wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3769 commits 20 branches 302 tags 153 MiB
Commit graph

1876 commits

Author SHA1 Message Date
Bodo Möller
8562801137 error codes are longs, not ints 2001-03-15 11:30:55 +00:00
Bodo Möller
5d8094143e More error_data memory leaks 2001-03-15 11:30:10 +00:00
Dr. Stephen Henson
0a3ea5d34a Document the -certopt option to the x509 utility. 
Add no_issuer option.

Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.
 2001-03-15 01:15:54 +00:00
Bodo Möller
a5e4c0bb9e The former ULTRASPARC preprocessor symbol is now called 
OPENSSL_SYSNAME_ULTRASPARC, so we'd better check for that one
 2001-03-14 14:02:10 +00:00
Richard Levitte
37a92e9ce4 make update. 2001-03-13 21:47:23 +00:00
Bodo Möller
d3ee37c5d9 Use err_clear_data macro 2001-03-13 07:02:59 +00:00
Bodo Möller
f51cf14b85 fix memory leak in err.c 2001-03-12 18:07:20 +00:00
Bodo Möller
194dd04699 Rename function EC_GROUP_precompute to EC_GROUP_precompute_mult, 
which indicate its purpose more clearly.
 2001-03-12 07:26:23 +00:00
Bodo Möller
14f7ee4916 Add various X9.62 OIDs. (GF(2^n) mostly left out.) 2001-03-11 21:54:51 +00:00
Bodo Möller
5b054c6955 EC_METHOD based on bn_mont2 (not used in the library) 2001-03-11 17:43:07 +00:00
Bodo Möller
10654d3a74 Forcibly enable memory leak checking during "make test" 2001-03-11 14:49:46 +00:00
Bodo Möller
6017e604f8 Timings are not supposed to be enabled by default ... 2001-03-11 12:30:52 +00:00
Bodo Möller
3837491174 Add functions EC_POINT_mul and EC_GROUP_precompute. 
The latter does nothing for now, but its existence means
that applications can request precomputation when appropriate.
 2001-03-11 12:27:24 +00:00
Bodo Möller
86a921af06 handle negative scalars correctly when doing point multiplication 2001-03-11 08:44:50 +00:00
Bodo Möller
616df35633 use fflush 2001-03-11 08:27:11 +00:00
Bodo Möller
e44fcedadf Change timing output: We don't have "exponents" here, curves are 
considered additive
 2001-03-10 23:49:06 +00:00
Bodo Möller
6f8f443170 comment and error code update 2001-03-10 23:37:52 +00:00
Bodo Möller
d18af3f37e Remove files from Lenka's EC implementation. 2001-03-10 23:26:41 +00:00
Bodo Möller
48fe4d6233 More EC stuff, including EC_POINTs_mul() for simultaneous scalar 
multiplication of an arbitrary number of points.
 2001-03-10 23:18:35 +00:00
Dr. Stephen Henson
24a93e6cdd In crypto/ec #if 0 out structures which reference (currently) 
non existent functions because this breaks shared libraries.
 2001-03-10 12:37:01 +00:00
Dr. Stephen Henson
40e15f9d78 Typo. 2001-03-10 01:57:38 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib 
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
 2001-03-09 14:01:42 +00:00
Dr. Stephen Henson
1358835050 Change the EVP_somecipher() and EVP_somedigest() 
functions to return constant EVP_MD and EVP_CIPHER
pointers.

Update docs.
 2001-03-09 02:51:02 +00:00
Richard Levitte
754d494bef Bug fixes. 2001-03-09 01:13:23 +00:00
Bodo Möller
42909e3968 Fix ec_GFp_simple_cmp. 
Use example group from Annex I of X9.62 in ectest.c.
 2001-03-08 22:52:49 +00:00
Bodo Möller
156e85578d Implement EC_GFp_mont_method. 2001-03-08 20:55:16 +00:00
Bodo Möller
b28ec12420 Fixes to make 'no-ec' work (it should not turn 'objects' into 'objts' for example) 2001-03-08 19:34:14 +00:00
Bodo Möller
bb62a8b0c5 More method functions for elliptic curves, 
and an ectest.c that actually tests something.
 2001-03-08 19:14:52 +00:00
Richard Levitte
0e99546424 Some EC function names are really long. Make aliases for VMS on VAX. 2001-03-08 17:20:31 +00:00
Bodo Möller
ff612904d2 Comment 2001-03-08 16:53:30 +00:00
Ulf Möller
429cf462d0 old MSVC versions don't have rdtsc 
use _emit instead

