Commit graph

519 commits

Author SHA1 Message Date
Bodo Möller
aa4ce7315f Fix various incorrect error function codes.
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Nils Larsch
9edf4e8157 make asn.1 field names const 2005-04-23 13:45:49 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
2c45bf2bc9 Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts.
Remove more bogus shadow warnings.
2005-04-20 21:48:06 +00:00
Richard Levitte
254cfe878e signed vs. unsigned. 2005-04-20 13:12:33 +00:00
Richard Levitte
22c3600e4c Resolve signed vs. unsigned. 2005-04-20 12:55:15 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Nils Larsch
f763e0b5ae make sure error queue is totally emptied
PR: 359
2005-04-07 22:53:35 +00:00
Nils Larsch
70f34a5841 some const fixes and cleanup 2005-04-05 10:29:43 +00:00
Ben Laurie
8bb826ee53 Consistency. 2005-03-31 13:57:54 +00:00
Ben Laurie
45d10efc35 Simplicate and add lightness. 2005-03-31 10:55:55 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Ben Laurie
0821bcd4de Constification. 2005-03-30 10:26:02 +00:00
Richard Levitte
bf746f0f46 Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
cause a segfault...  This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
2005-01-27 01:49:25 +00:00
Richard Levitte
a229e3038e Get rid if the annoying warning 2005-01-27 01:47:31 +00:00
Dr. Stephen Henson
5e8904f289 Remove duplicate lines. 2004-12-12 13:15:49 +00:00
Dr. Stephen Henson
c162b132eb Automatically mark the CRL cached encoding as invalid when some operations
are performed.
2004-12-09 13:35:06 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620
2004-12-05 01:03:15 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Dr. Stephen Henson
2f605e8d24 Fix race condition when CRL checking is enabled. 2004-10-04 16:30:12 +00:00
Dr. Stephen Henson
bd9327baa9 Change values of MBSTRING_* to the form MBSTRING_FLAG|nbyte as assumed
in ASN1_STRING_to_UTF8().
2004-09-13 22:33:56 +00:00
Dr. Stephen Henson
e08aad1d14 Make ASN1_INTEGER_cmp() work as expected with negative integers. 2004-08-10 17:40:14 +00:00
Dr. Stephen Henson
c39c32dd65 PKCS#8 fixes from stable branch. 2004-07-04 16:44:52 +00:00
Geoff Thorpe
9c52d2cc75 After the latest round of header-hacking, regenerate the dependencies in
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
0f814687b9 Deprecate the recursive includes of bn.h from various API headers (asn1.h,
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Dr. Stephen Henson
bd1640bb01 Make ASN1 code work again... 2004-04-27 18:33:40 +00:00
Dr. Stephen Henson
f3f52d7f45 More ASN1 reformat/tidy. 2004-04-25 12:46:39 +00:00
Dr. Stephen Henson
8845420f4e Reformat/tidy some of the ASN1 code. 2004-04-24 17:02:48 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Geoff Thorpe
60a938c6bc (oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Dr. Stephen Henson
e07d3a021d Remove obsolete files. 2004-03-28 12:29:05 +00:00
Dr. Stephen Henson
6446e0c3c8 Extend OID config module format. 2004-03-27 13:30:14 +00:00
Dr. Stephen Henson
4acc3e907d Initial support for certificate policy checking and evaluation.
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
2004-03-23 14:14:35 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Dr. Stephen Henson
5fa5eb71a4 Cleanup ASN1 OID module when it exits. 2004-03-05 23:47:56 +00:00
Richard Levitte
87203dc99a Avoid signed vs. unsigned warnings (which are treated like errors on
Windows).
2004-01-27 01:16:38 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Geoff Thorpe
f7a397cc8d Avoid possible memory leaks in error-handling.
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-10 18:05:22 +00:00
Dr. Stephen Henson
cd2e8a6f2d Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). 2003-11-10 01:37:23 +00:00
Geoff Thorpe
aca95e0b2f Remove a line that was causing redundant declarations.
Obtained from: Stephen Henson <steve@openssl.org>
2003-10-29 22:55:19 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Dr. Stephen Henson
2990244980 ASN1 parse fix and release file changes. 2003-09-30 16:47:33 +00:00
Dr. Stephen Henson
510dc1ecd0 outlen should be int * in out_utf8. 2003-08-21 12:32:12 +00:00
Richard Levitte
83743ad039 Fix sign bugs.
PR: 621
2003-05-21 14:29:13 +00:00
Dr. Stephen Henson
727ef76ebd Add correct DN entry for serialNumber. 2003-05-07 23:20:58 +00:00
Dr. Stephen Henson
0b1c00abeb Typo. 2003-04-10 00:04:02 +00:00
Richard Levitte
3ae70939ba Correct a lot of printing calls. Remove extra arguments... 2003-04-03 23:39:48 +00:00
Richard Levitte
536b73e78e Make sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA. 2003-03-20 23:16:45 +00:00
Dr. Stephen Henson
ea3675b5b6 New ASN1 macros to just implement and declare the new and free functions
and changes to mkdef.pl so it recognises them.

