wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10297 commits 20 branches 302 tags 153 MiB
Commit graph

181 commits

Author SHA1 Message Date
Matt Caswell
3d7a9aca8c Re-align some comments after running the reformat script. 
This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 1.0.0 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:46:52 +00:00
Matt Caswell
a8b966f48f Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:46:18 +00:00
Matt Caswell
5011589a0b Move more comments that confuse indent 
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Conflicts:
	crypto/bn/rsaz_exp.c
	crypto/evp/e_aes_cbc_hmac_sha1.c
	crypto/evp/e_aes_cbc_hmac_sha256.c
	ssl/ssl_locl.h

Conflicts:
	crypto/ec/ec2_oct.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistputil.c
	crypto/ec/ecp_oct.c
	crypto/modes/gcm128.c
	ssl/ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:45:45 +00:00
Matt Caswell
89f6c5b492 Further comment amendments to preserve formatting prior to source reformat 
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)

Conflicts:
	crypto/x509v3/pcy_tree.c

Conflicts:
	apps/apps.c
	ssl/ssltest.c

Conflicts:
	apps/apps.c
	crypto/ec/ec2_oct.c
	crypto/ec/ecp_nistp224.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	ssl/s3_cbc.c
	ssl/ssl_sess.c
	ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:41:33 +00:00
Tim Hudson
f326f6544d mark all block comments that need format preserving so that 
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c84351)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Conflicts:
	crypto/rc4/rc4_enc.c
	crypto/x509v3/v3_scts.c
	crypto/x509v3/v3nametest.c
	ssl/d1_both.c
	ssl/s3_srvr.c
	ssl/ssl.h
	ssl/ssl_locl.h
	ssl/ssltest.c
	ssl/t1_lib.c

Conflicts:
	crypto/asn1/a_sign.c
	crypto/bn/bn_div.c
	crypto/dsa/dsa_asn1.c
	crypto/ec/ecp_nistp224.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistputil.c
	crypto/modes/gcm128.c
	crypto/opensslv.h
	ssl/d1_both.c
	ssl/heartbeat_test.c
	ssl/s3_clnt.c
	ssl/s3_srvr.c
	ssl/ssl_sess.c
	ssl/t1_lib.c
	test/testutil.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:41:18 +00:00
Dr. Stephen Henson
2e7124497d Show errors on CSR verification failure. 
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.

PR#2875
(cherry picked from commit a30bdb55d1)
 2014-06-29 13:35:01 +01:00
Dr. Stephen Henson
14247e4f59 Memory leak and NULL dereference fixes. 
PR#3403
(cherry picked from commit d2aea03829)
 2014-06-27 14:53:21 +01:00
Andy Polyakov
27b1f137ff Sanitize usage of <ctype.h> functions. It's important that characters 
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
 2012-01-12 16:37:20 +00:00
Dr. Stephen Henson
3d5d81bf39 Replace the broken SPKAC certification with the correct version. 2009-12-02 14:41:24 +00:00
Dr. Stephen Henson
2280f82fc6 Fix warnings about ignoring fgets return value 2009-10-04 16:43:21 +00:00
Dr. Stephen Henson
e5eb96c83a PR: 2013 
Submitted by: steve@openssl.org

Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.

