Dr. Stephen Henson
8d207ee3d1
add X509_CRL_sign_ctx function
2010-03-14 12:52:38 +00:00
Dr. Stephen Henson
85522a074c
Algorithm specific ASN1 signing functions.
2010-03-11 13:32:38 +00:00
Dr. Stephen Henson
ce25c7207b
New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier)
...
from a digest algorithm.
2010-03-11 13:27:05 +00:00
Dr. Stephen Henson
31904ecdf3
RSA PSS verification support including certificates and certificate
...
requests. Add new ASN1 signature initialisation function to handle this
case.
2010-03-08 18:10:35 +00:00
Dr. Stephen Henson
809cd0a22d
print outermost signature algorithm parameters too
2010-03-07 17:02:47 +00:00
Dr. Stephen Henson
7ed485bc9f
The OID sanity check was incorrect. It should only disallow *leading* 0x80
...
values.
2010-03-07 16:40:05 +00:00
Dr. Stephen Henson
9ef6fe8c2e
typo
2010-03-07 15:37:37 +00:00
Dr. Stephen Henson
a5667732b9
update ASN1 sign/verify to use EVP_DigestSign and EVP_DigestVerify
2010-03-07 12:05:45 +00:00
Dr. Stephen Henson
148924c1f4
fix indent, newline
2010-03-06 18:14:13 +00:00
Dr. Stephen Henson
fa1ba589f3
Add algorithm specific signature printing. An individual ASN1 method can
...
now print out signatures instead of the standard hex dump.
More complex signatures (e.g. PSS) can print out more meaningful information.
Sample DSA version included that prints out the signature parameters r, s.
[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
c8ef656df2
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
ec7d16ffdd
Check it actually compiles this time ;-)
2009-12-02 14:25:40 +00:00
Dr. Stephen Henson
5656f33cea
PR: 2120
...
Submitted by: steve@openssl.org
Initialize fields correctly if pem_str or info are NULL in EVP_PKEY_asn1_new().
2009-12-02 13:56:45 +00:00
Dr. Stephen Henson
3d63b3966f
Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat
...
and is a pre-requisite to adding password based CMS support.
2009-11-25 22:01:06 +00:00
Dr. Stephen Henson
c18e51ba5e
PR: 2088
...
Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com>
Approved by: steve@openssl.org
Fix memory leak in d2i_PublicKey().
2009-11-12 19:56:56 +00:00
Dr. Stephen Henson
b599006751
PR: 2090
...
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
Improve error checking in asn1_gen.c
2009-11-10 00:48:07 +00:00
Dr. Stephen Henson
04f9095d9e
Fix unitialized warnings
2009-10-04 16:52:51 +00:00
Dr. Stephen Henson
78ca13a272
PR: 2056
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_wirte error handling in asn1_par.c
2009-10-01 00:11:04 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
f4274da164
PR: 1644
...
Submitted by: steve@openssl.org
Fix to make DHparams_dup() et al work in C++.
For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
2009-09-06 15:49:46 +00:00
Dr. Stephen Henson
17b5326ba9
PR: 2013
...
Submitted by: steve@openssl.org
Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.
Add error checking to CRL generation in ca utility when nextUpdate is being
set.
2009-09-02 13:54:50 +00:00
Dr. Stephen Henson
e33d290159
PR: 2004
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Approved by: steve@openssl.org
Handle fractional seconds properly in ASN1_GENERALIZEDTIME_print
2009-08-10 14:56:57 +00:00
Dr. Stephen Henson
d9d0f1b52c
Reject leading 0x80 in OID subidentifiers.
2009-08-06 16:32:54 +00:00
Dr. Stephen Henson
512d359e26
Update from 1.0.0-stable.
2009-07-27 21:22:02 +00:00
Dr. Stephen Henson
6e0c9e6008
Update from 1.0.0-stable.
2009-07-11 21:43:50 +00:00
Dr. Stephen Henson
220bd84911
Updates from 1.0.0-stable
2009-04-06 15:22:01 +00:00
Dr. Stephen Henson
14023fe352
Merge from 1.0.0-stable branch.
2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
73ba116e96
Update from stable branch.
2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
80b2ff978d
Update from stable branch.
2009-03-25 12:53:50 +00:00
Dr. Stephen Henson
7ce8c95d58
Update from stable branch.
2009-03-25 12:53:26 +00:00
Dr. Stephen Henson
854a225a27
Update from stable branch.
