Dr. Stephen Henson
afb14cda8c
Initial experimental support for X9.42 DH parameter format to handle
...
RFC5114 parameters and X9.42 DH public and private keys.
2011-12-07 00:32:34 +00:00
Dr. Stephen Henson
3231e42d72
update pkey method initialisation and copy
2011-10-11 18:15:31 +00:00
Bodo Möller
837e1b6812
Fix memory leak on bad inputs.
2011-09-05 09:57:20 +00:00
Dr. Stephen Henson
a60cc6b4f0
Don't use *from++ in tolower as this is implemented as a macro on some
...
platforms. Thanks to Shayne Murray <Shayne.Murray@Polycom.com> for
reporting this issue.
2011-09-02 11:28:27 +00:00
Dr. Stephen Henson
9fe51d5f73
PR: 2556 (partial)
...
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve
Fix OID routines.
Check on encoding leading zero rejection should start at beginning of
encoding.
Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
2011-07-14 12:01:53 +00:00
Dr. Stephen Henson
b507284c7e
correctly encode OIDs near 2^32
2011-06-22 15:15:58 +00:00
Dr. Stephen Henson
9a85e53813
no need to include memory.h
2011-04-30 23:37:42 +00:00
Dr. Stephen Henson
f9678b8b57
Fix memory leak.
2011-02-07 13:34:00 +00:00
Bodo Möller
9d0397e977
make update
2011-02-03 10:17:53 +00:00
Bodo Möller
2440d8b1db
Fix error codes.
2011-02-03 10:03:23 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
7d05edd12e
PR: 2433
...
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve
Constify ASN1_STRING_set_default_mask_asc().
2011-01-24 16:19:52 +00:00
Dr. Stephen Henson
d3f17e5ed3
stop warning with no-engine
2011-01-13 15:41:58 +00:00
Dr. Stephen Henson
968062b7d3
Fix escaping code for string printing. If *any* escaping is enabled we
...
must escape the escape character itself (backslash).
2011-01-03 01:31:24 +00:00
Dr. Stephen Henson
d7d5a55d22
Support routines for ASN1 scanning function, doesn't do much yet.
2010-12-13 18:15:28 +00:00
Dr. Stephen Henson
8ec3fa0597
fix signature printing routines
2010-10-04 13:58:41 +00:00
Dr. Stephen Henson
39239280f3
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:58:09 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
359b0c9fb8
experimental function to convert ASN1_TIME to tm, not used or even compiled in yet
2010-05-03 12:17:44 +00:00
Dr. Stephen Henson
e19f6678f5
print signature parameters with CRLs too
2010-03-14 13:10:48 +00:00
Dr. Stephen Henson
8d207ee3d1
add X509_CRL_sign_ctx function
2010-03-14 12:52:38 +00:00
Dr. Stephen Henson
85522a074c
Algorithm specific ASN1 signing functions.
2010-03-11 13:32:38 +00:00
Dr. Stephen Henson
ce25c7207b
New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier)
...
from a digest algorithm.
2010-03-11 13:27:05 +00:00
Dr. Stephen Henson
31904ecdf3
RSA PSS verification support including certificates and certificate
...
requests. Add new ASN1 signature initialisation function to handle this
case.
2010-03-08 18:10:35 +00:00
Dr. Stephen Henson
809cd0a22d
print outermost signature algorithm parameters too
2010-03-07 17:02:47 +00:00
Dr. Stephen Henson
7ed485bc9f
The OID sanity check was incorrect. It should only disallow *leading* 0x80
...
values.
2010-03-07 16:40:05 +00:00
Dr. Stephen Henson
9ef6fe8c2e
typo
2010-03-07 15:37:37 +00:00
Dr. Stephen Henson
a5667732b9
update ASN1 sign/verify to use EVP_DigestSign and EVP_DigestVerify
2010-03-07 12:05:45 +00:00
Dr. Stephen Henson
148924c1f4
fix indent, newline
2010-03-06 18:14:13 +00:00
Dr. Stephen Henson
fa1ba589f3
Add algorithm specific signature printing. An individual ASN1 method can
...
now print out signatures instead of the standard hex dump.
More complex signatures (e.g. PSS) can print out more meaningful information.
Sample DSA version included that prints out the signature parameters r, s.
[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
c8ef656df2
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
ec7d16ffdd
Check it actually compiles this time ;-)
2009-12-02 14:25:40 +00:00
Dr. Stephen Henson
5656f33cea
PR: 2120
...
Submitted by: steve@openssl.org
Initialize fields correctly if pem_str or info are NULL in EVP_PKEY_asn1_new().
2009-12-02 13:56:45 +00:00
Dr. Stephen Henson
3d63b3966f
Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat
...
and is a pre-requisite to adding password based CMS support.
2009-11-25 22:01:06 +00:00
Dr. Stephen Henson
c18e51ba5e
PR: 2088
...
Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com>
Approved by: steve@openssl.org
Fix memory leak in d2i_PublicKey().
2009-11-12 19:56:56 +00:00
Dr. Stephen Henson
b599006751
PR: 2090
...
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
Improve error checking in asn1_gen.c
2009-11-10 00:48:07 +00:00
Dr. Stephen Henson
04f9095d9e
Fix unitialized warnings
2009-10-04 16:52:51 +00:00
Dr. Stephen Henson
78ca13a272
PR: 2056
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_wirte error handling in asn1_par.c
2009-10-01 00:11:04 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
f4274da164
PR: 1644
...
Submitted by: steve@openssl.org
Fix to make DHparams_dup() et al work in C++.
For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
2009-09-06 15:49:46 +00:00
Dr. Stephen Henson
17b5326ba9
PR: 2013
...
Submitted by: steve@openssl.org
Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.
Add error checking to CRL generation in ca utility when nextUpdate is being
set.
2009-09-02 13:54:50 +00:00
Dr. Stephen Henson
e33d290159
PR: 2004
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Approved by: steve@openssl.org
Handle fractional seconds properly in ASN1_GENERALIZEDTIME_print
2009-08-10 14:56:57 +00:00
Dr. Stephen Henson
d9d0f1b52c
Reject leading 0x80 in OID subidentifiers.
2009-08-06 16:32:54 +00:00
Dr. Stephen Henson
512d359e26
Update from 1.0.0-stable.
2009-07-27 21:22:02 +00:00
Dr. Stephen Henson
6e0c9e6008
Update from 1.0.0-stable.
2009-07-11 21:43:50 +00:00
Dr. Stephen Henson
220bd84911
Updates from 1.0.0-stable
2009-04-06 15:22:01 +00:00
Dr. Stephen Henson
14023fe352
Merge from 1.0.0-stable branch.
2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
73ba116e96
Update from stable branch.
2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
80b2ff978d
Update from stable branch.
2009-03-25 12:53:50 +00:00
Dr. Stephen Henson
7ce8c95d58
Update from stable branch.
2009-03-25 12:53:26 +00:00
Dr. Stephen Henson
854a225a27
Update from stable branch.
2009-03-14 18:33:49 +00:00
Dr. Stephen Henson
33ab2e31f3
PR: 1854
...
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org
Support GeneralizedTime in ca utility.
2009-03-09 13:59:07 +00:00
Dr. Stephen Henson
477fd4596f
PR: 1835
...
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org
Fix various typos.
2009-02-14 21:49:38 +00:00
Dr. Stephen Henson
ede6ef5e08
Submitted by: Peter Sylvester <Peter.Sylvester@edelweb.fr>
...
Reviewed by: steve
If tagging is universal and SET or SEQUENCE set constructed bit.
2009-02-10 12:13:08 +00:00
Dr. Stephen Henson
57f39cc826
Print out UTF8 and NumericString types in ASN1 parsing utility.
2009-01-28 12:54:52 +00:00
Dr. Stephen Henson
6489573224
Update from stable branch.
2009-01-28 12:36:14 +00:00
Dr. Stephen Henson
079e00e646
Typo: just copy across an unknown type.
2009-01-28 12:32:03 +00:00
Ben Laurie
23b973e600
Calculate offset correctly. (Coverity ID 233)
2009-01-01 18:30:51 +00:00
Ben Laurie
ccf529928f
!a && !a->b is clearly wrong! Changed to !a || !a->b (Coverity ID 145).
2008-12-26 15:32:59 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
5947ca0409
Don't use clobbered 'i' for checking UTCTime and GeneralizedTime length.
2008-11-05 18:28:24 +00:00
Ben Laurie
5e4430e70d
More size_tification.
2008-11-01 16:40:37 +00:00
Ben Laurie
4d6e1e4f29
size_tification.
2008-11-01 14:37:00 +00:00
Dr. Stephen Henson
e19106f5fb
Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
...
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.
This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Dr. Stephen Henson
606f6c477a
Fix a shed load or warnings:
...
Duplicate const.
Use of ; outside function.
2008-10-20 15:12:00 +00:00
Ben Laurie
babb379849
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90
Experimental new date handling routines. These fix issues with X509_time_adj()
...
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Dr. Stephen Henson
d43c4497ce
Initial support for delta CRLs. If "use deltas" flag is set attempt to find
...
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06
Add support for CRLs partitioned by reason code.
...
Tidy CRL scoring system.
Add new CRL path validation error.
2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
d0fff69dc9
Initial indirect CRL support.
2008-08-20 16:42:19 +00:00
Dr. Stephen Henson
e9746e03ee
Initial support for name constraints certificate extension.
...
TODO: robustness checking on name forms.
2008-08-08 15:35:29 +00:00
Dr. Stephen Henson
6d6c47980e
Correctly handle errors in CMS I/O code.
2008-08-05 15:55:53 +00:00
Dr. Stephen Henson
3e727a3b37
Add support for nameRelativeToCRLIssuer field in distribution point name
...
fields.
2008-08-04 15:34:27 +00:00
Bodo Möller
efa73a77e4
Make sure not to read beyond end of buffer
2008-07-16 18:10:27 +00:00
Dr. Stephen Henson
d4cdbab99b
Avoid warnings with -pedantic, specifically:
...
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00
Dr. Stephen Henson
6cb9fca70d
Fix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather
...
than referencing existing X509_NAME_ENTRY structures so needs to be
completely freed.
2008-06-06 11:26:07 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
964c7e8f6d
Fix it properly this time....
2008-03-31 18:21:30 +00:00
Dr. Stephen Henson
f6a45ac5ac
Fix macro.
2008-03-31 18:14:10 +00:00
Dr. Stephen Henson
2e86f0d8d7
Use correct headers for signed receipts. Use consistent naming.
...
Update cms-test.pl to support OpenSSL 0.9.8.
