Dr. Stephen Henson
564df0ddea
Remove {i2d,d2i}_ASN1_BOOLEAN
...
Remove {i2d,d2i}_ASN1_BOOLEAN.
Rewrite single occurrence of d2i_ASN1_BOOLEAN in asn1_parse2
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-23 13:15:07 +00:00
Dr. Stephen Henson
f422a51486
Remove old ASN.1 code.
...
Remove old M_ASN1_ macros and replace any occurences with the corresponding
function.
Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-23 13:15:06 +00:00
Matt Caswell
5e5d53d341
Fix a failure to NULL a pointer freed on error.
...
Reported by the LibreSSL project as a follow on to CVE-2015-0209
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:01:13 +00:00
Dr. Stephen Henson
e677e8d135
Fix ASN1_TYPE_cmp
...
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.
CVE-2015-0286
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:01:13 +00:00
Dr. Stephen Henson
8106d61c35
Free up ADB and CHOICE if already initialised.
...
CVE-2015-0287
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-19 11:11:02 +00:00
Dr. Stephen Henson
9b0a453190
Make X509_ATTRIBUTE opaque.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-16 15:54:19 +00:00
Carl Jackson
da27006df0
Fix regression in ASN1_UTCTIME_cmp_time_t
...
Previously, ASN1_UTCTIME_cmp_time_t would return 1 if s > t, -1 if
s < t, and 0 if s == t.
This behavior was broken in a refactor [0], resulting in the opposite
time comparison behavior.
[0]: 904348a492
PR#3706
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-15 19:46:24 +00:00
Dr. Stephen Henson
3d6aa6d441
Allocate string types directly.
...
Allocate and free ASN.1 string types directly instead of going through
the ASN.1 item code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-13 16:42:44 +00:00
Dr. Stephen Henson
b5f07d6a66
Remove obsolete declarations.
...
Remove DECLARE_ASN1_SET_OF and DECLARE_PKCS12_STACK_OF these haven't been
used internally in OpenSSL for some time.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-12 14:12:17 +00:00
Dr. Stephen Henson
5dc1247a74
ASN.1 print fix.
...
When printing out an ASN.1 structure if the type is an item template don't
fall thru and attempt to interpret as a primitive type.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-12 13:31:43 +00:00
Matt Caswell
34a7ed0c39
Fix asn1_item_print_ctx
...
The call to asn1_do_adb can return NULL on error, so we should check the
return value before attempting to use it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-12 09:22:19 +00:00
Matt Caswell
9e488fd6ab
ASN1_primitive_new NULL param handling
...
ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple
of conditional code paths that check whether |it| is NULL or not - but
later |it| is deref'd unconditionally. If |it| was ever really NULL then
this would seg fault. In practice ASN1_primitive_new is marked as an
internal function in the public header file. The only places it is ever
used internally always pass a non NULL parameter for |it|. Therefore, change
the code to sanity check that |it| is not NULL, and remove the conditional
checking.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-12 09:20:45 +00:00
Matt Caswell
ac5a110621
Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-03-11 11:18:15 +00:00
Dmitry-Me
0b142f022e
Fix wrong numbers being passed as string lengths
...
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-09 21:02:41 +01:00
Dr. Stephen Henson
a8ae0891d4
Cleanse PKCS#8 private key components.
...
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.
Call ASN1_STRING_clear_free on PKCS#8 private key components.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-08 16:27:55 +00:00
Matt Caswell
918bb86529
Unchecked malloc fixes
...
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-05 09:09:57 +00:00
Dr. Stephen Henson
437b14b533
Fix format script.
...
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-02 13:26:29 +00:00
Dr. Stephen Henson
259c360d0b
Remove obsolete IMPLEMENT_ASN1_SET_OF
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-09 12:47:28 +00:00
Rich Salz
fbf08b79ff
Remove X509_PAIR
...
Unused type; a pair X509 certificates. Intended for LDAP support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 10:55:31 -05:00
Rich Salz
5b18d3025c
util/mkstack.pl now generates entire safestack.h
...
The mkstack.pl script now generates the entire safestack.h file.
It generates output that follows the coding style.
Also, removed all instances of the obsolete IMPLEMENT_STACK_OF
macro.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:47:53 -05:00
Dr. Stephen Henson
52e028b9de
Check PKCS#8 pkey field is valid before cleansing.
...
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-03 13:58:14 +00:00
Rich Salz
02a938c953
Dead code removal: #if 0 asn1, pkcs7
...
Keep one #if 0 but rename the symbol to be more descriptive of what
it's doing (you can disable support for old broken Netscape software).
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-30 15:35:49 -05:00
Richard Levitte
c6ef15c494
clang on Linux x86_64 complains about unreachable code.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-29 01:54:09 +01:00
Rich Salz
1a5adcfb5e
"#if 0" removal: header files
...
Remove all "#if 0" blocks from header files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-27 17:44:12 -05:00
Rich Salz
474e469bbd
OPENSSL_NO_xxx cleanup: SHA
...
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
GENUINE_DSA OPENSSL_NO_SHA0
OPENSSL_NO_SHA OPENSSL_NO_SHA1
OPENSSL_NO_SHA224 OPENSSL_NO_SHA256
OPENSSL_NO_SHA384 OPENSSL_NO_SHA512
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 12:34:45 -05:00
Rich Salz
c73ad69017
OPENSSL_NO_xxx cleanup: RFC3779
...
Remove OPENSSL_NO_RFCF3779.
Also, makevms.com was ignored by some of the other cleanups, so
I caught it up. Sorry I ignored you, poor little VMS...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 10:19:14 -05:00
Rich Salz
a00ae6c46e
OPENSSL_NO_xxx cleanup: many removals
...
The following compile options (#ifdef's) are removed:
OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
This diff is big because of updating the indents on preprocessor lines.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 10:06:22 -05:00
Kurt Roeckx
2747d73c14
Fix segfault with empty fields as last in the config.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-24 14:46:50 +01:00
Rob Stradling
004efdbb41
Use inner algorithm when printing certificate.
...
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-22 12:40:42 +00:00
Matt Caswell
50e735f9e5
Re-align some comments after running the reformat script.
...
This should be a one off operation (subsequent invokation of the
script should not move them)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
739a5eee61
Rerun util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
0f113f3ee4
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
b853717fc4
Fix strange formatting by indent
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
dbd87ffc21
indent has problems with comments that are on the right hand side of a line.
...
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
c80fd6b215
Further comment changes for reformat (master)
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:19:59 +00:00
Rich Salz
4b618848f9
Cleanup OPENSSL_NO_xxx, part 1
...
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-14 15:57:28 -05:00
Dr. Stephen Henson
cb62ab4b17
use correct function name
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-06 21:03:50 +00:00
Dr. Stephen Henson
4c52816d35
Constify ASN1_TYPE_cmp add X509_ALGOR_cmp.
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-01-05 14:52:55 +00:00
Dr. Stephen Henson
684400ce19
Fix various certificate fingerprint issues.
...
By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.
1. Reject signatures with non zero unused bits.
If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.
2. Check certificate algorithm consistency.
Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.
3. Check DSA/ECDSA signatures use DER.
Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.
This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).
CVE-2014-8275
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-01-05 14:35:19 +00:00
Rich Salz
2c60925d1c
RT2914: NULL check missing in X509_name_canon
...