Pointed out by Jeremy Cooper <jeremy@baymoo.org>
 2001-03-08 16:46:23 +00:00
Bodo Möller
c62b26fdc6 Hide BN_CTX structure details. 
Incease the number of BIGNUMs in a BN_CTX.
 2001-03-08 15:56:15 +00:00
Richard Levitte
e0a9ba9c3c VMS catches up on the EC modifications. 2001-03-08 14:40:20 +00:00
Dr. Stephen Henson
2dc769a1c1 Make EVP_Digest*() routines return a value. 
TODO: update docs, and make soe other routines
which use EVP_Digest*() check return codes.
 2001-03-08 14:04:22 +00:00
Bodo Möller
4f98cbabde avoid compiler warning 2001-03-08 14:02:28 +00:00
Bodo Möller
98499135d7 Constify BN_value_one. 2001-03-08 13:58:09 +00:00
Bodo Möller
3285076c8e Integrate ec_err.[co]. 
"make depend"
 2001-03-08 12:30:12 +00:00
Bodo Möller
de10f6900d Sort openssl.ec, the configuration file for mkerr.pl. 
Change mkerr.pl so that it puts the ERR_load_..._strings()
prototype in header files that it writes.
 2001-03-08 12:14:25 +00:00
Bodo Möller
adfe54b7be Integrate ectest.c (which does not yet do anything). 2001-03-08 11:59:48 +00:00
Bodo Möller
b576337e8b Order ERR_load_... calls like the stuff in err.h. 2001-03-08 11:59:03 +00:00
Bodo Möller
4de633dd5f Get rid of '#define ERR_file_name __FILE__', which is unnecessary indirection. 
(It cannot possibly help to avoid duplicate 'name of file' strings
in object files because the preprocessor does not work at object file
level.)
 2001-03-08 11:45:44 +00:00
Bodo Möller
91f29a38a0 Let EC_POINT_copy do nothing if dest==src 2001-03-08 11:18:06 +00:00
Bodo Möller
1d5bd6cf71 More 'TODO' items. 2001-03-08 11:16:33 +00:00
Bodo Möller
226cc7ded4 More method functions for EC_GFp_simple_method. 2001-03-08 01:23:28 +00:00
Bodo Möller
e869d4bd32 More method functions. 2001-03-07 20:56:48 +00:00
Bodo Möller
60428dbf0a Some actual method functions (not enough yet to use the EC library, though), 
including EC arithmetics derived from Lenka Fibikova's code (with some
additional optimizations).
 2001-03-07 19:54:35 +00:00
Richard Levitte
70d70a3c81 Code for better build under Darwin (MacOS X). 
Submitted by Brad Dominy <jdominy@darwinuser.org>
 2001-03-07 10:04:00 +00:00
Bodo Möller
f1f25544e0 ..._init functions are method-specific too 
(they can't do much useful, but they will have to set pointers
to NULL)
 2001-03-07 09:53:41 +00:00
Bodo Möller
2e0db07627 Optimized EC_METHODs need specific 'set_curve' and 'free' functions. 2001-03-07 09:48:38 +00:00
Bodo Möller
58fc62296f The next bunch of vaporware. 2001-03-07 09:29:45 +00:00
Bodo Möller
df9cc1535e extra_data 'mixin'. 
(This will be used for Lim/Lee precomputation data.)
 2001-03-07 09:03:32 +00:00
Bodo Möller
c4b36ff474 Oops ... 2001-03-07 01:41:20 +00:00
Bodo Möller
f418f8c17c In clear_free, clear the complete structure just in case 
the method misses something.
 2001-03-07 01:37:54 +00:00
Bodo Möller
5277d7cb7c Fix ERR_R_... problems. 2001-03-07 01:19:07 +00:00
Bodo Möller
0657bf9c14 Implement dispatcher for EC_GROUP and EC_POINT method functions. 
Initial EC_GROUP_new_curve_GFp implementation.
 2001-03-07 01:17:05 +00:00
Bodo Möller
5b438e9b0f Add a few 'const's 2001-03-06 22:30:03 +00:00
Bodo Möller
1d00800e88 Change obj_... generation so that it does not generate rubbish or 
abort with errors if no name is defined for some object, which was the
case for 'pilotAttributeType 27'.

Also avoid this very situation by assigning the name
'pilotAttributeType27'.
 2001-03-06 08:58:38 +00:00
Bodo Möller
774530f412 'is_at_infinity' tests don't need a BN_CTX. 2001-03-06 08:55:33 +00:00
Bodo Möller
fb171e534e New function declarations. 2001-03-06 07:01:51 +00:00
Bodo Möller
7d7db13e67 Add BN_CTX arguments where appropriate. 
Rename 'EC_GROUP_set'-related functions to names similar to 'EC_GROUP_set_curve'
because they don't care about the generator.

Add new functions.
 2001-03-06 06:20:20 +00:00
Bodo Möller
24b8dc9a55 Add EC_GROUP_new_GFp prototype. 2001-03-05 22:29:57 +00:00
Bodo Möller
d8c79c7f72 Change comments. 2001-03-05 21:59:03 +00:00
Bodo Möller
3a12ce0137 Some declarations that outline what I intend to implement. 2001-03-05 21:54:39 +00:00
Richard Levitte
9bd35f6376 Update the VMS build scripts for EC 2001-03-05 21:17:08 +00:00
Bodo Möller
62763f682b Another file I had forgotten to add. 2001-03-05 20:32:41 +00:00
Bodo Möller
38e3c5815c Add yet another (still empty) source code file that I forgot. 2001-03-05 20:31:49 +00:00
Bodo Möller
f8fe20e0d9 Add more EC vaporware (empty source code files I missed in my 
previous commit).
 2001-03-05 20:14:00 +00:00
Bodo Möller
65e8167079 Move ec.h to ec2.h because it is not compatible with what we will use. 
Add EC vaporware: change relevant Makefiles and add some empty source
files.

"make update".
 2001-03-05 20:13:37 +00:00
Bodo Möller
bad4058574 New option '-subj arg' for 'openssl req' and 'openssl ca'. This 
sets the subject name for a new request or supersedes the
subject name in a given request.

Add options '-batch' and '-verbose' to 'openssl req'.

Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller
 2001-03-05 11:09:43 +00:00
Bodo Möller
786e0c2424 EC_set_half and the 'h' component of struct bn_ec_struct are unnecessary. 
The computations for which h was used can be done more efficiently
by using BN_rshift1.
 2001-03-03 15:31:34 +00:00
Richard Levitte
f3a3106807 Spelling corrected. 2001-03-02 10:57:54 +00:00
Richard Levitte
62dc5aad06 Introduce the possibility to access global variables through 
functions on platform were that's the best way to handle exporting
global variables in shared libraries.  To enable this functionality,
one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
"OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
is normally done by Configure or something similar).

