wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11808 commits 20 branches 302 tags 153 MiB
Commit graph

131 commits

Author SHA1 Message Date
Richard Levitte
bf42354620 Fix the update target and remove duplicate file updates 
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in.  This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.

This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0f539dc1a2)

Conflicts:
	Makefile.org
	apps/Makefile
	test/Makefile
 2015-05-23 06:25:12 +02:00
Viktor Dukhovni
3b38646d13 Code style: space after 'if' 
Reviewed-by: Matt Caswell <gitlab@openssl.org>
 2015-04-16 13:50:01 -04:00
Matt Caswell
8f8e4e4f52 Fix RAND_(pseudo_)?_bytes returns 
Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return
value checked correctly

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-03-25 12:41:28 +00:00
Dr. Stephen Henson
4ba9a4265b Make OCSP response verification more flexible. 
If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.

PR#3668

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4ca5efc287)
 2015-03-24 12:14:04 +00:00
Matt Caswell
ae5c8664e5 Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:31:38 +00:00
Matt Caswell
e19d4a99b8 Further comment amendments to preserve formatting prior to source reformat 
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)

Conflicts:
	crypto/x509v3/pcy_tree.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:23:50 +00:00
Tim Hudson
6977c7e2ba mark all block comments that need format preserving so that 
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c84351)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:23:04 +00:00
Rich Salz
a9d928a8b6 RT2560: missing NULL check in ocsp_req_find_signer 
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a980)
 2014-09-10 12:20:15 -04:00
Tom Greenslade
c57745596c Handle IPv6 addresses in OCSP_parse_url. 
PR#2783
(cherry picked from commit b36f35cda9)
 2014-06-27 17:31:37 +01:00
Dr. Stephen Henson
cea5a1d5f2 Fix null pointer errors. 
PR#3394
(cherry picked from commit 7a9d59c148)
 2014-06-10 14:48:02 +01:00
Dr. Stephen Henson
e9b4b8afbd Don't try and verify signatures if key is NULL (CVE-2013-0166) 
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b)
 2014-04-01 16:39:35 +01:00
Ben Laurie
1ebaf97c44 Constification. 2013-10-07 12:44:40 +01:00
Dr. Stephen Henson
c644b83227 constify 2013-01-17 16:35:50 +00:00
Dr. Stephen Henson
5c8d41be85 Generalise OCSP I/O functions to support dowloading of other ASN1 
structures using HTTP. Add wrapper function to handle CRL download.
 2013-01-15 18:01:31 +00:00
Dr. Stephen Henson
2b5e5c3d08 Revert incompatible OCSP_basic_verify changes. 
Make partial chain chekcing work with EE certificates only.
Remove unneeded -trust_other option from tocsp.
(Backport from HEAD)
 2012-12-26 14:12:09 +00:00
Dr. Stephen Henson
54a0076e94 Check chain is not NULL before assuming we have a validated chain. The 
modification to the OCSP helper purpose breaks normal OCSP verification. It is
no longer needed now we can trust partial chains.
 2012-12-19 15:01:32 +00:00
Dr. Stephen Henson
2e65277695 Use new partial chain flag instead of modifying input parameters. 
(backport from HEAD)
 2012-12-14 14:31:16 +00:00
Ben Laurie
d65b8b2162 Backport OCSP fixes. 2012-12-14 12:53:53 +00:00
Dr. Stephen Henson
b5f57f455a PR: 2803 
Submitted by: jean-etienne.schwartz@bull.net

In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
 2012-11-29 19:15:27 +00:00
Dr. Stephen Henson
24d7159abd Backport libcrypto audit: check return values of EVP functions instead 
of assuming they will always suceed.
 2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
ed67f7b7a7 Fix the ECDSA timing attack mentioned in the paper at: 
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
 2011-05-25 14:52:33 +00:00
Dr. Stephen Henson
b9e468c163 We can't always read 6 bytes in an OCSP response: fix so error statuses 
are read correctly for non-blocking I/O.
 2010-10-06 18:01:14 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
f6a61b140e missing goto meant signature was never printed out 2010-03-12 12:07:05 +00:00
Dr. Stephen Henson
a3d5cdb07c PR: 2063 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_write error handling in ocsp_prn.c
 2009-09-30 23:59:16 +00:00
Dr. Stephen Henson
0c690586e0 PR: 2064, 728 
Submitted by: steve@openssl.org

Add support for custom headers in OCSP requests.
 2009-09-30 21:41:53 +00:00
Ben Laurie
23b973e600 Calculate offset correctly. (Coverity ID 233) 2009-01-01 18:30:51 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should 
test for them!
 2008-12-29 16:11:58 +00:00
Andy Polyakov
e527201f6b This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another 
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
 2008-12-22 13:54:12 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
cec2538ca9 Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve 
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
 2007-12-04 12:41:28 +00:00
Andy Polyakov
ebc06fba67 Bunch of constifications. 2007-10-13 15:51:32 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
710069c19e Fix warnings. 2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
3c07d3a3d3 Finish gcc 4.2 changes. 2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
4d7aff707e Update dependencies. 2006-11-30 13:41:47 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
28b987aec9 Don't assume requestorName is present for signed requests. ASN1 OCSP module 
fix: certs field is OPTIONAL.
 2006-11-13 13:21:47 +00:00
Dr. Stephen Henson
fb596f3bb7 OCSP library tidy. Use extension to encode OCSP extensions instead of doing 
it manually. Make OCSP_CERTID_dup() a real function instead of a macro.
 2006-11-13 13:18:28 +00:00
Dr. Stephen Henson
b589427941 WIN32 fixes signed/unsigned issues and slightly socket semantics. 2006-07-17 18:52:51 +00:00
Dr. Stephen Henson
5c95c2ac23 Fix various error codes to match functions. 2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
c1c6c0bf45 New non-blocking OCSP functionality. 2006-07-17 12:18:28 +00:00
Nils Larsch
c755c5fd8b improved error checking and some fixes 
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
 2005-07-26 21:10:34 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and 
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
 2005-05-16 16:55:47 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
fe86616c72 Some C compilers produce warnings or compilation errors if an attempt 
is made to directly cast a function of one type to what it considers and
incompatible type. In particular gcc 3.4.2.

Add new openssl_fcast macro to place functions into a form where the compiler
will allow them to be cast.

The current version achives this by casting to: void function(void).
 2005-05-12 23:01:44 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes. 
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
 2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Ben Laurie
8bb826ee53 Consistency. 2005-03-31 13:57:54 +00:00