openssl

Author	SHA1	Message	Date
Raphael Spreitzer	f9fb43e176	RT2400: ASN1_STRING_to_UTF8 missing initializer Reviewed-by: Tim Hudson <tjh@openssl.org>	2014-08-27 22:59:05 -04:00
Justin Blanchard	f756fb430e	RT1815: More const'ness improvements Add a dozen more const declarations where appropriate. These are from Justin; while adding his patch, I noticed ASN1_BIT_STRING_check could be fixed, too. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>	2014-08-18 11:49:16 -04:00
Jonas Maebe	1c4b688cb4	multi_split: check for NULL when allocating parts and bpart, and for failure of sk_BIO_push() Signed-off-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>	2014-08-15 22:37:48 +02:00
Jonas Maebe	8957278869	mime_hdr_addparam: free tmpname, tmpval and mparam on error path, and check whether sk_MIME_PARAM_push succeeds Signed-off-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>	2014-08-15 22:37:14 +02:00
Jonas Maebe	15297d962c	mime_hdr_new: free mhdr, tmpname, tmpval on error path Signed-off-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>	2014-08-15 22:36:54 +02:00
Jonas Maebe	c9c63b0180	ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path Signed-off-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>	2014-08-15 22:36:34 +02:00
Jonas Maebe	b9b9f853b5	SetBlob: free rgSetBlob on error path Signed-off-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>	2014-08-15 22:35:11 +02:00
Fr�d�ric Giudicelli	c753e71e0a	RT783: Minor optimization to ASN1_INTEGER_set Remove local variable and avoid extra assignment. Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>	2014-08-15 10:54:43 -04:00
Hans Wennborg	01e438f288	RT3023: Redundant logical expressions Remove some redundant logical expressions Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>	2014-08-15 10:45:00 -04:00
Dr Stephen Henson	b00f586a81	Fix `d4a4370050` Fully remove old error, per drH Reviewed-by: rsalz	2014-08-11 17:32:57 -04:00
Scott Schaefer	d4a4370050	RT 2517: Various typo's. Reviewed-by: Emilia Kasper Many of these were already fixed, this catches the last few that were missed.	2014-08-11 13:43:31 -04:00
Emilia Kasper	0042fb5fd1	Fix OID handling: - Upon parsing, reject OIDs with invalid base-128 encoding. - Always NUL-terminate the destination buffer in OBJ_obj2txt printing function. CVE-2014-3508 Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>	2014-08-06 20:36:41 +01:00
Dr. Stephen Henson	55707a36cc	Add license info.	2014-07-04 18:41:45 +01:00
Dr. Stephen Henson	398e99fe5e	ASN1 sanity check. Primitive encodings shouldn't use indefinite length constructed form. PR#2438 (partial).	2014-07-02 00:59:26 +01:00
Dr. Stephen Henson	0e7bda79a1	Handle BER length encoding. Tolerate BER length encoding which may include leading zeroes. PR#2746	2014-06-29 00:07:08 +01:00
Dr. Stephen Henson	11da66f8b1	Tolerate critical AKID in CRLs. PR#3014	2014-06-27 18:49:32 +01:00
Dr. Stephen Henson	d2aea03829	Memory leak and NULL dereference fixes. PR#3403	2014-06-27 14:35:07 +01:00
Dr. Stephen Henson	3009244da4	Set default global mask to UTF8 only.	2014-06-01 15:03:00 +01:00
Dr. Stephen Henson	b48310627d	Don't try and verify signatures if key is NULL (CVE-2013-0166) Add additional check to catch this in ASN1_item_verify too. (cherry picked from commit `66e8211c0b`)	2014-04-01 16:37:51 +01:00
Dr. Stephen Henson	2514fa79ac	Add functions returning security bits. Add functions to return the "bits of security" for various public key algorithms. Based on SP800-57.	2014-03-28 14:49:04 +00:00
Dr. Stephen Henson	4cfeb00be9	make depend	2014-02-19 20:09:08 +00:00
Dr. Stephen Henson	84917787b5	Remove references to o_time.h	2014-02-19 20:06:13 +00:00
Scott Schaefer	2b4ffc659e	Fix various spelling errors	2014-02-14 22:29:12 +00:00
Dr. Stephen Henson	847865d0f9	Add suppot for ASCII with CRLF canonicalisation.	2014-02-13 14:35:56 +00:00
Dr. Stephen Henson	85c9ba2342	Support setting of "no purpose" for trust. If the oid parameter is set to NULL in X509_add1_trust_object create an empty list of trusted purposes corresponding to "no purpose" if trust is checked.	2013-11-11 22:39:23 +00:00
Ben Laurie	79b9209883	More diagnostics for invalid OIDs.	2013-09-20 14:38:36 +01:00
Veres Lajos	478b50cf67	misspellings fixes by https://github.com/vlajos/misspell_fixer	2013-09-05 21:39:42 +01:00
Dr. Stephen Henson	dc1ce3bc64	Add KDF for DH. Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the same structure is used by DH and ECDH. Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers without the need to use ASN1.	2013-08-05 15:45:01 +01:00
Dr. Stephen Henson	5de18d5d0d	Encode INTEGER correctly. If an ASN1_INTEGER structure is allocated but not explicitly set encode it as zero: don't generate an invalid zero length INTEGER. (cherry picked from commit `1643edc63c`)	2013-03-18 14:22:08 +00:00
Ben Laurie	975dfb1c6c	make depend.	2013-02-21 18:17:38 +00:00
Ben Laurie	a6bbbf2ff5	Make "make depend" work on MacOS out of the box.	2013-01-19 14:14:30 +00:00
Dr. Stephen Henson	2e8cb108dc	initial support for delta CRL generations by diffing two full CRLs	2012-12-04 18:35:36 +00:00
Dr. Stephen Henson	46a6cec699	Reorganise parameters for OPENSSL_gmtime_diff. Make ASN1_UTCTIME_cmp_time_t more robust by using the new time functions.	2012-11-21 14:13:20 +00:00
Dr. Stephen Henson	360ef6769e	first parameter is difference in days, not years	2012-11-20 15:19:53 +00:00
Dr. Stephen Henson	d223dfe641	make depend	2012-11-19 15:13:33 +00:00
Dr. Stephen Henson	1c455bc084	new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures	2012-11-19 15:12:07 +00:00
Dr. Stephen Henson	98a7edf9f0	make depend	2012-11-19 13:18:09 +00:00
Dr. Stephen Henson	918e613a32	oops, add missing asn_mstbl.c	2012-10-24 13:27:46 +00:00
Dr. Stephen Henson	30765fed55	New config module for string tables. This can be used to add new multi string components (as used in DN fields or request attributes) or change the values of existing ones.	2012-10-22 13:05:54 +00:00
Dr. Stephen Henson	d35c0ff30b	fix ASN1_STRING_TABLE_add so it can override existing string table values	2012-10-19 15:06:31 +00:00
Bodo Möller	7f429a5dbf	Fix Valgrind warning. Submitted by: Adam Langley	2012-09-24 19:49:16 +00:00
Dr. Stephen Henson	dfcf48f499	New functions to retrieve certificate signatures and signature OID NID.	2012-06-13 13:08:12 +00:00
Dr. Stephen Henson	4b9e0b5f74	print out issuer and subject unique identifier fields in certificates	2012-06-12 13:41:18 +00:00
Dr. Stephen Henson	4242a090c7	PR: 2813 Reported by: Constantine Sapuntzakis <csapuntz@gmail.com> Fix possible deadlock when decoding public keys.	2012-05-11 13:53:37 +00:00
Dr. Stephen Henson	d9a9d10f4f	Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)	2012-04-19 16:19:56 +00:00
Andy Polyakov	6da165c631	ans1/tasn_prn.c: avoid bool in variable names. PR: 2776	2012-03-29 17:48:19 +00:00
Dr. Stephen Henson	78dfd43955	corrected fix to PR#2711 and also cover mime_param_cmp	2012-03-12 16:32:19 +00:00
Dr. Stephen Henson	3c6a7cd44b	PR: 2742 Reported by: Dmitry Belyavsky <beldmit@gmail.com> If resigning with detached content in CMS just copy data across.	2012-02-29 14:02:02 +00:00
Dr. Stephen Henson	dc4f678cdc	Fix memory leak cause by race condition when creating public keys. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.	2012-02-28 14:47:02 +00:00
Dr. Stephen Henson	68a7b5ae1e	PR: 2736 Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr> Preserve unused bits value in non-canonicalised ASN1_STRING structures by using ASN1_STRING_copy which preseves flags.	2012-02-27 18:45:28 +00:00
Dr. Stephen Henson	228a8599ff	free headers after use in error message	2012-02-27 16:27:17 +00:00
Dr. Stephen Henson	6941b7b918	PR: 2711 Submitted by: Tomas Mraz <tmraz@redhat.com> Tolerate bad MIME headers in parser.	2012-02-23 21:50:44 +00:00
Dr. Stephen Henson	9bd20155ba	fix warning	2012-01-15 13:30:41 +00:00
Andy Polyakov	a50bce82ec	Sanitize usage of <ctype.h> functions. It's important that characters are passed zero-extended, not sign-extended. PR: 2682	2012-01-12 16:21:35 +00:00
Andy Polyakov	6e913f9901	asn1/t_x509.c: fix serial number print, harmonize with a_int.c. PR: 2675 Submitted by: Annie Yousar	2012-01-11 21:12:22 +00:00
Dr. Stephen Henson	afb14cda8c	Initial experimental support for X9.42 DH parameter format to handle RFC5114 parameters and X9.42 DH public and private keys.	2011-12-07 00:32:34 +00:00
Dr. Stephen Henson	3231e42d72	update pkey method initialisation and copy	2011-10-11 18:15:31 +00:00
Bodo Möller	837e1b6812	Fix memory leak on bad inputs.	2011-09-05 09:57:20 +00:00
Dr. Stephen Henson	a60cc6b4f0	Don't use *from++ in tolower as this is implemented as a macro on some platforms. Thanks to Shayne Murray <Shayne.Murray@Polycom.com> for reporting this issue.	2011-09-02 11:28:27 +00:00
Dr. Stephen Henson	9fe51d5f73	PR: 2556 (partial) Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de> Reviewed by: steve Fix OID routines. Check on encoding leading zero rejection should start at beginning of encoding. Allow for initial digit when testing when to use BIGNUMs which can increase first value by 2 * 40.	2011-07-14 12:01:53 +00:00
Dr. Stephen Henson	b507284c7e	correctly encode OIDs near 2^32	2011-06-22 15:15:58 +00:00
Dr. Stephen Henson	9a85e53813	no need to include memory.h	2011-04-30 23:37:42 +00:00
Dr. Stephen Henson	f9678b8b57	Fix memory leak.	2011-02-07 13:34:00 +00:00