To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
in the source file (foo.c) like this:

	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
	OPENSSL_IMPLEMENT_GLOBAL(double,bar);

To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:

	OPENSSL_DECLARE_GLOBAL(int,foo);
	#define foo OPENSSL_GLOBAL_REF(foo)
	OPENSSL_DECLARE_GLOBAL(double,bar);
	#define bar OPENSSL_GLOBAL_REF(bar)

The #defines are very important, and therefore so is including the
header file everywere where the defined globals are used.

The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
of ASN.1 items, but that structure is a bt different.

The largest change is in util/mkdef.pl which has been enhanced with
better and easier to understand logic to choose which symbols should
go into the Windows .def files as well as a number of fixes and code
cleanup (among others, algorithm keywords are now sorted
lexicographically to avoid constant rewrites).
 2001-03-02 10:38:19 +00:00
Dr. Stephen Henson
f23478c314 Fix bug in copy_email() which would not 
find emailAddress at start of subject name.
 2001-03-01 13:32:11 +00:00
Dr. Stephen Henson
3d2e469cfa Fix a bug which caused BN_div to produce the 
wrong result if rm==num and num < 0.
 2001-02-28 00:51:48 +00:00
Ulf Möller
bf401a2aef %f conversion bug fix 
Submitted by: Henrik Eriksson <henrik.eriksson@axis.com>
 2001-02-27 23:59:18 +00:00
Dr. Stephen Henson
d7bbd31efe Typo in comment. 2001-02-26 23:34:14 +00:00
Dr. Stephen Henson
fafc7f9875 Enhance OCSP_request_verify() so it finds the signers certificate 
properly and supports several flags.
 2001-02-26 14:17:58 +00:00
Richard Levitte
d88a26c489 make update 
Note that all *_it variables are suddenly non-existant according to
libeay.num.  This is a bug that will be corrected.  Please be patient.
 2001-02-26 10:54:08 +00:00
Richard Levitte
64b48877fa Add the CCITT pilot directory OIDs. 2001-02-26 10:27:41 +00:00
Dr. Stephen Henson
b31cc2d9f7 Trap an invalid ASN1_ITEM construction and print out 
the errant field for more ASN1 error conditions.
 2001-02-25 14:11:31 +00:00
Dr. Stephen Henson
f196522159 New function and options to check OCSP response validity. 2001-02-24 13:50:06 +00:00
Dr. Stephen Henson
4ff18c8c3e Print out OID of unknown signature or public key 
algorithms.
 2001-02-24 01:42:21 +00:00
Dr. Stephen Henson
db4a465974 Stop PKCS7_verify() core dumping with unknown public 
key algorithms and leaking if the signature verify
fails.
 2001-02-24 01:38:56 +00:00
Dr. Stephen Henson
d7c06e9ec7 Make OCSP cert id code tolerate a missing issuer certificate 
or serial number.
 2001-02-23 13:04:24 +00:00
Dr. Stephen Henson
d339187b1a Get rid of ASN1_ITEM_FUNCTIONS dummy function 
prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;
 2001-02-23 12:47:06 +00:00
Richard Levitte
61fca8b69b make depend. 2001-02-23 11:57:35 +00:00
Dr. Stephen Henson
bb5ea36b96 Initial support for ASN1_ITEM_FUNCTION option to 
change the way ASN1 modules are exported.

Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
 2001-02-23 03:16:09 +00:00
Richard Levitte
48bf4aae24 Define the right macro for Linux and other GNU-based systems to get a correct declaration of strdup() 2001-02-22 18:03:30 +00:00
Richard Levitte
6231576088 e_os.h defines Getenv() 2001-02-22 17:59:55 +00:00
Richard Levitte
4270144b39 CONF_METHOD is one of the few places where you find MS_FAR. I can't 
really see why we need to define these function pointers with MS_FAR
if it's not done cosistently everywhere.

If we decide to support MS_FAR modifiers, it's better to have the
named something more unique for OpenSSL and to define them in e_os2.h.
 2001-02-22 17:41:15 +00:00
Bodo Möller
a2cf08cc23 undo previous change: "e_os.h" is now the official name for the file 
to include (but the OpenSSL_0_9_6-stable branche still has
inconsistencies)
 2001-02-22 15:08:30 +00:00
Bodo Möller
d3a73875e2 include e_os.h as "openssl/e_os.h" (as elsewhere) 2001-02-22 14:58:38 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there 
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
 2001-02-22 14:45:02 +00:00
Richard Levitte
627774fd87 Since RAND_file_name() uses strlen, make sure the number that's 
compared to it has the type size_t.  Included the needed headers to
make that happen.
 2001-02-22 14:40:15 +00:00
Richard Levitte
a5bc1e8568 Use e_os2.h rather than opensslconf.h, since some needed macros are 
defined there.
 2001-02-22 14:37:50 +00:00
Richard Levitte
c38171ba1f Exported header files should not include e_os.h. 2001-02-22 14:27:22 +00:00
Richard Levitte
bb3ee8e75d Since opensslconf.h might be included over and over, undefine 
OPENSSL_UNISTD before redefining it, to avoid compiler warnings.
 2001-02-22 14:24:50 +00:00
Richard Levitte
32654e792b One indirection level too little compared to the 
pre-CRYPTO_MEM_LEAK_CB time.
 2001-02-22 14:23:44 +00:00
Richard Levitte
e3ef8d2e6b Since SSL_add_dir_cert_subjects_to_stack isn't impemented on VMS, 
there's no point creating an alias for it.
 2001-02-22 13:22:20 +00:00
Dr. Stephen Henson
72e3c20c14 Rebuild ASN1 error codes to remove unused function and reason codes. 2001-02-22 00:39:06 +00:00
Geoff Thorpe
47ddf355b4 'make update' 2001-02-21 17:43:52 +00:00
Richard Levitte
35618bf6ad strdup() is a X/Open extension. 2001-02-20 20:00:30 +00:00
Richard Levitte
460fe31f0c With later version of DEC C on VMS, some functions (strcmp(), for 
example) are declared with some extra linkage information.  This
generates a warning when using the function name as a value to a
regular function pointer with the "correct" definition of the
function.  Therefore, use a macro to cast the appropriate function on
VMS.
 2001-02-20 19:13:46 +00:00
Richard Levitte
14565bedaf Some functions, like strdup() and strcasecmp(), are defined in 
strings.h according to X/Open.
 2001-02-20 19:05:59 +00:00
Richard Levitte
38f3b3e29c OpenVMS catches up. 2001-02-20 17:14:30 +00:00
Geoff Thorpe
4dc719fc37 The callbacks in the NAME_FUNCS structure are not used directly as LHASH 
callbacks, and their prototypes were consistent as they were. These casts
need reversing.

