Dr. Stephen Henson
46a58ab946
Modify OCSP nonce behaviour.
2001-02-12 23:28:45 +00:00
Dr. Stephen Henson
94fcd01349
Work around for libsafe "error".
2001-02-12 03:22:49 +00:00
Dr. Stephen Henson
ccb08f98ae
Fix CRL printing to correctly show when there are no revoked certificates.
...
Make ca.c correctly initialize the revocation date.
Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
2001-02-10 00:56:45 +00:00
Bodo Möller
e306892994
Simplify BN_rand_range
2001-02-10 00:34:02 +00:00
Lutz Jänicke
b5f6d9dc6e
Fix "wierd" typo as submitted by Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>.
2001-02-09 19:03:53 +00:00
Dr. Stephen Henson
c063f2c5ec
Various Win32 related fixed. Make no-krb5 work in mkdef.pl .
...
Fix warning in apps/engine.c
Remove definitions of deleted functions.
Add missing definition of X509_VAL.
2001-02-09 18:16:12 +00:00
Richard Levitte
c2bf70a27c
The check for request including a nonce and response not having it was
...
inversed. Corrected. Hopefully, this will make it work without
dumping core.
2001-02-08 19:28:10 +00:00
Ulf Möller
a71b5abfa4
use <= instead of ==
2001-02-08 17:45:32 +00:00
Ulf Möller
928cc3a6de
point out that RAND_load_file() etc are only for seed files, not for
...
entropy devices or sockets.
2001-02-08 17:22:56 +00:00
Bodo Möller
792e2ce7f4
Another comment change. (Previous comment does not apply
...
for range = 11000000... or range = 100000...)
2001-02-08 12:34:08 +00:00
Bodo Möller
3952584571
Change comments. (The expected number of iterations in BN_rand_range
...
never exceeds 1.333...).
2001-02-08 12:27:22 +00:00
Bodo Möller
a5d2acfc79
oops -- remove observation code
2001-02-08 12:24:41 +00:00
Bodo Möller
35ed8cb8b6
Integrate my implementation of a countermeasure against
...
Bleichenbacher's DSA attack. With this implementation, the expected
number of iterations never exceeds 2.
New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
2001-02-08 12:14:51 +00:00
Bodo Möller
7edc5ed90a
platform specific CFLAGS don't belong into this Makefile
2001-02-08 11:15:50 +00:00
Ulf Möller
57e7d3ce15
Bleichenbacher's DSA attack
2001-02-07 22:24:35 +00:00
Lutz Jänicke
a8ebe4697e
Modify access to EGD socket to deal with EINTR etc that can appear
...
during connect() and other calls. First seen on Unixware-7.
Unify access to EGD-socket for all RAND_egd_*() methods.
2001-02-07 22:13:38 +00:00
Dr. Stephen Henson
deb2c1a1c5
Fix AES code.
...
Update Rijndael source to v3.0
Add AES OIDs.
Change most references of Rijndael to AES.
Add new draft AES ciphersuites.
2001-02-07 18:15:18 +00:00
Ben Laurie
259810e05b
Rijdael CBC mode and partial undebugged SSL support.
2001-02-06 14:09:13 +00:00
Bodo Möller
9eea2be6f1
Avoid coredumps for CONF_get_...(NULL, ...)
2001-02-06 10:26:34 +00:00
Ulf Möller
4327aae816
format strings
2001-02-06 02:57:35 +00:00
Ulf Möller
741a9690df
Fix potential buffer overrun for EBCDIC.
2001-02-06 02:54:02 +00:00
Richard Levitte
e24e40657f
Fix a memory leak in BIO_get_accept_socket(). This leak was small and
...
only happened when the port number wasn't parsable ot the host wasn't
possible to convert to an IP address.
Contributed by Niko Baric <Niko.Baric@epost.de>
2001-02-05 09:15:09 +00:00
Bodo Möller
448361a86c
Include string.h (whis is in all relevant standards) instead of
...
memory.h (which is not).
2001-02-05 09:07:50 +00:00
Dr. Stephen Henson
26e083ccb7
New function to copy nonce values from OCSP
...
request to response.
2001-02-05 00:35:06 +00:00
Ben Laurie
4978361212
Make depend.
2001-02-04 21:06:55 +00:00
Ben Laurie
1618bc7921
Can't remember why this was needed?
2001-02-04 21:02:22 +00:00
Ben Laurie
1b843d3c69
Fix a warning.