Use these in policyMappings extension.
2003-03-20 17:58:33 +00:00
Dr. Stephen Henson
e6539fe22d Add entry for domainComponent so it is treated correctly.
Add table order test to end of a_strnid.c
2003-03-14 01:44:42 +00:00
Dr. Stephen Henson
e9ec63961b Fix indefinite length encoding so EOC correctly updates
the buffer pointer.

Rename PKCS7_PARTSIGN to PKCS7_STREAM.

Guess what that's for :-)
2003-02-25 19:03:31 +00:00
Bodo Möller
62e3163b1b ECPublicKey_set_octet_string and ECPublicKey_get_octet_string
behaviour was not quite consistent with the conventions
for d2i and i2d functions as far as handling of the 'out'
or 'in' pointer is concerned.

This patch changes this behaviour, and renames the functions to
o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the
external encoding is just a raw object string without any DER icing).

Submitted by: Nils Larsch
2003-02-21 13:58:23 +00:00
Dr. Stephen Henson
8214e74f76 Ooops forgot to recognise V_ASN1_GENERALSTRING. 2003-02-20 17:13:21 +00:00
Dr. Stephen Henson
988e8458ad Typo. 2003-02-18 12:46:47 +00:00
Dr. Stephen Henson
a8f5b2ed50 GeneralString support in mini-ASN1 compiler 2003-02-11 14:06:27 +00:00
Bodo Möller
9048c7245b For ecdsa-with-SHA1, as for id-dsa-with-sha1, omit 'parameters'
in AlgorithmIdentifier

Submitted by: Nils Larsch
2003-01-24 21:43:08 +00:00
Dr. Stephen Henson
d3b5cb5343 Check return value of gmtime() and add error codes
where it fails in ASN1_TIME_set().

Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.

Clear error queue in req.c if *_min or *_max is absent.
2003-01-24 01:12:01 +00:00
Richard Levitte
7eed0fc041 Make sure the last character of the ASN.1 time string (the 'Z') is copied.
PR: 429
2003-01-01 03:40:59 +00:00
Richard Levitte
5e42f9ab46 make update 2002-12-29 01:38:15 +00:00
Andy Polyakov
bbf8198feb Workaround for GCC-ia64 compiler bug.
Submitted by: <appro>
Reviewed by:
PR:
2002-12-06 17:18:10 +00:00
Bodo Möller
7e8c30b589 In ECPKParameters_print, output the private key length correctly
(length of the order of the group, not length of the actual key, which
will be shorter in some cases).

Submitted by: Nils Larsch
2002-12-04 17:43:01 +00:00
Dr. Stephen Henson
716b2079dc Make ASN1_TYPE_get() work for V_ASN1_NULL type. 2002-12-04 00:49:46 +00:00
Dr. Stephen Henson
2053c43de2 In asn1_d2i_read_bio, don't assume BIO_read will
return the requested number of bytes when reading
content.
2002-12-03 23:50:59 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
406c6f6962 Extra ; removed. 2002-11-27 13:40:11 +00:00
Richard Levitte
711f1a3c26 Add the ASN.1 structures and functions for CertificatePair, which is
defined as follows (according to X.509_4thEditionDraftV6.pdf):

CertificatePair ::= SEQUENCE {
	forward		[0]	Certificate OPTIONAL,
	reverse		[1]	Certificate OPTIONAL,
	-- at least one of the pair shall be present -- }

The only thing I'm not sure about is if it's implicit or explicit tags
that I should count on.  For now, I'm thinking explicit, but will
gladly stand corrected.

Also implement the PEM functions to read and write certificate pairs,
and defined the PEM tag as "CERTIFICATE PAIR".