2008-03-31 15:03:55 +00:00
Dr. Stephen Henson
ab568a17cf
Fix duplicate asn1 ctrl values.
2008-03-23 14:13:45 +00:00
Dr. Stephen Henson
fe591284be
Update dependencies.
2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
7c337e00d2
Fix some warnings.
2008-03-16 20:59:10 +00:00
Dr. Stephen Henson
a78a03744d
Only call free once in CHOICE type.
2008-03-14 00:57:01 +00:00
Dr. Stephen Henson
8931b30d84
And so it begins...
...
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
56c7754cab
Avoid warnings.
2008-02-28 14:05:01 +00:00
Dr. Stephen Henson
a70a49a018
Fix typo and avoid warning.
2008-02-28 13:18:26 +00:00
Dr. Stephen Henson
1ad90a916b
Extend attribute setting routines to support non-string types.
2008-02-11 13:59:33 +00:00
Dr. Stephen Henson
9e5df8e448
Support custom primitive type printing routines and add one to LONG type.
2008-02-08 13:07:04 +00:00
Andy Polyakov
4be63cfb55
Source readability fix, which incidentally works around XLC compiler bug.
2007-12-29 18:32:34 +00:00
Dr. Stephen Henson
2f0550c4c1
Lookup public key ASN1 methods by string by iterating through all
...
implementations instead of all added ENGINEs to cover case where an
ENGINE is not added.
2007-11-21 17:25:58 +00:00
Dr. Stephen Henson
94e6ae7a69
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
...
Make {d2i,i2d}_PrivateKey() fall back to PKCS#8 format if no legacy format
supported. Add support in d2i_AutoPrivateKey().
2007-11-20 13:37:51 +00:00
Andy Polyakov
ebc06fba67
Bunch of constifications.
2007-10-13 15:51:32 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Andy Polyakov
a005fb019f
Addenum to "Constify obj_dat.[ch]."
2007-09-18 22:15:31 +00:00
Dr. Stephen Henson
7c5921e736
Handle empty case in X509_NAME canonical encoding.
2007-09-14 18:11:17 +00:00
Dr. Stephen Henson
a6fbcb4220
Change safestack reimplementation to match 0.9.8.
...
Fix additional gcc 4.2 value not used warnings.
2007-09-07 13:25:15 +00:00
Andy Polyakov
34994068a4
Respect ISO aliasing rules.
...
PR: 1296
2007-07-27 20:34:10 +00:00
Dr. Stephen Henson
54b5fd537f
WIN32 fixes.
2007-06-08 00:26:16 +00:00
Dr. Stephen Henson
3c07d3a3d3
Finish gcc 4.2 changes.
2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
64a5c5d1be
Fix X509_REQ_print_ex() to process extension options.
2007-05-22 23:31:29 +00:00
Dr. Stephen Henson
e77dbf325f
Prepend signature name in dgst output.
2007-05-17 16:19:17 +00:00
Dr. Stephen Henson
e69adea539
New function EVP_PKEY_asn1_copy(). Use default MD if type param is NULL.
2007-05-15 23:52:03 +00:00
Dr. Stephen Henson
f8492ffeaa
More useful ASN1 macros for static allocation functions.
2007-05-10 17:34:42 +00:00
Bodo Möller
96afc1cfd5
Add SEED encryption algorithm.
...
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
18f547734e
New function ASN1_STRING_copy() to copy to an already
...
alloacted ASN1_STRING structure.
2007-04-14 17:53:55 +00:00
Dr. Stephen Henson
9cfc8a9d5c
Update smime utility to support streaming for -encrypt and -sign -nodetach
...
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.
These all process content on the fly without storing it all in memory.
2007-04-13 01:06:41 +00:00
Dr. Stephen Henson
74633553a9
Experimental HMAC support via EVP_PKEY_METHOD.
2007-04-11 12:33:06 +00:00
Dr. Stephen Henson
0cc361f3e7
Fix from stable branch.
2007-04-08 17:45:47 +00:00
Nils Larsch
a0d48e7e7e
remove unused file
2007-03-02 19:42:16 +00:00
Lutz Jänicke
0636c39bb1
Fix incorrect handling of special characters
...
PR: 1459
Submitted by: tnitschke@innominate.com
Reviewed by: steve@openssl.org
2007-02-21 17:44:53 +00:00
Nils Larsch
92ada7cc52
remove unreachable code
2007-02-10 09:45:07 +00:00
Dr. Stephen Henson
2d3e956ae0
Update from 0.9.7-stable.
2007-01-23 17:53:48 +00:00
Dr. Stephen Henson
560b79cbff
Constify version strings and some structures.
2007-01-21 13:07:17 +00:00
Dr. Stephen Henson
11d8cdc6ad
Experimental streaming PKCS#7 support.
...
I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.
Nothing uses it at present which is just as well.
Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.
2006-12-24 16:22:56 +00:00
Nils Larsch
34f0a19309
remove trailing '\'
...
PR: 1438
2006-12-19 19:49:02 +00:00
Dr. Stephen Henson
10ca15f3fa
Fix change to OPENSSL_NO_RFC3779
2006-12-06 13:36:48 +00:00
Dr. Stephen Henson
4d7aff707e
Update dependencies.
2006-11-30 13:41:47 +00:00
Ben Laurie
96ea4ae91c
Add RFC 3779 support.
2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
de12116417
Initial, incomplete support for typesafe macros without using function
...
casts.
2006-11-16 00:19:39 +00:00
Dr. Stephen Henson
b37a68cc8f
Initialize old_priv_encode, old_priv_decode.
2006-10-27 11:43:27 +00:00
Bodo Möller
d326582cab
ASN1_item_verify needs to initialize ctx before any "goto err" can
...
happen; the new code for the OID cross reference table failed to do so.
2006-10-04 06:14:36 +00:00
Dr. Stephen Henson
f4c630abb3
Place standard CRL behaviour in default X509_CRL_METHOD new functions to
...
create, free and set default CRL method.
2006-10-03 02:47:59 +00:00
Mark J. Cox
348be7ec60
Fix ASN.1 parsing of certain invalid structures that can result
...
in a denial of service. (CVE-2006-2937) [Steve Henson]
2006-09-28 13:20:44 +00:00
Dr. Stephen Henson
5b73c3609b
Using correct lock for X509_REQ.
...
PR:1348
2006-09-22 17:06:09 +00:00
Dr. Stephen Henson
eebeb52b29
Update length if copying MSB set in asn1_string_canon().
2006-09-22 13:37:15 +00:00
Dr. Stephen Henson
1182301ca7
Do CRL method init after other operations.
2006-09-21 12:48:56 +00:00
Dr. Stephen Henson
010fa0b331
Tidy up CRL handling by checking for critical extensions when it is
...
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.
Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
2006-09-21 12:42:15 +00:00
Dr. Stephen Henson
4d50a2b4d6
Add verify callback functions to lookup a STACK of matching certs or CRLs
...
based on subject name.
New thread safe functions to retrieve matching STACK from X509_STORE.
Cache some IDP components.
2006-09-10 12:38:37 +00:00
Dr. Stephen Henson
539d4c1030
Fix leak
2006-08-31 20:10:37 +00:00
Dr. Stephen Henson
edc540211c
Cache some CRL related extensions.
2006-07-24 12:39:22 +00:00
Dr. Stephen Henson
2eed3a3cc8
Avoid warning.
2006-07-21 22:46:19 +00:00
Dr. Stephen Henson
450ea83495
Store canonical encodings of Name structures. Update X509_NAME_cmp() to use
...
them.
2006-07-18 12:36:19 +00:00
Dr. Stephen Henson
5c95c2ac23
Fix various error codes to match functions.
2006-07-17 16:33:31 +00:00
Bodo Möller
f3dea9a595
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Andy Polyakov
6f344eab03
Fix obvious typo.
2006-06-05 16:04:09 +00:00
Dr. Stephen Henson
41eacc84a0
Clarify comment and add #ifdef.
2006-06-05 12:38:22 +00:00
Dr. Stephen Henson
01b8b3c7d2
Complete EVP_PKEY_ASN1_METHOD ENGINE support.
2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
ae519a247f
Extended PBES2 function supporting application supplied IV and PRF NID.
2006-05-17 12:47:17 +00:00
Dr. Stephen Henson
6d3a1eac3b
Add PRF preference ctrl to ciphers.
2006-05-15 18:35:13 +00:00
Richard Levitte
98bf13c36b
make update
2006-05-12 15:31:28 +00:00
Dr. Stephen Henson
399a6f0bd1
Update PKCS#7 enveloped data to new API.
2006-05-08 12:44:25 +00:00
Dr. Stephen Henson
03919683f9
Add support for default public key digest type ctrl.
2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
cddaba8ede
Add 'flags' parameter to EVP_PKEY_asn1_meth_new() to set algorithm flags.
2006-04-21 17:38:58 +00:00
Dr. Stephen Henson
ee1d9ec019
Remove link between digests and signature algorithms.
...
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
492a9e2415
Allow public key ASN1 methods to set PKCS#7 SignerInfo structures.
2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
c20276e4ae
Fix (most) WIN32 warnings and errors.
2006-04-17 12:08:22 +00:00
Dr. Stephen Henson
5950bf7943
Revert to original...
2006-04-15 13:15:25 +00:00
Dr. Stephen Henson
4141c803d8
Oops...
2006-04-15 13:12:42 +00:00
Dr. Stephen Henson
f3481ca28f
Print out zero length string properly.
2006-04-14 16:47:18 +00:00
Dr. Stephen Henson
f5cda4cbb1
Initial keygen support.
2006-04-11 13:28:52 +00:00
Dr. Stephen Henson
07e970c7e6
Initial functions for RSA EVP_PKEY_METHOD.
...
Update dependencies.
2006-04-08 00:15:07 +00:00
Dr. Stephen Henson
9e4d0f0be2
New utility 'pkeyutl' a general purpose version of 'rsautl'.
2006-04-07 19:33:28 +00:00
Dr. Stephen Henson
e46691a0bc
New function to add dynamic alias.
2006-04-05 13:24:19 +00:00
Dr. Stephen Henson
9c9c98ad2e
Typo.
2006-04-05 12:00:22 +00:00
Dr. Stephen Henson
863779065e
Fix dynamic public key method lookup.
2006-04-04 18:32:19 +00:00
Dr. Stephen Henson
0b33dac310
New function to retrieve ASN1 info on public key algorithms. New command
...
line option to print out info.
2006-04-04 18:16:03 +00:00
Dr. Stephen Henson
db98bbc114
Initial support for generalized public key parameters.