Check for NULL return from X509_NAME_ENTRY_new()
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-01-04 14:51:04 -05:00
Tim Hudson
1d97c84351
mark all block comments that need format preserving so that
...
indent will not alter them when reformatting comments
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Matt Caswell
53e95716f5
Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED
...
Introduce use of DECLARE_DEPRECATED
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:14 +00:00
Kurt Roeckx
5a1e8c67a9
Return error when a bit string indicates an invalid amount of bits left
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-18 15:03:52 +01:00
Dr. Stephen Henson
89f40f369f
Reject invalid constructed encodings.
...
According to X6.90 null, object identifier, boolean, integer and enumerated
types can only have primitive encodings: return an error if any of
these are received with a constructed encoding.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-17 14:25:58 +00:00
Rich Salz
5cf37957fb
RT3543: Remove #ifdef LINT
...
I also replaced some exit/return wrappers in various
programs (from main) to standardize on return.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-10 17:31:04 -05:00
Matt Caswell
76b2a02274
Implement internally opaque bn access from asn1
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:26 +00:00
Dr. Stephen Henson
f072785eb4
Remove fipscanister build functionality from makefiles.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec
Remove all .cvsignore files
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Emilia Kasper
95b1752cc7
Add i2d_re_X509_tbs
...
i2d_re_X509_tbs re-encodes the TBS portion of the certificate.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-09-05 17:18:06 +02:00
Kurt Cancemi
b0426a0f8c
RT3508: Remove unused variable introduced by b09eb24
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-31 23:43:37 -04:00
Rich Salz
b09eb246e2
RT3246: req command prints version number wrong
...
Make X509_REQ_print_ex do the same thing that
X509_REQ_print does.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-08-28 19:17:05 -04:00
Raphael Spreitzer
f9fb43e176
RT2400: ASN1_STRING_to_UTF8 missing initializer
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-27 22:59:05 -04:00
Justin Blanchard
f756fb430e
RT1815: More const'ness improvements
...
Add a dozen more const declarations where appropriate.
These are from Justin; while adding his patch, I noticed
ASN1_BIT_STRING_check could be fixed, too.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-18 11:49:16 -04:00
Jonas Maebe
1c4b688cb4
multi_split: check for NULL when allocating parts and bpart, and for failure of sk_BIO_push()
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:37:48 +02:00
Jonas Maebe
8957278869
mime_hdr_addparam: free tmpname, tmpval and mparam on error path, and check whether sk_MIME_PARAM_push succeeds
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:37:14 +02:00
Jonas Maebe
15297d962c
mime_hdr_new: free mhdr, tmpname, tmpval on error path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:36:54 +02:00
Jonas Maebe
c9c63b0180
ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:36:34 +02:00
Jonas Maebe
b9b9f853b5
SetBlob: free rgSetBlob on error path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:35:11 +02:00
Frdric Giudicelli
c753e71e0a
RT783: Minor optimization to ASN1_INTEGER_set
...
Remove local variable and avoid extra assignment.
Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>
2014-08-15 10:54:43 -04:00
Hans Wennborg
01e438f288
RT3023: Redundant logical expressions
...
Remove some redundant logical expressions
Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>
2014-08-15 10:45:00 -04:00
Dr Stephen Henson
b00f586a81
Fix d4a4370050
...
Fully remove old error, per drH
Reviewed-by: rsalz
2014-08-11 17:32:57 -04:00
Scott Schaefer
d4a4370050
RT 2517: Various typo's.
...
Reviewed-by: Emilia Kasper
Many of these were already fixed, this catches the last
few that were missed.
2014-08-11 13:43:31 -04:00
Emilia Kasper
0042fb5fd1
Fix OID handling:
...
- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.
CVE-2014-3508
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-06 20:36:41 +01:00
Dr. Stephen Henson
55707a36cc
Add license info.
2014-07-04 18:41:45 +01:00
Dr. Stephen Henson
398e99fe5e
ASN1 sanity check.
...
Primitive encodings shouldn't use indefinite length constructed
form.
PR#2438 (partial).
2014-07-02 00:59:26 +01:00
Dr. Stephen Henson
0e7bda79a1
Handle BER length encoding.
...
Tolerate BER length encoding which may include leading zeroes.
PR#2746
2014-06-29 00:07:08 +01:00
Dr. Stephen Henson
11da66f8b1
Tolerate critical AKID in CRLs.
...
PR#3014
2014-06-27 18:49:32 +01:00
Dr. Stephen Henson
d2aea03829
Memory leak and NULL dereference fixes.
...
PR#3403
2014-06-27 14:35:07 +01:00
Dr. Stephen Henson
3009244da4
Set default global mask to UTF8 only.
2014-06-01 15:03:00 +01:00
Dr. Stephen Henson
b48310627d
Don't try and verify signatures if key is NULL (CVE-2013-0166)
...
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b
)
2014-04-01 16:37:51 +01:00
Dr. Stephen Henson
2514fa79ac
Add functions returning security bits.
...
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
4cfeb00be9
make depend
2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
84917787b5
Remove references to o_time.h
2014-02-19 20:06:13 +00:00
Scott Schaefer
2b4ffc659e
Fix various spelling errors
2014-02-14 22:29:12 +00:00
Dr. Stephen Henson
847865d0f9
Add suppot for ASCII with CRLF canonicalisation.
2014-02-13 14:35:56 +00:00
Dr. Stephen Henson
85c9ba2342
Support setting of "no purpose" for trust.
...
If the oid parameter is set to NULL in X509_add1_trust_object
create an empty list of trusted purposes corresponding to
"no purpose" if trust is checked.
2013-11-11 22:39:23 +00:00
Ben Laurie
79b9209883
More diagnostics for invalid OIDs.
2013-09-20 14:38:36 +01:00
Veres Lajos
478b50cf67
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
dc1ce3bc64
Add KDF for DH.
...
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
5de18d5d0d
Encode INTEGER correctly.
...
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc63c
)
2013-03-18 14:22:08 +00:00
Ben Laurie
975dfb1c6c
make depend.
2013-02-21 18:17:38 +00:00
Ben Laurie
a6bbbf2ff5
Make "make depend" work on MacOS out of the box.
2013-01-19 14:14:30 +00:00
Dr. Stephen Henson
2e8cb108dc
initial support for delta CRL generations by diffing two full CRLs
2012-12-04 18:35:36 +00:00
Dr. Stephen Henson
46a6cec699
Reorganise parameters for OPENSSL_gmtime_diff.
...
Make ASN1_UTCTIME_cmp_time_t more robust by using the new time functions.
2012-11-21 14:13:20 +00:00
Dr. Stephen Henson
360ef6769e
first parameter is difference in days, not years
2012-11-20 15:19:53 +00:00
Dr. Stephen Henson
d223dfe641
make depend
2012-11-19 15:13:33 +00:00
Dr. Stephen Henson
1c455bc084
new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures
2012-11-19 15:12:07 +00:00
Dr. Stephen Henson
98a7edf9f0
make depend
2012-11-19 13:18:09 +00:00
Dr. Stephen Henson
918e613a32
oops, add missing asn_mstbl.c
2012-10-24 13:27:46 +00:00
Dr. Stephen Henson
30765fed55
New config module for string tables. This can be used to add new
...
multi string components (as used in DN fields or request attributes)
or change the values of existing ones.