Bodo Möller	9d0397e977	make update	2011-02-03 10:17:53 +00:00
Bodo Möller	2440d8b1db	Fix error codes.	2011-02-03 10:03:23 +00:00
Dr. Stephen Henson	df6de39fe7	Change AR to ARX to allow exclusion of fips object modules	2011-01-26 16:08:08 +00:00
Dr. Stephen Henson	7d05edd12e	PR: 2433 Submitted by: Chris Wilson <chris@qwirx.com> Reviewed by: steve Constify ASN1_STRING_set_default_mask_asc().	2011-01-24 16:19:52 +00:00
Dr. Stephen Henson	d3f17e5ed3	stop warning with no-engine	2011-01-13 15:41:58 +00:00
Dr. Stephen Henson	968062b7d3	Fix escaping code for string printing. If any escaping is enabled we must escape the escape character itself (backslash).	2011-01-03 01:31:24 +00:00
Dr. Stephen Henson	d7d5a55d22	Support routines for ASN1 scanning function, doesn't do much yet.	2010-12-13 18:15:28 +00:00
Dr. Stephen Henson	8ec3fa0597	fix signature printing routines	2010-10-04 13:58:41 +00:00
Dr. Stephen Henson	39239280f3	Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), this means that some implementations will be used automatically, e.g. aesni, we do this for cryptodev anyway. Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.	2010-10-03 18:58:09 +00:00
Ben Laurie	c8bbd98a2b	Fix warnings.	2010-06-12 14:13:23 +00:00
Dr. Stephen Henson	359b0c9fb8	experimental function to convert ASN1_TIME to tm, not used or even compiled in yet	2010-05-03 12:17:44 +00:00
Dr. Stephen Henson	e19f6678f5	print signature parameters with CRLs too	2010-03-14 13:10:48 +00:00
Dr. Stephen Henson	8d207ee3d1	add X509_CRL_sign_ctx function	2010-03-14 12:52:38 +00:00
Dr. Stephen Henson	85522a074c	Algorithm specific ASN1 signing functions.	2010-03-11 13:32:38 +00:00
Dr. Stephen Henson	ce25c7207b	New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) from a digest algorithm.	2010-03-11 13:27:05 +00:00
Dr. Stephen Henson	31904ecdf3	RSA PSS verification support including certificates and certificate requests. Add new ASN1 signature initialisation function to handle this case.	2010-03-08 18:10:35 +00:00
Dr. Stephen Henson	809cd0a22d	print outermost signature algorithm parameters too	2010-03-07 17:02:47 +00:00
Dr. Stephen Henson	7ed485bc9f	The OID sanity check was incorrect. It should only disallow leading 0x80 values.	2010-03-07 16:40:05 +00:00
Dr. Stephen Henson	9ef6fe8c2e	typo	2010-03-07 15:37:37 +00:00
Dr. Stephen Henson	a5667732b9	update ASN1 sign/verify to use EVP_DigestSign and EVP_DigestVerify	2010-03-07 12:05:45 +00:00
Dr. Stephen Henson	148924c1f4	fix indent, newline	2010-03-06 18:14:13 +00:00
Dr. Stephen Henson	fa1ba589f3	Add algorithm specific signature printing. An individual ASN1 method can now print out signatures instead of the standard hex dump. More complex signatures (e.g. PSS) can print out more meaningful information. Sample DSA version included that prints out the signature parameters r, s. [Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding new fields in the middle has no compatibility issues]	2010-03-06 18:05:05 +00:00
Dr. Stephen Henson	c8ef656df2	Make CMAC API similar to HMAC API. Add methods for CMAC.	2010-02-08 15:31:35 +00:00
Dr. Stephen Henson	ec7d16ffdd	Check it actually compiles this time ;-)	2009-12-02 14:25:40 +00:00
Dr. Stephen Henson	5656f33cea	PR: 2120 Submitted by: steve@openssl.org Initialize fields correctly if pem_str or info are NULL in EVP_PKEY_asn1_new().	2009-12-02 13:56:45 +00:00
Dr. Stephen Henson	3d63b3966f	Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat and is a pre-requisite to adding password based CMS support.	2009-11-25 22:01:06 +00:00
Dr. Stephen Henson	c18e51ba5e	PR: 2088 Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com> Approved by: steve@openssl.org Fix memory leak in d2i_PublicKey().	2009-11-12 19:56:56 +00:00
Dr. Stephen Henson	b599006751	PR: 2090 Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson Approved by: steve@openssl.org Improve error checking in asn1_gen.c	2009-11-10 00:48:07 +00:00
Dr. Stephen Henson	04f9095d9e	Fix unitialized warnings	2009-10-04 16:52:51 +00:00
Dr. Stephen Henson	78ca13a272	PR: 2056 Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct BIO_wirte error handling in asn1_par.c	2009-10-01 00:11:04 +00:00
Dr. Stephen Henson	b6dcdbfc94	Audit libcrypto for unchecked return values: fix all cases enountered	2009-09-23 23:43:49 +00:00
Dr. Stephen Henson	f4274da164	PR: 1644 Submitted by: steve@openssl.org Fix to make DHparams_dup() et al work in C++. For 1.0 fix the final argument to ASN1_dup() so it is void . Replace some _dup macros with functions.	2009-09-06 15:49:46 +00:00
Dr. Stephen Henson	17b5326ba9	PR: 2013 Submitted by: steve@openssl.org Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created. This makes it possible to tell if the underlying type is UTCTime, GeneralizedTime or Time when the structure is reused and X509_time_adj_ex() can handle each case in an appropriate manner. Add error checking to CRL generation in ca utility when nextUpdate is being set.	2009-09-02 13:54:50 +00:00
Dr. Stephen Henson	e33d290159	PR: 2004 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Approved by: steve@openssl.org Handle fractional seconds properly in ASN1_GENERALIZEDTIME_print	2009-08-10 14:56:57 +00:00
Dr. Stephen Henson	d9d0f1b52c	Reject leading 0x80 in OID subidentifiers.	2009-08-06 16:32:54 +00:00
Dr. Stephen Henson	512d359e26	Update from 1.0.0-stable.	2009-07-27 21:22:02 +00:00
Dr. Stephen Henson	6e0c9e6008	Update from 1.0.0-stable.	2009-07-11 21:43:50 +00:00
Dr. Stephen Henson	220bd84911	Updates from 1.0.0-stable	2009-04-06 15:22:01 +00:00
Dr. Stephen Henson	14023fe352	Merge from 1.0.0-stable branch.	2009-04-03 11:45:19 +00:00
Dr. Stephen Henson	73ba116e96	Update from stable branch.	2009-03-25 12:54:14 +00:00
Dr. Stephen Henson	80b2ff978d	Update from stable branch.	2009-03-25 12:53:50 +00:00
Dr. Stephen Henson	7ce8c95d58	Update from stable branch.	2009-03-25 12:53:26 +00:00
Dr. Stephen Henson	854a225a27	Update from stable branch.	2009-03-14 18:33:49 +00:00
Dr. Stephen Henson	33ab2e31f3	PR: 1854 Submitted by: Oliver Martin <oliver@volatilevoid.net> Reviewed by: steve@openssl.org Support GeneralizedTime in ca utility.	2009-03-09 13:59:07 +00:00
Dr. Stephen Henson	477fd4596f	PR: 1835 Submitted by: Damien Miller <djm@mindrot.org> Approved by: steve@openssl.org Fix various typos.	2009-02-14 21:49:38 +00:00
Dr. Stephen Henson	ede6ef5e08	Submitted by: Peter Sylvester <Peter.Sylvester@edelweb.fr> Reviewed by: steve If tagging is universal and SET or SEQUENCE set constructed bit.	2009-02-10 12:13:08 +00:00
Dr. Stephen Henson	57f39cc826	Print out UTF8 and NumericString types in ASN1 parsing utility.	2009-01-28 12:54:52 +00:00
Dr. Stephen Henson	6489573224	Update from stable branch.	2009-01-28 12:36:14 +00:00
Dr. Stephen Henson	079e00e646	Typo: just copy across an unknown type.	2009-01-28 12:32:03 +00:00
Ben Laurie	23b973e600	Calculate offset correctly. (Coverity ID 233)	2009-01-01 18:30:51 +00:00
Ben Laurie	ccf529928f	!a && !a->b is clearly wrong! Changed to !a \|\| !a->b (Coverity ID 145).	2008-12-26 15:32:59 +00:00
Geoff Thorpe	6343829a39	Revert the size_t modifications from HEAD that had led to more knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD.	2008-11-12 03:58:08 +00:00
Dr. Stephen Henson	2e5975285e	Update obsolete email address...	2008-11-05 18:39:08 +00:00
Dr. Stephen Henson	5947ca0409	Don't use clobbered 'i' for checking UTCTime and GeneralizedTime length.	2008-11-05 18:28:24 +00:00
Ben Laurie	5e4430e70d	More size_tification.	2008-11-01 16:40:37 +00:00
Ben Laurie	4d6e1e4f29	size_tification.	2008-11-01 14:37:00 +00:00
Dr. Stephen Henson	e19106f5fb	Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros with the appropriate parameters which calls OBJ_bsearch(). A compiler will typically inline this. This avoids the need for cmp_xxx variables and fixes unchecked const issues with CHECKED_PTR_OF()	2008-10-22 15:43:01 +00:00
Dr. Stephen Henson	606f6c477a	Fix a shed load or warnings: Duplicate const. Use of ; outside function.	2008-10-20 15:12:00 +00:00
Ben Laurie	babb379849	Type-checked (and modern C compliant) OBJ_bsearch.	2008-10-12 14:32:47 +00:00
Dr. Stephen Henson	87d3a0cd90	Experimental new date handling routines. These fix issues with X509_time_adj() and should avoid any OS date limitations such as the year 2038 bug.	2008-10-07 22:55:27 +00:00
Dr. Stephen Henson	d43c4497ce	Initial support for delta CRLs. If "use deltas" flag is set attempt to find a delta CRL in addition to a full CRL. Check and search delta in addition to the base.	2008-09-01 15:15:16 +00:00
Dr. Stephen Henson	4b96839f06	Add support for CRLs partitioned by reason code. Tidy CRL scoring system. Add new CRL path validation error.	2008-08-29 11:37:21 +00:00
Dr. Stephen Henson	d0fff69dc9	Initial indirect CRL support.	2008-08-20 16:42:19 +00:00
Dr. Stephen Henson	e9746e03ee	Initial support for name constraints certificate extension. TODO: robustness checking on name forms.	2008-08-08 15:35:29 +00:00
Dr. Stephen Henson	6d6c47980e	Correctly handle errors in CMS I/O code.	2008-08-05 15:55:53 +00:00
Dr. Stephen Henson	3e727a3b37	Add support for nameRelativeToCRLIssuer field in distribution point name fields.	2008-08-04 15:34:27 +00:00
Bodo Möller	efa73a77e4	Make sure not to read beyond end of buffer	2008-07-16 18:10:27 +00:00
Dr. Stephen Henson	d4cdbab99b	Avoid warnings with -pedantic, specifically: Conversion between void * and function pointer. Value computed not used. Signed/unsigned argument.	2008-07-04 23:12:52 +00:00