2006-03-24 13:46:58 +00:00
Dr. Stephen Henson
e42633140e
Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD.
2006-03-23 18:02:23 +00:00
Dr. Stephen Henson
d82e2718e2
Add information and pem strings. Update dependencies.
2006-03-23 11:54:51 +00:00
Dr. Stephen Henson
18e377b4ff
Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to
...
initialize it. Initial support for application added public key ASN1.
2006-03-22 17:59:49 +00:00
Dr. Stephen Henson
1b593194be
Move algorithm specific print code from crypto/asn1/t_pkey.c to separate
...
*_prn.c files in each algorithm directory.
2006-03-22 13:34:19 +00:00
Dr. Stephen Henson
35208f368c
Gather printing routines into EVP_PKEY_ASN1_METHOD.
2006-03-22 13:09:35 +00:00
Dr. Stephen Henson
6f81892e6b
Transfer parameter handling and key comparison to algorithm methods.
2006-03-20 17:56:05 +00:00
Dr. Stephen Henson
448be74335
Initial support for pluggable public key ASN1 support. Process most public
...
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
2006-03-20 12:22:24 +00:00
Nils Larsch
67b6f1ca88
fix problems found by coverity: remove useless code
2006-03-15 17:45:43 +00:00
Nils Larsch
40f51f506c
create BN_CTX object
2006-03-15 08:37:35 +00:00
Nils Larsch
6c73d01142
constify some print and ts functions
2006-03-05 20:19:05 +00:00
Nils Larsch
6384e46da3
make some parameters const
2006-03-04 13:55:02 +00:00
Dr. Stephen Henson
350a404cb8
Print out <INVALID> if an OID value is invalid.
2006-02-21 01:00:08 +00:00
Dr. Stephen Henson
827c55741b
Tolerate a SEQUENCE in DN components.
2006-02-19 13:44:47 +00:00
Nils Larsch
b3e72fc37f
make some internal functions static; patch supplied by Kurt Roeckx
2006-02-15 20:20:20 +00:00
Dr. Stephen Henson
e7a8b47f1a
Fix warnings.
2006-02-15 14:45:31 +00:00
Ulf Möller
3b408d83fe
make update
2006-02-12 23:21:56 +00:00
Ulf Möller
c7235be6e3
RFC 3161 compliant time stamp request creation, response generation
...
and response verification.
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Nils Larsch
82e8372f17
p could be uninitialized
2006-02-08 18:51:17 +00:00
Dr. Stephen Henson
15ac971681
Update filenames in makefiles.
2006-02-04 01:45:59 +00:00
Dr. Stephen Henson
c7474d077b
Ignore zero length constructed segments.
2006-01-31 18:36:29 +00:00
Nils Larsch
8c5a2bd6bb
add additional checks + cleanup
...
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Dr. Stephen Henson
25a58453ff
Fixes for BOOL handling: produce errors for invalid string for mini-compiler,
...
correctly encode FALSE for BOOL in ASN1_TYPE.
2006-01-19 17:16:56 +00:00
Nils Larsch
802d7fa6d5
support numeric strings in ASN1_generate_nconf
2006-01-14 09:21:33 +00:00
Bodo Möller
51eb1b81f6
Avoid contradictive error code assignments.
...
"make errors".
2006-01-08 21:54:24 +00:00
Bodo Möller
739a543ea8
Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)
2006-01-08 19:42:30 +00:00
Dr. Stephen Henson
9ee0f7b7e0
In ASN1_parse() show tag value for ASN1 tags > 30.
2006-01-03 14:20:07 +00:00
Dr. Stephen Henson
9cbf062a70
Update from stable branch.
2005-12-05 00:53:36 +00:00
Dr. Stephen Henson
452ae49db5
Extensive OID code enhancement and fixes.
2005-11-20 13:07:47 +00:00
Dr. Stephen Henson
8265328def
Oops :-)
2005-10-02 12:41:11 +00:00
Dr. Stephen Henson
09b6c2ef15
Make OPENSSL_NO_COMP compile again.
2005-09-30 23:35:33 +00:00
Andy Polyakov
7a06050cd3
"Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups.
...
PR: 1196
Submitted by: Russel Ruby
2005-09-20 20:19:07 +00:00
Dr. Stephen Henson
270da80bfa
Fix for Win32.
2005-09-16 11:45:55 +00:00
Dr. Stephen Henson
2a45408c4a
Update print macro properly this time...
2005-09-03 00:49:26 +00:00
Dr. Stephen Henson
9e201014f8
Update ASN1 print implement macro.
2005-09-03 00:48:13 +00:00
Dr. Stephen Henson
0c072a0b46
Update asn1t.h too for ASN1 print.
2005-09-03 00:44:08 +00:00
Dr. Stephen Henson
c11c64fbe0
Update to ASN1 printing code.
2005-09-03 00:40:40 +00:00
Dr. Stephen Henson
244847591f
Extend callback function to support print customization.
2005-09-01 20:42:52 +00:00
Dr. Stephen Henson
5abe32d861
Return 2 from X509_NAME printing routine to add newline.
2005-09-01 18:02:51 +00:00
Dr. Stephen Henson
9194296de8
Update ASN1 printing code and add a -print option to 'pkcs7' utility for
...
initial testing.
2005-09-01 18:00:56 +00:00
Dr. Stephen Henson
1ef7acfe92
Initial support for ASN1 print code.
...
WARNING WARNING WARNING, experimental code, handle with care, use at
your own risk, may contain nuts.
2005-09-01 13:59:16 +00:00
Nils Larsch
8215e7a938
fix warnings when building openssl with the following compiler options:
...
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused
-Wno-unused-parameter -Wuninitialized
2005-08-28 22:49:57 +00:00
Ben Laurie
bf3d6c0c9b
Make D-H safer, include well-known primes.
2005-08-21 16:00:17 +00:00
Dr. Stephen Henson
6b80c20bdb
Use correct date and filename.
2005-08-21 12:25:52 +00:00
Dr. Stephen Henson
2e8879fa6e
Delete old ASN1_METHOD files.
2005-08-20 19:48:58 +00:00
Dr. Stephen Henson
f5a07779dd
Add file which includes new ASN1 NETSCAPE format for certificates.
2005-08-20 19:46:52 +00:00
Dr. Stephen Henson
45e2738585
Remove ASN1_METHOD code replace with new ASN1 alternative.
2005-08-20 18:12:45 +00:00
Dr. Stephen Henson
b173acfc96
New version of ASN1 print code, still not compiled in though.
2005-08-20 00:08:29 +00:00
Nils Larsch
01039d0bff
remove unused variable
2005-07-27 20:20:53 +00:00
Nils Larsch
c755c5fd8b
improved error checking and some fixes
...
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 21:10:34 +00:00
Dr. Stephen Henson
5c8e9139d1
Handle case where it==NULL
2005-07-26 12:25:06 +00:00
Dr. Stephen Henson
56defd9a98
Update ASN1 printing code. Highly experimental, not working properly (neither
...
did the old code) and not compiled in yet...
2005-07-26 11:46:23 +00:00
Nils Larsch
3eeaab4bed
make
...
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
2005-07-16 12:37:36 +00:00
Nils Larsch
67ffa18cce
make the type parameter const when ID2_OF_const() is used
2005-05-18 22:30:38 +00:00
Andy Polyakov
53d8996764
Engage Applink for VC builds.
2005-05-17 16:50:46 +00:00
Andy Polyakov
25a66ee3cb
Move cryptlib.h prior bio.h. Actually it makes sense to include cryptlib.h
...
first everywhere in crypto and skip stdio.h and string.h [because it
includes them].
2005-05-17 00:01:48 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341
ecc api cleanup; summary:
...
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
fe86616c72
Some C compilers produce warnings or compilation errors if an attempt
...
is made to directly cast a function of one type to what it considers and
incompatible type. In particular gcc 3.4.2.
Add new openssl_fcast macro to place functions into a form where the compiler
will allow them to be cast.
The current version achives this by casting to: void function(void).
2005-05-12 23:01:44 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Nils Larsch
8b15c74018
give EC_GROUP_new_by_nid a more meanigful name:
...
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Bodo Möller
fbeaa3c47d
Update util/ck_errf.pl script, and have it run automatically
...
during "make errors" and thus during "make update".
Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
2005-05-09 00:27:37 +00:00
Nils Larsch
7dc17a6cf0
give EC_GROUP_*_nid functions a more meaningful name
...
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
EC_GROUP_set_nid -> EC_GROUP_set_curve_name
2005-05-08 22:09:12 +00:00
Dr. Stephen Henson
98a2fd32a0
Typo.
2005-04-30 18:07:30 +00:00
Dr. Stephen Henson
7bdeeb64ac
Don't attempt to parse nested ASN1 strings by default.
2005-04-30 18:02:54 +00:00
Dr. Stephen Henson
e1cc0671ac
Use more efficient way to locate end of an ASN1 structure.
2005-04-30 13:06:45 +00:00
Dr. Stephen Henson
2deadf1672
Port from stable branch.
2005-04-26 23:21:49 +00:00
Bodo Möller
aa4ce7315f
Fix various incorrect error function codes.
...
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Nils Larsch
9edf4e8157
make asn.1 field names const
2005-04-23 13:45:49 +00:00
Nils Larsch
ff22e913a3
- use BN_set_negative and BN_is_negative instead of BN_set_sign
...
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
2c45bf2bc9
Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts.
...
Remove more bogus shadow warnings.
2005-04-20 21:48:06 +00:00
Richard Levitte
254cfe878e
signed vs. unsigned.
2005-04-20 13:12:33 +00:00
Richard Levitte
22c3600e4c
Resolve signed vs. unsigned.
2005-04-20 12:55:15 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Nils Larsch
f763e0b5ae
make sure error queue is totally emptied
...
PR: 359
2005-04-07 22:53:35 +00:00
Nils Larsch
70f34a5841
some const fixes and cleanup
2005-04-05 10:29:43 +00:00
Ben Laurie
8bb826ee53
Consistency.
2005-03-31 13:57:54 +00:00
Ben Laurie
45d10efc35
Simplicate and add lightness.
2005-03-31 10:55:55 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Ben Laurie
0821bcd4de
Constification.
2005-03-30 10:26:02 +00:00
Richard Levitte
bf746f0f46
Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
...
cause a segfault... This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
2005-01-27 01:49:25 +00:00
Richard Levitte
a229e3038e
Get rid if the annoying warning
2005-01-27 01:47:31 +00:00
Dr. Stephen Henson
5e8904f289
Remove duplicate lines.