This needed to be defined, mostly for the sake of the LDAP attribute
crossCertificatePair, but may prove useful elsewhere as well.
2002-11-18 23:54:27 +00:00
Dr. Stephen Henson
d78254aa28 Add SETWRAP modifier to ASN1 generate. 2002-11-15 00:26:07 +00:00
Bodo Möller
555d75252a use new BIO_indent() function here as well
Submitted by: Nils Larsch
2002-11-14 10:56:59 +00:00
Richard Levitte
3f083ef0eb free() -> OPENSSL_free() 2002-11-13 20:25:47 +00:00
Richard Levitte
c112323dd5 This didn't get to the 0.9.8-dev thread... 2002-11-13 18:09:27 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Ben Laurie
eb43641dd3 Fix warnings, makefile cockup. 2002-11-13 11:59:48 +00:00
Dr. Stephen Henson
7fb8d254fe Only accept exact match for modifier or tag name 2002-11-13 00:57:41 +00:00
Dr. Stephen Henson
9ea1b87862 Initial ASN1 generation code. This can construct
arbitrary encodings from strings and config files.

Documentation to follow...
2002-11-12 13:34:51 +00:00
Dr. Stephen Henson
38c7271a39 Check for NULL ASN1_ITEM when initializeing
boolean option in ASN1_TYPE.
2002-11-05 13:48:33 +00:00
Bodo Möller
b53e44e572 implement and use new macros BN_get_sign(), BN_set_sign()
Submitted by: Nils Larsch
2002-11-04 13:17:22 +00:00
Richard Levitte
ffd418f217 In my extreme debug mode, gcc complains that 'static' doesn't come
first.
2002-10-20 20:38:18 +00:00
Richard Levitte
677532629d makedepend complains when a header file is included more than once in
the same source file.
2002-10-14 10:02:36 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Dr. Stephen Henson
74e3931f84 Various Win32 fixes.
Resolve signed/unsigned conflicts

Make dso_win32.c compile.
2002-10-06 12:14:55 +00:00
Dr. Stephen Henson
12dadc555f Oops, remove old comment out debugging printf... 2002-10-06 12:10:35 +00:00
Richard Levitte
12f27bd414 Please do not use C++ comments in C code. 2002-10-06 00:33:23 +00:00
Dr. Stephen Henson
9a48b07ee4 Various enhancements to PKCS#12 code, new
medium level API, improved PKCS12_create
and additional functionality in pkcs12
utility.
2002-10-03 23:53:52 +00:00
Dr. Stephen Henson
230fd6b7b6 Preliminary streaming ASN1 encode support. 2002-10-03 12:38:52 +00:00
Dr. Stephen Henson
b499ed06d2 Fix ASN1_STRING_to_UTF8: remove non sensical !*out test. 2002-08-30 17:18:22 +00:00
Bodo Möller
34f1f2a81c less specific interface for EC_GROUP_get_basis_type
Submitted by: Nils Larsch, Bodo Moeller
2002-08-26 18:08:53 +00:00
Bodo Möller
7e31164ae0 ASN1 for binary curves
Submitted by: Nils Larsch
2002-08-26 11:25:54 +00:00
Dr. Stephen Henson
41ab00bedf Reinstate the check for invalid length BIT STRINGS,
which was effectively bypassed in the ASN1 changed.
2002-08-23 00:02:11 +00:00
Dr. Stephen Henson
fc85ac20c7 Make -nameopt work in req and add support for -reqopt 2002-08-22 23:43:48 +00:00
Bodo Möller
74cc4903ef make update 2002-08-09 12:16:15 +00:00
Bodo Möller
60cc56b1a9 add field type to text output
don't print seed value as a number (leading zeros must not be removed)

Submitted by: Nils Larsch
2002-08-09 10:44:44 +00:00
Bodo Möller
e172d60ddb Add ECDH support.
Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
2002-08-09 08:43:04 +00:00
Bodo Möller
14a7cfb32a use a generic EC_KEY structure (EC keys are not ECDSA specific)
Submitted by: Nils Larsch
2002-08-07 10:49:54 +00:00
Dr. Stephen Henson
aaa384ca1a Fix typo 2002-08-02 18:58:33 +00:00
Dr. Stephen Henson
f908226898 Fix the ASN1 sanity check: correct header length
calculation and check overflow against LONG_MAX.
2002-08-02 18:48:55 +00:00
Lutz Jänicke
c046fffa16 OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
2002-07-30 13:04:04 +00:00
Lutz Jänicke
3aecef7697 "make update" 2002-07-30 12:44:33 +00:00