Dr. Stephen Henson	6cb9fca70d	Fix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather than referencing existing X509_NAME_ENTRY structures so needs to be completely freed.	2008-06-06 11:26:07 +00:00
Ben Laurie	5ce278a77b	More type-checking.	2008-06-04 11:01:43 +00:00
Dr. Stephen Henson	964c7e8f6d	Fix it properly this time....	2008-03-31 18:21:30 +00:00
Dr. Stephen Henson	f6a45ac5ac	Fix macro.	2008-03-31 18:14:10 +00:00
Dr. Stephen Henson	2e86f0d8d7	Use correct headers for signed receipts. Use consistent naming. Update cms-test.pl to support OpenSSL 0.9.8.	2008-03-31 15:03:55 +00:00
Dr. Stephen Henson	ab568a17cf	Fix duplicate asn1 ctrl values.	2008-03-23 14:13:45 +00:00
Dr. Stephen Henson	fe591284be	Update dependencies.	2008-03-22 18:52:03 +00:00
Geoff Thorpe	1e26a8baed	Fix a variety of warnings generated by some elevated compiler-fascism, OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...	2008-03-16 21:05:46 +00:00
Dr. Stephen Henson	7c337e00d2	Fix some warnings.	2008-03-16 20:59:10 +00:00
Dr. Stephen Henson	a78a03744d	Only call free once in CHOICE type.	2008-03-14 00:57:01 +00:00
Dr. Stephen Henson	8931b30d84	And so it begins... Initial support for CMS. Add zlib compression BIO. Add AES key wrap implementation. Generalize S/MIME MIME code to support CMS and/or PKCS7.	2008-03-12 21:14:28 +00:00
Dr. Stephen Henson	56c7754cab	Avoid warnings.	2008-02-28 14:05:01 +00:00
Dr. Stephen Henson	a70a49a018	Fix typo and avoid warning.	2008-02-28 13:18:26 +00:00
Dr. Stephen Henson	1ad90a916b	Extend attribute setting routines to support non-string types.	2008-02-11 13:59:33 +00:00
Dr. Stephen Henson	9e5df8e448	Support custom primitive type printing routines and add one to LONG type.	2008-02-08 13:07:04 +00:00
Andy Polyakov	4be63cfb55	Source readability fix, which incidentally works around XLC compiler bug.	2007-12-29 18:32:34 +00:00
Dr. Stephen Henson	2f0550c4c1	Lookup public key ASN1 methods by string by iterating through all implementations instead of all added ENGINEs to cover case where an ENGINE is not added.	2007-11-21 17:25:58 +00:00
Dr. Stephen Henson	94e6ae7a69	Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> Make {d2i,i2d}_PrivateKey() fall back to PKCS#8 format if no legacy format supported. Add support in d2i_AutoPrivateKey().	2007-11-20 13:37:51 +00:00
Andy Polyakov	ebc06fba67	Bunch of constifications.	2007-10-13 15:51:32 +00:00
Dr. Stephen Henson	67c8e7f414	Support for certificate status TLS extension.	2007-09-26 21:56:59 +00:00
Andy Polyakov	a005fb019f	Addenum to "Constify obj_dat.[ch]."	2007-09-18 22:15:31 +00:00
Dr. Stephen Henson	7c5921e736	Handle empty case in X509_NAME canonical encoding.	2007-09-14 18:11:17 +00:00
Dr. Stephen Henson	a6fbcb4220	Change safestack reimplementation to match 0.9.8. Fix additional gcc 4.2 value not used warnings.	2007-09-07 13:25:15 +00:00
Andy Polyakov	34994068a4	Respect ISO aliasing rules. PR: 1296	2007-07-27 20:34:10 +00:00
Dr. Stephen Henson	54b5fd537f	WIN32 fixes.	2007-06-08 00:26:16 +00:00
Dr. Stephen Henson	3c07d3a3d3	Finish gcc 4.2 changes.	2007-06-07 13:14:42 +00:00
Dr. Stephen Henson	64a5c5d1be	Fix X509_REQ_print_ex() to process extension options.	2007-05-22 23:31:29 +00:00
Dr. Stephen Henson	e77dbf325f	Prepend signature name in dgst output.	2007-05-17 16:19:17 +00:00
Dr. Stephen Henson	e69adea539	New function EVP_PKEY_asn1_copy(). Use default MD if type param is NULL.	2007-05-15 23:52:03 +00:00
Dr. Stephen Henson	f8492ffeaa	More useful ASN1 macros for static allocation functions.	2007-05-10 17:34:42 +00:00
Bodo Möller	96afc1cfd5	Add SEED encryption algorithm. PR: 1503 Submitted by: KISA Reviewed by: Bodo Moeller	2007-04-23 23:48:59 +00:00
Dr. Stephen Henson	18f547734e	New function ASN1_STRING_copy() to copy to an already alloacted ASN1_STRING structure.	2007-04-14 17:53:55 +00:00
Dr. Stephen Henson	9cfc8a9d5c	Update smime utility to support streaming for -encrypt and -sign -nodetach options. Add new streaming i2d (though strictly speaking it is BER format when streaming) and PEM functions. These all process content on the fly without storing it all in memory.	2007-04-13 01:06:41 +00:00
Dr. Stephen Henson	74633553a9	Experimental HMAC support via EVP_PKEY_METHOD.	2007-04-11 12:33:06 +00:00
Dr. Stephen Henson	0cc361f3e7	Fix from stable branch.	2007-04-08 17:45:47 +00:00
Nils Larsch	a0d48e7e7e	remove unused file	2007-03-02 19:42:16 +00:00
Lutz Jänicke	0636c39bb1	Fix incorrect handling of special characters PR: 1459 Submitted by: tnitschke@innominate.com Reviewed by: steve@openssl.org	2007-02-21 17:44:53 +00:00
Nils Larsch	92ada7cc52	remove unreachable code	2007-02-10 09:45:07 +00:00
Dr. Stephen Henson	2d3e956ae0	Update from 0.9.7-stable.	2007-01-23 17:53:48 +00:00
Dr. Stephen Henson	560b79cbff	Constify version strings and some structures.	2007-01-21 13:07:17 +00:00
Dr. Stephen Henson	11d8cdc6ad	Experimental streaming PKCS#7 support. I thought it was about time I dusted this off. This stuff had been sitting on my hard drive for ages (2003 in fact). Hasn't been tested well and may not work properly. Nothing uses it at present which is just as well. Think of this as a traditional Christmas present which looks far more impressive in the adverts and on the box, some of the bits are missing and falls to bits if you play with it too much.	2006-12-24 16:22:56 +00:00
Nils Larsch	34f0a19309	remove trailing '\' PR: 1438	2006-12-19 19:49:02 +00:00
Dr. Stephen Henson	10ca15f3fa	Fix change to OPENSSL_NO_RFC3779	2006-12-06 13:36:48 +00:00
Dr. Stephen Henson	4d7aff707e	Update dependencies.	2006-11-30 13:41:47 +00:00
Ben Laurie	96ea4ae91c	Add RFC 3779 support.	2006-11-27 14:18:05 +00:00
Dr. Stephen Henson	47a9d527ab	Update from 0.9.8 stable. Eliminate duplicate error codes.	2006-11-21 21:29:44 +00:00
Dr. Stephen Henson	de12116417	Initial, incomplete support for typesafe macros without using function casts.	2006-11-16 00:19:39 +00:00
Dr. Stephen Henson	b37a68cc8f	Initialize old_priv_encode, old_priv_decode.	2006-10-27 11:43:27 +00:00
Bodo Möller	d326582cab	ASN1_item_verify needs to initialize ctx before any "goto err" can happen; the new code for the OID cross reference table failed to do so.	2006-10-04 06:14:36 +00:00
Dr. Stephen Henson	f4c630abb3	Place standard CRL behaviour in default X509_CRL_METHOD new functions to create, free and set default CRL method.	2006-10-03 02:47:59 +00:00
Mark J. Cox	348be7ec60	Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) [Steve Henson]	2006-09-28 13:20:44 +00:00
Dr. Stephen Henson	5b73c3609b	Using correct lock for X509_REQ. PR:1348	2006-09-22 17:06:09 +00:00
Dr. Stephen Henson	eebeb52b29	Update length if copying MSB set in asn1_string_canon().	2006-09-22 13:37:15 +00:00
Dr. Stephen Henson	1182301ca7	Do CRL method init after other operations.	2006-09-21 12:48:56 +00:00
Dr. Stephen Henson	010fa0b331	Tidy up CRL handling by checking for critical extensions when it is loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked entry to avoid the need to access the structure directly. Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be redirected.	2006-09-21 12:42:15 +00:00
Dr. Stephen Henson	4d50a2b4d6	Add verify callback functions to lookup a STACK of matching certs or CRLs based on subject name. New thread safe functions to retrieve matching STACK from X509_STORE. Cache some IDP components.	2006-09-10 12:38:37 +00:00
Dr. Stephen Henson	539d4c1030	Fix leak	2006-08-31 20:10:37 +00:00
Dr. Stephen Henson	edc540211c	Cache some CRL related extensions.	2006-07-24 12:39:22 +00:00
Dr. Stephen Henson	2eed3a3cc8	Avoid warning.	2006-07-21 22:46:19 +00:00
Dr. Stephen Henson	450ea83495	Store canonical encodings of Name structures. Update X509_NAME_cmp() to use them.	2006-07-18 12:36:19 +00:00
Dr. Stephen Henson	5c95c2ac23	Fix various error codes to match functions.	2006-07-17 16:33:31 +00:00
Bodo Möller	f3dea9a595	Camellia cipher, contributed by NTT Submitted by: Masashi Fujita Reviewed by: Bodo Moeller	2006-06-09 15:44:59 +00:00
Andy Polyakov	6f344eab03	Fix obvious typo.	2006-06-05 16:04:09 +00:00
Dr. Stephen Henson	41eacc84a0	Clarify comment and add #ifdef.	2006-06-05 12:38:22 +00:00
Dr. Stephen Henson	01b8b3c7d2	Complete EVP_PKEY_ASN1_METHOD ENGINE support.	2006-06-05 11:52:46 +00:00
Dr. Stephen Henson	ae519a247f	Extended PBES2 function supporting application supplied IV and PRF NID.	2006-05-17 12:47:17 +00:00
Dr. Stephen Henson	6d3a1eac3b	Add PRF preference ctrl to ciphers.	2006-05-15 18:35:13 +00:00
Richard Levitte	98bf13c36b	make update	2006-05-12 15:31:28 +00:00
Dr. Stephen Henson	399a6f0bd1	Update PKCS#7 enveloped data to new API.	2006-05-08 12:44:25 +00:00
Dr. Stephen Henson	03919683f9	Add support for default public key digest type ctrl.	2006-05-07 17:09:39 +00:00
Dr. Stephen Henson	cddaba8ede	Add 'flags' parameter to EVP_PKEY_asn1_meth_new() to set algorithm flags.	2006-04-21 17:38:58 +00:00
Dr. Stephen Henson	ee1d9ec019	Remove link between digests and signature algorithms. Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate the need for algorithm specific code.	2006-04-19 17:05:59 +00:00
Dr. Stephen Henson	492a9e2415	Allow public key ASN1 methods to set PKCS#7 SignerInfo structures.	2006-04-17 17:12:23 +00:00
Dr. Stephen Henson	c20276e4ae	Fix (most) WIN32 warnings and errors.	2006-04-17 12:08:22 +00:00
