Commit graph

752 commits

Author SHA1 Message Date
Dr. Stephen Henson
03919683f9 Add support for default public key digest type ctrl. 2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
cddaba8ede Add 'flags' parameter to EVP_PKEY_asn1_meth_new() to set algorithm flags. 2006-04-21 17:38:58 +00:00
Dr. Stephen Henson
ee1d9ec019 Remove link between digests and signature algorithms.
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
492a9e2415 Allow public key ASN1 methods to set PKCS#7 SignerInfo structures. 2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
c20276e4ae Fix (most) WIN32 warnings and errors. 2006-04-17 12:08:22 +00:00
Dr. Stephen Henson
5950bf7943 Revert to original... 2006-04-15 13:15:25 +00:00
Dr. Stephen Henson
4141c803d8 Oops... 2006-04-15 13:12:42 +00:00
Dr. Stephen Henson
f3481ca28f Print out zero length string properly. 2006-04-14 16:47:18 +00:00
Dr. Stephen Henson
f5cda4cbb1 Initial keygen support. 2006-04-11 13:28:52 +00:00
Dr. Stephen Henson
07e970c7e6 Initial functions for RSA EVP_PKEY_METHOD.
Update dependencies.
2006-04-08 00:15:07 +00:00
Dr. Stephen Henson
9e4d0f0be2 New utility 'pkeyutl' a general purpose version of 'rsautl'. 2006-04-07 19:33:28 +00:00
Dr. Stephen Henson
e46691a0bc New function to add dynamic alias. 2006-04-05 13:24:19 +00:00
Dr. Stephen Henson
9c9c98ad2e Typo. 2006-04-05 12:00:22 +00:00
Dr. Stephen Henson
863779065e Fix dynamic public key method lookup. 2006-04-04 18:32:19 +00:00
Dr. Stephen Henson
0b33dac310 New function to retrieve ASN1 info on public key algorithms. New command
line option to print out info.
2006-04-04 18:16:03 +00:00
Dr. Stephen Henson
db98bbc114 Initial support for generalized public key parameters. 2006-03-24 13:46:58 +00:00
Dr. Stephen Henson
e42633140e Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD. 2006-03-23 18:02:23 +00:00
Dr. Stephen Henson
d82e2718e2 Add information and pem strings. Update dependencies. 2006-03-23 11:54:51 +00:00
Dr. Stephen Henson
18e377b4ff Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to
initialize it. Initial support for application added public key ASN1.
2006-03-22 17:59:49 +00:00
Dr. Stephen Henson
1b593194be Move algorithm specific print code from crypto/asn1/t_pkey.c to separate
*_prn.c files in each algorithm directory.
2006-03-22 13:34:19 +00:00
Dr. Stephen Henson
35208f368c Gather printing routines into EVP_PKEY_ASN1_METHOD. 2006-03-22 13:09:35 +00:00
Dr. Stephen Henson
6f81892e6b Transfer parameter handling and key comparison to algorithm methods. 2006-03-20 17:56:05 +00:00
Dr. Stephen Henson
448be74335 Initial support for pluggable public key ASN1 support. Process most public
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
2006-03-20 12:22:24 +00:00
Nils Larsch
67b6f1ca88 fix problems found by coverity: remove useless code 2006-03-15 17:45:43 +00:00
Nils Larsch
40f51f506c create BN_CTX object 2006-03-15 08:37:35 +00:00
Nils Larsch
6c73d01142 constify some print and ts functions 2006-03-05 20:19:05 +00:00
Nils Larsch
6384e46da3 make some parameters const 2006-03-04 13:55:02 +00:00
Dr. Stephen Henson
350a404cb8 Print out <INVALID> if an OID value is invalid. 2006-02-21 01:00:08 +00:00
Dr. Stephen Henson
827c55741b Tolerate a SEQUENCE in DN components. 2006-02-19 13:44:47 +00:00
Nils Larsch
b3e72fc37f make some internal functions static; patch supplied by Kurt Roeckx 2006-02-15 20:20:20 +00:00
Dr. Stephen Henson
e7a8b47f1a Fix warnings. 2006-02-15 14:45:31 +00:00
Ulf Möller
3b408d83fe make update 2006-02-12 23:21:56 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Nils Larsch
82e8372f17 p could be uninitialized 2006-02-08 18:51:17 +00:00
Dr. Stephen Henson
15ac971681 Update filenames in makefiles. 2006-02-04 01:45:59 +00:00
Dr. Stephen Henson
c7474d077b Ignore zero length constructed segments. 2006-01-31 18:36:29 +00:00
Nils Larsch
8c5a2bd6bb add additional checks + cleanup
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Dr. Stephen Henson
25a58453ff Fixes for BOOL handling: produce errors for invalid string for mini-compiler,
correctly encode FALSE for BOOL in ASN1_TYPE.
2006-01-19 17:16:56 +00:00
Nils Larsch