Also, I personally find line breaks during parameter lists (ie a line
ending in a comma) easier to read at a glance than line breaks at the end
of a function call and before a dereference on the return value (ie a line
ending in a closed-bracket followed by a line starting with "->").
 2001-02-20 16:31:15 +00:00
Ulf Möller
48f2ef8d00 make it a loop as in dsa 2001-02-20 16:17:25 +00:00
Richard Levitte
b8feddae71 Get the right cast for lhash callback functions. 2001-02-20 14:00:29 +00:00
Richard Levitte
a9daa46758 Include string.h so mem*() functions get properly declared. 2001-02-20 13:41:11 +00:00
Richard Levitte
a9aa3d580c A new bunch of too long symbols to hack. 
OCSP_CRLID_new and OCSP_crlID_new clash on case-insensitive systems.
 2001-02-20 13:26:00 +00:00
Richard Levitte
56a6ccc84f DEC C on VMS is pedantic by definition. 2001-02-20 13:24:23 +00:00
Richard Levitte
03c4d82fa1 Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS 
get a chance to be defined.
Make a batter file name translator (uhm, no, that's not the finished
variant :-)).
 2001-02-20 13:23:42 +00:00
Richard Levitte
7ab1a39181 Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS 
get a chance to be defined.
 2001-02-20 13:22:35 +00:00
Richard Levitte
6525ced540 Let VMS catch up. 2001-02-20 13:10:14 +00:00
Richard Levitte
e28e42a549 Use sk_*_new_null() instead of sk_*_new(NULL). That avoids getting 
lots of silly warnings from the compiler.
 2001-02-20 13:06:10 +00:00
Richard Levitte
d8770f3ece Include string.h so mem* functions get properly declared. 2001-02-20 12:51:56 +00:00
Richard Levitte
4981372d03 Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS 
get a chance to be defined.
 2001-02-20 12:44:46 +00:00
Richard Levitte
3ebac273f5 Include string.h so mem* functions get properly declared. 2001-02-20 12:43:11 +00:00
Richard Levitte
5af18f65f4 Use 0 instead of NULL, at least for function casts, since there are 
variants of stdio.h that define NULL in such a way that it's "unsafe"
to use for function pointer casting.
 2001-02-20 12:40:42 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't 
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
 2001-02-20 08:13:47 +00:00
Bodo Möller
f2bc668429 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1. 
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
 2001-02-20 08:10:38 +00:00
Richard Levitte
8120813066 Use new-style system-id macros. 2001-02-20 07:43:22 +00:00
Ulf Möller
12c2fe8d53 Use BN_rand_range(). 2001-02-20 00:43:59 +00:00
Ulf Möller
335c4f0966 BN_rand_range() needs a BN_rand() variant that doesn't set the MSB. 2001-02-20 00:23:07 +00:00
Richard Levitte
4901b41653 Make sure time() is properly declared. 2001-02-19 22:47:40 +00:00
Richard Levitte
74cd365b03 Use the new-style system-identity macros. 2001-02-19 22:04:02 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making 
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
 2001-02-19 16:06:34 +00:00
Richard Levitte
07247321c6 make update 2001-02-19 14:00:38 +00:00
Dr. Stephen Henson
acba75c59d New -set_serial options to 'req' and 'x509'. 
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.

Fix typo in uid.c
 2001-02-19 13:38:32 +00:00
Richard Levitte
b36c170d1b VMS follows suit. 2001-02-19 11:30:22 +00:00
Bodo Möller
934397ec66 Memory leak detection bugfixes for multi-threading. 2001-02-19 10:32:53 +00:00
Bodo Möller
0f8631495d Add uid.{c,o} 2001-02-19 10:31:04 +00:00
Dr. Stephen Henson
a6b7ffddac New options to 'ca' utility to support CRL entry extensions. 
Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.
 2001-02-16 01:35:44 +00:00
Dr. Stephen Henson
f2e5ca84d4 Option to disable standard block padding with EVP API. 
Add -nopad option to enc command.

Update docs.
 2001-02-14 02:11:52 +00:00
Ulf Möller
36fafffae2 New function OPENSSL_issetugid(). Needs more work. 2001-02-14 01:35:44 +00:00
Dr. Stephen Henson
67c1801924 New function OCSP_parse_url() and -url option for ocsp utility. 
Doesn't handle SSL URLs yet.
 2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946 Modify OCSP nonce behaviour. 2001-02-12 23:28:45 +00:00
Dr. Stephen Henson
94fcd01349 Work around for libsafe "error". 2001-02-12 03:22:49 +00:00
Dr. Stephen Henson
ccb08f98ae Fix CRL printing to correctly show when there are no revoked certificates. 
Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
 2001-02-10 00:56:45 +00:00
Bodo Möller
e306892994 Simplify BN_rand_range 2001-02-10 00:34:02 +00:00
Lutz Jänicke
b5f6d9dc6e Fix "wierd" typo as submitted by Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>. 2001-02-09 19:03:53 +00:00
Dr. Stephen Henson
c063f2c5ec Various Win32 related fixed. Make no-krb5 work in mkdef.pl . 
Fix warning in apps/engine.c

Remove definitions of deleted functions.