2001-02-04 21:01:32 +00:00
Dr. Stephen Henson
2b916952a8
Fix ASN1_TIME_to_generlizedtime().
...
Add protoype for OCSP_response_create().
Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
2001-02-04 03:04:43 +00:00
Dr. Stephen Henson
02e4fbed3d
Various OCSP responder utility functions.
...
Delete obsolete OCSP functions.
Largely untested at present...
2001-02-03 19:20:45 +00:00
Dr. Stephen Henson
88ce56f8c1
Various function for commmon operations.
2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
664d83bb23
Tidy up the mess in bss_sock.c and bss_fd.c
...
by placing them socket/fd code in separate
files rather than trying to have them both
share the same one.
2001-02-02 00:31:45 +00:00
Dr. Stephen Henson
8cff6331c9
Tolerate some "variations" used in some
...
certificates.
One is a valid CA which has no basicConstraints
but does have certSign keyUsage.
Other is S/MIME signer with nonRepudiation but
no digitalSignature.
2001-02-01 01:57:32 +00:00
Richard Levitte
16a44ae7e9
Increase consistency of header data (some mail readers really do not
...
like spaces before the semicolon, and besides, other parts of this
file makes the values without those spaces), and move spacing of
continuation lines to support BIO's that break lines after each
write.
2001-01-30 13:38:59 +00:00
Bodo Möller
78f3a2aad7
Comment and indentation
2001-01-28 14:38:11 +00:00
Dr. Stephen Henson
b847024026
Make sk_sort tolearate a NULL argument.
2001-01-28 14:20:13 +00:00
Dr. Stephen Henson
50d5199120
New OCSP response verify option OCSP_TRUSTOTHER
2001-01-26 01:55:52 +00:00
Dr. Stephen Henson
a43cf9fae9
Add debugging info to new ASN1 code to trace memory leaks.
...
Fix PKCS7 and PKCS12 memory leaks.
Initialise encapsulated content type properly.
2001-01-24 18:39:54 +00:00
Bodo Möller
9ae9c221de
Update "OAEP reconsidered" comment
2001-01-24 14:59:25 +00:00
Ulf Möller
75802000c8
There is no C version of bn_div_3_words
2001-01-23 16:26:15 +00:00
Dr. Stephen Henson
ba8e28248f
Fix to stop X509_time_adj() using GeneralizedTime.
2001-01-20 13:38:45 +00:00
Dr. Stephen Henson
8e8972bb68
Fixes to various ASN1_INTEGER routines for negative case.
...
Enhance s2i_ASN1_INTEGER().
2001-01-19 14:21:48 +00:00
Dr. Stephen Henson
73758d435b
Additional functionality in ocsp utility: print summary
...
of status info. Check nonce values. Option to disable
verify. Update usage message.
Rename status to string functions and make them global.
2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
e8af92fcb1
Implement remaining OCSP verify checks in
...
accordance with RFC2560.
2001-01-18 01:35:39 +00:00
Dr. Stephen Henson
81f169e95c
Initial OCSP certificate verify. Not complete,
...
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Dr. Stephen Henson
6308af199d
Change PKCS#12 key derivation routines to cope with
...
non null terminated passwords.
2001-01-14 14:07:10 +00:00
Dr. Stephen Henson
5782ceb298
New OCSP utility. This can generate, parse and print
...
OCSP requests. It can also query reponders and parse or
print out responses.
Still needs some more work: OCSP response checks and
of course documentation.
2001-01-13 01:48:38 +00:00
Bodo Möller
cc85ec447b
Disable RegQueryValueEx() call.
...
Problem reported by "Wolfgang Marczy" <WMarczy@topcall.co.at>
in a message to openssl-dev (19 Dec 2000 13:40:51 +0100).
2001-01-12 15:16:21 +00:00
Bodo Möller
af5473c45a
isspace must be used only on *unsigned* chars
2001-01-12 14:45:12 +00:00
Dr. Stephen Henson
adf87b2df5
Fix typo in OCSP ASN1 module, this caused
...
invalid format in OCSP request signatures.
Add spaces to OCSP HTTP header.
Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.
2001-01-11 23:24:28 +00:00
Dr. Stephen Henson
9b4dc8308f
OCSP basic response verify. Very incomplete
...
but will verify the signatures on a response
and locate the signers certifcate.
Still needs to implement a proper OCSP certificate
verify.
Fix warning in RAND_egd().
2001-01-11 00:52:50 +00:00