802d7fa6d5 support numeric strings in ASN1_generate_nconf 2006-01-14 09:21:33 +00:00
Bodo Möller
51eb1b81f6 Avoid contradictive error code assignments.
"make errors".
2006-01-08 21:54:24 +00:00
Bodo Möller
739a543ea8 Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts) 2006-01-08 19:42:30 +00:00
Dr. Stephen Henson
9ee0f7b7e0 In ASN1_parse() show tag value for ASN1 tags > 30. 2006-01-03 14:20:07 +00:00
Dr. Stephen Henson
9cbf062a70 Update from stable branch. 2005-12-05 00:53:36 +00:00
Dr. Stephen Henson
452ae49db5 Extensive OID code enhancement and fixes. 2005-11-20 13:07:47 +00:00
Dr. Stephen Henson
8265328def Oops :-) 2005-10-02 12:41:11 +00:00
Dr. Stephen Henson
09b6c2ef15 Make OPENSSL_NO_COMP compile again. 2005-09-30 23:35:33 +00:00
Andy Polyakov
7a06050cd3 "Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups.
PR: 1196
Submitted by: Russel Ruby
2005-09-20 20:19:07 +00:00
Dr. Stephen Henson
270da80bfa Fix for Win32. 2005-09-16 11:45:55 +00:00
Dr. Stephen Henson
2a45408c4a Update print macro properly this time... 2005-09-03 00:49:26 +00:00
Dr. Stephen Henson
9e201014f8 Update ASN1 print implement macro. 2005-09-03 00:48:13 +00:00
Dr. Stephen Henson
0c072a0b46 Update asn1t.h too for ASN1 print. 2005-09-03 00:44:08 +00:00
Dr. Stephen Henson
c11c64fbe0 Update to ASN1 printing code. 2005-09-03 00:40:40 +00:00
Dr. Stephen Henson
244847591f Extend callback function to support print customization. 2005-09-01 20:42:52 +00:00
Dr. Stephen Henson
5abe32d861 Return 2 from X509_NAME printing routine to add newline. 2005-09-01 18:02:51 +00:00
Dr. Stephen Henson
9194296de8 Update ASN1 printing code and add a -print option to 'pkcs7' utility for
initial testing.
2005-09-01 18:00:56 +00:00
Dr. Stephen Henson
1ef7acfe92 Initial support for ASN1 print code.
WARNING WARNING WARNING, experimental code, handle with care, use at
your own risk, may contain nuts.
2005-09-01 13:59:16 +00:00
Nils Larsch
8215e7a938 fix warnings when building openssl with the following compiler options:
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
        -Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
        -Wstrict-prototypes -Wreturn-type -Wpointer-arith  -W -Wunused
        -Wno-unused-parameter -Wuninitialized
2005-08-28 22:49:57 +00:00
Ben Laurie
bf3d6c0c9b Make D-H safer, include well-known primes. 2005-08-21 16:00:17 +00:00
Dr. Stephen Henson
6b80c20bdb Use correct date and filename. 2005-08-21 12:25:52 +00:00
Dr. Stephen Henson
2e8879fa6e Delete old ASN1_METHOD files. 2005-08-20 19:48:58 +00:00
Dr. Stephen Henson
f5a07779dd Add file which includes new ASN1 NETSCAPE format for certificates. 2005-08-20 19:46:52 +00:00
Dr. Stephen Henson
45e2738585 Remove ASN1_METHOD code replace with new ASN1 alternative. 2005-08-20 18:12:45 +00:00
Dr. Stephen Henson
b173acfc96 New version of ASN1 print code, still not compiled in though. 2005-08-20 00:08:29 +00:00
Nils Larsch
01039d0bff remove unused variable 2005-07-27 20:20:53 +00:00
Nils Larsch
c755c5fd8b improved error checking and some fixes
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 21:10:34 +00:00
Dr. Stephen Henson
5c8e9139d1 Handle case where it==NULL 2005-07-26 12:25:06 +00:00
Dr. Stephen Henson
56defd9a98 Update ASN1 printing code. Highly experimental, not working properly (neither
did the old code) and not compiled in yet...
2005-07-26 11:46:23 +00:00
Nils Larsch
3eeaab4bed make
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159
2005-07-16 12:37:36 +00:00
Nils Larsch
67ffa18cce make the type parameter const when ID2_OF_const() is used 2005-05-18 22:30:38 +00:00
Andy Polyakov
53d8996764 Engage Applink for VC builds. 2005-05-17 16:50:46 +00:00
Andy Polyakov
25a66ee3cb Move cryptlib.h prior bio.h. Actually it makes sense to include cryptlib.h
first everywhere in crypto and skip stdio.h and string.h [because it
includes them].
2005-05-17 00:01:48 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341 ecc api cleanup; summary:
- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
fe86616c72 Some C compilers produce warnings or compilation errors if an attempt
is made to directly cast a function of one type to what it considers and
incompatible type. In particular gcc 3.4.2.