2012-10-22 13:05:54 +00:00
Dr. Stephen Henson
d35c0ff30b
fix ASN1_STRING_TABLE_add so it can override existing string table values
2012-10-19 15:06:31 +00:00
Bodo Möller
7f429a5dbf
Fix Valgrind warning.
...
Submitted by: Adam Langley
2012-09-24 19:49:16 +00:00
Dr. Stephen Henson
dfcf48f499
New functions to retrieve certificate signatures and signature OID NID.
2012-06-13 13:08:12 +00:00
Dr. Stephen Henson
4b9e0b5f74
print out issuer and subject unique identifier fields in certificates
2012-06-12 13:41:18 +00:00
Dr. Stephen Henson
4242a090c7
PR: 2813
...
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>
Fix possible deadlock when decoding public keys.
2012-05-11 13:53:37 +00:00
Dr. Stephen Henson
d9a9d10f4f
Check for potentially exploitable overflows in asn1_d2i_read_bio
...
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 16:19:56 +00:00
Andy Polyakov
6da165c631
ans1/tasn_prn.c: avoid bool in variable names.
...
PR: 2776
2012-03-29 17:48:19 +00:00
Dr. Stephen Henson
78dfd43955
corrected fix to PR#2711 and also cover mime_param_cmp
2012-03-12 16:32:19 +00:00
Dr. Stephen Henson
3c6a7cd44b
PR: 2742
...
Reported by: Dmitry Belyavsky <beldmit@gmail.com>
If resigning with detached content in CMS just copy data across.
2012-02-29 14:02:02 +00:00
Dr. Stephen Henson
dc4f678cdc
Fix memory leak cause by race condition when creating public keys.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:02 +00:00
Dr. Stephen Henson
68a7b5ae1e
PR: 2736
...
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>
Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
2012-02-27 18:45:28 +00:00
Dr. Stephen Henson
228a8599ff
free headers after use in error message
2012-02-27 16:27:17 +00:00
Dr. Stephen Henson
6941b7b918
PR: 2711
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Tolerate bad MIME headers in parser.
2012-02-23 21:50:44 +00:00
Dr. Stephen Henson
9bd20155ba
fix warning
2012-01-15 13:30:41 +00:00
Andy Polyakov
a50bce82ec
Sanitize usage of <ctype.h> functions. It's important that characters
...
are passed zero-extended, not sign-extended.
PR: 2682
2012-01-12 16:21:35 +00:00
Andy Polyakov
6e913f9901
asn1/t_x509.c: fix serial number print, harmonize with a_int.c.
...
PR: 2675
Submitted by: Annie Yousar
2012-01-11 21:12:22 +00:00
Dr. Stephen Henson
afb14cda8c
Initial experimental support for X9.42 DH parameter format to handle
...
RFC5114 parameters and X9.42 DH public and private keys.
2011-12-07 00:32:34 +00:00
Dr. Stephen Henson
3231e42d72
update pkey method initialisation and copy
2011-10-11 18:15:31 +00:00
Bodo Möller
837e1b6812
Fix memory leak on bad inputs.
2011-09-05 09:57:20 +00:00
Dr. Stephen Henson
a60cc6b4f0
Don't use *from++ in tolower as this is implemented as a macro on some
...
platforms. Thanks to Shayne Murray <Shayne.Murray@Polycom.com> for
reporting this issue.
2011-09-02 11:28:27 +00:00
Dr. Stephen Henson
9fe51d5f73
PR: 2556 (partial)
...
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve
Fix OID routines.
Check on encoding leading zero rejection should start at beginning of
encoding.
Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
2011-07-14 12:01:53 +00:00
Dr. Stephen Henson
b507284c7e
correctly encode OIDs near 2^32
2011-06-22 15:15:58 +00:00
Dr. Stephen Henson
9a85e53813
no need to include memory.h
2011-04-30 23:37:42 +00:00
Dr. Stephen Henson
f9678b8b57
Fix memory leak.
2011-02-07 13:34:00 +00:00
Bodo Möller
9d0397e977
make update
2011-02-03 10:17:53 +00:00
Bodo Möller
2440d8b1db
Fix error codes.
2011-02-03 10:03:23 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
7d05edd12e
PR: 2433
...
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve
Constify ASN1_STRING_set_default_mask_asc().
2011-01-24 16:19:52 +00:00
Dr. Stephen Henson
d3f17e5ed3
stop warning with no-engine
2011-01-13 15:41:58 +00:00
Dr. Stephen Henson
968062b7d3
Fix escaping code for string printing. If *any* escaping is enabled we
...
must escape the escape character itself (backslash).
2011-01-03 01:31:24 +00:00
Dr. Stephen Henson
d7d5a55d22
Support routines for ASN1 scanning function, doesn't do much yet.
2010-12-13 18:15:28 +00:00
Dr. Stephen Henson
8ec3fa0597
fix signature printing routines
2010-10-04 13:58:41 +00:00
Dr. Stephen Henson
39239280f3
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:58:09 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
359b0c9fb8
experimental function to convert ASN1_TIME to tm, not used or even compiled in yet
2010-05-03 12:17:44 +00:00
Dr. Stephen Henson
e19f6678f5
print signature parameters with CRLs too
2010-03-14 13:10:48 +00:00
Dr. Stephen Henson
8d207ee3d1
add X509_CRL_sign_ctx function
2010-03-14 12:52:38 +00:00
Dr. Stephen Henson
85522a074c
Algorithm specific ASN1 signing functions.
2010-03-11 13:32:38 +00:00
Dr. Stephen Henson
ce25c7207b
New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier)
...
from a digest algorithm.
2010-03-11 13:27:05 +00:00
Dr. Stephen Henson
31904ecdf3
RSA PSS verification support including certificates and certificate
...
requests. Add new ASN1 signature initialisation function to handle this
case.
2010-03-08 18:10:35 +00:00
Dr. Stephen Henson
809cd0a22d
print outermost signature algorithm parameters too
2010-03-07 17:02:47 +00:00
Dr. Stephen Henson
7ed485bc9f
The OID sanity check was incorrect. It should only disallow *leading* 0x80
...
values.
2010-03-07 16:40:05 +00:00
Dr. Stephen Henson
9ef6fe8c2e
typo
2010-03-07 15:37:37 +00:00
Dr. Stephen Henson
a5667732b9
update ASN1 sign/verify to use EVP_DigestSign and EVP_DigestVerify
2010-03-07 12:05:45 +00:00
Dr. Stephen Henson
148924c1f4
fix indent, newline
2010-03-06 18:14:13 +00:00
Dr. Stephen Henson
fa1ba589f3
Add algorithm specific signature printing. An individual ASN1 method can
...
now print out signatures instead of the standard hex dump.
More complex signatures (e.g. PSS) can print out more meaningful information.
Sample DSA version included that prints out the signature parameters r, s.
[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
c8ef656df2
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
ec7d16ffdd
Check it actually compiles this time ;-)
2009-12-02 14:25:40 +00:00
Dr. Stephen Henson
5656f33cea
PR: 2120
...
Submitted by: steve@openssl.org
Initialize fields correctly if pem_str or info are NULL in EVP_PKEY_asn1_new().