2004-12-12 13:15:49 +00:00
Dr. Stephen Henson
c162b132eb
Automatically mark the CRL cached encoding as invalid when some operations
...
are performed.
2004-12-09 13:35:06 +00:00
Dr. Stephen Henson
a0e7c8eede
Add lots of checks for memory allocation failure, error codes to indicate
...
failure and freeing up memory if a failure occurs.
PR:620
2004-12-05 01:03:15 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Dr. Stephen Henson
2f605e8d24
Fix race condition when CRL checking is enabled.
2004-10-04 16:30:12 +00:00
Dr. Stephen Henson
bd9327baa9
Change values of MBSTRING_* to the form MBSTRING_FLAG|nbyte as assumed
...
in ASN1_STRING_to_UTF8().
2004-09-13 22:33:56 +00:00
Dr. Stephen Henson
e08aad1d14
Make ASN1_INTEGER_cmp() work as expected with negative integers.
2004-08-10 17:40:14 +00:00
Dr. Stephen Henson
c39c32dd65
PKCS#8 fixes from stable branch.
2004-07-04 16:44:52 +00:00
Geoff Thorpe
9c52d2cc75
After the latest round of header-hacking, regenerate the dependencies in
...
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
0f814687b9
Deprecate the recursive includes of bn.h from various API headers (asn1.h,
...
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Dr. Stephen Henson
bd1640bb01
Make ASN1 code work again...
2004-04-27 18:33:40 +00:00
Dr. Stephen Henson
f3f52d7f45
More ASN1 reformat/tidy.
2004-04-25 12:46:39 +00:00
Dr. Stephen Henson
8845420f4e
Reformat/tidy some of the ASN1 code.
2004-04-24 17:02:48 +00:00
Geoff Thorpe
c57bc2dc51
make update
2004-04-19 18:33:41 +00:00
Geoff Thorpe
60a938c6bc
(oops) Apologies all, that last header-cleanup commit was from the wrong
...
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Dr. Stephen Henson
e07d3a021d
Remove obsolete files.
2004-03-28 12:29:05 +00:00
Dr. Stephen Henson
6446e0c3c8
Extend OID config module format.
2004-03-27 13:30:14 +00:00
Dr. Stephen Henson
4acc3e907d
Initial support for certificate policy checking and evaluation.
...
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
2004-03-23 14:14:35 +00:00
Richard Levitte
875a644a90
Constify d2i, s2i, c2i and r2i functions and other associated
...
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Dr. Stephen Henson
5fa5eb71a4
Cleanup ASN1 OID module when it exits.
2004-03-05 23:47:56 +00:00
Richard Levitte
87203dc99a
Avoid signed vs. unsigned warnings (which are treated like errors on
...
Windows).
2004-01-27 01:16:38 +00:00
Richard Levitte
79b42e7654
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d
Use BUF_strlcpy() instead of strcpy().
...
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Geoff Thorpe
f7a397cc8d
Avoid possible memory leaks in error-handling.
...
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-10 18:05:22 +00:00
Dr. Stephen Henson
cd2e8a6f2d
Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
2003-11-10 01:37:23 +00:00
Geoff Thorpe
aca95e0b2f
Remove a line that was causing redundant declarations.
...
Obtained from: Stephen Henson <steve@openssl.org>
2003-10-29 22:55:19 +00:00
Geoff Thorpe
2754597013
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
...
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Dr. Stephen Henson
2990244980
ASN1 parse fix and release file changes.
2003-09-30 16:47:33 +00:00
Dr. Stephen Henson
510dc1ecd0
outlen should be int * in out_utf8.
2003-08-21 12:32:12 +00:00
Richard Levitte
83743ad039
Fix sign bugs.
...
PR: 621
2003-05-21 14:29:13 +00:00
Dr. Stephen Henson
727ef76ebd
Add correct DN entry for serialNumber.
2003-05-07 23:20:58 +00:00
Dr. Stephen Henson
0b1c00abeb
Typo.
2003-04-10 00:04:02 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
536b73e78e
Make sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA.
2003-03-20 23:16:45 +00:00
Dr. Stephen Henson
ea3675b5b6
New ASN1 macros to just implement and declare the new and free functions
...
and changes to mkdef.pl so it recognises them.
Use these in policyMappings extension.
2003-03-20 17:58:33 +00:00
Dr. Stephen Henson
e6539fe22d
Add entry for domainComponent so it is treated correctly.
...
Add table order test to end of a_strnid.c
2003-03-14 01:44:42 +00:00
Dr. Stephen Henson
e9ec63961b
Fix indefinite length encoding so EOC correctly updates
...
the buffer pointer.
Rename PKCS7_PARTSIGN to PKCS7_STREAM.
Guess what that's for :-)
2003-02-25 19:03:31 +00:00
Bodo Möller
62e3163b1b
ECPublicKey_set_octet_string and ECPublicKey_get_octet_string
...
behaviour was not quite consistent with the conventions
for d2i and i2d functions as far as handling of the 'out'
or 'in' pointer is concerned.
This patch changes this behaviour, and renames the functions to
o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the
external encoding is just a raw object string without any DER icing).
Submitted by: Nils Larsch
2003-02-21 13:58:23 +00:00
Dr. Stephen Henson
8214e74f76
Ooops forgot to recognise V_ASN1_GENERALSTRING.
2003-02-20 17:13:21 +00:00
Dr. Stephen Henson
988e8458ad
Typo.
2003-02-18 12:46:47 +00:00
Dr. Stephen Henson
a8f5b2ed50
GeneralString support in mini-ASN1 compiler
2003-02-11 14:06:27 +00:00
Bodo Möller
9048c7245b
For ecdsa-with-SHA1, as for id-dsa-with-sha1, omit 'parameters'
...
in AlgorithmIdentifier
Submitted by: Nils Larsch
2003-01-24 21:43:08 +00:00
Dr. Stephen Henson
d3b5cb5343
Check return value of gmtime() and add error codes
...
where it fails in ASN1_TIME_set().
Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.
Clear error queue in req.c if *_min or *_max is absent.
2003-01-24 01:12:01 +00:00
Richard Levitte
7eed0fc041
Make sure the last character of the ASN.1 time string (the 'Z') is copied.
...
PR: 429
2003-01-01 03:40:59 +00:00
Richard Levitte
5e42f9ab46
make update
2002-12-29 01:38:15 +00:00
Andy Polyakov
bbf8198feb
Workaround for GCC-ia64 compiler bug.
...
Submitted by: <appro>
Reviewed by:
PR:
2002-12-06 17:18:10 +00:00
Bodo Möller
7e8c30b589
In ECPKParameters_print, output the private key length correctly
...
(length of the order of the group, not length of the actual key, which
will be shorter in some cases).
Submitted by: Nils Larsch
2002-12-04 17:43:01 +00:00
Dr. Stephen Henson
716b2079dc
Make ASN1_TYPE_get() work for V_ASN1_NULL type.
2002-12-04 00:49:46 +00:00
Dr. Stephen Henson
2053c43de2
In asn1_d2i_read_bio, don't assume BIO_read will
...
return the requested number of bytes when reading
content.
2002-12-03 23:50:59 +00:00
Richard Levitte
4579924b7e
Cleanse memory using the new OPENSSL_cleanse() function.
...
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
406c6f6962
Extra ; removed.
2002-11-27 13:40:11 +00:00
Richard Levitte
711f1a3c26
Add the ASN.1 structures and functions for CertificatePair, which is
...
defined as follows (according to X.509_4thEditionDraftV6.pdf):
CertificatePair ::= SEQUENCE {
forward [0] Certificate OPTIONAL,
reverse [1] Certificate OPTIONAL,
-- at least one of the pair shall be present -- }
The only thing I'm not sure about is if it's implicit or explicit tags
that I should count on. For now, I'm thinking explicit, but will
gladly stand corrected.
Also implement the PEM functions to read and write certificate pairs,
and defined the PEM tag as "CERTIFICATE PAIR".
This needed to be defined, mostly for the sake of the LDAP attribute
crossCertificatePair, but may prove useful elsewhere as well.
2002-11-18 23:54:27 +00:00
Dr. Stephen Henson
d78254aa28
Add SETWRAP modifier to ASN1 generate.
2002-11-15 00:26:07 +00:00
Bodo Möller
555d75252a
use new BIO_indent() function here as well
...
Submitted by: Nils Larsch
2002-11-14 10:56:59 +00:00
Richard Levitte
3f083ef0eb
free() -> OPENSSL_free()
2002-11-13 20:25:47 +00:00
Richard Levitte
c112323dd5
This didn't get to the 0.9.8-dev thread...
2002-11-13 18:09:27 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Ben Laurie
eb43641dd3
Fix warnings, makefile cockup.
2002-11-13 11:59:48 +00:00
Dr. Stephen Henson
7fb8d254fe
Only accept exact match for modifier or tag name
2002-11-13 00:57:41 +00:00
Dr. Stephen Henson
9ea1b87862
Initial ASN1 generation code. This can construct
...
arbitrary encodings from strings and config files.
Documentation to follow...
2002-11-12 13:34:51 +00:00
Dr. Stephen Henson
38c7271a39
Check for NULL ASN1_ITEM when initializeing
...
boolean option in ASN1_TYPE.
2002-11-05 13:48:33 +00:00
Bodo Möller
b53e44e572
implement and use new macros BN_get_sign(), BN_set_sign()
...
Submitted by: Nils Larsch
2002-11-04 13:17:22 +00:00
Richard Levitte
ffd418f217
In my extreme debug mode, gcc complains that 'static' doesn't come
...
first.
2002-10-20 20:38:18 +00:00
Richard Levitte
677532629d
makedepend complains when a header file is included more than once in
...
the same source file.
2002-10-14 10:02:36 +00:00
Richard Levitte
001ab3abad
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Dr. Stephen Henson
74e3931f84
Various Win32 fixes.
...
Resolve signed/unsigned conflicts
Make dso_win32.c compile.
2002-10-06 12:14:55 +00:00
Dr. Stephen Henson
12dadc555f
Oops, remove old comment out debugging printf...
2002-10-06 12:10:35 +00:00
Richard Levitte
12f27bd414
Please do not use C++ comments in C code.
2002-10-06 00:33:23 +00:00
Dr. Stephen Henson
9a48b07ee4
Various enhancements to PKCS#12 code, new
...
medium level API, improved PKCS12_create
and additional functionality in pkcs12
utility.
2002-10-03 23:53:52 +00:00
Dr. Stephen Henson
230fd6b7b6
Preliminary streaming ASN1 encode support.