2009-03-14 18:33:49 +00:00
Dr. Stephen Henson
33ab2e31f3
PR: 1854
...
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org
Support GeneralizedTime in ca utility.
2009-03-09 13:59:07 +00:00
Dr. Stephen Henson
477fd4596f
PR: 1835
...
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org
Fix various typos.
2009-02-14 21:49:38 +00:00
Dr. Stephen Henson
ede6ef5e08
Submitted by: Peter Sylvester <Peter.Sylvester@edelweb.fr>
...
Reviewed by: steve
If tagging is universal and SET or SEQUENCE set constructed bit.
2009-02-10 12:13:08 +00:00
Dr. Stephen Henson
57f39cc826
Print out UTF8 and NumericString types in ASN1 parsing utility.
2009-01-28 12:54:52 +00:00
Dr. Stephen Henson
6489573224
Update from stable branch.
2009-01-28 12:36:14 +00:00
Dr. Stephen Henson
079e00e646
Typo: just copy across an unknown type.
2009-01-28 12:32:03 +00:00
Ben Laurie
23b973e600
Calculate offset correctly. (Coverity ID 233)
2009-01-01 18:30:51 +00:00
Ben Laurie
ccf529928f
!a && !a->b is clearly wrong! Changed to !a || !a->b (Coverity ID 145).
2008-12-26 15:32:59 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
5947ca0409
Don't use clobbered 'i' for checking UTCTime and GeneralizedTime length.
2008-11-05 18:28:24 +00:00
Ben Laurie
5e4430e70d
More size_tification.
2008-11-01 16:40:37 +00:00
Ben Laurie
4d6e1e4f29
size_tification.
2008-11-01 14:37:00 +00:00
Dr. Stephen Henson
e19106f5fb
Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
...
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.
This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Dr. Stephen Henson
606f6c477a
Fix a shed load or warnings:
...
Duplicate const.
Use of ; outside function.
2008-10-20 15:12:00 +00:00
Ben Laurie
babb379849
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90
Experimental new date handling routines. These fix issues with X509_time_adj()
...
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Dr. Stephen Henson
d43c4497ce
Initial support for delta CRLs. If "use deltas" flag is set attempt to find
...
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06
Add support for CRLs partitioned by reason code.
...
Tidy CRL scoring system.
Add new CRL path validation error.
2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
d0fff69dc9
Initial indirect CRL support.
2008-08-20 16:42:19 +00:00
Dr. Stephen Henson
e9746e03ee
Initial support for name constraints certificate extension.
...
TODO: robustness checking on name forms.
2008-08-08 15:35:29 +00:00
Dr. Stephen Henson
6d6c47980e
Correctly handle errors in CMS I/O code.
2008-08-05 15:55:53 +00:00
Dr. Stephen Henson
3e727a3b37
Add support for nameRelativeToCRLIssuer field in distribution point name
...
fields.
2008-08-04 15:34:27 +00:00
Bodo Möller
efa73a77e4
Make sure not to read beyond end of buffer
2008-07-16 18:10:27 +00:00
Dr. Stephen Henson
d4cdbab99b
Avoid warnings with -pedantic, specifically:
...
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00
Dr. Stephen Henson
6cb9fca70d
Fix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather
...
than referencing existing X509_NAME_ENTRY structures so needs to be
completely freed.
2008-06-06 11:26:07 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
964c7e8f6d
Fix it properly this time....
2008-03-31 18:21:30 +00:00
Dr. Stephen Henson
f6a45ac5ac
Fix macro.
2008-03-31 18:14:10 +00:00
Dr. Stephen Henson
2e86f0d8d7
Use correct headers for signed receipts. Use consistent naming.
...
Update cms-test.pl to support OpenSSL 0.9.8.
2008-03-31 15:03:55 +00:00
Dr. Stephen Henson
ab568a17cf
Fix duplicate asn1 ctrl values.
2008-03-23 14:13:45 +00:00
Dr. Stephen Henson
fe591284be
Update dependencies.
2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
7c337e00d2
Fix some warnings.
2008-03-16 20:59:10 +00:00
Dr. Stephen Henson
a78a03744d
Only call free once in CHOICE type.
2008-03-14 00:57:01 +00:00
Dr. Stephen Henson
8931b30d84
And so it begins...
...
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
56c7754cab
Avoid warnings.
2008-02-28 14:05:01 +00:00
Dr. Stephen Henson
a70a49a018
Fix typo and avoid warning.
2008-02-28 13:18:26 +00:00
Dr. Stephen Henson
1ad90a916b
Extend attribute setting routines to support non-string types.