2009-12-02 13:56:45 +00:00
Dr. Stephen Henson
3d63b3966f
Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat
...
and is a pre-requisite to adding password based CMS support.
2009-11-25 22:01:06 +00:00
Dr. Stephen Henson
c18e51ba5e
PR: 2088
...
Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com>
Approved by: steve@openssl.org
Fix memory leak in d2i_PublicKey().
2009-11-12 19:56:56 +00:00
Dr. Stephen Henson
b599006751
PR: 2090
...
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
Improve error checking in asn1_gen.c
2009-11-10 00:48:07 +00:00
Dr. Stephen Henson
04f9095d9e
Fix unitialized warnings
2009-10-04 16:52:51 +00:00
Dr. Stephen Henson
78ca13a272
PR: 2056
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_wirte error handling in asn1_par.c
2009-10-01 00:11:04 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
f4274da164
PR: 1644
...
Submitted by: steve@openssl.org
Fix to make DHparams_dup() et al work in C++.
For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
2009-09-06 15:49:46 +00:00
Dr. Stephen Henson
17b5326ba9
PR: 2013
...
Submitted by: steve@openssl.org
Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.
Add error checking to CRL generation in ca utility when nextUpdate is being
set.
2009-09-02 13:54:50 +00:00
Dr. Stephen Henson
e33d290159
PR: 2004
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Approved by: steve@openssl.org
Handle fractional seconds properly in ASN1_GENERALIZEDTIME_print
2009-08-10 14:56:57 +00:00
Dr. Stephen Henson
d9d0f1b52c
Reject leading 0x80 in OID subidentifiers.
2009-08-06 16:32:54 +00:00
Dr. Stephen Henson
512d359e26
Update from 1.0.0-stable.
2009-07-27 21:22:02 +00:00
Dr. Stephen Henson
6e0c9e6008
Update from 1.0.0-stable.
2009-07-11 21:43:50 +00:00
Dr. Stephen Henson
220bd84911
Updates from 1.0.0-stable
2009-04-06 15:22:01 +00:00
Dr. Stephen Henson
14023fe352
Merge from 1.0.0-stable branch.
2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
73ba116e96
Update from stable branch.
2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
80b2ff978d
Update from stable branch.
2009-03-25 12:53:50 +00:00
Dr. Stephen Henson
7ce8c95d58
Update from stable branch.
2009-03-25 12:53:26 +00:00
Dr. Stephen Henson
854a225a27
Update from stable branch.
2009-03-14 18:33:49 +00:00
Dr. Stephen Henson
33ab2e31f3
PR: 1854
...
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org
Support GeneralizedTime in ca utility.
2009-03-09 13:59:07 +00:00
Dr. Stephen Henson
477fd4596f
PR: 1835
...
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org
Fix various typos.
2009-02-14 21:49:38 +00:00
Dr. Stephen Henson
ede6ef5e08
Submitted by: Peter Sylvester <Peter.Sylvester@edelweb.fr>
...
Reviewed by: steve
If tagging is universal and SET or SEQUENCE set constructed bit.
2009-02-10 12:13:08 +00:00
Dr. Stephen Henson
57f39cc826
Print out UTF8 and NumericString types in ASN1 parsing utility.
2009-01-28 12:54:52 +00:00
Dr. Stephen Henson
6489573224
Update from stable branch.
2009-01-28 12:36:14 +00:00
Dr. Stephen Henson
079e00e646
Typo: just copy across an unknown type.
2009-01-28 12:32:03 +00:00
Ben Laurie
23b973e600
Calculate offset correctly. (Coverity ID 233)
2009-01-01 18:30:51 +00:00
Ben Laurie
ccf529928f
!a && !a->b is clearly wrong! Changed to !a || !a->b (Coverity ID 145).
2008-12-26 15:32:59 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
5947ca0409
Don't use clobbered 'i' for checking UTCTime and GeneralizedTime length.
2008-11-05 18:28:24 +00:00
Ben Laurie
5e4430e70d
More size_tification.
2008-11-01 16:40:37 +00:00
Ben Laurie
4d6e1e4f29
size_tification.
2008-11-01 14:37:00 +00:00
Dr. Stephen Henson
e19106f5fb
Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
...
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.
This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Dr. Stephen Henson
606f6c477a
Fix a shed load or warnings:
...
Duplicate const.
Use of ; outside function.
2008-10-20 15:12:00 +00:00
Ben Laurie
babb379849
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90
Experimental new date handling routines. These fix issues with X509_time_adj()
...
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Dr. Stephen Henson
d43c4497ce
Initial support for delta CRLs. If "use deltas" flag is set attempt to find
...
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06
Add support for CRLs partitioned by reason code.
...
Tidy CRL scoring system.
Add new CRL path validation error.
2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
d0fff69dc9
Initial indirect CRL support.
2008-08-20 16:42:19 +00:00
Dr. Stephen Henson
e9746e03ee
Initial support for name constraints certificate extension.
...
TODO: robustness checking on name forms.
2008-08-08 15:35:29 +00:00
Dr. Stephen Henson
6d6c47980e
Correctly handle errors in CMS I/O code.
2008-08-05 15:55:53 +00:00
Dr. Stephen Henson
3e727a3b37
Add support for nameRelativeToCRLIssuer field in distribution point name
...
fields.
2008-08-04 15:34:27 +00:00
Bodo Möller
efa73a77e4
Make sure not to read beyond end of buffer
2008-07-16 18:10:27 +00:00
Dr. Stephen Henson
d4cdbab99b
Avoid warnings with -pedantic, specifically:
...
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00
Dr. Stephen Henson
6cb9fca70d
Fix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather
...
than referencing existing X509_NAME_ENTRY structures so needs to be
completely freed.
2008-06-06 11:26:07 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
964c7e8f6d
Fix it properly this time....
2008-03-31 18:21:30 +00:00
Dr. Stephen Henson
f6a45ac5ac
Fix macro.
2008-03-31 18:14:10 +00:00
Dr. Stephen Henson
2e86f0d8d7
Use correct headers for signed receipts. Use consistent naming.
...
Update cms-test.pl to support OpenSSL 0.9.8.
2008-03-31 15:03:55 +00:00
Dr. Stephen Henson
ab568a17cf
Fix duplicate asn1 ctrl values.
2008-03-23 14:13:45 +00:00
Dr. Stephen Henson
fe591284be
Update dependencies.
2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
7c337e00d2
Fix some warnings.
2008-03-16 20:59:10 +00:00
Dr. Stephen Henson
a78a03744d
Only call free once in CHOICE type.
2008-03-14 00:57:01 +00:00
Dr. Stephen Henson
8931b30d84
And so it begins...
...
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
56c7754cab
Avoid warnings.
2008-02-28 14:05:01 +00:00
Dr. Stephen Henson
a70a49a018
Fix typo and avoid warning.
2008-02-28 13:18:26 +00:00
Dr. Stephen Henson
1ad90a916b
Extend attribute setting routines to support non-string types.
2008-02-11 13:59:33 +00:00
Dr. Stephen Henson
9e5df8e448
Support custom primitive type printing routines and add one to LONG type.
2008-02-08 13:07:04 +00:00
Andy Polyakov
4be63cfb55
Source readability fix, which incidentally works around XLC compiler bug.