Dr. Stephen Henson	5950bf7943	Revert to original...	2006-04-15 13:15:25 +00:00
Dr. Stephen Henson	4141c803d8	Oops...	2006-04-15 13:12:42 +00:00
Dr. Stephen Henson	f3481ca28f	Print out zero length string properly.	2006-04-14 16:47:18 +00:00
Dr. Stephen Henson	f5cda4cbb1	Initial keygen support.	2006-04-11 13:28:52 +00:00
Dr. Stephen Henson	07e970c7e6	Initial functions for RSA EVP_PKEY_METHOD. Update dependencies.	2006-04-08 00:15:07 +00:00
Dr. Stephen Henson	9e4d0f0be2	New utility 'pkeyutl' a general purpose version of 'rsautl'.	2006-04-07 19:33:28 +00:00
Dr. Stephen Henson	e46691a0bc	New function to add dynamic alias.	2006-04-05 13:24:19 +00:00
Dr. Stephen Henson	9c9c98ad2e	Typo.	2006-04-05 12:00:22 +00:00
Dr. Stephen Henson	863779065e	Fix dynamic public key method lookup.	2006-04-04 18:32:19 +00:00
Dr. Stephen Henson	0b33dac310	New function to retrieve ASN1 info on public key algorithms. New command line option to print out info.	2006-04-04 18:16:03 +00:00
Dr. Stephen Henson	db98bbc114	Initial support for generalized public key parameters.	2006-03-24 13:46:58 +00:00
Dr. Stephen Henson	e42633140e	Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD.	2006-03-23 18:02:23 +00:00
Dr. Stephen Henson	d82e2718e2	Add information and pem strings. Update dependencies.	2006-03-23 11:54:51 +00:00
Dr. Stephen Henson	18e377b4ff	Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to initialize it. Initial support for application added public key ASN1.	2006-03-22 17:59:49 +00:00
Dr. Stephen Henson	1b593194be	Move algorithm specific print code from crypto/asn1/t_pkey.c to separate *_prn.c files in each algorithm directory.	2006-03-22 13:34:19 +00:00
Dr. Stephen Henson	35208f368c	Gather printing routines into EVP_PKEY_ASN1_METHOD.	2006-03-22 13:09:35 +00:00
Dr. Stephen Henson	6f81892e6b	Transfer parameter handling and key comparison to algorithm methods.	2006-03-20 17:56:05 +00:00
Dr. Stephen Henson	448be74335	Initial support for pluggable public key ASN1 support. Process most public key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move the spaghetti algorithm specific code to a single ASN1 module for each algorithm.	2006-03-20 12:22:24 +00:00
Nils Larsch	67b6f1ca88	fix problems found by coverity: remove useless code	2006-03-15 17:45:43 +00:00
Nils Larsch	40f51f506c	create BN_CTX object	2006-03-15 08:37:35 +00:00
Nils Larsch	6c73d01142	constify some print and ts functions	2006-03-05 20:19:05 +00:00
Nils Larsch	6384e46da3	make some parameters const	2006-03-04 13:55:02 +00:00
Dr. Stephen Henson	350a404cb8	Print out <INVALID> if an OID value is invalid.	2006-02-21 01:00:08 +00:00
Dr. Stephen Henson	827c55741b	Tolerate a SEQUENCE in DN components.	2006-02-19 13:44:47 +00:00
Nils Larsch	b3e72fc37f	make some internal functions static; patch supplied by Kurt Roeckx	2006-02-15 20:20:20 +00:00
Dr. Stephen Henson	e7a8b47f1a	Fix warnings.	2006-02-15 14:45:31 +00:00
Ulf Möller	3b408d83fe	make update	2006-02-12 23:21:56 +00:00
Ulf Möller	c7235be6e3	RFC 3161 compliant time stamp request creation, response generation and response verification. Submitted by: Zoltan Glozik <zglozik@opentsa.org> Reviewed by: Ulf Moeller	2006-02-12 23:11:56 +00:00
Nils Larsch	82e8372f17	p could be uninitialized	2006-02-08 18:51:17 +00:00
Dr. Stephen Henson	15ac971681	Update filenames in makefiles.	2006-02-04 01:45:59 +00:00
Dr. Stephen Henson	c7474d077b	Ignore zero length constructed segments.	2006-01-31 18:36:29 +00:00
Nils Larsch	8c5a2bd6bb	add additional checks + cleanup Submitted by: David Hartman <david_hartman@symantec.com>	2006-01-29 23:12:22 +00:00
Dr. Stephen Henson	25a58453ff	Fixes for BOOL handling: produce errors for invalid string for mini-compiler, correctly encode FALSE for BOOL in ASN1_TYPE.	2006-01-19 17:16:56 +00:00
Nils Larsch	802d7fa6d5	support numeric strings in ASN1_generate_nconf	2006-01-14 09:21:33 +00:00
Bodo Möller	51eb1b81f6	Avoid contradictive error code assignments. "make errors".	2006-01-08 21:54:24 +00:00
Bodo Möller	739a543ea8	Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)	2006-01-08 19:42:30 +00:00
Dr. Stephen Henson	9ee0f7b7e0	In ASN1_parse() show tag value for ASN1 tags > 30.	2006-01-03 14:20:07 +00:00
Dr. Stephen Henson	9cbf062a70	Update from stable branch.	2005-12-05 00:53:36 +00:00
Dr. Stephen Henson	452ae49db5	Extensive OID code enhancement and fixes.	2005-11-20 13:07:47 +00:00
Dr. Stephen Henson	8265328def	Oops :-)	2005-10-02 12:41:11 +00:00
Dr. Stephen Henson	09b6c2ef15	Make OPENSSL_NO_COMP compile again.	2005-09-30 23:35:33 +00:00
Andy Polyakov	7a06050cd3	"Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups. PR: 1196 Submitted by: Russel Ruby	2005-09-20 20:19:07 +00:00
Dr. Stephen Henson	270da80bfa	Fix for Win32.	2005-09-16 11:45:55 +00:00
Dr. Stephen Henson	2a45408c4a	Update print macro properly this time...	2005-09-03 00:49:26 +00:00
Dr. Stephen Henson	9e201014f8	Update ASN1 print implement macro.	2005-09-03 00:48:13 +00:00
Dr. Stephen Henson	0c072a0b46	Update asn1t.h too for ASN1 print.	2005-09-03 00:44:08 +00:00
Dr. Stephen Henson	c11c64fbe0	Update to ASN1 printing code.	2005-09-03 00:40:40 +00:00
Dr. Stephen Henson	244847591f	Extend callback function to support print customization.	2005-09-01 20:42:52 +00:00
Dr. Stephen Henson	5abe32d861	Return 2 from X509_NAME printing routine to add newline.	2005-09-01 18:02:51 +00:00
Dr. Stephen Henson	9194296de8	Update ASN1 printing code and add a -print option to 'pkcs7' utility for initial testing.	2005-09-01 18:00:56 +00:00
Dr. Stephen Henson	1ef7acfe92	Initial support for ASN1 print code. WARNING WARNING WARNING, experimental code, handle with care, use at your own risk, may contain nuts.	2005-09-01 13:59:16 +00:00
Nils Larsch	8215e7a938	fix warnings when building openssl with the following compiler options: -Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar -Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts -Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused -Wno-unused-parameter -Wuninitialized	2005-08-28 22:49:57 +00:00
Ben Laurie	bf3d6c0c9b	Make D-H safer, include well-known primes.	2005-08-21 16:00:17 +00:00
Dr. Stephen Henson	6b80c20bdb	Use correct date and filename.	2005-08-21 12:25:52 +00:00
Dr. Stephen Henson	2e8879fa6e	Delete old ASN1_METHOD files.	2005-08-20 19:48:58 +00:00
Dr. Stephen Henson	f5a07779dd	Add file which includes new ASN1 NETSCAPE format for certificates.	2005-08-20 19:46:52 +00:00
Dr. Stephen Henson	45e2738585	Remove ASN1_METHOD code replace with new ASN1 alternative.	2005-08-20 18:12:45 +00:00
Dr. Stephen Henson	b173acfc96	New version of ASN1 print code, still not compiled in though.	2005-08-20 00:08:29 +00:00
Nils Larsch	01039d0bff	remove unused variable	2005-07-27 20:20:53 +00:00
Nils Larsch	c755c5fd8b	improved error checking and some fixes PR: 1170 Submitted by: Yair Elharrar Reviewed and edited by: Nils Larsch	2005-07-26 21:10:34 +00:00
Dr. Stephen Henson	5c8e9139d1	Handle case where it==NULL	2005-07-26 12:25:06 +00:00
Dr. Stephen Henson	56defd9a98	Update ASN1 printing code. Highly experimental, not working properly (neither did the old code) and not compiled in yet...	2005-07-26 11:46:23 +00:00
Nils Larsch	3eeaab4bed	make ./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make depend all test work again PR: 1159	2005-07-16 12:37:36 +00:00
Nils Larsch	67ffa18cce	make the type parameter const when ID2_OF_const() is used	2005-05-18 22:30:38 +00:00
Andy Polyakov	53d8996764	Engage Applink for VC builds.	2005-05-17 16:50:46 +00:00
Andy Polyakov	25a66ee3cb	Move cryptlib.h prior bio.h. Actually it makes sense to include cryptlib.h first everywhere in crypto and skip stdio.h and string.h [because it includes them].	2005-05-17 00:01:48 +00:00
Andy Polyakov	ce92b6eb9c	Further BUILDENV refinement, further fool-proofing of Makefiles and [most importantly] put back dependencies accidentaly eliminated in check-in #13342.	2005-05-16 16:55:47 +00:00
Nils Larsch	9dd8405341	ecc api cleanup; summary: - hide the EC_KEY structure definition in ec_lcl.c + add some functions to use/access the EC_KEY fields - change the way how method specific data (ecdsa/ecdh) is attached to a EC_KEY - add ECDSA_sign_ex and ECDSA_do_sign_ex functions with additional parameters for pre-computed values - rebuild libeay.num from 0.9.7	2005-05-16 10:11:04 +00:00
Andy Polyakov	81a86fcf17	Fool-proofing Makefiles	2005-05-15 22:23:26 +00:00
Dr. Stephen Henson	fe86616c72	Some C compilers produce warnings or compilation errors if an attempt is made to directly cast a function of one type to what it considers and incompatible type. In particular gcc 3.4.2. Add new openssl_fcast macro to place functions into a form where the compiler will allow them to be cast. The current version achives this by casting to: void function(void).	2005-05-12 23:01:44 +00:00
Bodo Möller	8afca8d9c6	Fix more error codes. (Also improve util/ck_errf.pl script, and occasionally fix source code formatting.)	2005-05-11 03:45:39 +00:00
Nils Larsch	8b15c74018	give EC_GROUP_new_by_nid a more meanigful name: EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name	2005-05-10 11:37:47 +00:00
Bodo Möller	fbeaa3c47d	Update util/ck_errf.pl script, and have it run automatically during "make errors" and thus during "make update". Fix lots of bugs that util/ck_errf.pl can detect automatically. Various others of these are still left to fix; that's why "make update" will complain loudly when run now.	2005-05-09 00:27:37 +00:00