Add missing definition of X509_VAL.
 2001-02-09 18:16:12 +00:00
Richard Levitte
c2bf70a27c The check for request including a nonce and response not having it was 
inversed.  Corrected.  Hopefully, this will make it work without
dumping core.
 2001-02-08 19:28:10 +00:00
Ulf Möller
a71b5abfa4 use <= instead of == 2001-02-08 17:45:32 +00:00
Ulf Möller
928cc3a6de point out that RAND_load_file() etc are only for seed files, not for 
entropy devices or sockets.
 2001-02-08 17:22:56 +00:00
Bodo Möller
792e2ce7f4 Another comment change. (Previous comment does not apply 
for range = 11000000... or range = 100000...)
 2001-02-08 12:34:08 +00:00
Bodo Möller
3952584571 Change comments. (The expected number of iterations in BN_rand_range 
never exceeds 1.333...).
 2001-02-08 12:27:22 +00:00
Bodo Möller
a5d2acfc79 oops -- remove observation code 2001-02-08 12:24:41 +00:00
Bodo Möller
35ed8cb8b6 Integrate my implementation of a countermeasure against 
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
 2001-02-08 12:14:51 +00:00
Bodo Möller
7edc5ed90a platform specific CFLAGS don't belong into this Makefile 2001-02-08 11:15:50 +00:00
Ulf Möller
57e7d3ce15 Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00
Lutz Jänicke
a8ebe4697e Modify access to EGD socket to deal with EINTR etc that can appear 
during connect() and other calls. First seen on Unixware-7.

Unify access to EGD-socket for all RAND_egd_*() methods.
 2001-02-07 22:13:38 +00:00
Dr. Stephen Henson
deb2c1a1c5 Fix AES code. 
Update Rijndael source to v3.0

Add AES OIDs.

Change most references of Rijndael to AES.

Add new draft AES ciphersuites.
 2001-02-07 18:15:18 +00:00
Ben Laurie
259810e05b Rijdael CBC mode and partial undebugged SSL support. 2001-02-06 14:09:13 +00:00
Bodo Möller
9eea2be6f1 Avoid coredumps for CONF_get_...(NULL, ...) 2001-02-06 10:26:34 +00:00
Ulf Möller
4327aae816 format strings 2001-02-06 02:57:35 +00:00
Ulf Möller
741a9690df Fix potential buffer overrun for EBCDIC. 2001-02-06 02:54:02 +00:00
Richard Levitte
e24e40657f Fix a memory leak in BIO_get_accept_socket(). This leak was small and 
only happened when the port number wasn't parsable ot the host wasn't
possible to convert to an IP address.
Contributed by Niko Baric <Niko.Baric@epost.de>
 2001-02-05 09:15:09 +00:00
Bodo Möller
448361a86c Include string.h (whis is in all relevant standards) instead of 
memory.h (which is not).
 2001-02-05 09:07:50 +00:00
Dr. Stephen Henson
26e083ccb7 New function to copy nonce values from OCSP 
request to response.
 2001-02-05 00:35:06 +00:00
Ben Laurie
4978361212 Make depend. 2001-02-04 21:06:55 +00:00
Ben Laurie
1618bc7921 Can't remember why this was needed? 2001-02-04 21:02:22 +00:00
Ben Laurie
1b843d3c69 Fix a warning. 2001-02-04 21:01:32 +00:00
Dr. Stephen Henson
2b916952a8 Fix ASN1_TIME_to_generlizedtime(). 
Add protoype for OCSP_response_create().

Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
 2001-02-04 03:04:43 +00:00
Dr. Stephen Henson
02e4fbed3d Various OCSP responder utility functions. 
Delete obsolete OCSP functions.

Largely untested at present...
 2001-02-03 19:20:45 +00:00
Dr. Stephen Henson
88ce56f8c1 Various function for commmon operations. 2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
664d83bb23 Tidy up the mess in bss_sock.c and bss_fd.c 
by placing them socket/fd code in separate
files rather than trying to have them both
share the same one.
 2001-02-02 00:31:45 +00:00
Dr. Stephen Henson
8cff6331c9 Tolerate some "variations" used in some 
certificates.

One is a valid CA which has no basicConstraints
but does have certSign keyUsage.

Other is S/MIME signer with nonRepudiation but
no digitalSignature.
 2001-02-01 01:57:32 +00:00
Richard Levitte
16a44ae7e9 Increase consistency of header data (some mail readers really do not 
like spaces before the semicolon, and besides, other parts of this
file makes the values without those spaces), and move spacing of
continuation lines to support BIO's that break lines after each
write.
 2001-01-30 13:38:59 +00:00
Bodo Möller
78f3a2aad7 Comment and indentation 2001-01-28 14:38:11 +00:00
Dr. Stephen Henson
b847024026 Make sk_sort tolearate a NULL argument. 2001-01-28 14:20:13 +00:00
Dr. Stephen Henson
50d5199120 New OCSP response verify option OCSP_TRUSTOTHER 2001-01-26 01:55:52 +00:00
Dr. Stephen Henson
a43cf9fae9 Add debugging info to new ASN1 code to trace memory leaks. 
Fix PKCS7 and PKCS12 memory leaks.