Add new openssl_fcast macro to place functions into a form where the compiler
will allow them to be cast.

The current version achives this by casting to: void function(void).
2005-05-12 23:01:44 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes.
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Nils Larsch
8b15c74018 give EC_GROUP_new_by_nid a more meanigful name:
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Bodo Möller
fbeaa3c47d Update util/ck_errf.pl script, and have it run automatically
during "make errors" and thus during "make update".

Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
2005-05-09 00:27:37 +00:00
Nils Larsch
7dc17a6cf0 give EC_GROUP_*_nid functions a more meaningful name
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
	EC_GROUP_set_nid -> EC_GROUP_set_curve_name
2005-05-08 22:09:12 +00:00
Dr. Stephen Henson
98a2fd32a0 Typo. 2005-04-30 18:07:30 +00:00
Dr. Stephen Henson
7bdeeb64ac Don't attempt to parse nested ASN1 strings by default. 2005-04-30 18:02:54 +00:00
Dr. Stephen Henson
e1cc0671ac Use more efficient way to locate end of an ASN1 structure. 2005-04-30 13:06:45 +00:00
Dr. Stephen Henson
2deadf1672 Port from stable branch. 2005-04-26 23:21:49 +00:00
Bodo Möller
aa4ce7315f Fix various incorrect error function codes.
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Nils Larsch
9edf4e8157 make asn.1 field names const 2005-04-23 13:45:49 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
2c45bf2bc9 Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts.
Remove more bogus shadow warnings.
2005-04-20 21:48:06 +00:00
Richard Levitte
254cfe878e signed vs. unsigned. 2005-04-20 13:12:33 +00:00
Richard Levitte
22c3600e4c Resolve signed vs. unsigned. 2005-04-20 12:55:15 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Nils Larsch
f763e0b5ae make sure error queue is totally emptied
PR: 359
2005-04-07 22:53:35 +00:00
Nils Larsch
70f34a5841 some const fixes and cleanup 2005-04-05 10:29:43 +00:00
Ben Laurie
8bb826ee53 Consistency. 2005-03-31 13:57:54 +00:00
Ben Laurie
45d10efc35 Simplicate and add lightness. 2005-03-31 10:55:55 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Ben Laurie
0821bcd4de Constification. 2005-03-30 10:26:02 +00:00
Richard Levitte
bf746f0f46 Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
cause a segfault...  This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
2005-01-27 01:49:25 +00:00
Richard Levitte
a229e3038e Get rid if the annoying warning 2005-01-27 01:47:31 +00:00
Dr. Stephen Henson
5e8904f289 Remove duplicate lines. 2004-12-12 13:15:49 +00:00
Dr. Stephen Henson
c162b132eb Automatically mark the CRL cached encoding as invalid when some operations
are performed.
2004-12-09 13:35:06 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620
2004-12-05 01:03:15 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Dr. Stephen Henson
2f605e8d24 Fix race condition when CRL checking is enabled. 2004-10-04 16:30:12 +00:00
Dr. Stephen Henson
bd9327baa9 Change values of MBSTRING_* to the form MBSTRING_FLAG|nbyte as assumed
in ASN1_STRING_to_UTF8().
2004-09-13 22:33:56 +00:00
Dr. Stephen Henson
e08aad1d14 Make ASN1_INTEGER_cmp() work as expected with negative integers. 2004-08-10 17:40:14 +00:00
Dr. Stephen Henson
c39c32dd65 PKCS#8 fixes from stable branch. 2004-07-04 16:44:52 +00:00
Geoff Thorpe
9c52d2cc75 After the latest round of header-hacking, regenerate the dependencies in