2002-10-03 12:38:52 +00:00
Dr. Stephen Henson
b499ed06d2
Fix ASN1_STRING_to_UTF8: remove non sensical !*out test.
2002-08-30 17:18:22 +00:00
Bodo Möller
34f1f2a81c
less specific interface for EC_GROUP_get_basis_type
...
Submitted by: Nils Larsch, Bodo Moeller
2002-08-26 18:08:53 +00:00
Bodo Möller
7e31164ae0
ASN1 for binary curves
...
Submitted by: Nils Larsch
2002-08-26 11:25:54 +00:00
Dr. Stephen Henson
41ab00bedf
Reinstate the check for invalid length BIT STRINGS,
...
which was effectively bypassed in the ASN1 changed.
2002-08-23 00:02:11 +00:00
Dr. Stephen Henson
fc85ac20c7
Make -nameopt work in req and add support for -reqopt
2002-08-22 23:43:48 +00:00
Bodo Möller
74cc4903ef
make update
2002-08-09 12:16:15 +00:00
Bodo Möller
60cc56b1a9
add field type to text output
...
don't print seed value as a number (leading zeros must not be removed)
Submitted by: Nils Larsch
2002-08-09 10:44:44 +00:00
Bodo Möller
e172d60ddb
Add ECDH support.
...
Additional changes:
- use EC_GROUP_get_degree() in apps/req.c
- add ECDSA and ECDH to apps/speed.c
- adds support for EC curves over binary fields to ECDSA
- new function EC_KEY_up_ref() in crypto/ec/ec_key.c
- reorganize crypto/ecdsa/ecdsatest.c
- add engine support for ECDH
- fix a few bugs in ECDSA engine support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
2002-08-09 08:43:04 +00:00
Bodo Möller
14a7cfb32a
use a generic EC_KEY structure (EC keys are not ECDSA specific)
...
Submitted by: Nils Larsch
2002-08-07 10:49:54 +00:00
Dr. Stephen Henson
aaa384ca1a
Fix typo
2002-08-02 18:58:33 +00:00
Dr. Stephen Henson
f908226898
Fix the ASN1 sanity check: correct header length
...
calculation and check overflow against LONG_MAX.
2002-08-02 18:48:55 +00:00
Lutz Jänicke
c046fffa16
OpenSSL Security Advisory [30 July 2002]
...
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
2002-07-30 13:04:04 +00:00
Lutz Jänicke
3aecef7697
"make update"
2002-07-30 12:44:33 +00:00
Bodo Möller
5dbd3efce7
Replace 'ecdsaparam' commandline utility by 'ecparam'
...
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Bodo Möller
ea4f109c99
AES cipher suites are now official (RFC3268)
2002-07-04 08:51:09 +00:00
Richard Levitte
17085b022c
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Bodo Möller
9ae08a9c04
Make sure buffers are large enough even for weird parameters
...
Submitted by: Nils Larsch
2002-06-26 14:28:41 +00:00
Bodo Möller
5f3d6f70f6
Implement handling of EC parameter seeds (new functions
...
EC_GROUP_set_seed(), EC_GROUP_get0_seed(), EC_GROUP_get_seed_len()).
New functions ECPKParameters_print(), ECPKParameters_print_fp().
Submitted by: Nils Larsch
2002-06-18 08:38:59 +00:00
Lutz Jänicke
65ee74fbc7
Some more prototype fixes.
...
Use DECLARE macros in asn1* instead of direct declaration.
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by:
PR: 89
2002-06-14 19:01:52 +00:00
Richard Levitte
451dc18f10
Add support for DJGPP.
...
PR: 75
2002-06-13 20:42:35 +00:00
Lutz Jänicke
40889b9cd3
Add missing prototypes.
...
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
PR: 89
2002-06-13 17:40:27 +00:00
Bodo Möller
254ef80db1
simplify asn1_flag
...
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2002-06-12 14:01:17 +00:00
Ben Laurie
25ace3ed25
Fix warnings.
2002-06-11 12:03:51 +00:00
Bodo Möller
458c29175e
move ECC ASN1 that is not specific to ECDSA into crypto/ec/,
...
and make some appropriate changes to the EC library.
Submitted by: Nils Larsch
2002-06-10 12:18:21 +00:00
Richard Levitte
b6fc2386f0
It's not good to have a pointer point at something in an inner block.
...
PR: 66
2002-06-05 13:47:29 +00:00
Richard Levitte
9cdf87f194
Check the return values where memory allocation failures may happen.
...
PR: 49
2002-05-30 16:47:45 +00:00
Bodo Möller
6cbe638294
New functions EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex(), EC_POINT_hex2point()
...
Submitted by: Nils Larsch
2002-05-30 13:16:03 +00:00
Dr. Stephen Henson
08241a5814
Make i2c_ASN1_BIT_STRING return the correct length.
2002-05-29 23:14:01 +00:00
Dr. Stephen Henson
0fccb00b5b
Add missing EVP_CIPHER_CTX_init call.
2002-05-18 23:43:10 +00:00
Bodo Möller
8df61b5011
Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
...
encoded as NULL) with id-dsa-with-sha1.
Submitted by: Nils Larsch
2002-04-26 08:28:34 +00:00
Richard Levitte
2d7ab7e9ea
Do not free p if it hasn't been used yet.
...
Notified by Bernd Matthes <bernd.matthes@gemplus.com>
2002-04-20 10:19:20 +00:00
Bodo Möller
b975183c41
ECDSA representation bugfixes
...
Submitted by: Nils Larsch
2002-04-12 08:57:01 +00:00
Bodo Möller
d0561b5c2d
fix ECDSA handling
...
Submitted by: Nils Larsch
2002-04-09 12:01:21 +00:00
Bodo Möller
690ecff795
Fixes for 'no-hw' combined with 'no-SOME_CIPHER'.
...
Fix dsaparam usage output.
Submitted by: Nils Larsch
2002-03-14 09:52:03 +00:00
Dr. Stephen Henson
0b4c91c0fc
Fix various warnings when compiling with KRB5 code.
2002-03-12 02:59:37 +00:00
Bodo Möller
4882171df5
EC curve stuff
...
Submitted by: Nils Larsch
2002-03-08 11:10:40 +00:00
Dr. Stephen Henson
3208ff58ca
make errors
2002-02-22 21:17:31 +00:00
Dr. Stephen Henson
6707d22a40
Update from stable branch.
2002-02-22 14:07:35 +00:00
Bodo Möller
4d94ae00d5
ECDSA support
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Richard Levitte
b9a3ef4c6e
ASN1_BIT_STRING_set_bit() didn't clear previously set bits
2002-02-03 21:31:41 +00:00
Lutz Jänicke
866eedb936
Shut up compiler warnings for inconsistent declarations.
2002-01-29 17:14:50 +00:00
Ben Laurie
9dd5ae6553
Constification, add config to /dev/crypto.
2002-01-18 16:51:05 +00:00
Dr. Stephen Henson
bc37d996fc
Experimental configuration code.
...
Incomplete, largely untested and subject to change/deletion.
2002-01-05 01:37:16 +00:00
Bodo Möller
4d7072f4b5
remove redundant ERR_load_... declarations
2001-12-17 19:22:23 +00:00
Dr. Stephen Henson
322de0c8c1
NO_DSA, NO_RSA patches.
2001-12-01 22:41:39 +00:00
Richard Levitte
b476df64a1
make update
...
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Bodo Möller
b955dbd325
cast to 'unsigned long' before using ~ if we need an unsigned long result
...
Submitted by: "Stefan Marxen" <stefan.marxen@gmx.net>
2001-11-09 12:58:05 +00:00
Dr. Stephen Henson
581f1c8494
Modify EVP cipher behaviour in a similar way
...
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Dr. Stephen Henson
20d2186c87
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
...
with existing code.
Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Richard Levitte
f8000b9345
'make update'
2001-10-04 07:49:09 +00:00
Richard Levitte
2aa9043ad3
Because there's chances we clash with the system's types.h, rename our
...
types.h to ossl_typ.h.
2001-10-04 07:32:46 +00:00
Dr. Stephen Henson
d46c1a8126
Support fractional seconds in GeneralizedTime
2001-09-28 00:44:44 +00:00
Geoff Thorpe
79aa04ef27
Make the necessary changes to work with the recent "ex_data" overhaul.
...
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Geoff Thorpe
ceff5fec5a
gcc can't spot that 'derlst' is not used uninitialised, so appease it.
2001-08-26 21:04:21 +00:00
Geoff Thorpe
b7727ee616
The indexes returned by ***_get_ex_new_index() functions are used when
...
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
2001-08-12 16:52:00 +00:00
Ben Laurie
d66ace9da5
Start to reduce some of the header bloat.
2001-08-05 18:02:16 +00:00
Ben Laurie
bb2297a41d
Header bloat reduction for EVP_PKEY.
2001-08-03 18:48:35 +00:00
Richard Levitte
710e5d5639
make update
2001-07-31 17:07:24 +00:00
Richard Levitte
dbfc0f8c2b
Vade retro C++ comments!
...
(Latin for "comments", anyone?)
2001-07-31 09:15:52 +00:00
Ben Laurie
dbad169019
Really add the EVP and all of the DES changes.
2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
1241126adf
More linker bloat reorganisation:
...
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.
Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.
Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.
Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.
So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Richard Levitte
2a1ef75435
Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in
...
SSL according to RFC 2712. His comment is:
This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication. I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week. The full kit includes patches
for mod-ssl, apache, and a few text clients. The sourceforge URL
is http://sourceforge.net/projects/kssl/ .
Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct. I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field. I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
2001-07-09 21:46:58 +00:00
Dr. Stephen Henson
9d2e51c199
Another empty X509_NAME fix.
2001-06-26 12:39:22 +00:00
Dr. Stephen Henson
1e325f6149
Handle empty X509_NAME in printing routines.
2001-06-26 12:04:35 +00:00
Dr. Stephen Henson
323f289c48
Change all calls to low level digest routines in the library and
...
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().
Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Richard Levitte
b7fe2f9675
cp is only used when DSA is built.
2001-06-19 16:40:36 +00:00
Dr. Stephen Henson
f2a253e0dd
Add support for MS CSP Name PKCS#12 attribute.
2001-06-11 00:43:20 +00:00
Richard Levitte
2b49dd1e8f
'make update'
2001-06-05 20:32:36 +00:00
Richard Levitte
b8e35bd66e
New internal function OPENSSL_gmtime, which is intended to do the same
...
as gmtime_r() on the systems where that is defined.
2001-05-16 08:44:09 +00:00
Dr. Stephen Henson
c962479bdf
Fix ASN1 bug when decoding OTHER type.