2008-02-11 13:59:33 +00:00
Dr. Stephen Henson
9e5df8e448
Support custom primitive type printing routines and add one to LONG type.
2008-02-08 13:07:04 +00:00
Andy Polyakov
4be63cfb55
Source readability fix, which incidentally works around XLC compiler bug.
2007-12-29 18:32:34 +00:00
Dr. Stephen Henson
2f0550c4c1
Lookup public key ASN1 methods by string by iterating through all
...
implementations instead of all added ENGINEs to cover case where an
ENGINE is not added.
2007-11-21 17:25:58 +00:00
Dr. Stephen Henson
94e6ae7a69
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
...
Make {d2i,i2d}_PrivateKey() fall back to PKCS#8 format if no legacy format
supported. Add support in d2i_AutoPrivateKey().
2007-11-20 13:37:51 +00:00
Andy Polyakov
ebc06fba67
Bunch of constifications.
2007-10-13 15:51:32 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Andy Polyakov
a005fb019f
Addenum to "Constify obj_dat.[ch]."
2007-09-18 22:15:31 +00:00
Dr. Stephen Henson
7c5921e736
Handle empty case in X509_NAME canonical encoding.
2007-09-14 18:11:17 +00:00
Dr. Stephen Henson
a6fbcb4220
Change safestack reimplementation to match 0.9.8.
...
Fix additional gcc 4.2 value not used warnings.
2007-09-07 13:25:15 +00:00
Andy Polyakov
34994068a4
Respect ISO aliasing rules.
...
PR: 1296
2007-07-27 20:34:10 +00:00
Dr. Stephen Henson
54b5fd537f
WIN32 fixes.
2007-06-08 00:26:16 +00:00
Dr. Stephen Henson
3c07d3a3d3
Finish gcc 4.2 changes.
2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
64a5c5d1be
Fix X509_REQ_print_ex() to process extension options.
2007-05-22 23:31:29 +00:00
Dr. Stephen Henson
e77dbf325f
Prepend signature name in dgst output.
2007-05-17 16:19:17 +00:00
Dr. Stephen Henson
e69adea539
New function EVP_PKEY_asn1_copy(). Use default MD if type param is NULL.
2007-05-15 23:52:03 +00:00
Dr. Stephen Henson
f8492ffeaa
More useful ASN1 macros for static allocation functions.
2007-05-10 17:34:42 +00:00
Bodo Möller
96afc1cfd5
Add SEED encryption algorithm.
...
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
18f547734e
New function ASN1_STRING_copy() to copy to an already
...
alloacted ASN1_STRING structure.
2007-04-14 17:53:55 +00:00
Dr. Stephen Henson
9cfc8a9d5c
Update smime utility to support streaming for -encrypt and -sign -nodetach
...
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.
These all process content on the fly without storing it all in memory.
2007-04-13 01:06:41 +00:00
Dr. Stephen Henson
74633553a9
Experimental HMAC support via EVP_PKEY_METHOD.
2007-04-11 12:33:06 +00:00
Dr. Stephen Henson
0cc361f3e7
Fix from stable branch.
2007-04-08 17:45:47 +00:00
Nils Larsch
a0d48e7e7e
remove unused file
2007-03-02 19:42:16 +00:00
Lutz Jänicke
0636c39bb1
Fix incorrect handling of special characters
...
PR: 1459
Submitted by: tnitschke@innominate.com
Reviewed by: steve@openssl.org
2007-02-21 17:44:53 +00:00
Nils Larsch
92ada7cc52
remove unreachable code
2007-02-10 09:45:07 +00:00
Dr. Stephen Henson
2d3e956ae0
Update from 0.9.7-stable.
2007-01-23 17:53:48 +00:00
Dr. Stephen Henson
560b79cbff
Constify version strings and some structures.
2007-01-21 13:07:17 +00:00
Dr. Stephen Henson
11d8cdc6ad
Experimental streaming PKCS#7 support.
...
I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.
Nothing uses it at present which is just as well.
Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.
2006-12-24 16:22:56 +00:00
Nils Larsch
34f0a19309
remove trailing '\'
...
PR: 1438
2006-12-19 19:49:02 +00:00
Dr. Stephen Henson
10ca15f3fa
Fix change to OPENSSL_NO_RFC3779
2006-12-06 13:36:48 +00:00
Dr. Stephen Henson
4d7aff707e
Update dependencies.
2006-11-30 13:41:47 +00:00