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
0f814687b9 Deprecate the recursive includes of bn.h from various API headers (asn1.h,
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Dr. Stephen Henson
bd1640bb01 Make ASN1 code work again... 2004-04-27 18:33:40 +00:00
Dr. Stephen Henson
f3f52d7f45 More ASN1 reformat/tidy. 2004-04-25 12:46:39 +00:00
Dr. Stephen Henson
8845420f4e Reformat/tidy some of the ASN1 code. 2004-04-24 17:02:48 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Geoff Thorpe
60a938c6bc (oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Dr. Stephen Henson
e07d3a021d Remove obsolete files. 2004-03-28 12:29:05 +00:00
Dr. Stephen Henson
6446e0c3c8 Extend OID config module format. 2004-03-27 13:30:14 +00:00
Dr. Stephen Henson
4acc3e907d Initial support for certificate policy checking and evaluation.
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
2004-03-23 14:14:35 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Dr. Stephen Henson
5fa5eb71a4 Cleanup ASN1 OID module when it exits. 2004-03-05 23:47:56 +00:00
Richard Levitte
87203dc99a Avoid signed vs. unsigned warnings (which are treated like errors on
Windows).
2004-01-27 01:16:38 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Geoff Thorpe
f7a397cc8d Avoid possible memory leaks in error-handling.
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-10 18:05:22 +00:00
Dr. Stephen Henson
cd2e8a6f2d Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). 2003-11-10 01:37:23 +00:00
Geoff Thorpe
aca95e0b2f Remove a line that was causing redundant declarations.
Obtained from: Stephen Henson <steve@openssl.org>
2003-10-29 22:55:19 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Dr. Stephen Henson
2990244980 ASN1 parse fix and release file changes. 2003-09-30 16:47:33 +00:00
Dr. Stephen Henson
510dc1ecd0 outlen should be int * in out_utf8. 2003-08-21 12:32:12 +00:00
Richard Levitte
83743ad039 Fix sign bugs.
PR: 621
2003-05-21 14:29:13 +00:00
Dr. Stephen Henson
727ef76ebd Add correct DN entry for serialNumber. 2003-05-07 23:20:58 +00:00
Dr. Stephen Henson
0b1c00abeb Typo. 2003-04-10 00:04:02 +00:00
Richard Levitte
3ae70939ba Correct a lot of printing calls. Remove extra arguments... 2003-04-03 23:39:48 +00:00
Richard Levitte
536b73e78e Make sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA. 2003-03-20 23:16:45 +00:00
Dr. Stephen Henson
ea3675b5b6 New ASN1 macros to just implement and declare the new and free functions
and changes to mkdef.pl so it recognises them.

Use these in policyMappings extension.
2003-03-20 17:58:33 +00:00
Dr. Stephen Henson
e6539fe22d Add entry for domainComponent so it is treated correctly.
Add table order test to end of a_strnid.c
2003-03-14 01:44:42 +00:00
Dr. Stephen Henson
e9ec63961b Fix indefinite length encoding so EOC correctly updates
the buffer pointer.

Rename PKCS7_PARTSIGN to PKCS7_STREAM.

Guess what that's for :-)
2003-02-25 19:03:31 +00:00
Bodo Möller
62e3163b1b ECPublicKey_set_octet_string and ECPublicKey_get_octet_string
behaviour was not quite consistent with the conventions
for d2i and i2d functions as far as handling of the 'out'
or 'in' pointer is concerned.

This patch changes this behaviour, and renames the functions to
o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the
external encoding is just a raw object string without any DER icing).