...
Various S/MIME DSA related fixes.
2001-04-21 12:06:01 +00:00
Ben Laurie
4f19a0672b
Fix warning.
2001-04-16 03:00:57 +00:00
Bodo Möller
83d968df60
Don't use 'tt' uninitialized when reporting an error
...
(we don't have an ASN1_TEMPLATE to complain about at this stage,
so errtt == NULL should be OK)
2001-04-05 11:40:16 +00:00
Dr. Stephen Henson
722ca2781c
Rewrite CHOICE field setting code to properly handle
...
combine in CHOICE options.
This was causing d2i_DSAPublicKey() to misbehave.
2001-04-02 00:59:19 +00:00
Dr. Stephen Henson
535d79da63
Overhaul the display of certificate details in
...
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.
This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
2001-03-15 19:13:40 +00:00
Dr. Stephen Henson
0a3ea5d34a
Document the -certopt option to the x509 utility.
...
Add no_issuer option.
Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.
2001-03-15 01:15:54 +00:00
Bodo Möller
4e20b1a656
Instead of telling both 'make' and the user that ranlib
...
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Bodo Möller
4f98cbabde
avoid compiler warning
2001-03-08 14:02:28 +00:00
Bodo Möller
4de633dd5f
Get rid of '#define ERR_file_name __FILE__', which is unnecessary indirection.
...
(It cannot possibly help to avoid duplicate 'name of file' strings
in object files because the preprocessor does not work at object file
level.)
2001-03-08 11:45:44 +00:00
Bodo Möller
bad4058574
New option '-subj arg' for 'openssl req' and 'openssl ca'. This
...
sets the subject name for a new request or supersedes the
subject name in a given request.
Add options '-batch' and '-verbose' to 'openssl req'.
Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller
2001-03-05 11:09:43 +00:00
Richard Levitte
62dc5aad06
Introduce the possibility to access global variables through
...
functions on platform were that's the best way to handle exporting
global variables in shared libraries. To enable this functionality,
one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
"OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
is normally done by Configure or something similar).
To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
in the source file (foo.c) like this:
OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
OPENSSL_IMPLEMENT_GLOBAL(double,bar);
To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
OPENSSL_DECLARE_GLOBAL(int,foo);
#define foo OPENSSL_GLOBAL_REF(foo)
OPENSSL_DECLARE_GLOBAL(double,bar);
#define bar OPENSSL_GLOBAL_REF(bar)
The #defines are very important, and therefore so is including the
header file everywere where the defined globals are used.
The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
of ASN.1 items, but that structure is a bt different.
The largest change is in util/mkdef.pl which has been enhanced with
better and easier to understand logic to choose which symbols should
go into the Windows .def files as well as a number of fixes and code
cleanup (among others, algorithm keywords are now sorted
lexicographically to avoid constant rewrites).
2001-03-02 10:38:19 +00:00
Richard Levitte
d88a26c489
make update
...
Note that all *_it variables are suddenly non-existant according to
libeay.num. This is a bug that will be corrected. Please be patient.
2001-02-26 10:54:08 +00:00
Dr. Stephen Henson
b31cc2d9f7
Trap an invalid ASN1_ITEM construction and print out
...
the errant field for more ASN1 error conditions.
2001-02-25 14:11:31 +00:00
Dr. Stephen Henson
4ff18c8c3e
Print out OID of unknown signature or public key
...
algorithms.
2001-02-24 01:42:21 +00:00
Dr. Stephen Henson
d339187b1a
Get rid of ASN1_ITEM_FUNCTIONS dummy function
...
prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;
2001-02-23 12:47:06 +00:00
Dr. Stephen Henson
bb5ea36b96
Initial support for ASN1_ITEM_FUNCTION option to
...
change the way ASN1 modules are exported.
Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
2001-02-23 03:16:09 +00:00
Richard Levitte
41d2a336ee
e_os.h does not belong with the exported headers. Do not put it there
...
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
c38171ba1f
Exported header files should not include e_os.h.
2001-02-22 14:27:22 +00:00
Dr. Stephen Henson
72e3c20c14
Rebuild ASN1 error codes to remove unused function and reason codes.
2001-02-22 00:39:06 +00:00
Geoff Thorpe
47ddf355b4
'make update'
2001-02-21 17:43:52 +00:00
Richard Levitte
a9daa46758
Include string.h so mem*() functions get properly declared.
2001-02-20 13:41:11 +00:00
Richard Levitte
7ab1a39181
Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS
...
get a chance to be defined.
2001-02-20 13:22:35 +00:00
Richard Levitte
d8770f3ece
Include string.h so mem* functions get properly declared.
2001-02-20 12:51:56 +00:00
Richard Levitte
3ebac273f5
Include string.h so mem* functions get properly declared.
2001-02-20 12:43:11 +00:00
Richard Levitte
bc36ee6227
Use new-style system-id macros everywhere possible. I hope I haven't
...
missed any.
This compiles and runs on Linux, and external applications have no
problems with it. The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Richard Levitte
cf1b7d9664
Make all configuration macros available for application by making
...
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
a6b7ffddac
New options to 'ca' utility to support CRL entry extensions.
...
Add revelant new X509V3 extensions.
Add OIDs.
Fix ASN1 memory leak code to pop info if external allocation used.
2001-02-16 01:35:44 +00:00
Dr. Stephen Henson
ccb08f98ae
Fix CRL printing to correctly show when there are no revoked certificates.
...
Make ca.c correctly initialize the revocation date.
Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
2001-02-10 00:56:45 +00:00
Dr. Stephen Henson
c063f2c5ec
Various Win32 related fixed. Make no-krb5 work in mkdef.pl .
...
Fix warning in apps/engine.c
Remove definitions of deleted functions.
Add missing definition of X509_VAL.
2001-02-09 18:16:12 +00:00
Bodo Möller
448361a86c
Include string.h (whis is in all relevant standards) instead of
...
memory.h (which is not).
2001-02-05 09:07:50 +00:00
Ben Laurie
4978361212
Make depend.
2001-02-04 21:06:55 +00:00
Ben Laurie
1b843d3c69
Fix a warning.
2001-02-04 21:01:32 +00:00
Dr. Stephen Henson
2b916952a8
Fix ASN1_TIME_to_generlizedtime().
...
Add protoype for OCSP_response_create().
Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
2001-02-04 03:04:43 +00:00
Dr. Stephen Henson
02e4fbed3d
Various OCSP responder utility functions.
...
Delete obsolete OCSP functions.
Largely untested at present...
2001-02-03 19:20:45 +00:00
Dr. Stephen Henson
88ce56f8c1
Various function for commmon operations.
2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
a43cf9fae9
Add debugging info to new ASN1 code to trace memory leaks.
...
Fix PKCS7 and PKCS12 memory leaks.
Initialise encapsulated content type properly.
2001-01-24 18:39:54 +00:00
Dr. Stephen Henson
8e8972bb68
Fixes to various ASN1_INTEGER routines for negative case.
...
Enhance s2i_ASN1_INTEGER().
2001-01-19 14:21:48 +00:00
Dr. Stephen Henson
adf87b2df5
Fix typo in OCSP ASN1 module, this caused
...
invalid format in OCSP request signatures.
Add spaces to OCSP HTTP header.
Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.
2001-01-11 23:24:28 +00:00
Dr. Stephen Henson
a8312c0e24
Fix typo in OCSP nonce extension.
...
Set correct type in ASN1_STRING for
INTEGER and ENUMERATED types.
Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
return -1 for invalid type rather than 0 (which is
often valid). -1 may also be valid but this is less
likely.
Load OCSP error strings in ERR_load_crypto_strings().
2001-01-04 19:53:48 +00:00
Dr. Stephen Henson
bf0d176e48
Update OCSP API.
...
Remove extensions argument from various functions
because it is not needed with the new extension
code.
New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.
New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.
Fix typo in CRL distribution points extension.
Fix ASN1 code so it adds a final null to constructed
strings.
2001-01-04 01:46:36 +00:00
Richard Levitte
e102a3dcfd
Since asn1.h gets included recursively from many places, the easiest
...
is to have asn1.h include e_os.h and e_os2.h. Of course, this makes
the unofficial "non-export" status of e_os.h a bit delicate...
2000-12-31 01:18:50 +00:00
Dr. Stephen Henson
ecbe07817a
Rewrite PKCS#12 code and remove some of the old
...
horrible macros.
Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
2000-12-31 01:13:04 +00:00
Richard Levitte
26da3e65ac
If OPENSSL_BUILD_SHLIBCRYPTO (for files that end up as libcrypto
...
objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl
objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT.
This is actually only important on Win32, and can safely be ignored in
all other cases, at least for now.
2000-12-31 00:23:17 +00:00
Dr. Stephen Henson
4e1209ebf8
ASN1_ITEM versions of ASN1_d2i_{fp, bio} and replacement of
...
most of the old wrappers. A few of the old versions remain
because they are non standard and the corresponding ASN1
code has not been reimplemented yet.
2000-12-30 02:40:26 +00:00
Dr. Stephen Henson
f86c5c9ac7
ASN1_ITEM version of ASN1_dup(). Might want
...
something more efficient later...
2000-12-28 22:41:46 +00:00
Dr. Stephen Henson
73e92de577
Add NO_ASN1_OLD to remove some old style functions:
...
currently OpenSSL itself wont compile with this set
because some old style stuff remains.
Change old functions X509_sign(), X509_verify() etc
to use new item based functions.
Replace OCSP function declarations with DECLARE macros.
2000-12-28 22:24:50 +00:00
Dr. Stephen Henson
09ab755c55
ASN1_ITEM versions of sign, verify, pack and unpack.
...
The old function pointer versions will eventually go
away.
2000-12-28 19:18:48 +00:00
Dr. Stephen Henson
3c07b4c2ee
Various Win32 related fixes. Doesn't compile yet on
...
Win32 but it is getting there...
Update mkdef.pl to handle ASN1_ANY and fix headers.
Stop various VC++ warnings.
Include some fixes from "Peter 'Luna' Runestig"
<peter@runestig.com>
Remove external declaration for des_set_weak_key_flag:
it doesn't exist.
2000-12-21 01:38:55 +00:00
Dr. Stephen Henson
2c15d426b9
New function X509V3_extensions_print() this removes extension duplication
...
from the print routines.
Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.
Implement some ASN1 functions needed to compile OCSP code.
2000-12-14 18:42:28 +00:00
Dr. Stephen Henson
de487514ae
New function X509_signature_print() to remove some duplicate
...
code from certificate, CRL and request printing routines.