Nils Larsch	7dc17a6cf0	give EC_GROUP_*_nid functions a more meaningful name EC_GROUP_get_nid -> EC_GROUP_get_curve_name EC_GROUP_set_nid -> EC_GROUP_set_curve_name	2005-05-08 22:09:12 +00:00
Dr. Stephen Henson	98a2fd32a0	Typo.	2005-04-30 18:07:30 +00:00
Dr. Stephen Henson	7bdeeb64ac	Don't attempt to parse nested ASN1 strings by default.	2005-04-30 18:02:54 +00:00
Dr. Stephen Henson	e1cc0671ac	Use more efficient way to locate end of an ASN1 structure.	2005-04-30 13:06:45 +00:00
Dr. Stephen Henson	2deadf1672	Port from stable branch.	2005-04-26 23:21:49 +00:00
Bodo Möller	aa4ce7315f	Fix various incorrect error function codes. ("perl util/ck_errf.pl /.c //*.c" still reports many more.)	2005-04-26 18:53:22 +00:00
Nils Larsch	9edf4e8157	make asn.1 field names const	2005-04-23 13:45:49 +00:00
Nils Larsch	ff22e913a3	- use BN_set_negative and BN_is_negative instead of BN_set_sign and BN_get_sign - implement BN_set_negative as a function - always use "#define BN_is_zero(a) ((a)->top == 0)"	2005-04-22 20:02:44 +00:00
Dr. Stephen Henson	2c45bf2bc9	Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts. Remove more bogus shadow warnings.	2005-04-20 21:48:06 +00:00
Richard Levitte	254cfe878e	signed vs. unsigned.	2005-04-20 13:12:33 +00:00
Richard Levitte	22c3600e4c	Resolve signed vs. unsigned.	2005-04-20 12:55:15 +00:00
Dr. Stephen Henson	29dc350813	Rebuild error codes.	2005-04-12 16:15:22 +00:00
Richard Levitte	4bb61becbb	Add emacs cache files to .cvsignore.	2005-04-11 14:17:07 +00:00
Nils Larsch	f763e0b5ae	make sure error queue is totally emptied PR: 359	2005-04-07 22:53:35 +00:00
Nils Larsch	70f34a5841	some const fixes and cleanup	2005-04-05 10:29:43 +00:00
Ben Laurie	8bb826ee53	Consistency.	2005-03-31 13:57:54 +00:00
Ben Laurie	45d10efc35	Simplicate and add lightness.	2005-03-31 10:55:55 +00:00
Ben Laurie	41a15c4f0f	Give everything prototypes (well, everything that's actually used).	2005-03-31 09:26:39 +00:00
Ben Laurie	42ba5d2329	Blow away Makefile.ssl.	2005-03-30 13:05:57 +00:00
Ben Laurie	0821bcd4de	Constification.	2005-03-30 10:26:02 +00:00
Richard Levitte	bf746f0f46	Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might cause a segfault... This was uncovered because EVP_VerifyInit() may fail in FIPS mode if the wrong algorithm is chosen...	2005-01-27 01:49:25 +00:00
Richard Levitte	a229e3038e	Get rid if the annoying warning	2005-01-27 01:47:31 +00:00
Dr. Stephen Henson	5e8904f289	Remove duplicate lines.	2004-12-12 13:15:49 +00:00
Dr. Stephen Henson	c162b132eb	Automatically mark the CRL cached encoding as invalid when some operations are performed.	2004-12-09 13:35:06 +00:00
Dr. Stephen Henson	a0e7c8eede	Add lots of checks for memory allocation failure, error codes to indicate failure and freeing up memory if a failure occurs. PR:620	2004-12-05 01:03:15 +00:00
Richard Levitte	a2ac429da2	Don't use $(EXHEADER) directly in for loops, as most shells will break if $(EXHEADER) is empty. Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>	2004-11-02 23:55:01 +00:00
Dr. Stephen Henson	2f605e8d24	Fix race condition when CRL checking is enabled.	2004-10-04 16:30:12 +00:00
Dr. Stephen Henson	bd9327baa9	Change values of MBSTRING_* to the form MBSTRING_FLAG\|nbyte as assumed in ASN1_STRING_to_UTF8().	2004-09-13 22:33:56 +00:00
Dr. Stephen Henson	e08aad1d14	Make ASN1_INTEGER_cmp() work as expected with negative integers.	2004-08-10 17:40:14 +00:00
Dr. Stephen Henson	c39c32dd65	PKCS#8 fixes from stable branch.	2004-07-04 16:44:52 +00:00
Geoff Thorpe	9c52d2cc75	After the latest round of header-hacking, regenerate the dependencies in the Makefiles. NB: this commit is probably going to generate a huge posting and it is highly uninteresting to read.	2004-05-17 19:26:06 +00:00
Geoff Thorpe	0f814687b9	Deprecate the recursive includes of bn.h from various API headers (asn1.h, dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are already declared in ossl_typ.h. Add explicit includes for bn.h in those C files that need access to structure internals or API functions+macros.	2004-05-17 19:14:22 +00:00
Dr. Stephen Henson	bd1640bb01	Make ASN1 code work again...	2004-04-27 18:33:40 +00:00
Dr. Stephen Henson	f3f52d7f45	More ASN1 reformat/tidy.	2004-04-25 12:46:39 +00:00
Dr. Stephen Henson	8845420f4e	Reformat/tidy some of the ASN1 code.	2004-04-24 17:02:48 +00:00
Geoff Thorpe	c57bc2dc51	make update	2004-04-19 18:33:41 +00:00
Geoff Thorpe	60a938c6bc	(oops) Apologies all, that last header-cleanup commit was from the wrong tree. This further reduces header interdependencies, and makes some associated cleanups.	2004-04-19 18:09:28 +00:00
Dr. Stephen Henson	e07d3a021d	Remove obsolete files.	2004-03-28 12:29:05 +00:00
Dr. Stephen Henson	6446e0c3c8	Extend OID config module format.	2004-03-27 13:30:14 +00:00
Dr. Stephen Henson	4acc3e907d	Initial support for certificate policy checking and evaluation. This is currently very experimental and needs to be more fully integrated with the main verification code.	2004-03-23 14:14:35 +00:00
Richard Levitte	875a644a90	Constify d2i, s2i, c2i and r2i functions and other associated functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.	2004-03-15 23:15:26 +00:00
Dr. Stephen Henson	5fa5eb71a4	Cleanup ASN1 OID module when it exits.	2004-03-05 23:47:56 +00:00
Richard Levitte	87203dc99a	Avoid signed vs. unsigned warnings (which are treated like errors on Windows).	2004-01-27 01:16:38 +00:00
Richard Levitte	79b42e7654	Use sh explicitely to run point.sh This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 14:59:07 +00:00
Richard Levitte	d420ac2c7d	Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 14:40:17 +00:00
Geoff Thorpe	f7a397cc8d	Avoid possible memory leaks in error-handling. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe	2003-11-10 18:05:22 +00:00
Dr. Stephen Henson	cd2e8a6f2d	Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().	2003-11-10 01:37:23 +00:00
Geoff Thorpe	aca95e0b2f	Remove a line that was causing redundant declarations. Obtained from: Stephen Henson <steve@openssl.org>	2003-10-29 22:55:19 +00:00
Geoff Thorpe	2754597013	A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.	2003-10-29 20:24:15 +00:00
Dr. Stephen Henson	2990244980	ASN1 parse fix and release file changes.	2003-09-30 16:47:33 +00:00
Dr. Stephen Henson	510dc1ecd0	outlen should be int * in out_utf8.	2003-08-21 12:32:12 +00:00
Richard Levitte	83743ad039	Fix sign bugs. PR: 621	2003-05-21 14:29:13 +00:00
Dr. Stephen Henson	727ef76ebd	Add correct DN entry for serialNumber.	2003-05-07 23:20:58 +00:00
Dr. Stephen Henson	0b1c00abeb	Typo.	2003-04-10 00:04:02 +00:00
Richard Levitte	3ae70939ba	Correct a lot of printing calls. Remove extra arguments...	2003-04-03 23:39:48 +00:00
Richard Levitte	536b73e78e	Make sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA.	2003-03-20 23:16:45 +00:00
Dr. Stephen Henson	ea3675b5b6	New ASN1 macros to just implement and declare the new and free functions and changes to mkdef.pl so it recognises them. Use these in policyMappings extension.	2003-03-20 17:58:33 +00:00
Dr. Stephen Henson	e6539fe22d	Add entry for domainComponent so it is treated correctly. Add table order test to end of a_strnid.c	2003-03-14 01:44:42 +00:00
Dr. Stephen Henson	e9ec63961b	Fix indefinite length encoding so EOC correctly updates the buffer pointer. Rename PKCS7_PARTSIGN to PKCS7_STREAM. Guess what that's for :-)	2003-02-25 19:03:31 +00:00
Bodo Möller	62e3163b1b	ECPublicKey_set_octet_string and ECPublicKey_get_octet_string behaviour was not quite consistent with the conventions for d2i and i2d functions as far as handling of the 'out' or 'in' pointer is concerned. This patch changes this behaviour, and renames the functions to o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the external encoding is just a raw object string without any DER icing). Submitted by: Nils Larsch	2003-02-21 13:58:23 +00:00
Dr. Stephen Henson	8214e74f76	Ooops forgot to recognise V_ASN1_GENERALSTRING.	2003-02-20 17:13:21 +00:00
Dr. Stephen Henson	988e8458ad	Typo.	2003-02-18 12:46:47 +00:00
Dr. Stephen Henson	a8f5b2ed50	GeneralString support in mini-ASN1 compiler	2003-02-11 14:06:27 +00:00
Bodo Möller	9048c7245b	For ecdsa-with-SHA1, as for id-dsa-with-sha1, omit 'parameters' in AlgorithmIdentifier Submitted by: Nils Larsch	2003-01-24 21:43:08 +00:00
Dr. Stephen Henson	d3b5cb5343	Check return value of gmtime() and add error codes where it fails in ASN1_TIME_set(). Edit asn1.h so the new error code is the same in 0.9.7 and 0.9.8, rebuild new error codes. Clear error queue in req.c if _min or _max is absent.	2003-01-24 01:12:01 +00:00
Richard Levitte	7eed0fc041	Make sure the last character of the ASN.1 time string (the 'Z') is copied. PR: 429	2003-01-01 03:40:59 +00:00
Richard Levitte	5e42f9ab46	make update	2002-12-29 01:38:15 +00:00
Andy Polyakov	bbf8198feb	Workaround for GCC-ia64 compiler bug. Submitted by: <appro> Reviewed by: PR:	2002-12-06 17:18:10 +00:00
Bodo Möller	7e8c30b589	In ECPKParameters_print, output the private key length correctly (length of the order of the group, not length of the actual key, which will be shorter in some cases). Submitted by: Nils Larsch	2002-12-04 17:43:01 +00:00
Dr. Stephen Henson	716b2079dc	Make ASN1_TYPE_get() work for V_ASN1_NULL type.	2002-12-04 00:49:46 +00:00
Dr. Stephen Henson	2053c43de2	In asn1_d2i_read_bio, don't assume BIO_read will return the requested number of bytes when reading content.	2002-12-03 23:50:59 +00:00