Submitted by: Nils Larsch
2003-02-21 13:58:23 +00:00
Dr. Stephen Henson
8214e74f76 Ooops forgot to recognise V_ASN1_GENERALSTRING. 2003-02-20 17:13:21 +00:00
Dr. Stephen Henson
988e8458ad Typo. 2003-02-18 12:46:47 +00:00
Dr. Stephen Henson
a8f5b2ed50 GeneralString support in mini-ASN1 compiler 2003-02-11 14:06:27 +00:00
Bodo Möller
9048c7245b For ecdsa-with-SHA1, as for id-dsa-with-sha1, omit 'parameters'
in AlgorithmIdentifier

Submitted by: Nils Larsch
2003-01-24 21:43:08 +00:00
Dr. Stephen Henson
d3b5cb5343 Check return value of gmtime() and add error codes
where it fails in ASN1_TIME_set().

Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.

Clear error queue in req.c if *_min or *_max is absent.
2003-01-24 01:12:01 +00:00
Richard Levitte
7eed0fc041 Make sure the last character of the ASN.1 time string (the 'Z') is copied.
PR: 429
2003-01-01 03:40:59 +00:00
Richard Levitte
5e42f9ab46 make update 2002-12-29 01:38:15 +00:00
Andy Polyakov
bbf8198feb Workaround for GCC-ia64 compiler bug.
Submitted by: <appro>
Reviewed by:
PR:
2002-12-06 17:18:10 +00:00
Bodo Möller
7e8c30b589 In ECPKParameters_print, output the private key length correctly
(length of the order of the group, not length of the actual key, which
will be shorter in some cases).

Submitted by: Nils Larsch
2002-12-04 17:43:01 +00:00
Dr. Stephen Henson
716b2079dc Make ASN1_TYPE_get() work for V_ASN1_NULL type. 2002-12-04 00:49:46 +00:00
Dr. Stephen Henson
2053c43de2 In asn1_d2i_read_bio, don't assume BIO_read will
return the requested number of bytes when reading
content.
2002-12-03 23:50:59 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
406c6f6962 Extra ; removed. 2002-11-27 13:40:11 +00:00
Richard Levitte
711f1a3c26 Add the ASN.1 structures and functions for CertificatePair, which is
defined as follows (according to X.509_4thEditionDraftV6.pdf):

CertificatePair ::= SEQUENCE {
	forward		[0]	Certificate OPTIONAL,
	reverse		[1]	Certificate OPTIONAL,
	-- at least one of the pair shall be present -- }

The only thing I'm not sure about is if it's implicit or explicit tags
that I should count on.  For now, I'm thinking explicit, but will
gladly stand corrected.

Also implement the PEM functions to read and write certificate pairs,
and defined the PEM tag as "CERTIFICATE PAIR".

This needed to be defined, mostly for the sake of the LDAP attribute
crossCertificatePair, but may prove useful elsewhere as well.
2002-11-18 23:54:27 +00:00
Dr. Stephen Henson
d78254aa28 Add SETWRAP modifier to ASN1 generate. 2002-11-15 00:26:07 +00:00
Bodo Möller
555d75252a use new BIO_indent() function here as well
Submitted by: Nils Larsch
2002-11-14 10:56:59 +00:00
Richard Levitte
3f083ef0eb free() -> OPENSSL_free() 2002-11-13 20:25:47 +00:00
Richard Levitte
c112323dd5 This didn't get to the 0.9.8-dev thread... 2002-11-13 18:09:27 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Ben Laurie
eb43641dd3 Fix warnings, makefile cockup. 2002-11-13 11:59:48 +00:00
Dr. Stephen Henson
7fb8d254fe Only accept exact match for modifier or tag name 2002-11-13 00:57:41 +00:00
Dr. Stephen Henson
9ea1b87862 Initial ASN1 generation code. This can construct
arbitrary encodings from strings and config files.