2000-12-14 00:53:10 +00:00
Dr. Stephen Henson
06db4253e2
Change the PKCS7 structure to use SEQUENCE OF for the
...
authenticated attributes: this is used to retain the
original encoding and not break signatures.
Support for a SET OF which reorders the STACK when
encoding a structure. This will be used with the
PKCS7 code.
2000-12-13 23:54:30 +00:00
Richard Levitte
8d28d5f81b
Constification of the data of a hash table. This means the callback
...
functions need to be constified, and therefore meant a number of easy
changes a little everywhere.
Now, if someone could explain to me why OBJ_dup() cheats...
2000-12-13 17:15:03 +00:00
Dr. Stephen Henson
9d6b1ce644
Merge from the ASN1 branch of new ASN1 code
...
to main trunk.
Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00
Richard Levitte
0cc1115643
Make sure bs is assigned NULL when it's free'd, or there will be an
...
(incorrect) attempt to free it once more...
2000-11-19 14:14:52 +00:00
Ulf Möller
6a8ba34f9d
in some new file names the first 8 characters were not unique
2000-11-12 22:32:18 +00:00
Richard Levitte
f971ccb264
Constify DH-related code.
2000-11-07 14:30:37 +00:00
Richard Levitte
a4aba800d9
Constify DSA-related code.
2000-11-07 13:54:39 +00:00
Richard Levitte
7081f3bd89
Constify the RSA parts of the ASN.1 library. Note some ugly casts
...
that are needed in the ASN.1 macros. Hopefully, we can get rid of
those in an elegant way in the future.
2000-11-06 23:04:15 +00:00
Richard Levitte
eb64730b9c
The majority of the OCSP code from CertCo.
2000-10-27 11:05:35 +00:00
Richard Levitte
3ab5651112
The experimental Rijndael code moved to the main trunk.
...
make update done.
2000-10-14 20:09:54 +00:00
Dr. Stephen Henson
8ca533e378
More code for X509_print_ex() support.
2000-10-06 11:51:47 +00:00
Dr. Stephen Henson
d0c9858914
Global DirectoryString mask fix.
...
Add support for X509_NAME_print_ex() in req.
Initial code for cutomizable X509 print routines.
2000-10-04 01:16:32 +00:00
Richard Levitte
4e20a4e688
'ranlib' doesn't always run on some systems. That's actually
...
acceptable, since all that happens if it fails is a library with
an index, which makes linking slower, but still working correctly.
2000-09-25 08:53:15 +00:00
Richard Levitte
3f8b90c345
Catch V_ASN1_NULL.
2000-09-22 13:15:16 +00:00
Dr. Stephen Henson
6cffb201f3
Fix ASN1_TYPE bug.
2000-09-21 18:57:00 +00:00
Richard Levitte
62324627aa
Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care
...
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
2000-09-17 18:21:27 +00:00
Richard Levitte
97d8e82c4c
Marin Kraemer <Martin.Kraemer@MchP.Siemens.De> sent us patches to make
...
the OpenSSL commands x50 and req work better on a EBCDIC system.
2000-09-10 14:45:19 +00:00
Richard Levitte
0baed24c1b
More VMS synchronisation
2000-09-09 18:05:27 +00:00
Ulf Möller
4f7068c165
Fix some CygWin problems.
2000-09-09 04:45:18 +00:00
Richard Levitte
a1b15ac21f
Two places where I forgot to change vms_idhacks to symhacks.
2000-09-08 06:28:09 +00:00
Dr. Stephen Henson
84b65340e1
Two new PKCS#12 demo programs.
...
Update PKCS12_parse().
Make the keyid in certificate aux info more usable.
2000-09-07 23:14:26 +00:00
Richard Levitte
62ab514e98
'make update'
2000-09-07 08:46:51 +00:00
Bodo Möller
61f175f4ba
Get rid of ASN1_UTCTIME_get, which cannot work with time_t
...
return type (on platforms where time_t is a 32 bit value).
New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.
2000-09-06 15:40:52 +00:00
Bodo Möller
75cb225989
'make update'
2000-09-06 12:34:10 +00:00
Dr. Stephen Henson
2f043896d1
*BIG* verify code reorganisation.
...
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
2000-09-05 17:53:58 +00:00
Dr. Stephen Henson
34216c0422
Keep a not of original encoding in certificate requests.
...
Add new option to PKCS7_sign to exclude S/MIME capabilities.
2000-09-05 13:27:57 +00:00
Dr. Stephen Henson
7df1c720f6
Fix typo in i2d_ASN1_ENUMERATED
...
Fix bug in read only memory BIOs so BIO_reset() works.
Add sign and verify options to dgst utility, need
to update docs.
2000-08-30 16:14:29 +00:00
Dr. Stephen Henson
d428bf8c56
New option to CA.pl to sign request using CA extensions.
...
This allows intermediate CAs to be created more easily.
PKCS12_create() now checks private key matches certificate.
Fix typo in x509 app.
Update docs.
New function ASN1_STRING_to_UTF8() converts any ASN1_STRING
type to UTF8.
2000-08-24 23:24:18 +00:00
Dr. Stephen Henson
d096b524af
Add support for 'other' PKCS#7 content types.
2000-08-22 22:20:25 +00:00
Dr. Stephen Henson
cae0ae2e4b
Fix ASN1_INTEGER_to_BN properly this time...
2000-08-22 16:06:24 +00:00
Dr. Stephen Henson
469938cb40
Fixes to d2i_ASN1_OBJECT, ASN1_INTEGER_to_BN and a_strex.c
2000-08-22 12:54:21 +00:00
Dr. Stephen Henson
eaa2818189
Various fixes...
...
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.
set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.
remove extraneous '\r' in MIME encoder.
Allow a NULL to be passed to X509_gmtime_adj()
Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
2000-08-21 22:02:23 +00:00
Richard Levitte
3009458e2f
MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test
2000-08-14 14:05:53 +00:00
Richard Levitte
5584fa1709
For n > 7, we might get uninitialized (unzeroed) data.
...
Spotted by "Kyoungho Jeon" <k.h.jeon@securesoft.co.kr>.
2000-08-06 01:35:03 +00:00
Dr. Stephen Henson
2d978cbd30
Changes needed for Tandem NSK, supplied by Scott Uroff (scott@xypro.com).
...
Fix warnings with BIO_dump_indent().
2000-08-04 00:01:39 +00:00
Dr. Stephen Henson
bd4e152791
Document the new DN printing options.
...
Change a few names to be more meaningful.
Fix typos in CA.pl docs.
2000-07-30 01:27:59 +00:00
Dr. Stephen Henson
a657546f9c
New ASN1_STRING_print_ex() and X509_NAME_print_ex()
...
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.
The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).
Still needs to be documented, integrated into other
utilities and extensively tested.
2000-07-28 01:58:15 +00:00
Richard Levitte
ca1e465f6d
Add the possibility to get hexdumps of unprintable data when using
...
'openssl asn1parse'. As a side effect, the functions ASN1_parse_dump
and BIO_dump_indent are added.
2000-07-27 17:28:25 +00:00
Dr. Stephen Henson
f6c1c9e95d
Fix a bug in the new i2d_{ENUMERATED,INTEGER} that
...
didn't recognise NULL to mean 'don't output anything'
2000-07-27 01:27:22 +00:00
Dr. Stephen Henson
284ef5f357
Make NEG_PUBKEY_BUG on by default.
...
ASN1_TIME fixes.
New function c2i_ASN1_OBJECT().
2000-07-26 01:18:37 +00:00
Dr. Stephen Henson
094fe66d9f
Fix some typose in the i2d/d2i functions that
...
call the i2c/c2i (they were not using the
content length for the headers).
Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.
New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.
2000-07-10 18:33:05 +00:00
Dr. Stephen Henson
a338e21bd1
New ASN1 functions that just deal with
...
content octets, not tag+length.
2000-07-07 13:24:36 +00:00
Richard Levitte
c2bbf9cf6c
I got sick and tired of having to keep track of NIDs when such a thing
...
could be done automagically, much like the numbering in libeay.num and
ssleay.num. The solution works as follows:
- New object identifiers are inserted in objects.txt, following the
syntax given in objects.README.
- objects.pl is used to process obj_mac.num and create a new
obj_mac.h.
- obj_dat.pl is used to create a new obj_dat.h, using the data in
obj_mac.h.
This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended. The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!). Additions are OK, as well as consistent name changes.
2000-07-05 02:45:36 +00:00
Dr. Stephen Henson
130832150c
Fixes for Win32 build.
...
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).
Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.
The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.
Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
2000-06-21 02:25:30 +00:00
Dr. Stephen Henson
7ef8206859
Handle ASN1_SET_OF and PKCS12_STACK_OF using function
...
casts in the same way as STACK_OF.
2000-06-20 18:45:28 +00:00
Dr. Stephen Henson
3aceb94b9e
Safe stack reorganisation in terms of function casts.
...
After some messing around this seems to work but needs
a few more tests. Working out the syntax for sk_set_cmp_func()
(cast it to a function that itself returns a function pointer)
was painful :-(
Needs some testing to see what other compilers think of this
syntax.
Also needs similar stuff for ASN1_SET_OF etc etc.
2000-06-16 23:29:26 +00:00
Dr. Stephen Henson
d3ed8ceb3d
Add support for the modified SGC key format used in IIS.
2000-06-15 23:48:05 +00:00
Richard Levitte
f20ee31477
Make sure that bs is not getting free'd again.
...
Reported by Robert Eiglmaier <robert.eiglmaier@ixos.de>
2000-06-15 11:10:15 +00:00
Geoff Thorpe
1c4f90a05d
Enable DSO support on alpha (OSF1), cc and gcc.
...
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
2000-06-13 12:59:38 +00:00
Richard Levitte
ef33b97050
Using checks of the existence of HEADER_{foo}_H in other header files
...
was a really bad idea. For example, the following:
#include <x509.h>
#include <bio.h>
#include <asn1.h>
would make sure that things like ASN1_UTCTIME_print() wasn't defined
unless you moved the inclusion of bio.h to above the inclusion of
x509.h. The reason is that x509.h includes asn1.h, and the
declaration of ASN1_UTCTIME_print() depended on the definition of
HEADER_BIO_H. That's what I call an obscure bug.
Instead, this change makes sure that whatever header files are needed
for the correct process of one header file are included automagically,
and that the definitions of, for example, BIO-related things are
dependent on the absence of the NO_{foo} macros. This is also
consistent with the way parts of OpenSSL can be excluded at will.