2007-12-29 18:32:34 +00:00
Dr. Stephen Henson
2f0550c4c1
Lookup public key ASN1 methods by string by iterating through all
...
implementations instead of all added ENGINEs to cover case where an
ENGINE is not added.
2007-11-21 17:25:58 +00:00
Dr. Stephen Henson
94e6ae7a69
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
...
Make {d2i,i2d}_PrivateKey() fall back to PKCS#8 format if no legacy format
supported. Add support in d2i_AutoPrivateKey().
2007-11-20 13:37:51 +00:00
Andy Polyakov
ebc06fba67
Bunch of constifications.
2007-10-13 15:51:32 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Andy Polyakov
a005fb019f
Addenum to "Constify obj_dat.[ch]."
2007-09-18 22:15:31 +00:00
Dr. Stephen Henson
7c5921e736
Handle empty case in X509_NAME canonical encoding.
2007-09-14 18:11:17 +00:00
Dr. Stephen Henson
a6fbcb4220
Change safestack reimplementation to match 0.9.8.
...
Fix additional gcc 4.2 value not used warnings.
2007-09-07 13:25:15 +00:00
Andy Polyakov
34994068a4
Respect ISO aliasing rules.
...
PR: 1296
2007-07-27 20:34:10 +00:00
Dr. Stephen Henson
54b5fd537f
WIN32 fixes.
2007-06-08 00:26:16 +00:00
Dr. Stephen Henson
3c07d3a3d3
Finish gcc 4.2 changes.
2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
64a5c5d1be
Fix X509_REQ_print_ex() to process extension options.
2007-05-22 23:31:29 +00:00
Dr. Stephen Henson
e77dbf325f
Prepend signature name in dgst output.
2007-05-17 16:19:17 +00:00
Dr. Stephen Henson
e69adea539
New function EVP_PKEY_asn1_copy(). Use default MD if type param is NULL.
2007-05-15 23:52:03 +00:00
Dr. Stephen Henson
f8492ffeaa
More useful ASN1 macros for static allocation functions.
2007-05-10 17:34:42 +00:00
Bodo Möller
96afc1cfd5
Add SEED encryption algorithm.
...
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
18f547734e
New function ASN1_STRING_copy() to copy to an already
...
alloacted ASN1_STRING structure.
2007-04-14 17:53:55 +00:00
Dr. Stephen Henson
9cfc8a9d5c
Update smime utility to support streaming for -encrypt and -sign -nodetach
...
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.
These all process content on the fly without storing it all in memory.
2007-04-13 01:06:41 +00:00
Dr. Stephen Henson
74633553a9
Experimental HMAC support via EVP_PKEY_METHOD.
2007-04-11 12:33:06 +00:00
Dr. Stephen Henson
0cc361f3e7
Fix from stable branch.
2007-04-08 17:45:47 +00:00
Nils Larsch
a0d48e7e7e
remove unused file
2007-03-02 19:42:16 +00:00
Lutz Jänicke
0636c39bb1
Fix incorrect handling of special characters
...
PR: 1459
Submitted by: tnitschke@innominate.com
Reviewed by: steve@openssl.org
2007-02-21 17:44:53 +00:00
Nils Larsch
92ada7cc52
remove unreachable code
2007-02-10 09:45:07 +00:00
Dr. Stephen Henson
2d3e956ae0
Update from 0.9.7-stable.
2007-01-23 17:53:48 +00:00
Dr. Stephen Henson
560b79cbff
Constify version strings and some structures.
2007-01-21 13:07:17 +00:00
Dr. Stephen Henson
11d8cdc6ad
Experimental streaming PKCS#7 support.
...
I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.
Nothing uses it at present which is just as well.
Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.
2006-12-24 16:22:56 +00:00
Nils Larsch
34f0a19309
remove trailing '\'
...
PR: 1438
2006-12-19 19:49:02 +00:00
Dr. Stephen Henson
10ca15f3fa
Fix change to OPENSSL_NO_RFC3779
2006-12-06 13:36:48 +00:00
Dr. Stephen Henson
4d7aff707e
Update dependencies.
2006-11-30 13:41:47 +00:00
Ben Laurie
96ea4ae91c
Add RFC 3779 support.
2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
de12116417
Initial, incomplete support for typesafe macros without using function
...
casts.
2006-11-16 00:19:39 +00:00
Dr. Stephen Henson
b37a68cc8f
Initialize old_priv_encode, old_priv_decode.
2006-10-27 11:43:27 +00:00
Bodo Möller
d326582cab
ASN1_item_verify needs to initialize ctx before any "goto err" can
...
happen; the new code for the OID cross reference table failed to do so.
2006-10-04 06:14:36 +00:00
Dr. Stephen Henson
f4c630abb3
Place standard CRL behaviour in default X509_CRL_METHOD new functions to
...
create, free and set default CRL method.
2006-10-03 02:47:59 +00:00
Mark J. Cox
348be7ec60
Fix ASN.1 parsing of certain invalid structures that can result
...
in a denial of service. (CVE-2006-2937) [Steve Henson]
2006-09-28 13:20:44 +00:00
Dr. Stephen Henson
5b73c3609b
Using correct lock for X509_REQ.
...
PR:1348
2006-09-22 17:06:09 +00:00
Dr. Stephen Henson
eebeb52b29
Update length if copying MSB set in asn1_string_canon().
2006-09-22 13:37:15 +00:00
Dr. Stephen Henson
1182301ca7
Do CRL method init after other operations.
2006-09-21 12:48:56 +00:00
Dr. Stephen Henson
010fa0b331
Tidy up CRL handling by checking for critical extensions when it is
...
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.
Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
2006-09-21 12:42:15 +00:00
Dr. Stephen Henson
4d50a2b4d6
Add verify callback functions to lookup a STACK of matching certs or CRLs
...
based on subject name.
New thread safe functions to retrieve matching STACK from X509_STORE.
Cache some IDP components.
2006-09-10 12:38:37 +00:00
Dr. Stephen Henson
539d4c1030
Fix leak
2006-08-31 20:10:37 +00:00
Dr. Stephen Henson
edc540211c
Cache some CRL related extensions.
2006-07-24 12:39:22 +00:00
Dr. Stephen Henson
2eed3a3cc8
Avoid warning.
2006-07-21 22:46:19 +00:00
Dr. Stephen Henson
450ea83495
Store canonical encodings of Name structures. Update X509_NAME_cmp() to use
...
them.
2006-07-18 12:36:19 +00:00
Dr. Stephen Henson
5c95c2ac23
Fix various error codes to match functions.
2006-07-17 16:33:31 +00:00
Bodo Möller
f3dea9a595
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Andy Polyakov
6f344eab03
Fix obvious typo.
2006-06-05 16:04:09 +00:00
Dr. Stephen Henson
41eacc84a0
Clarify comment and add #ifdef.
2006-06-05 12:38:22 +00:00
Dr. Stephen Henson
01b8b3c7d2
Complete EVP_PKEY_ASN1_METHOD ENGINE support.
2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
ae519a247f
Extended PBES2 function supporting application supplied IV and PRF NID.
2006-05-17 12:47:17 +00:00
Dr. Stephen Henson
6d3a1eac3b
Add PRF preference ctrl to ciphers.