Documentation to follow...
2002-11-12 13:34:51 +00:00
Dr. Stephen Henson
38c7271a39 Check for NULL ASN1_ITEM when initializeing
boolean option in ASN1_TYPE.
2002-11-05 13:48:33 +00:00
Bodo Möller
b53e44e572 implement and use new macros BN_get_sign(), BN_set_sign()
Submitted by: Nils Larsch
2002-11-04 13:17:22 +00:00
Richard Levitte
ffd418f217 In my extreme debug mode, gcc complains that 'static' doesn't come
first.
2002-10-20 20:38:18 +00:00
Richard Levitte
677532629d makedepend complains when a header file is included more than once in
the same source file.
2002-10-14 10:02:36 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Dr. Stephen Henson
74e3931f84 Various Win32 fixes.
Resolve signed/unsigned conflicts

Make dso_win32.c compile.
2002-10-06 12:14:55 +00:00
Dr. Stephen Henson
12dadc555f Oops, remove old comment out debugging printf... 2002-10-06 12:10:35 +00:00
Richard Levitte
12f27bd414 Please do not use C++ comments in C code. 2002-10-06 00:33:23 +00:00
Dr. Stephen Henson
9a48b07ee4 Various enhancements to PKCS#12 code, new
medium level API, improved PKCS12_create
and additional functionality in pkcs12
utility.
2002-10-03 23:53:52 +00:00
Dr. Stephen Henson
230fd6b7b6 Preliminary streaming ASN1 encode support. 2002-10-03 12:38:52 +00:00
Dr. Stephen Henson
b499ed06d2 Fix ASN1_STRING_to_UTF8: remove non sensical !*out test. 2002-08-30 17:18:22 +00:00
Bodo Möller
34f1f2a81c less specific interface for EC_GROUP_get_basis_type
Submitted by: Nils Larsch, Bodo Moeller
2002-08-26 18:08:53 +00:00
Bodo Möller
7e31164ae0 ASN1 for binary curves
Submitted by: Nils Larsch
2002-08-26 11:25:54 +00:00
Dr. Stephen Henson
41ab00bedf Reinstate the check for invalid length BIT STRINGS,
which was effectively bypassed in the ASN1 changed.
2002-08-23 00:02:11 +00:00
Dr. Stephen Henson
fc85ac20c7 Make -nameopt work in req and add support for -reqopt 2002-08-22 23:43:48 +00:00
Bodo Möller
74cc4903ef make update 2002-08-09 12:16:15 +00:00
Bodo Möller
60cc56b1a9 add field type to text output
don't print seed value as a number (leading zeros must not be removed)

Submitted by: Nils Larsch
2002-08-09 10:44:44 +00:00
Bodo Möller
e172d60ddb Add ECDH support.
Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
2002-08-09 08:43:04 +00:00
Bodo Möller
14a7cfb32a use a generic EC_KEY structure (EC keys are not ECDSA specific)
Submitted by: Nils Larsch
2002-08-07 10:49:54 +00:00
Dr. Stephen Henson
aaa384ca1a Fix typo 2002-08-02 18:58:33 +00:00
Dr. Stephen Henson
f908226898 Fix the ASN1 sanity check: correct header length
calculation and check overflow against LONG_MAX.
2002-08-02 18:48:55 +00:00
Lutz Jänicke
c046fffa16 OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
2002-07-30 13:04:04 +00:00
Lutz Jänicke
3aecef7697 "make update" 2002-07-30 12:44:33 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam'
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Bodo Möller
ea4f109c99 AES cipher suites are now official (RFC3268) 2002-07-04 08:51:09 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Bodo Möller
9ae08a9c04 Make sure buffers are large enough even for weird parameters
Submitted by: Nils Larsch
2002-06-26 14:28:41 +00:00
Bodo Möller
5f3d6f70f6 Implement handling of EC parameter seeds (new functions
EC_GROUP_set_seed(), EC_GROUP_get0_seed(), EC_GROUP_get_seed_len()).

New functions ECPKParameters_print(), ECPKParameters_print_fp().

Submitted by: Nils Larsch
2002-06-18 08:38:59 +00:00
Lutz Jänicke
65ee74fbc7 Some more prototype fixes.
Use DECLARE macros in asn1* instead of direct declaration.
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by:
PR: 89
2002-06-14 19:01:52 +00:00
Richard Levitte
451dc18f10 Add support for DJGPP.
PR: 75
2002-06-13 20:42:35 +00:00
Lutz Jänicke
40889b9cd3 Add missing prototypes.
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
PR: 89
2002-06-13 17:40:27 +00:00
Bodo Möller
254ef80db1 simplify asn1_flag
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2002-06-12 14:01:17 +00:00
Ben Laurie
25ace3ed25 Fix warnings. 2002-06-11 12:03:51 +00:00
Bodo Möller
458c29175e move ECC ASN1 that is not specific to ECDSA into crypto/ec/,
and make some appropriate changes to the EC library.