Initialise encapsulated content type properly.
 2001-01-24 18:39:54 +00:00
Bodo Möller
9ae9c221de Update "OAEP reconsidered" comment 2001-01-24 14:59:25 +00:00
Ulf Möller
75802000c8 There is no C version of bn_div_3_words 2001-01-23 16:26:15 +00:00
Dr. Stephen Henson
ba8e28248f Fix to stop X509_time_adj() using GeneralizedTime. 2001-01-20 13:38:45 +00:00
Dr. Stephen Henson
8e8972bb68 Fixes to various ASN1_INTEGER routines for negative case. 
Enhance s2i_ASN1_INTEGER().
 2001-01-19 14:21:48 +00:00
Dr. Stephen Henson
73758d435b Additional functionality in ocsp utility: print summary 
of status info. Check nonce values. Option to disable
verify. Update usage message.

Rename status to string functions and make them global.
 2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
e8af92fcb1 Implement remaining OCSP verify checks in 
accordance with RFC2560.
 2001-01-18 01:35:39 +00:00
Dr. Stephen Henson
81f169e95c Initial OCSP certificate verify. Not complete, 
it just supports a "trusted OCSP global root CA".
 2001-01-17 01:31:34 +00:00
Dr. Stephen Henson
6308af199d Change PKCS#12 key derivation routines to cope with 
non null terminated passwords.
 2001-01-14 14:07:10 +00:00
Dr. Stephen Henson
5782ceb298 New OCSP utility. This can generate, parse and print 
OCSP requests. It can also query reponders and parse or
print out responses.

Still needs some more work: OCSP response checks and
of course documentation.
 2001-01-13 01:48:38 +00:00
Bodo Möller
cc85ec447b Disable RegQueryValueEx() call. 
Problem reported by "Wolfgang Marczy" <WMarczy@topcall.co.at>
in a message to openssl-dev (19 Dec 2000 13:40:51 +0100).
 2001-01-12 15:16:21 +00:00
Bodo Möller
af5473c45a isspace must be used only on *unsigned* chars 2001-01-12 14:45:12 +00:00
Dr. Stephen Henson
adf87b2df5 Fix typo in OCSP ASN1 module, this caused 
invalid format in OCSP request signatures.

Add spaces to OCSP HTTP header.

Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.
 2001-01-11 23:24:28 +00:00
Dr. Stephen Henson
9b4dc8308f OCSP basic response verify. Very incomplete 
but will verify the signatures on a response
and locate the signers certifcate.

Still needs to implement a proper OCSP certificate
verify.

Fix warning in RAND_egd().
 2001-01-11 00:52:50 +00:00
Bodo Möller
b93642c5cc No functional change, but slightly improved code clarity. 2001-01-10 19:26:34 +00:00
Bodo Möller
a5435e8b29 After discussion with Richard, change the new API for extended memory 
allocation callbacks so that it is no longer visible to applications
that these live at a different call level than conventional memory
allocation callbacks.
 2001-01-10 18:09:57 +00:00
Bodo Möller
eddf82a36a make indentation consistent 2001-01-10 15:31:04 +00:00
Bodo Möller
673b3fde82 Add SSLEAY_DIR argument code for SSLeay_version. 
Add '-d' option for 'openssl version' (included in '-a').
 2001-01-10 15:15:36 +00:00
Bodo Möller
cd56182b41 Change prototypes for new CRYPTO_..._mem_ex_functions functions so 
that they match the function definitions (namely, remove file/line
parameters from free_func).
 2001-01-10 14:10:17 +00:00
Richard Levitte
65a22e8e4d As response to a user request to be able to use external memory 
handling routines that need file name and line number information,
I've added a call level to our memory handling routines to allow that
kind of hooking.
 2001-01-10 13:14:58 +00:00
Dr. Stephen Henson
cbf0f45f90 Fix uni2asc() so it can properly convert zero length 
unicode strings. Certain PKCS#12 files contain these
in BMPStrings and it used to crash on them.
 2001-01-10 01:06:31 +00:00
Geoff Thorpe
04e53c273f oops, void functions shouldn't try and return a value. Strangely, gcc 
didn't even give a warning for this yet HPUX cc considered it an error.
Reported by Lutz(@openssl.org).
 2001-01-09 16:59:56 +00:00
Lutz Jänicke
599c03530a Add automatic query of EGD sockets to RAND_poll(). The EGD sockets are 
only queried when the /dev/[u]random devices did not return enough
entropy. Only the amount of entropy missing to reach the required minimum
is queried, as EGD may be drained.
Queried locations are: /etc/entropy, /var/run/egd-pool
 2001-01-09 16:44:59 +00:00
Lutz Jänicke
28e5428d5d Don't cheat: when only getting several bytes from each source, n is incremented 
correctly, but RAND_add(..,n) counts the increasing n several times.
Only RAND_add(..,n) once entropy collection is finished.
 2001-01-09 10:58:36 +00:00
Geoff Thorpe
3c91484052 Move all the existing function pointer casts associated with LHASH's two 
"doall" functions to using type-safe wrappers. As and where required, this
can be replaced by redeclaring the underlying callbacks to use the
underlying "void"-based prototypes (eg. if performance suffers from an
extra level of function invocation).
 2001-01-09 00:24:38 +00:00
Geoff Thorpe
98d517c5da Get rid of the function pointer casting in the debugging memory code due 
to LHASH usage. NB: The callback type used as been suctioned off into
crypto.h as CRYPTO_MEM_LEAK_CB to improve clarity.
 2001-01-09 00:13:25 +00:00
Geoff Thorpe
18602745de This adds macros to implement (and/or declare) type-safe wrapper functions 
around the callbacks required in the LHASH code for the "doall" functions.