2000-06-09 10:41:35 +00:00
Bodo Möller
849c0e3046
int may be smaller than 32 bits.
2000-06-05 13:50:57 +00:00
Richard Levitte
26a3a48d65
There have been a number of complaints from a number of sources that names
...
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Geoff Thorpe
7edd20916a
"make update" + stripping the type-specific stack functions out of
...
libeay.num and ssleay.num.
2000-06-01 06:07:19 +00:00
Geoff Thorpe
ccd86b68ef
The previous commit to crypto/stack/*.[ch] pulled the type-safety strings
...
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;
X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).
Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
2000-06-01 02:36:58 +00:00
Geoff Thorpe
a4e31088ce
sk_***_new_null() seems to be there to avoid exactly this sort of thing
...
which is a cast between NULL and a function pointer.
2000-05-31 17:41:34 +00:00
Bodo Möller
939fff6799
Add "FIXME" comment.
2000-05-31 09:51:55 +00:00
Geoff Thorpe
4dbe060f2c
It seems that mktime does what is required here. Certainly timegm() can
...
not be used because it is not available on all systems (most notably,
win32).
2000-05-29 03:50:37 +00:00
Dr. Stephen Henson
b4b41f48d1
Add DSA library string. Workaround for IIS .key file invalid
...
ASN1 encoding.
2000-05-24 13:09:59 +00:00
Bodo Möller
c95b7a723f
Fix "FIXME" indentation :-)
2000-05-19 12:02:09 +00:00
Bodo Möller
5569e1c39a
Add "FIXME" comment, and adjust the indentation.
2000-05-19 11:59:55 +00:00
Ben Laurie
abc9400e10
Typesafety Thought Police part 5.
2000-05-17 09:13:36 +00:00
Ben Laurie
5de603abc8
Typesafety Thought Police part 3.
2000-05-16 21:22:45 +00:00
Ben Laurie
f2716dada0
Typesafety Thought Police Part 2.
2000-05-16 19:53:50 +00:00
Ben Laurie
fd73a2121c
Allow UTCTIME objects to be retrieved. Check for imminent cert expiry.
2000-05-14 12:39:53 +00:00
Richard Levitte
82271cee5b
In Message-ID: <003201bfb332$14a07520$0801a8c0@janm.transactionsite.com>,
...
"Jan Mikkelsen" <janm@transactionsite.com> correctly states that the
OpenSSL header files have #include's and extern "C"'s in an incorrect
order. Thusly fixed.
2000-05-02 12:16:01 +00:00
Richard Levitte
7a807ad8a7
"make update"
2000-04-09 12:52:40 +00:00
Dr. Stephen Henson
e77066ea0a
Fix a memory leak in PKCS12_parse.
...
Don't copy private key to X509 etc public key structures.
Fix for warning.
2000-03-22 13:50:23 +00:00
Bodo Möller
65b002f399
Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
2000-03-13 19:24:39 +00:00
Bodo Möller
59fc2b0fc2
Preserve reason strings in automatically build tables.
2000-03-05 00:19:36 +00:00
Bodo Möller
d6f68fa314
Fix for previous patch: If RAND_pseudo_bytes returns 0, this is not an error.
2000-03-03 07:51:25 +00:00
Bodo Möller
7c472f706e
Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts.
2000-03-02 22:29:38 +00:00
Dr. Stephen Henson
0202197dbf
Make ASN1 types real typedefs.
...
Rebuild error files.
2000-02-26 19:25:31 +00:00
Bodo Möller
6d0d5431d4
More get0 et al. changes. Also provide fgrep targets in CHANGES
...
where the new functions are mentioned.
2000-02-26 08:36:46 +00:00
Dr. Stephen Henson
c7cb16a8ff
Rename functions for new convention.
2000-02-26 01:55:33 +00:00
Dr. Stephen Henson
4b42658082
Make pkcs8 work again.
...
Make EVP_CIPHER_type() return NID_undef if the cipher has no
ASN1 OID, modify code to handle this.
2000-02-22 18:45:11 +00:00
Ulf Möller
43e9d805e8
warning.
2000-02-22 12:53:59 +00:00
Dr. Stephen Henson
d754b3850f
Change the 'other' structure in certificate aux info.
2000-02-20 18:27:23 +00:00
Dr. Stephen Henson
a3fe382e2d
Pass phrase reorganisation.
2000-02-16 23:16:01 +00:00
Ralf S. Engelschall
667ac4ec6a
Make gcc 2.95.2 happy again, even under ``-Wall -Wshadow -Wpointer-arith -Wcast-align
...
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.
2000-02-11 09:47:18 +00:00
Dr. Stephen Henson
66430207a4
Add support for some broken PKCS#8 formats.
2000-02-05 21:07:56 +00:00
Ulf Möller
657e60fa00
ispell (and minor modifications)
2000-02-03 23:23:24 +00:00
Ulf Möller
51ca375e7e
Seek out and destroy another evil cast.
2000-01-30 23:33:40 +00:00
Ulf Möller
9d1a01be8f
Source code cleanups: Use void * rather than char * in lhash,
...
eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
2000-01-30 22:20:28 +00:00
Dr. Stephen Henson
e1314b5716
Fix CRL encoding bug.
2000-01-29 00:00:26 +00:00
Ulf Möller
0e930f25d2
Rename asn1/pkcs8.c to asn1/p8_key.c to avoid name conflict.
2000-01-24 01:18:36 +00:00
Dr. Stephen Henson
dd9d233e2a
Tidy up CRYPTO_EX_DATA structures.
2000-01-23 23:41:49 +00:00
Ulf Möller
e7f97e2d22
Check RAND_bytes() return value or use RAND_pseudo_bytes().
2000-01-21 01:15:56 +00:00
Dr. Stephen Henson
6e6bc352b1
Finish off the X509_ATTRIBUTE string stuff.
2000-01-20 01:37:17 +00:00
Bodo Möller
11afb40c01
Use CRYPTO_push_info to track down memory leak
...
(only the CRYPTO_push_info's in the apps/ directory
are included in the CVS commit, not all those I used
in crypto/)
2000-01-13 22:52:52 +00:00
Ben Laurie
752d706aaf
Make NO_RSA compile with pedantic.
2000-01-08 21:06:24 +00:00
Bodo Möller
d2b6c3f31f
apps/openssl.cnf and the documentation say it's "nombstr",
...
but crypto/asn1/a_strnid.c had "nombchar".
2000-01-07 13:05:41 +00:00
Dr. Stephen Henson
35f4850ae0
More X509_ATTRIBUTE changes.
2000-01-07 00:55:54 +00:00
Dr. Stephen Henson
b38f9f66c3
Initial automation changes to 'req' and X509_ATTRIBUTE functions.
2000-01-06 01:26:48 +00:00
Dr. Stephen Henson
20432eae41
Fix some of the command line password stuff. New function
...
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
2000-01-01 16:42:49 +00:00
Dr. Stephen Henson
f45f40ffff
Add OIDs for idea and blowfish. Unfortunately these are in
...
the middle of the OID table so the diff is rather large :-(
1999-12-29 02:59:18 +00:00
Dr. Stephen Henson
6447cce372
Simplify the trust structure: basically zap the bit strings and
...
represent everything by OIDs.
1999-12-29 00:40:28 +00:00
Dr. Stephen Henson
e6f3c5850e
New {i2d,d2i}_PrivateKey_{bio, fp} functions.
1999-12-26 19:20:03 +00:00
Dr. Stephen Henson
12aefe78f0
Fixes so NO_RSA works again.
1999-12-24 17:26:33 +00:00
Dr. Stephen Henson
525f51f6c9
Add PKCS#8 utility functions and add PBE options.
1999-12-23 02:02:42 +00:00
Dr. Stephen Henson
e76f935ead
Support for ASN1 NULL type.
1999-12-22 01:39:23 +00:00
Dr. Stephen Henson
2449961ab2
Fix a typo in a_enum.c.
1999-12-13 13:14:14 +00:00
Dr. Stephen Henson
d8223efd04
Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs.
...
Also fix a memory leak in PKCS#7 routines.
1999-12-10 13:46:48 +00:00
Dr. Stephen Henson
a2121e0aee
Add i2d_ASN1_PRINTABLESTRING() function, and do 'make update'
1999-12-08 00:56:15 +00:00
Dr. Stephen Henson
dd4134101f
Change the trust and purpose code so it doesn't need init
...
either and has a static and dynamic mix.
1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
51630a3706
Add trust setting support to the verify code. It now checks the
...
trust settings of the root CA.
After a few fixes it seems to work OK.
Still need to add support to SSL and S/MIME code though.
1999-11-27 19:43:10 +00:00
Dr. Stephen Henson
9868232ae1
Initial trust code: allow setting of trust checking functions
...
in a table. Doesn't do too much yet.
Make the -<digestname> options in 'x509' affect all relevant
options.
Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.
A few constification changes.
1999-11-27 01:14:04 +00:00
Dr. Stephen Henson
d4cec6a13d
New options to the -verify program which can be used for chain verification.
...
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
1999-11-26 00:27:07 +00:00
Dr. Stephen Henson
6d3724d3b0
Support for authority information access extension.
...
Fix so EVP_PKEY_rset_*() check return codes.
1999-11-23 18:50:28 +00:00
Dr. Stephen Henson
52664f5081
Transparent support for PKCS#8 private keys in RSA/DSA.
...
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
1999-11-21 22:28:31 +00:00
Dr. Stephen Henson
a716d72734
Support for otherName in GeneralName.
1999-11-19 02:19:58 +00:00
Richard Levitte
b3e1a4c68c
Some new names in asn1.h are longer than 31 chars, which disturbs the VMS C compilers...
1999-11-12 02:04:30 +00:00
Dr. Stephen Henson
a0ad17bb6c
Fix to the -revoke option in ca. It was leaking memory, crashing and just
...
plain not working :-(
Also fix some memory leaks in the new X509_NAME code.
Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
1999-11-08 13:58:08 +00:00
Dr. Stephen Henson
ce1b4fe146
Allow additional information to be attached to a
...
certificate: currently this includes trust settings
and a "friendly name".
1999-11-04 00:45:35 +00:00
Dr. Stephen Henson
74400f7348
Continued multibyte character support.
...
Add a bunch of functions to simplify the creation of X509_NAME structures.
Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
1999-10-27 00:15:11 +00:00
Dr. Stephen Henson
f769ce3ea4
More multibyte character support.
...
Functions to get keys from EVP_PKEY structures.
1999-10-25 02:00:09 +00:00
Ben Laurie
042a93e443
Constification.
1999-10-23 09:30:09 +00:00