2006-05-15 18:35:13 +00:00
Richard Levitte
98bf13c36b
make update
2006-05-12 15:31:28 +00:00
Dr. Stephen Henson
399a6f0bd1
Update PKCS#7 enveloped data to new API.
2006-05-08 12:44:25 +00:00
Dr. Stephen Henson
03919683f9
Add support for default public key digest type ctrl.
2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
cddaba8ede
Add 'flags' parameter to EVP_PKEY_asn1_meth_new() to set algorithm flags.
2006-04-21 17:38:58 +00:00
Dr. Stephen Henson
ee1d9ec019
Remove link between digests and signature algorithms.
...
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
492a9e2415
Allow public key ASN1 methods to set PKCS#7 SignerInfo structures.
2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
c20276e4ae
Fix (most) WIN32 warnings and errors.
2006-04-17 12:08:22 +00:00
Dr. Stephen Henson
5950bf7943
Revert to original...
2006-04-15 13:15:25 +00:00
Dr. Stephen Henson
4141c803d8
Oops...
2006-04-15 13:12:42 +00:00
Dr. Stephen Henson
f3481ca28f
Print out zero length string properly.
2006-04-14 16:47:18 +00:00
Dr. Stephen Henson
f5cda4cbb1
Initial keygen support.
2006-04-11 13:28:52 +00:00
Dr. Stephen Henson
07e970c7e6
Initial functions for RSA EVP_PKEY_METHOD.
...
Update dependencies.
2006-04-08 00:15:07 +00:00
Dr. Stephen Henson
9e4d0f0be2
New utility 'pkeyutl' a general purpose version of 'rsautl'.
2006-04-07 19:33:28 +00:00
Dr. Stephen Henson
e46691a0bc
New function to add dynamic alias.
2006-04-05 13:24:19 +00:00
Dr. Stephen Henson
9c9c98ad2e
Typo.
2006-04-05 12:00:22 +00:00
Dr. Stephen Henson
863779065e
Fix dynamic public key method lookup.
2006-04-04 18:32:19 +00:00
Dr. Stephen Henson
0b33dac310
New function to retrieve ASN1 info on public key algorithms. New command
...
line option to print out info.
2006-04-04 18:16:03 +00:00
Dr. Stephen Henson
db98bbc114
Initial support for generalized public key parameters.
2006-03-24 13:46:58 +00:00
Dr. Stephen Henson
e42633140e
Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD.
2006-03-23 18:02:23 +00:00
Dr. Stephen Henson
d82e2718e2
Add information and pem strings. Update dependencies.
2006-03-23 11:54:51 +00:00
Dr. Stephen Henson
18e377b4ff
Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to
...
initialize it. Initial support for application added public key ASN1.
2006-03-22 17:59:49 +00:00
Dr. Stephen Henson
1b593194be
Move algorithm specific print code from crypto/asn1/t_pkey.c to separate
...
*_prn.c files in each algorithm directory.
2006-03-22 13:34:19 +00:00
Dr. Stephen Henson
35208f368c
Gather printing routines into EVP_PKEY_ASN1_METHOD.
2006-03-22 13:09:35 +00:00
Dr. Stephen Henson
6f81892e6b
Transfer parameter handling and key comparison to algorithm methods.
2006-03-20 17:56:05 +00:00
Dr. Stephen Henson
448be74335
Initial support for pluggable public key ASN1 support. Process most public
...
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
2006-03-20 12:22:24 +00:00
Nils Larsch
67b6f1ca88
fix problems found by coverity: remove useless code
2006-03-15 17:45:43 +00:00
Nils Larsch
40f51f506c
create BN_CTX object
2006-03-15 08:37:35 +00:00
Nils Larsch
6c73d01142
constify some print and ts functions
2006-03-05 20:19:05 +00:00
Nils Larsch
6384e46da3
make some parameters const
2006-03-04 13:55:02 +00:00
Dr. Stephen Henson
350a404cb8
Print out <INVALID> if an OID value is invalid.
2006-02-21 01:00:08 +00:00
Dr. Stephen Henson
827c55741b
Tolerate a SEQUENCE in DN components.
2006-02-19 13:44:47 +00:00
Nils Larsch
b3e72fc37f
make some internal functions static; patch supplied by Kurt Roeckx
2006-02-15 20:20:20 +00:00
Dr. Stephen Henson
e7a8b47f1a
Fix warnings.
2006-02-15 14:45:31 +00:00
Ulf Möller
3b408d83fe
make update
2006-02-12 23:21:56 +00:00
Ulf Möller
c7235be6e3
RFC 3161 compliant time stamp request creation, response generation
...
and response verification.
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Nils Larsch
82e8372f17
p could be uninitialized
2006-02-08 18:51:17 +00:00
Dr. Stephen Henson
15ac971681
Update filenames in makefiles.
2006-02-04 01:45:59 +00:00
Dr. Stephen Henson
c7474d077b
Ignore zero length constructed segments.
2006-01-31 18:36:29 +00:00
Nils Larsch
8c5a2bd6bb
add additional checks + cleanup
...
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Dr. Stephen Henson
25a58453ff
Fixes for BOOL handling: produce errors for invalid string for mini-compiler,
...
correctly encode FALSE for BOOL in ASN1_TYPE.
2006-01-19 17:16:56 +00:00
Nils Larsch
802d7fa6d5
support numeric strings in ASN1_generate_nconf
2006-01-14 09:21:33 +00:00
Bodo Möller
51eb1b81f6
Avoid contradictive error code assignments.
...
"make errors".
2006-01-08 21:54:24 +00:00
Bodo Möller
739a543ea8
Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)
2006-01-08 19:42:30 +00:00
Dr. Stephen Henson
9ee0f7b7e0
In ASN1_parse() show tag value for ASN1 tags > 30.
2006-01-03 14:20:07 +00:00
Dr. Stephen Henson
9cbf062a70
Update from stable branch.
2005-12-05 00:53:36 +00:00
Dr. Stephen Henson
452ae49db5
Extensive OID code enhancement and fixes.
2005-11-20 13:07:47 +00:00
Dr. Stephen Henson
8265328def
Oops :-)
2005-10-02 12:41:11 +00:00
Dr. Stephen Henson
09b6c2ef15
Make OPENSSL_NO_COMP compile again.
2005-09-30 23:35:33 +00:00
Andy Polyakov
7a06050cd3
"Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups.
...
PR: 1196
Submitted by: Russel Ruby
2005-09-20 20:19:07 +00:00
Dr. Stephen Henson
270da80bfa
Fix for Win32.
2005-09-16 11:45:55 +00:00
Dr. Stephen Henson
2a45408c4a
Update print macro properly this time...
2005-09-03 00:49:26 +00:00
Dr. Stephen Henson
9e201014f8
Update ASN1 print implement macro.
2005-09-03 00:48:13 +00:00
Dr. Stephen Henson
0c072a0b46
Update asn1t.h too for ASN1 print.
2005-09-03 00:44:08 +00:00
Dr. Stephen Henson
c11c64fbe0
Update to ASN1 printing code.
2005-09-03 00:40:40 +00:00
Dr. Stephen Henson
244847591f
Extend callback function to support print customization.