Also - fix the evil function pointer casting in the two lh_doall functions
by deferring to a static utility function. Previously lh_doall() was
invoking lh_doall_arg() by casting the callback to the 2-parameter
prototype and passing in a NULL argument. This appears to have been working
thus far but it's not a hot idea. If the extra level of indirection becomes
a performance hit, we can just provide two virtually identical
implementations for each variant later on.
 2001-01-09 00:02:09 +00:00
Geoff Thorpe
ad2e032049 Whilst in the process of fixing outstanding function-pointer casts in the 
LHASH code, this evil was uncovered. The cast was obscuring the fact that
the function was prototyped to take 2 parameters when in fact it is being
used as a callback that should take only one. Anyway, the function itself
ignores the second parameter (thankfully). A proper cure is on the way but
for now this corrects the inconsistency.
 2001-01-08 22:03:27 +00:00
Richard Levitte
601140b363 Keep up with Unix code. It's beginning to be time to rethink the VMS 
build system...
 2001-01-08 21:32:46 +00:00
Dr. Stephen Henson
b5524a3ac3 Add prototypes for new OCSP functions. 
Fix bug in OCSP_find_status().
 2001-01-08 13:39:06 +00:00
Richard Levitte
0c61e299b3 Change RAND_poll for Unix to try a number of devices and only read 
them for a short period of time (actually, poll them with select(),
then read() whatever is there), which is about 10ms (hard-coded value)
each.

Separate Windows and Unixly code, and start on a VMS variant that
currently just returns 0.
 2001-01-08 10:59:26 +00:00
Dr. Stephen Henson
0b33bc65cd Add set of OCSP client functions. All experimental 
and subject to addition, modifcation or deletion.

Add two OCSP nonce utility functions.

Fix typo in status code name.
 2001-01-08 01:21:55 +00:00
Richard Levitte
0f5fa24a7c Keep up with the Unixly changes. 2001-01-07 18:51:28 +00:00
Dr. Stephen Henson
8e96183506 Modify OCSP API to more closely reflect 
application needs.

Add OCSP library name to error code.
 2001-01-05 03:31:51 +00:00
Dr. Stephen Henson
a8312c0e24 Fix typo in OCSP nonce extension. 
Set correct type in ASN1_STRING for
INTEGER and ENUMERATED types.

Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
return -1 for invalid type rather than 0 (which is
often valid). -1 may also be valid but this is less
likely.

Load OCSP error strings in ERR_load_crypto_strings().
 2001-01-04 19:53:48 +00:00
Dr. Stephen Henson
bf0d176e48 Update OCSP API. 
Remove extensions argument from various functions
because it is not needed with the new extension
code.

New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.

New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.

Fix typo in CRL distribution points extension.

Fix ASN1 code so it adds a final null to constructed
strings.
 2001-01-04 01:46:36 +00:00
Dr. Stephen Henson
ec5add8784 Fix the S/MIME code so it now works again and 
uses the new ASN1 code.
 2000-12-31 17:31:57 +00:00
Richard Levitte
856d456a71 Make the DSO code for VMS work again. First attempt. 2000-12-31 01:55:46 +00:00
Richard Levitte
e102a3dcfd Since asn1.h gets included recursively from many places, the easiest 
is to have asn1.h include e_os.h and e_os2.h.  Of course, this makes
the unofficial "non-export" status of e_os.h a bit delicate...
 2000-12-31 01:18:50 +00:00
Dr. Stephen Henson
ecbe07817a Rewrite PKCS#12 code and remove some of the old 
horrible macros.

Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
 2000-12-31 01:13:04 +00:00
Richard Levitte
26da3e65ac If OPENSSL_BUILD_SHLIBCRYPTO (for files that end up as libcrypto 
objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl
objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT.
This is actually only important on Win32, and can safely be ignored in
all other cases, at least for now.
 2000-12-31 00:23:17 +00:00
Dr. Stephen Henson
d8ecc56c9d Delete PKCS#12 redundant files. 2000-12-30 12:26:33 +00:00
Dr. Stephen Henson
4e1209ebf8 ASN1_ITEM versions of ASN1_d2i_{fp, bio} and replacement of 
most of the old wrappers. A few of the old versions remain
because they are non standard and the corresponding ASN1
code has not been reimplemented yet.
 2000-12-30 02:40:26 +00:00
Dr. Stephen Henson
78d3b819f0 Replace the old ASN1_dup() with ASN1_item_dup() and 
zap some evil function pointers casts along the way...
 2000-12-29 18:23:55 +00:00
Richard Levitte
1690c2b26e Correct a typo. 2000-12-29 01:41:37 +00:00
Richard Levitte
701adceb12 "make update" plus a rewrite of both .num files. 2000-12-29 00:19:12 +00:00
Dr. Stephen Henson
f86c5c9ac7 ASN1_ITEM version of ASN1_dup(). Might want 
something more efficient later...
 2000-12-28 22:41:46 +00:00
Richard Levitte
66a0def81b Update VMS build procedures to match the current status. 2000-12-28 22:26:11 +00:00
Dr. Stephen Henson
73e92de577 Add NO_ASN1_OLD to remove some old style functions: 
currently OpenSSL itself wont compile with this set
because some old style stuff remains.

Change old functions X509_sign(), X509_verify() etc
to use new item based functions.

Replace OCSP function declarations with DECLARE macros.
 2000-12-28 22:24:50 +00:00
Dr. Stephen Henson
09ab755c55 ASN1_ITEM versions of sign, verify, pack and unpack. 
The old function pointer versions will eventually go
away.
 2000-12-28 19:18:48 +00:00
Dr. Stephen Henson
ec558b6548 New OCSP extension functions. 2000-12-28 01:05:05 +00:00
Dr. Stephen Henson
29e1fdf3f2 Avoid compiler warnings in hw_ubsec.c: unused static 
functions and signed/unsigned mismatch.