Submitted by: Nils Larsch
2002-06-10 12:18:21 +00:00
Richard Levitte
b6fc2386f0 It's not good to have a pointer point at something in an inner block.
PR: 66
2002-06-05 13:47:29 +00:00
Richard Levitte
9cdf87f194 Check the return values where memory allocation failures may happen.
PR: 49
2002-05-30 16:47:45 +00:00
Bodo Möller
6cbe638294 New functions EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex(), EC_POINT_hex2point()
Submitted by: Nils Larsch
2002-05-30 13:16:03 +00:00
Dr. Stephen Henson
08241a5814 Make i2c_ASN1_BIT_STRING return the correct length. 2002-05-29 23:14:01 +00:00
Dr. Stephen Henson
0fccb00b5b Add missing EVP_CIPHER_CTX_init call. 2002-05-18 23:43:10 +00:00
Bodo Möller
8df61b5011 Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
encoded as NULL) with id-dsa-with-sha1.

Submitted by: Nils Larsch
2002-04-26 08:28:34 +00:00
Richard Levitte
2d7ab7e9ea Do not free p if it hasn't been used yet.
Notified by Bernd Matthes <bernd.matthes@gemplus.com>
2002-04-20 10:19:20 +00:00
Bodo Möller
b975183c41 ECDSA representation bugfixes
Submitted by: Nils Larsch
2002-04-12 08:57:01 +00:00
Bodo Möller
d0561b5c2d fix ECDSA handling
Submitted by: Nils Larsch
2002-04-09 12:01:21 +00:00
Bodo Möller
690ecff795 Fixes for 'no-hw' combined with 'no-SOME_CIPHER'.
Fix dsaparam usage output.

Submitted by: Nils Larsch
2002-03-14 09:52:03 +00:00
Dr. Stephen Henson
0b4c91c0fc Fix various warnings when compiling with KRB5 code. 2002-03-12 02:59:37 +00:00
Bodo Möller
4882171df5 EC curve stuff
Submitted by: Nils Larsch
2002-03-08 11:10:40 +00:00
Dr. Stephen Henson
3208ff58ca make errors 2002-02-22 21:17:31 +00:00
Dr. Stephen Henson
6707d22a40 Update from stable branch. 2002-02-22 14:07:35 +00:00
Bodo Möller
4d94ae00d5 ECDSA support
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Richard Levitte
b9a3ef4c6e ASN1_BIT_STRING_set_bit() didn't clear previously set bits 2002-02-03 21:31:41 +00:00
Lutz Jänicke
866eedb936 Shut up compiler warnings for inconsistent declarations. 2002-01-29 17:14:50 +00:00
Ben Laurie
9dd5ae6553 Constification, add config to /dev/crypto. 2002-01-18 16:51:05 +00:00
Dr. Stephen Henson
bc37d996fc Experimental configuration code.
Incomplete, largely untested and subject to change/deletion.
2002-01-05 01:37:16 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Dr. Stephen Henson
322de0c8c1 NO_DSA, NO_RSA patches. 2001-12-01 22:41:39 +00:00
Richard Levitte
b476df64a1 make update
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Bodo Möller
b955dbd325 cast to 'unsigned long' before using ~ if we need an unsigned long result
Submitted by: "Stefan Marxen" <stefan.marxen@gmx.net>
2001-11-09 12:58:05 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our
types.h to ossl_typ.h.
2001-10-04 07:32:46 +00:00
Dr. Stephen Henson
d46c1a8126 Support fractional seconds in GeneralizedTime 2001-09-28 00:44:44 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Geoff Thorpe
ceff5fec5a gcc can't spot that 'derlst' is not used uninitialised, so appease it. 2001-08-26 21:04:21 +00:00
Geoff Thorpe
b7727ee616 The indexes returned by ***_get_ex_new_index() functions are used when
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
2001-08-12 16:52:00 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Ben Laurie
bb2297a41d Header bloat reduction for EVP_PKEY. 2001-08-03 18:48:35 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Richard Levitte
dbfc0f8c2b Vade retro C++ comments!
(Latin for "comments", anyone?)
2001-07-31 09:15:52 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
1241126adf More linker bloat reorganisation:
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Richard Levitte
2a1ef75435 Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in
SSL according to RFC 2712.  His comment is:

This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication.  I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week.  The full kit includes patches
for mod-ssl, apache, and a few text clients.  The sourceforge URL
is http://sourceforge.net/projects/kssl/ .

Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct.  I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field.  I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
2001-07-09 21:46:58 +00:00
Dr. Stephen Henson
9d2e51c199 Another empty X509_NAME fix. 2001-06-26 12:39:22 +00:00
Dr. Stephen Henson
1e325f6149 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:35 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Richard Levitte
b7fe2f9675 cp is only used when DSA is built. 2001-06-19 16:40:36 +00:00
Dr. Stephen Henson
f2a253e0dd Add support for MS CSP Name PKCS#12 attribute. 2001-06-11 00:43:20 +00:00
Richard Levitte
2b49dd1e8f 'make update' 2001-06-05 20:32:36 +00:00
Richard Levitte
b8e35bd66e New internal function OPENSSL_gmtime, which is intended to do the same
as gmtime_r() on the systems where that is defined.
2001-05-16 08:44:09 +00:00
Dr. Stephen Henson
c962479bdf Fix ASN1 bug when decoding OTHER type.
Various S/MIME DSA related fixes.
2001-04-21 12:06:01 +00:00
Ben Laurie
4f19a0672b Fix warning. 2001-04-16 03:00:57 +00:00
Bodo Möller
83d968df60 Don't use 'tt' uninitialized when reporting an error
(we don't have an ASN1_TEMPLATE to complain about at this stage,
so  errtt == NULL  should be OK)
2001-04-05 11:40:16 +00:00
Dr. Stephen Henson
722ca2781c Rewrite CHOICE field setting code to properly handle
combine in CHOICE options.

This was causing d2i_DSAPublicKey() to misbehave.
2001-04-02 00:59:19 +00:00
Dr. Stephen Henson
535d79da63 Overhaul the display of certificate details in
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.

This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
2001-03-15 19:13:40 +00:00
Dr. Stephen Henson
0a3ea5d34a Document the -certopt option to the x509 utility.
Add no_issuer option.

Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.
2001-03-15 01:15:54 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Bodo Möller
4f98cbabde avoid compiler warning 2001-03-08 14:02:28 +00:00
Bodo Möller
4de633dd5f Get rid of '#define ERR_file_name __FILE__', which is unnecessary indirection.
(It cannot possibly help to avoid duplicate 'name of file' strings
in object files because the preprocessor does not work at object file
level.)
2001-03-08 11:45:44 +00:00
Bodo Möller
bad4058574 New option '-subj arg' for 'openssl req' and 'openssl ca'. This
sets the subject name for a new request or supersedes the
subject name in a given request.

Add options '-batch' and '-verbose' to 'openssl req'.

Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller
2001-03-05 11:09:43 +00:00
Richard Levitte
62dc5aad06 Introduce the possibility to access global variables through
functions on platform were that's the best way to handle exporting
global variables in shared libraries.  To enable this functionality,
one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
"OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
is normally done by Configure or something similar).

To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
in the source file (foo.c) like this:

	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
	OPENSSL_IMPLEMENT_GLOBAL(double,bar);

To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:

	OPENSSL_DECLARE_GLOBAL(int,foo);
	#define foo OPENSSL_GLOBAL_REF(foo)
	OPENSSL_DECLARE_GLOBAL(double,bar);
	#define bar OPENSSL_GLOBAL_REF(bar)

The #defines are very important, and therefore so is including the
header file everywere where the defined globals are used.

The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
of ASN.1 items, but that structure is a bt different.

The largest change is in util/mkdef.pl which has been enhanced with
better and easier to understand logic to choose which symbols should
go into the Windows .def files as well as a number of fixes and code
cleanup (among others, algorithm keywords are now sorted
lexicographically to avoid constant rewrites).
2001-03-02 10:38:19 +00:00