn't get to the 0.9.8-dev thread... 2002-11-13 18:09:27 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Dr. Stephen Henson
9a48b07ee4 Various enhancements to PKCS#12 code, new
medium level API, improved PKCS12_create
and additional functionality in pkcs12
utility.
2002-10-03 23:53:52 +00:00
Dr. Stephen Henson
9a2601033d Fix crahses and leaks in pkcs12 utility -chain option 2002-08-22 21:54:51 +00:00
Richard Levitte
da9b972466 Make it possible to load keys from stdin, and restore that
functionality in the programs that had that before.
Part fo PR 164
2002-08-01 16:28:40 +00:00
Richard Levitte
6991bf196c Potential memory leak removed. Notified by <threaded@totalise.co.uk> 2002-04-25 10:11:21 +00:00
Dr. Stephen Henson
31188ee1a8 Fix new -aes command argument handling 2002-02-26 13:46:55 +00:00
Dr. Stephen Henson
3647bee263 Config code updates.
CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 14:01:21 +00:00
Richard Levitte
b3dfaaa143 Add AES support in the applications that support -des and -des3. 2002-02-20 18:03:07 +00:00
Richard Levitte
206eb6a11d Change pkcs12 so the certificates coming from -in do not get tossed if
-certfile is given as well.
2001-12-12 16:49:02 +00:00
Geoff Thorpe
1372965e2e Reduce the header dependencies on engine.h in apps/. 2001-09-12 02:39:06 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Richard Levitte
5abc8ae6f9 Make better use of load_cert, load_certs and load_key. 2001-06-25 14:00:47 +00:00
Richard Levitte
531d630b5c Provide an application-common setup function for engines and use it
everywhere.
2001-06-18 06:22:33 +00:00
Dr. Stephen Henson
f2a253e0dd Add support for MS CSP Name PKCS#12 attribute. 2001-06-11 00:43:20 +00:00
Dr. Stephen Henson
1358835050 Change the EVP_somecipher() and EVP_somedigest()
functions to return constant EVP_MD and EVP_CIPHER
pointers.

Update docs.
2001-03-09 02:51:02 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
ecbe07817a Rewrite PKCS#12 code and remove some of the old
horrible macros.

Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
2000-12-31 01:13:04 +00:00
Richard Levitte
5270e7025e Merge the engine branch into the main trunk. All conflicts resolved.
At the same time, add VMS support for Rijndael.
2000-10-26 21:07:28 +00:00
Richard Levitte
645749ef98 On VMS, stdout may very well lead to a file that is written to in a
record-oriented fashion.  That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it.  This can be very confusing.

The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record.  Voila, BIO_f_linebuffer() is born.

Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this.  After
the release, this BIO method will be enabled on all other platforms as
well.
2000-09-20 13:55:50 +00:00
Dr. Stephen Henson
688fbf5475 Fix a typo in apps/pkcs12.c which was using the wrong part of
ASN1_TYPE (though they are both ASN1_STRING so it didn't cause
any problems).

Make 'siglen' an int in apps/dgst.c so we can check the return
value of BIO_read() etc.
2000-09-19 17:51:11 +00:00
Richard Levitte
62324627aa Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
2000-09-17 18:21:27 +00:00
Dr. Stephen Henson
eaa2818189 Various fixes...
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
2000-08-21 22:02:23 +00:00
Richard Levitte
5ce42a7e68 Memory leaks fix. It now looks like all memory leaks, at least around
building complete chains, are gone.
2000-08-11 22:50:08 +00:00
Richard Levitte
9ee1c838cb Memory leaks fix. There seems to be more in other parts of OpenSSL... 2000-08-11 21:41:08 +00:00
Richard Levitte
88364bc2bc The pkcs12 had no way of getting a CA file or path to be used when
building a complete chain.  Now added through the -CAfile and -CApath
arguments.
2000-08-11 19:43:20 +00:00
Richard Levitte
f365611ca3 Undo the changes I just made. I'm not sure what I was thinking of.
The message to everyone is "Do not hack OpenSSL when stressed"...
2000-06-28 16:47:45 +00:00
Richard Levitte
20d242b0de Make it possible for users of the openssl applications to specify the
EGD should be used as seeding input, and where the named socket is.
2000-06-28 16:10:56 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Ben Laurie
5de603abc8 Typesafety Thought Police part 3. 2000-05-16 21:22:45 +00:00
Ben Laurie
f2716dada0 Typesafety Thought Police Part 2. 2000-05-16 19:53:50 +00:00
Ulf Möller
0e1c06128a Get rid of more non-ANSI declarations. 2000-05-15 22:54:43 +00:00