This will of course change if some of the unused functions
suddenly get used...
 2000-12-27 19:20:14 +00:00
Dr. Stephen Henson
28ddfc61dc X509V3_add_i2d() needs to be able to allocate a 
STACK_OF(X509_EXTENSION) so it should be passed
STACK_OF(X509_EXTENSION) ** in the first argument.

Modify wrappers appropriately.
 2000-12-27 13:42:43 +00:00
Dr. Stephen Henson
57d2f21782 New function X509V3_add_i2d() this is used for 
encoding, replacing and deleting extensions.

Fix X509V3_get_d2i() so it uses takes note of
new critical behaviour.
 2000-12-24 18:02:33 +00:00
Dr. Stephen Henson
3c07b4c2ee Various Win32 related fixes. Doesn't compile yet on 
Win32 but it is getting there...

Update mkdef.pl to handle ASN1_ANY and fix headers.

Stop various VC++ warnings.

Include some fixes from "Peter 'Luna' Runestig"
<peter@runestig.com>

Remove external declaration for des_set_weak_key_flag:
it doesn't exist.
 2000-12-21 01:38:55 +00:00
Bodo Möller
60f7492646 Don't access non-existing element buf[256], use buf[255] instead. 
Submitted by: draslar <draslar@elray.ch>
 2000-12-20 10:11:06 +00:00
Dr. Stephen Henson
5755cab49d Fixes to OCSP print code. 
Don't try to print request certificates if signature is not present.

Remove unnecessary test for certificates being NULL.

Fix typos in printed output.

Tidy up output.

Fix for typo in OCSP_SERVICELOC ASN1 template.

Also give a bit more info in CHANGES about the ASN1 revision.
 2000-12-20 00:46:44 +00:00
Bodo Möller
975842f9fb fix indentation 2000-12-19 12:39:45 +00:00
Bodo Möller
126fe085db Don't hold CRYPTO_LOCK_RSA during time-consuming operations. 2000-12-19 12:31:41 +00:00
Bodo Möller
123d24d600 Add a comment (intended change) 2000-12-18 16:39:00 +00:00
Bodo Möller
cb38052b3a Comment correction. 2000-12-18 09:18:22 +00:00
Bodo Möller
f640ee90c3 Obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX 
structures and setting rsa->_method_mod_{n,p,q}.

Submitted by: "Reddie, Steven" <Steven.Reddie@ca.com>
 2000-12-18 09:00:48 +00:00
Dr. Stephen Henson
1f47ec53a2 Redo OCSP response printing. Remove duplicate or 
obsolete code. Delete some redundant files.
 2000-12-17 14:09:43 +00:00
Bodo Möller
b2e7419a1d Simplify preprocessor statements. 2000-12-17 00:30:03 +00:00
Dr. Stephen Henson
6546fdfaf8 Add OCSP service locator extension. 2000-12-16 12:51:58 +00:00
Richard Levitte
3a3ca1d474 Do not poll DEVRANDOM if weäre building without an file pointer API. 
Spotted by "David Schwartz" <davids@webmaster.com>.
 2000-12-16 11:19:19 +00:00
Dr. Stephen Henson
f1a6a0d4dd Add support for the noCheck OCSP extension. This is 
just a NULL and appears in a certificate.
 2000-12-16 01:58:58 +00:00
Bodo Möller
3ac82faae5 Locking issues. 2000-12-15 16:40:35 +00:00
Dr. Stephen Henson
c08523d862 Implement some standard OCSP extensions in the v3 code. These 
are all raw print only extensions at present.
 2000-12-15 13:42:00 +00:00
Bodo Möller
137e601277 The C version of bn_sub_part_words is needed not only 
in NO_ASM configurations
 2000-12-15 10:54:03 +00:00
Bodo Möller
09f4bd2a39 Very few in the "README" is up-to-date 2000-12-15 10:42:11 +00:00
Dr. Stephen Henson
2fc0d1f15e Add OCSP nonce extension to supported extensions. 
This is a little unusual because it can contain no
structure i.e. the extension OCTET STRING content
octets do not contain a DER encoded structure.
 2000-12-14 23:27:20 +00:00
Geoff Thorpe
016d7d250a This is an engine contributed by Broadcom - it is meant to support the 
BCM5805 and BCM5820 units. So far I've merely taken a skim over the code
and changed a few things from their original contributed source
(de-shadowing variables, removing variables from the header, and
re-constifying some functions to remove warnings). If this gives
compilation problems on any system, please let me know. We will hopefully
know for sure whether this actually functions on a system with the relevant
hardware in a day or two.  :-)
 2000-12-14 21:41:55 +00:00
Dr. Stephen Henson
2c15d426b9 New function X509V3_extensions_print() this removes extension duplication 
from the print routines.

Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.

Implement some ASN1 functions needed to compile OCSP code.
 2000-12-14 18:42:28 +00:00
Bodo Möller
3b28dbce7e The BN_mul bug test apparently is no longer needed 2000-12-14 17:46:36 +00:00
Dr. Stephen Henson
de487514ae New function X509_signature_print() to remove some duplicate 
code from certificate, CRL and request printing routines.
 2000-12-14 00:53:10 +00:00
Dr. Stephen Henson
06db4253e2 Change the PKCS7 structure to use SEQUENCE OF for the 
authenticated attributes: this is used to retain the
original encoding and not break signatures.

Support for a SET OF which reorders the STACK when
encoding a structure. This will be used with the
PKCS7 code.
 2000-12-13 23:54:30 +00:00
Dr. Stephen Henson
36f554d43c Replace the old style OCSP ASN1 module. 2000-12-13 18:21:51 +00:00