Richard Levitte	4579924b7e	Cleanse memory using the new OPENSSL_cleanse() function. I've covered all the memset()s I felt safe modifying, but may have missed some.	2002-11-28 08:04:36 +00:00
Richard Levitte	406c6f6962	Extra ; removed.	2002-11-27 13:40:11 +00:00
Richard Levitte	711f1a3c26	Add the ASN.1 structures and functions for CertificatePair, which is defined as follows (according to X.509_4thEditionDraftV6.pdf): CertificatePair ::= SEQUENCE { forward [0] Certificate OPTIONAL, reverse [1] Certificate OPTIONAL, -- at least one of the pair shall be present -- } The only thing I'm not sure about is if it's implicit or explicit tags that I should count on. For now, I'm thinking explicit, but will gladly stand corrected. Also implement the PEM functions to read and write certificate pairs, and defined the PEM tag as "CERTIFICATE PAIR". This needed to be defined, mostly for the sake of the LDAP attribute crossCertificatePair, but may prove useful elsewhere as well.	2002-11-18 23:54:27 +00:00
Dr. Stephen Henson	d78254aa28	Add SETWRAP modifier to ASN1 generate.	2002-11-15 00:26:07 +00:00
Bodo Möller	555d75252a	use new BIO_indent() function here as well Submitted by: Nils Larsch	2002-11-14 10:56:59 +00:00
Richard Levitte	3f083ef0eb	free() -> OPENSSL_free()	2002-11-13 20:25:47 +00:00
Richard Levitte	c112323dd5	This didn't get to the 0.9.8-dev thread...	2002-11-13 18:09:27 +00:00
Ben Laurie	54a656ef08	Security fixes brought forward from 0.9.7.	2002-11-13 15:43:43 +00:00
Ben Laurie	eb43641dd3	Fix warnings, makefile cockup.	2002-11-13 11:59:48 +00:00
Dr. Stephen Henson	7fb8d254fe	Only accept exact match for modifier or tag name	2002-11-13 00:57:41 +00:00
Dr. Stephen Henson	9ea1b87862	Initial ASN1 generation code. This can construct arbitrary encodings from strings and config files. Documentation to follow...	2002-11-12 13:34:51 +00:00
Dr. Stephen Henson	38c7271a39	Check for NULL ASN1_ITEM when initializeing boolean option in ASN1_TYPE.	2002-11-05 13:48:33 +00:00
Bodo Möller	b53e44e572	implement and use new macros BN_get_sign(), BN_set_sign() Submitted by: Nils Larsch	2002-11-04 13:17:22 +00:00
Richard Levitte	ffd418f217	In my extreme debug mode, gcc complains that 'static' doesn't come first.	2002-10-20 20:38:18 +00:00
Richard Levitte	677532629d	makedepend complains when a header file is included more than once in the same source file.	2002-10-14 10:02:36 +00:00
Richard Levitte	001ab3abad	Use double dashes so makedepend doesn't misunderstand the flags we give it. For 0.9.7 and up, that means util/domd needs to remove those double dashes from the argument list when gcc is used to find the dependencies.	2002-10-09 13:25:12 +00:00
Dr. Stephen Henson	74e3931f84	Various Win32 fixes. Resolve signed/unsigned conflicts Make dso_win32.c compile.	2002-10-06 12:14:55 +00:00
Dr. Stephen Henson	12dadc555f	Oops, remove old comment out debugging printf...	2002-10-06 12:10:35 +00:00
Richard Levitte	12f27bd414	Please do not use C++ comments in C code.	2002-10-06 00:33:23 +00:00
Dr. Stephen Henson	9a48b07ee4	Various enhancements to PKCS#12 code, new medium level API, improved PKCS12_create and additional functionality in pkcs12 utility.	2002-10-03 23:53:52 +00:00
Dr. Stephen Henson	230fd6b7b6	Preliminary streaming ASN1 encode support.	2002-10-03 12:38:52 +00:00
Dr. Stephen Henson	b499ed06d2	Fix ASN1_STRING_to_UTF8: remove non sensical !*out test.	2002-08-30 17:18:22 +00:00
Bodo Möller	34f1f2a81c	less specific interface for EC_GROUP_get_basis_type Submitted by: Nils Larsch, Bodo Moeller	2002-08-26 18:08:53 +00:00
Bodo Möller	7e31164ae0	ASN1 for binary curves Submitted by: Nils Larsch	2002-08-26 11:25:54 +00:00
Dr. Stephen Henson	41ab00bedf	Reinstate the check for invalid length BIT STRINGS, which was effectively bypassed in the ASN1 changed.	2002-08-23 00:02:11 +00:00
Dr. Stephen Henson	fc85ac20c7	Make -nameopt work in req and add support for -reqopt	2002-08-22 23:43:48 +00:00
Bodo Möller	74cc4903ef	make update	2002-08-09 12:16:15 +00:00
Bodo Möller	60cc56b1a9	add field type to text output don't print seed value as a number (leading zeros must not be removed) Submitted by: Nils Larsch	2002-08-09 10:44:44 +00:00
Bodo Möller	e172d60ddb	Add ECDH support. Additional changes: - use EC_GROUP_get_degree() in apps/req.c - add ECDSA and ECDH to apps/speed.c - adds support for EC curves over binary fields to ECDSA - new function EC_KEY_up_ref() in crypto/ec/ec_key.c - reorganize crypto/ecdsa/ecdsatest.c - add engine support for ECDH - fix a few bugs in ECDSA engine support Submitted by: Douglas Stebila <douglas.stebila@sun.com>	2002-08-09 08:43:04 +00:00
Bodo Möller	14a7cfb32a	use a generic EC_KEY structure (EC keys are not ECDSA specific) Submitted by: Nils Larsch	2002-08-07 10:49:54 +00:00
Dr. Stephen Henson	aaa384ca1a	Fix typo	2002-08-02 18:58:33 +00:00
Dr. Stephen Henson	f908226898	Fix the ASN1 sanity check: correct header length calculation and check overflow against LONG_MAX.	2002-08-02 18:48:55 +00:00
Lutz Jänicke	c046fffa16	OpenSSL Security Advisory [30 July 2002] Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.	2002-07-30 13:04:04 +00:00
Lutz Jänicke	3aecef7697	"make update"	2002-07-30 12:44:33 +00:00
Bodo Möller	5dbd3efce7	Replace 'ecdsaparam' commandline utility by 'ecparam' (the same keys can be used for ECC schemes other than ECDSA) and add some new options. Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS" in 'PEM' format. Fix ec_asn1.c (take into account the desired conversion form). 'make update'. Submitted by: Nils Larsch	2002-07-14 16:54:31 +00:00
Bodo Möller	ea4f109c99	AES cipher suites are now official (RFC3268)	2002-07-04 08:51:09 +00:00
Richard Levitte	17085b022c	Pass CFLAG to dependency makers, so non-standard system include paths are handled properly. Part of PR 75	2002-06-27 16:39:25 +00:00
Bodo Möller	9ae08a9c04	Make sure buffers are large enough even for weird parameters Submitted by: Nils Larsch	2002-06-26 14:28:41 +00:00
Bodo Möller	5f3d6f70f6	Implement handling of EC parameter seeds (new functions EC_GROUP_set_seed(), EC_GROUP_get0_seed(), EC_GROUP_get_seed_len()). New functions ECPKParameters_print(), ECPKParameters_print_fp(). Submitted by: Nils Larsch	2002-06-18 08:38:59 +00:00
Lutz Jänicke	65ee74fbc7	Some more prototype fixes. Use DECLARE macros in asn1* instead of direct declaration. Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de> Reviewed by: PR: 89	2002-06-14 19:01:52 +00:00
Richard Levitte	451dc18f10	Add support for DJGPP. PR: 75	2002-06-13 20:42:35 +00:00
Lutz Jänicke	40889b9cd3	Add missing prototypes. Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de> PR: 89	2002-06-13 17:40:27 +00:00
Bodo Möller	254ef80db1	simplify asn1_flag Submitted by: Nils Larsch Reviewed by: Bodo Moeller	2002-06-12 14:01:17 +00:00
Ben Laurie	25ace3ed25	Fix warnings.	2002-06-11 12:03:51 +00:00
Bodo Möller	458c29175e	move ECC ASN1 that is not specific to ECDSA into crypto/ec/, and make some appropriate changes to the EC library. Submitted by: Nils Larsch	2002-06-10 12:18:21 +00:00
Richard Levitte	b6fc2386f0	It's not good to have a pointer point at something in an inner block. PR: 66	2002-06-05 13:47:29 +00:00
Richard Levitte	9cdf87f194	Check the return values where memory allocation failures may happen. PR: 49	2002-05-30 16:47:45 +00:00
Bodo Möller	6cbe638294	New functions EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex(), EC_POINT_hex2point() Submitted by: Nils Larsch	2002-05-30 13:16:03 +00:00
Dr. Stephen Henson	08241a5814	Make i2c_ASN1_BIT_STRING return the correct length.	2002-05-29 23:14:01 +00:00
Dr. Stephen Henson	0fccb00b5b	Add missing EVP_CIPHER_CTX_init call.	2002-05-18 23:43:10 +00:00
Bodo Möller	8df61b5011	Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not encoded as NULL) with id-dsa-with-sha1. Submitted by: Nils Larsch	2002-04-26 08:28:34 +00:00
Richard Levitte	2d7ab7e9ea	Do not free p if it hasn't been used yet. Notified by Bernd Matthes <bernd.matthes@gemplus.com>	2002-04-20 10:19:20 +00:00
Bodo Möller	b975183c41	ECDSA representation bugfixes Submitted by: Nils Larsch	2002-04-12 08:57:01 +00:00
Bodo Möller	d0561b5c2d	fix ECDSA handling Submitted by: Nils Larsch	2002-04-09 12:01:21 +00:00
Bodo Möller	690ecff795	Fixes for 'no-hw' combined with 'no-SOME_CIPHER'. Fix dsaparam usage output. Submitted by: Nils Larsch	2002-03-14 09:52:03 +00:00
Dr. Stephen Henson	0b4c91c0fc	Fix various warnings when compiling with KRB5 code.	2002-03-12 02:59:37 +00:00
Bodo Möller	4882171df5	EC curve stuff Submitted by: Nils Larsch	2002-03-08 11:10:40 +00:00
Dr. Stephen Henson	3208ff58ca	make errors	2002-02-22 21:17:31 +00:00
Dr. Stephen Henson	6707d22a40	Update from stable branch.	2002-02-22 14:07:35 +00:00
Bodo Möller	4d94ae00d5	ECDSA support Submitted by: Nils Larsch <nla@trustcenter.de>	2002-02-13 18:21:51 +00:00
Richard Levitte	b9a3ef4c6e	ASN1_BIT_STRING_set_bit() didn't clear previously set bits	2002-02-03 21:31:41 +00:00
Lutz Jänicke	866eedb936	Shut up compiler warnings for inconsistent declarations.	2002-01-29 17:14:50 +00:00
Ben Laurie	9dd5ae6553	Constification, add config to /dev/crypto.	2002-01-18 16:51:05 +00:00
Dr. Stephen Henson	bc37d996fc	Experimental configuration code. Incomplete, largely untested and subject to change/deletion.	2002-01-05 01:37:16 +00:00
Bodo Möller	4d7072f4b5	remove redundant ERR_load_... declarations	2001-12-17 19:22:23 +00:00