2005-09-01 20:42:52 +00:00
Dr. Stephen Henson
5abe32d861
Return 2 from X509_NAME printing routine to add newline.
2005-09-01 18:02:51 +00:00
Dr. Stephen Henson
9194296de8
Update ASN1 printing code and add a -print option to 'pkcs7' utility for
...
initial testing.
2005-09-01 18:00:56 +00:00
Dr. Stephen Henson
1ef7acfe92
Initial support for ASN1 print code.
...
WARNING WARNING WARNING, experimental code, handle with care, use at
your own risk, may contain nuts.
2005-09-01 13:59:16 +00:00
Nils Larsch
8215e7a938
fix warnings when building openssl with the following compiler options:
...
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused
-Wno-unused-parameter -Wuninitialized
2005-08-28 22:49:57 +00:00
Ben Laurie
bf3d6c0c9b
Make D-H safer, include well-known primes.
2005-08-21 16:00:17 +00:00
Dr. Stephen Henson
6b80c20bdb
Use correct date and filename.
2005-08-21 12:25:52 +00:00
Dr. Stephen Henson
2e8879fa6e
Delete old ASN1_METHOD files.
2005-08-20 19:48:58 +00:00
Dr. Stephen Henson
f5a07779dd
Add file which includes new ASN1 NETSCAPE format for certificates.
2005-08-20 19:46:52 +00:00
Dr. Stephen Henson
45e2738585
Remove ASN1_METHOD code replace with new ASN1 alternative.
2005-08-20 18:12:45 +00:00
Dr. Stephen Henson
b173acfc96
New version of ASN1 print code, still not compiled in though.
2005-08-20 00:08:29 +00:00
Nils Larsch
01039d0bff
remove unused variable
2005-07-27 20:20:53 +00:00
Nils Larsch
c755c5fd8b
improved error checking and some fixes
...
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 21:10:34 +00:00
Dr. Stephen Henson
5c8e9139d1
Handle case where it==NULL
2005-07-26 12:25:06 +00:00
Dr. Stephen Henson
56defd9a98
Update ASN1 printing code. Highly experimental, not working properly (neither
...
did the old code) and not compiled in yet...
2005-07-26 11:46:23 +00:00
Nils Larsch
3eeaab4bed
make
...
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
2005-07-16 12:37:36 +00:00
Nils Larsch
67ffa18cce
make the type parameter const when ID2_OF_const() is used
2005-05-18 22:30:38 +00:00
Andy Polyakov
53d8996764
Engage Applink for VC builds.
2005-05-17 16:50:46 +00:00
Andy Polyakov
25a66ee3cb
Move cryptlib.h prior bio.h. Actually it makes sense to include cryptlib.h
...
first everywhere in crypto and skip stdio.h and string.h [because it
includes them].
2005-05-17 00:01:48 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341
ecc api cleanup; summary:
...
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
fe86616c72
Some C compilers produce warnings or compilation errors if an attempt
...
is made to directly cast a function of one type to what it considers and
incompatible type. In particular gcc 3.4.2.
Add new openssl_fcast macro to place functions into a form where the compiler
will allow them to be cast.
The current version achives this by casting to: void function(void).
2005-05-12 23:01:44 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Nils Larsch
8b15c74018
give EC_GROUP_new_by_nid a more meanigful name:
...
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Bodo Möller
fbeaa3c47d
Update util/ck_errf.pl script, and have it run automatically
...
during "make errors" and thus during "make update".
Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
2005-05-09 00:27:37 +00:00
Nils Larsch
7dc17a6cf0
give EC_GROUP_*_nid functions a more meaningful name
...
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
EC_GROUP_set_nid -> EC_GROUP_set_curve_name
2005-05-08 22:09:12 +00:00
Dr. Stephen Henson
98a2fd32a0
Typo.
2005-04-30 18:07:30 +00:00
Dr. Stephen Henson
7bdeeb64ac
Don't attempt to parse nested ASN1 strings by default.
2005-04-30 18:02:54 +00:00
Dr. Stephen Henson
e1cc0671ac
Use more efficient way to locate end of an ASN1 structure.
2005-04-30 13:06:45 +00:00
Dr. Stephen Henson
2deadf1672
Port from stable branch.
2005-04-26 23:21:49 +00:00
Bodo Möller
aa4ce7315f
Fix various incorrect error function codes.
...
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Nils Larsch
9edf4e8157
make asn.1 field names const
2005-04-23 13:45:49 +00:00
Nils Larsch
ff22e913a3
- use BN_set_negative and BN_is_negative instead of BN_set_sign
...
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
2c45bf2bc9
Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts.
...
Remove more bogus shadow warnings.
2005-04-20 21:48:06 +00:00
Richard Levitte
254cfe878e
signed vs. unsigned.
2005-04-20 13:12:33 +00:00
Richard Levitte
22c3600e4c
Resolve signed vs. unsigned.
2005-04-20 12:55:15 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Nils Larsch
f763e0b5ae
make sure error queue is totally emptied
...
PR: 359
2005-04-07 22:53:35 +00:00
Nils Larsch
70f34a5841
some const fixes and cleanup
2005-04-05 10:29:43 +00:00
Ben Laurie
8bb826ee53
Consistency.
2005-03-31 13:57:54 +00:00
Ben Laurie
45d10efc35
Simplicate and add lightness.
2005-03-31 10:55:55 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Ben Laurie
0821bcd4de
Constification.
2005-03-30 10:26:02 +00:00
Richard Levitte
bf746f0f46
Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
...
cause a segfault... This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
2005-01-27 01:49:25 +00:00
Richard Levitte
a229e3038e
Get rid if the annoying warning
2005-01-27 01:47:31 +00:00
Dr. Stephen Henson
5e8904f289
Remove duplicate lines.
2004-12-12 13:15:49 +00:00
Dr. Stephen Henson
c162b132eb
Automatically mark the CRL cached encoding as invalid when some operations
...
are performed.
2004-12-09 13:35:06 +00:00
Dr. Stephen Henson
a0e7c8eede
Add lots of checks for memory allocation failure, error codes to indicate
...
failure and freeing up memory if a failure occurs.
PR:620
2004-12-05 01:03:15 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Dr. Stephen Henson
2f605e8d24
Fix race condition when CRL checking is enabled.
2004-10-04 16:30:12 +00:00
Dr. Stephen Henson
bd9327baa9
Change values of MBSTRING_* to the form MBSTRING_FLAG|nbyte as assumed
...
in ASN1_STRING_to_UTF8().
2004-09-13 22:33:56 +00:00
Dr. Stephen Henson
e08aad1d14
Make ASN1_INTEGER_cmp() work as expected with negative integers.
2004-08-10 17:40:14 +00:00
Dr. Stephen Henson
c39c32dd65
PKCS#8 fixes from stable branch.
2004-07-04 16:44:52 +00:00
Geoff Thorpe
9c52d2cc75
After the latest round of header-hacking, regenerate the dependencies in
...
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
0f814687b9
Deprecate the recursive includes of bn.h from various API headers (asn1.h,
...
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Dr. Stephen Henson
bd1640bb01
Make ASN1 code work again...
2004-04-27 18:33:40 +00:00
Dr. Stephen Henson
f3f52d7f45
More ASN1 reformat/tidy.
2004-04-25 12:46:39 +00:00
Dr. Stephen Henson
8845420f4e
Reformat/tidy some of the ASN1 code.