Add error checking to CRL generation in ca utility when nextUpdate is being
set.
 2009-09-02 13:55:22 +00:00
Dr. Stephen Henson
4386445c18 Change STRING to OPENSSL_STRING etc as common words such 
as "STRING" cause conflicts with other headers/libraries.
 2009-07-27 21:08:53 +00:00
Dr. Stephen Henson
33ab2e31f3 PR: 1854 
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.
 2009-03-09 13:59:07 +00:00
Andy Polyakov
2140659b00 Incidentally http://cvs.openssl.org/chngview?cn=17710 also made it possible 
to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit
expands it even to apps catalog and actually omits the macro in question
from Configure.
 2008-12-22 14:05:42 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj() 
and should avoid any OS date limitations such as the year 2038 bug.
 2008-10-07 22:55:27 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
c451bd828f Avoid case in ca.c fix. 2008-06-02 12:10:06 +00:00
Dr. Stephen Henson
8ecfbedd85 Revert, doesn't fix warning :-( 2008-06-02 10:42:57 +00:00
Dr. Stephen Henson
c173fce4e2 Avoid cast with wrapper function. 2008-06-02 10:37:53 +00:00
Dr. Stephen Henson
c6ddacf7f8 Stop const mismatch warning. 2008-05-31 19:28:57 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Dr. Stephen Henson
7c337e00d2 Fix some warnings. 2008-03-16 20:59:10 +00:00
Ben Laurie
309fa55bbb Return an error if the serial number is badly formed. (Coverity ID 116). 2007-04-04 14:35:56 +00:00
Ben Laurie
96ea4ae91c Add RFC 3779 support. 2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
f6e7d01450 Support for multiple CRLs with same issuer name in X509_STORE. Modify 
verify logic to try to use an unexpired CRL if possible.
 2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
03919683f9 Add support for default public key digest type ctrl. 2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
ee1d9ec019 Remove link between digests and signature algorithms. 
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
 2006-04-19 17:05:59 +00:00
Andy Polyakov
ffa101872f Eliminate dependency on read/write/stat in apps under _WIN32. 2005-11-04 09:30:55 +00:00
Nils Larsch
cc29c1204b successfully updating the db shouldn't result in an error message 2005-09-30 16:47:38 +00:00
Dr. Stephen Henson
cbdac46d58 Update from stable branch. 2005-07-04 23:12:04 +00:00
Nils Larsch
ff990440ee const fixes 2005-04-15 18:29:33 +00:00
Nils Larsch
7d727231b7 some const fixes 2005-04-05 19:11:19 +00:00
Dr. Stephen Henson
10c8505734 Use the default_md config file value when signing CRLs. 
PR:662
 2004-11-11 13:47:06 +00:00
Dr. Stephen Henson
b5a93e2250 Call setup_engine after autoconfig. 2004-08-06 12:44:34 +00:00
Dr. Stephen Henson
64674bcc8c Reduce chances of issuer and serial number duplication by use of random 
initial serial numbers.

PR: 842
 2004-04-20 12:05:26 +00:00
Dr. Stephen Henson
ae44fc1ec4 Clear error if unique_subject lookup fails. 2004-04-15 00:32:19 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy(). 
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 14:40:17 +00:00
Richard Levitte
03ddbdd9b9 Move another common functionality (reproduced so far with cut'n'paste) 
to apps.c, and give it the hopefully descriptive name parse_yesno().
 2003-11-28 14:45:09 +00:00
Richard Levitte
6d5ffb591b Move do_subject() to apps.c and rename it to parse_name(). The 
rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.
 2003-11-28 14:07:14 +00:00
Richard Levitte
7ce9e425bc Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option 
to 'openssl req' and 'openssl ca'.

PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte

(there will be some follow-up changes)
 2003-11-28 14:04:09 +00:00
Richard Levitte
4d8743f490 Netware-specific changes, 
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
 2003-11-28 13:10:58 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. 
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
 2003-10-29 20:24:15 +00:00
Richard Levitte
e6fa67fa93 Generalise the definition of strcasecmp() and strncasecmp() for 
platforms that don't (necessarely) have it.  In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).
 2003-09-09 14:48:36 +00:00
Richard Levitte
fd4ef69913 Implement CRL numbers. 
Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com>
PR: 644
 2003-06-19 17:40:16 +00:00
Richard Levitte
4c771796d5 Convert save_serial() to work like save_index(), and add a 
rotate_serial() that works like rotate_index().
 2003-04-04 15:10:35 +00:00
Richard Levitte
d6df2b281f Add documentation on the added functionality in 'openssl ca'. 2003-04-04 14:39:44 +00:00
Richard Levitte
3ae70939ba Correct a lot of printing calls. Remove extra arguments... 2003-04-03 23:39:48 +00:00
Richard Levitte
16b1b03543 Implement self-signing in 'openssl ca'. This makes it easier to have 
the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.
 2003-04-03 22:33:59 +00:00
Richard Levitte
c4448f60d6 Reset the version number of the issuer certificate? I believe this 
hasn't been tested in a long while...
 2003-04-03 18:50:15 +00:00
Richard Levitte
63b6fe2bf6 Conditionalise all debug strings. 2003-04-03 18:07:39 +00:00