Dr. Stephen Henson	322de0c8c1	NO_DSA, NO_RSA patches.	2001-12-01 22:41:39 +00:00
Richard Levitte	b476df64a1	make update perl util/mkerr.pl -recurse -write -rebuild	2001-11-15 12:25:14 +00:00
Bodo Möller	b955dbd325	cast to 'unsigned long' before using ~ if we need an unsigned long result Submitted by: "Stefan Marxen" <stefan.marxen@gmx.net>	2001-11-09 12:58:05 +00:00
Dr. Stephen Henson	581f1c8494	Modify EVP cipher behaviour in a similar way to digests to retain compatibility.	2001-10-17 00:37:12 +00:00
Dr. Stephen Henson	20d2186c87	Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() with existing code. Modify library to use digest *_ex() functions.	2001-10-16 01:24:29 +00:00
Richard Levitte	f8000b9345	'make update'	2001-10-04 07:49:09 +00:00
Richard Levitte	2aa9043ad3	Because there's chances we clash with the system's types.h, rename our types.h to ossl_typ.h.	2001-10-04 07:32:46 +00:00
Dr. Stephen Henson	d46c1a8126	Support fractional seconds in GeneralizedTime	2001-09-28 00:44:44 +00:00
Geoff Thorpe	79aa04ef27	Make the necessary changes to work with the recent "ex_data" overhaul. See the commit log message for that for more information. NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented (initialisation by "memset" won't/can't/doesn't work). This fixes that but requires that X509_STORE_CTX_init() be able to handle errors - so its prototype has been changed to return 'int' rather than 'void'. All uses of that function throughout the source code have been tracked down and adjusted.	2001-09-01 20:02:13 +00:00
Geoff Thorpe	ceff5fec5a	gcc can't spot that 'derlst' is not used uninitialised, so appease it.	2001-08-26 21:04:21 +00:00
Geoff Thorpe	b7727ee616	The indexes returned by ***_get_ex_new_index() functions are used when setting stack (actually, array) values in ex_data. So only increment the global counters if the underlying CRYPTO_get_ex_new_index() call succeeds. This change doesn't make "ex_data" right (see the comment at the head of ex_data.c to know why), but at least makes the source code marginally less frustrating.	2001-08-12 16:52:00 +00:00
Ben Laurie	d66ace9da5	Start to reduce some of the header bloat.	2001-08-05 18:02:16 +00:00
Ben Laurie	bb2297a41d	Header bloat reduction for EVP_PKEY.	2001-08-03 18:48:35 +00:00
Richard Levitte	710e5d5639	make update	2001-07-31 17:07:24 +00:00
Richard Levitte	dbfc0f8c2b	Vade retro C++ comments! (Latin for "comments", anyone?)	2001-07-31 09:15:52 +00:00
Ben Laurie	dbad169019	Really add the EVP and all of the DES changes.	2001-07-30 23:57:25 +00:00
Dr. Stephen Henson	1241126adf	More linker bloat reorganisation: Split private key PEM and normal PEM handling. Private key handling needs to link in stuff like PKCS#8. Relocate the ASN1 _dup() functions, to the relevant ASN1 modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously these were all in crypto/x509/x_all.c along with every ASN1 BIO/fp function which linked in every* ASN1 function if a single dup was used. Move the authority key id ASN1 structure to a separate file. This is used in the X509 routines and its previous location linked in all the v3 extension code. Also move ASN1_tag2bit to avoid linking in a_bytes.c which is now largely obsolete. So far under Linux stripped binary with single PEM_read_X509 is now 238K compared to 380K before these changes.	2001-07-27 02:22:42 +00:00
Richard Levitte	2a1ef75435	Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in SSL according to RFC 2712. His comment is: This is a patch to openssl-SNAP-20010702 to support Kerberized SSL authentication. I'm expecting to have the full kssl-0.5 kit up on sourceforge by the end of the week. The full kit includes patches for mod-ssl, apache, and a few text clients. The sourceforge URL is http://sourceforge.net/projects/kssl/ . Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ message with a real KerberosWrapper struct. I think this is fully RFC 2712 compliant now, including support for the optional authenticator field. I also added openssl-style ASN.1 macros for a few Kerberos structs; see crypto/krb5/ if you're interested.	2001-07-09 21:46:58 +00:00
Dr. Stephen Henson	9d2e51c199	Another empty X509_NAME fix.	2001-06-26 12:39:22 +00:00
Dr. Stephen Henson	1e325f6149	Handle empty X509_NAME in printing routines.	2001-06-26 12:04:35 +00:00
Dr. Stephen Henson	323f289c48	Change all calls to low level digest routines in the library and applications to use EVP. Add missing calls to HMAC_cleanup() and don't assume HMAC_CTX can be copied using memcpy(). Note: this is almost identical to the patch submitted to openssl-dev by Verdon Walker <VWalker@novell.com> except some redundant EVP_add_digest_()/EVP_cleanup() calls were removed and some changes made to avoid compiler warnings.	2001-06-19 22:30:40 +00:00
Richard Levitte	b7fe2f9675	cp is only used when DSA is built.	2001-06-19 16:40:36 +00:00
Dr. Stephen Henson	f2a253e0dd	Add support for MS CSP Name PKCS#12 attribute.	2001-06-11 00:43:20 +00:00
Richard Levitte	2b49dd1e8f	'make update'	2001-06-05 20:32:36 +00:00
Richard Levitte	b8e35bd66e	New internal function OPENSSL_gmtime, which is intended to do the same as gmtime_r() on the systems where that is defined.	2001-05-16 08:44:09 +00:00
Dr. Stephen Henson	c962479bdf	Fix ASN1 bug when decoding OTHER type. Various S/MIME DSA related fixes.	2001-04-21 12:06:01 +00:00
Ben Laurie	4f19a0672b	Fix warning.	2001-04-16 03:00:57 +00:00
Bodo Möller	83d968df60	Don't use 'tt' uninitialized when reporting an error (we don't have an ASN1_TEMPLATE to complain about at this stage, so errtt == NULL should be OK)	2001-04-05 11:40:16 +00:00
Dr. Stephen Henson	722ca2781c	Rewrite CHOICE field setting code to properly handle combine in CHOICE options. This was causing d2i_DSAPublicKey() to misbehave.	2001-04-02 00:59:19 +00:00
Dr. Stephen Henson	535d79da63	Overhaul the display of certificate details in the 'ca' utility. This can now be extensively customised in the configuration file and handles multibyte strings and extensions properly. This is required when extensions copying from certificate requests is supported: the user must be able to view the extensions before allowing a certificate to be issued.	2001-03-15 19:13:40 +00:00
Dr. Stephen Henson	0a3ea5d34a	Document the -certopt option to the x509 utility. Add no_issuer option. Fix X509_print_ex() so it prints out newlines when certain fields are omitted.	2001-03-15 01:15:54 +00:00
Bodo Möller	4e20b1a656	Instead of telling both 'make' and the user that ranlib errors can be tolerated, hide the error from 'make'. This gives shorter output both if ranlib fails and if it works.	2001-03-09 14:01:42 +00:00
Bodo Möller	4f98cbabde	avoid compiler warning	2001-03-08 14:02:28 +00:00
Bodo Möller	4de633dd5f	Get rid of '#define ERR_file_name __FILE__', which is unnecessary indirection. (It cannot possibly help to avoid duplicate 'name of file' strings in object files because the preprocessor does not work at object file level.)	2001-03-08 11:45:44 +00:00
Bodo Möller	bad4058574	New option '-subj arg' for 'openssl req' and 'openssl ca'. This sets the subject name for a new request or supersedes the subject name in a given request. Add options '-batch' and '-verbose' to 'openssl req'. Submitted by: Massimiliano Pala <madwolf@hackmasters.net> Reviewed by: Bodo Moeller	2001-03-05 11:09:43 +00:00
Richard Levitte	62dc5aad06	Introduce the possibility to access global variables through functions on platform were that's the best way to handle exporting global variables in shared libraries. To enable this functionality, one must configure with "EXPORT_VAR_AS_FN" or defined the C macro "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter is normally done by Configure or something similar). To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL in the source file (foo.c) like this: OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1; OPENSSL_IMPLEMENT_GLOBAL(double,bar); To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL and OPENSSL_GLOBAL_REF in the header file (foo.h) like this: OPENSSL_DECLARE_GLOBAL(int,foo); #define foo OPENSSL_GLOBAL_REF(foo) OPENSSL_DECLARE_GLOBAL(double,bar); #define bar OPENSSL_GLOBAL_REF(bar) The #defines are very important, and therefore so is including the header file everywere where the defined globals are used. The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition of ASN.1 items, but that structure is a bt different. The largest change is in util/mkdef.pl which has been enhanced with better and easier to understand logic to choose which symbols should go into the Windows .def files as well as a number of fixes and code cleanup (among others, algorithm keywords are now sorted lexicographically to avoid constant rewrites).	2001-03-02 10:38:19 +00:00
Richard Levitte	d88a26c489	make update Note that all *_it variables are suddenly non-existant according to libeay.num. This is a bug that will be corrected. Please be patient.	2001-02-26 10:54:08 +00:00
Dr. Stephen Henson	b31cc2d9f7	Trap an invalid ASN1_ITEM construction and print out the errant field for more ASN1 error conditions.	2001-02-25 14:11:31 +00:00
Dr. Stephen Henson	4ff18c8c3e	Print out OID of unknown signature or public key algorithms.	2001-02-24 01:42:21 +00:00
Dr. Stephen Henson	d339187b1a	Get rid of ASN1_ITEM_FUNCTIONS dummy function prototype hack. This unfortunately means that every ASN1_*_END construct cannot have a trailing ;	2001-02-23 12:47:06 +00:00
Dr. Stephen Henson	bb5ea36b96	Initial support for ASN1_ITEM_FUNCTION option to change the way ASN1 modules are exported. Still needs a bit of work for example the hack which a dummy function prototype to avoid compilers warning about multiple ;s.	2001-02-23 03:16:09 +00:00
Richard Levitte	41d2a336ee	e_os.h does not belong with the exported headers. Do not put it there and make all files the depend on it include it without prefixing it with openssl/. This means that all Makefiles will have $(TOP) as one of the include directories.	2001-02-22 14:45:02 +00:00
Richard Levitte	c38171ba1f	Exported header files should not include e_os.h.	2001-02-22 14:27:22 +00:00
Dr. Stephen Henson	72e3c20c14	Rebuild ASN1 error codes to remove unused function and reason codes.	2001-02-22 00:39:06 +00:00
Geoff Thorpe	47ddf355b4	'make update'	2001-02-21 17:43:52 +00:00
Richard Levitte	a9daa46758	Include string.h so mem*() functions get properly declared.	2001-02-20 13:41:11 +00:00
Richard Levitte	7ab1a39181	Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS get a chance to be defined.	2001-02-20 13:22:35 +00:00
Richard Levitte	d8770f3ece	Include string.h so mem* functions get properly declared.	2001-02-20 12:51:56 +00:00
Richard Levitte	3ebac273f5	Include string.h so mem* functions get properly declared.	2001-02-20 12:43:11 +00:00
Richard Levitte	bc36ee6227	Use new-style system-id macros everywhere possible. I hope I haven't missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.	2001-02-20 08:13:47 +00:00
Richard Levitte	cf1b7d9664	Make all configuration macros available for application by making sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing.	2001-02-19 16:06:34 +00:00
Dr. Stephen Henson	a6b7ffddac	New options to 'ca' utility to support CRL entry extensions. Add revelant new X509V3 extensions. Add OIDs. Fix ASN1 memory leak code to pop info if external allocation used.	2001-02-16 01:35:44 +00:00
Dr. Stephen Henson	ccb08f98ae	Fix CRL printing to correctly show when there are no revoked certificates. Make ca.c correctly initialize the revocation date. Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the string type: so they can initialize ASN1_TIME structures properly.	2001-02-10 00:56:45 +00:00
Dr. Stephen Henson	c063f2c5ec	Various Win32 related fixed. Make no-krb5 work in mkdef.pl . Fix warning in apps/engine.c Remove definitions of deleted functions. Add missing definition of X509_VAL.	2001-02-09 18:16:12 +00:00
Bodo Möller	448361a86c	Include string.h (whis is in all relevant standards) instead of memory.h (which is not).	2001-02-05 09:07:50 +00:00
Ben Laurie	4978361212	Make depend.	2001-02-04 21:06:55 +00:00
Ben Laurie	1b843d3c69	Fix a warning.	2001-02-04 21:01:32 +00:00
Dr. Stephen Henson	2b916952a8	Fix ASN1_TIME_to_generlizedtime(). Add protoype for OCSP_response_create(). Add OCSP_request_sign() and OCSP_basic_sign() private key and certificate checks and make OCSP_NOCERTS consistent with PKCS7_NOCERTS	2001-02-04 03:04:43 +00:00
Dr. Stephen Henson	02e4fbed3d	Various OCSP responder utility functions. Delete obsolete OCSP functions. Largely untested at present...	2001-02-03 19:20:45 +00:00
Dr. Stephen Henson	88ce56f8c1	Various function for commmon operations.	2001-02-02 00:45:54 +00:00
Dr. Stephen Henson	a43cf9fae9	Add debugging info to new ASN1 code to trace memory leaks. Fix PKCS7 and PKCS12 memory leaks. Initialise encapsulated content type properly.	2001-01-24 18:39:54 +00:00
Dr. Stephen Henson	8e8972bb68	Fixes to various ASN1_INTEGER routines for negative case. Enhance s2i_ASN1_INTEGER().	2001-01-19 14:21:48 +00:00
Dr. Stephen Henson	adf87b2df5	Fix typo in OCSP ASN1 module, this caused invalid format in OCSP request signatures. Add spaces to OCSP HTTP header. Change X509_NAME_set() there's no reason why it should return an error if the destination points to NULL... though it should if the destination is NULL.	2001-01-11 23:24:28 +00:00
Dr. Stephen Henson	a8312c0e24	Fix typo in OCSP nonce extension. Set correct type in ASN1_STRING for INTEGER and ENUMERATED types. Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get() return -1 for invalid type rather than 0 (which is often valid). -1 may also be valid but this is less likely. Load OCSP error strings in ERR_load_crypto_strings().	2001-01-04 19:53:48 +00:00
Dr. Stephen Henson	bf0d176e48	Update OCSP API. Remove extensions argument from various functions because it is not needed with the new extension code. New function OCSP_cert_to_id() to convert a pair of certificates into an OCSP_CERTID. New simple OCSP HTTP function. This is rather primitive but just about adequate to send OCSP requests and parse the response. Fix typo in CRL distribution points extension. Fix ASN1 code so it adds a final null to constructed strings.	2001-01-04 01:46:36 +00:00
Richard Levitte	e102a3dcfd	Since asn1.h gets included recursively from many places, the easiest is to have asn1.h include e_os.h and e_os2.h. Of course, this makes the unofficial "non-export" status of e_os.h a bit delicate...	2000-12-31 01:18:50 +00:00
Dr. Stephen Henson	ecbe07817a	Rewrite PKCS#12 code and remove some of the old horrible macros. Fix two evil ASN1 bugs. Attempt to use 'ctx' when NULL if input is indefinite length constructed in asn1_check_tlen() and invalid pointer to ASN1_TYPE when reusing existing structure (this took ages to find because the new PKCS#12 code triggered it).	2000-12-31 01:13:04 +00:00
Richard Levitte	26da3e65ac	If OPENSSL_BUILD_SHLIBCRYPTO (for files that end up as libcrypto objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT. This is actually only important on Win32, and can safely be ignored in all other cases, at least for now.	2000-12-31 00:23:17 +00:00
Dr. Stephen Henson	4e1209ebf8	ASN1_ITEM versions of ASN1_d2i_{fp, bio} and replacement of most of the old wrappers. A few of the old versions remain because they are non standard and the corresponding ASN1 code has not been reimplemented yet.	2000-12-30 02:40:26 +00:00
Dr. Stephen Henson	f86c5c9ac7	ASN1_ITEM version of ASN1_dup(). Might want something more efficient later...	2000-12-28 22:41:46 +00:00
Dr. Stephen Henson	73e92de577	Add NO_ASN1_OLD to remove some old style functions: currently OpenSSL itself wont compile with this set because some old style stuff remains. Change old functions X509_sign(), X509_verify() etc to use new item based functions. Replace OCSP function declarations with DECLARE macros.	2000-12-28 22:24:50 +00:00
Dr. Stephen Henson	09ab755c55	ASN1_ITEM versions of sign, verify, pack and unpack. The old function pointer versions will eventually go away.	2000-12-28 19:18:48 +00:00
Dr. Stephen Henson	3c07b4c2ee	Various Win32 related fixes. Doesn't compile yet on Win32 but it is getting there... Update mkdef.pl to handle ASN1_ANY and fix headers. Stop various VC++ warnings. Include some fixes from "Peter 'Luna' Runestig" <peter@runestig.com> Remove external declaration for des_set_weak_key_flag: it doesn't exist.	2000-12-21 01:38:55 +00:00
Dr. Stephen Henson	2c15d426b9	New function X509V3_extensions_print() this removes extension duplication from the print routines. Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't work fully because OCSP extensions aren't reimplemented yet. Implement some ASN1 functions needed to compile OCSP code.	2000-12-14 18:42:28 +00:00
Dr. Stephen Henson	de487514ae	New function X509_signature_print() to remove some duplicate code from certificate, CRL and request printing routines.	2000-12-14 00:53:10 +00:00
Dr. Stephen Henson	06db4253e2	Change the PKCS7 structure to use SEQUENCE OF for the authenticated attributes: this is used to retain the original encoding and not break signatures. Support for a SET OF which reorders the STACK when encoding a structure. This will be used with the PKCS7 code.	2000-12-13 23:54:30 +00:00
Richard Levitte	8d28d5f81b	Constification of the data of a hash table. This means the callback functions need to be constified, and therefore meant a number of easy changes a little everywhere. Now, if someone could explain to me why OBJ_dup() cheats...	2000-12-13 17:15:03 +00:00
Dr. Stephen Henson	9d6b1ce644	Merge from the ASN1 branch of new ASN1 code to main trunk. Lets see if the makes it to openssl-cvs :-)	2000-12-08 19:09:35 +00:00
Richard Levitte	0cc1115643	Make sure bs is assigned NULL when it's free'd, or there will be an (incorrect) attempt to free it once more...	2000-11-19 14:14:52 +00:00
Ulf Möller	6a8ba34f9d	in some new file names the first 8 characters were not unique	2000-11-12 22:32:18 +00:00
Richard Levitte	f971ccb264	Constify DH-related code.	2000-11-07 14:30:37 +00:00
Richard Levitte	a4aba800d9	Constify DSA-related code.	2000-11-07 13:54:39 +00:00
Richard Levitte	7081f3bd89	Constify the RSA parts of the ASN.1 library. Note some ugly casts that are needed in the ASN.1 macros. Hopefully, we can get rid of those in an elegant way in the future.	2000-11-06 23:04:15 +00:00
Richard Levitte	eb64730b9c	The majority of the OCSP code from CertCo.	2000-10-27 11:05:35 +00:00
Richard Levitte	3ab5651112	The experimental Rijndael code moved to the main trunk. make update done.	2000-10-14 20:09:54 +00:00
Dr. Stephen Henson	8ca533e378	More code for X509_print_ex() support.	2000-10-06 11:51:47 +00:00

... 8 9 10 11 12 ...

1202 commits