2004-04-24 17:02:48 +00:00
Geoff Thorpe
c57bc2dc51
make update
2004-04-19 18:33:41 +00:00
Geoff Thorpe
60a938c6bc
(oops) Apologies all, that last header-cleanup commit was from the wrong
...
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Dr. Stephen Henson
e07d3a021d
Remove obsolete files.
2004-03-28 12:29:05 +00:00
Dr. Stephen Henson
6446e0c3c8
Extend OID config module format.
2004-03-27 13:30:14 +00:00
Dr. Stephen Henson
4acc3e907d
Initial support for certificate policy checking and evaluation.
...
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
2004-03-23 14:14:35 +00:00
Richard Levitte
875a644a90
Constify d2i, s2i, c2i and r2i functions and other associated
...
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Dr. Stephen Henson
5fa5eb71a4
Cleanup ASN1 OID module when it exits.
2004-03-05 23:47:56 +00:00
Richard Levitte
87203dc99a
Avoid signed vs. unsigned warnings (which are treated like errors on
...
Windows).
2004-01-27 01:16:38 +00:00
Richard Levitte
79b42e7654
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d
Use BUF_strlcpy() instead of strcpy().
...
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Geoff Thorpe
f7a397cc8d
Avoid possible memory leaks in error-handling.
...
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-10 18:05:22 +00:00
Dr. Stephen Henson
cd2e8a6f2d
Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
2003-11-10 01:37:23 +00:00
Geoff Thorpe
aca95e0b2f
Remove a line that was causing redundant declarations.
...
Obtained from: Stephen Henson <steve@openssl.org>
2003-10-29 22:55:19 +00:00
Geoff Thorpe
2754597013
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
...
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Dr. Stephen Henson
2990244980
ASN1 parse fix and release file changes.
2003-09-30 16:47:33 +00:00
Dr. Stephen Henson
510dc1ecd0
outlen should be int * in out_utf8.
2003-08-21 12:32:12 +00:00
Richard Levitte
83743ad039
Fix sign bugs.
...
PR: 621
2003-05-21 14:29:13 +00:00
Dr. Stephen Henson
727ef76ebd
Add correct DN entry for serialNumber.
2003-05-07 23:20:58 +00:00
Dr. Stephen Henson
0b1c00abeb
Typo.
2003-04-10 00:04:02 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
536b73e78e
Make sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA.
2003-03-20 23:16:45 +00:00
Dr. Stephen Henson
ea3675b5b6
New ASN1 macros to just implement and declare the new and free functions
...
and changes to mkdef.pl so it recognises them.
Use these in policyMappings extension.
2003-03-20 17:58:33 +00:00
Dr. Stephen Henson
e6539fe22d
Add entry for domainComponent so it is treated correctly.
...
Add table order test to end of a_strnid.c
2003-03-14 01:44:42 +00:00
Dr. Stephen Henson
e9ec63961b
Fix indefinite length encoding so EOC correctly updates
...
the buffer pointer.
Rename PKCS7_PARTSIGN to PKCS7_STREAM.
Guess what that's for :-)
2003-02-25 19:03:31 +00:00
Bodo Möller
62e3163b1b
ECPublicKey_set_octet_string and ECPublicKey_get_octet_string
...
behaviour was not quite consistent with the conventions
for d2i and i2d functions as far as handling of the 'out'
or 'in' pointer is concerned.
This patch changes this behaviour, and renames the functions to
o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the
external encoding is just a raw object string without any DER icing).
Submitted by: Nils Larsch
2003-02-21 13:58:23 +00:00
Dr. Stephen Henson
8214e74f76
Ooops forgot to recognise V_ASN1_GENERALSTRING.
2003-02-20 17:13:21 +00:00
Dr. Stephen Henson
988e8458ad
Typo.
2003-02-18 12:46:47 +00:00
Dr. Stephen Henson
a8f5b2ed50
GeneralString support in mini-ASN1 compiler
2003-02-11 14:06:27 +00:00
Bodo Möller
9048c7245b
For ecdsa-with-SHA1, as for id-dsa-with-sha1, omit 'parameters'
...
in AlgorithmIdentifier
Submitted by: Nils Larsch
2003-01-24 21:43:08 +00:00
Dr. Stephen Henson
d3b5cb5343
Check return value of gmtime() and add error codes
...
where it fails in ASN1_TIME_set().
Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.
Clear error queue in req.c if *_min or *_max is absent.
2003-01-24 01:12:01 +00:00
Richard Levitte
7eed0fc041
Make sure the last character of the ASN.1 time string (the 'Z') is copied.
...
PR: 429
2003-01-01 03:40:59 +00:00
Richard Levitte
5e42f9ab46
make update
2002-12-29 01:38:15 +00:00
Andy Polyakov
bbf8198feb
Workaround for GCC-ia64 compiler bug.
...
Submitted by: <appro>
Reviewed by:
PR:
2002-12-06 17:18:10 +00:00
Bodo Möller
7e8c30b589
In ECPKParameters_print, output the private key length correctly
...
(length of the order of the group, not length of the actual key, which
will be shorter in some cases).
Submitted by: Nils Larsch
2002-12-04 17:43:01 +00:00
Dr. Stephen Henson
716b2079dc
Make ASN1_TYPE_get() work for V_ASN1_NULL type.
2002-12-04 00:49:46 +00:00
Dr. Stephen Henson
2053c43de2
In asn1_d2i_read_bio, don't assume BIO_read will
...
return the requested number of bytes when reading
content.
2002-12-03 23:50:59 +00:00
Richard Levitte
4579924b7e
Cleanse memory using the new OPENSSL_cleanse() function.
...
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
406c6f6962
Extra ; removed.
2002-11-27 13:40:11 +00:00
Richard Levitte
711f1a3c26
Add the ASN.1 structures and functions for CertificatePair, which is
...
defined as follows (according to X.509_4thEditionDraftV6.pdf):
CertificatePair ::= SEQUENCE {
forward [0] Certificate OPTIONAL,
reverse [1] Certificate OPTIONAL,
-- at least one of the pair shall be present -- }
The only thing I'm not sure about is if it's implicit or explicit tags
that I should count on. For now, I'm thinking explicit, but will
gladly stand corrected.
Also implement the PEM functions to read and write certificate pairs,
and defined the PEM tag as "CERTIFICATE PAIR".
This needed to be defined, mostly for the sake of the LDAP attribute
crossCertificatePair, but may prove useful elsewhere as well.
2002-11-18 23:54:27 +00:00
Dr. Stephen Henson
d78254aa28
Add SETWRAP modifier to ASN1 generate.
2002-11-15 00:26:07 +00:00
Bodo Möller
555d75252a
use new BIO_indent() function here as well
...
Submitted by: Nils Larsch
2002-11-14 10:56:59 +00:00
Richard Levitte
3f083ef0eb
free() -> OPENSSL_free()
2002-11-13 20:25:47 +00:00
Richard Levitte
c112323dd5
This didn't get to the 0.9.8-dev thread...
2002-11-13 18:09:27 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Ben Laurie
eb43641dd3
Fix warnings, makefile cockup.
2002-11-13 11:59:48 +00:00
Dr. Stephen Henson
7fb8d254fe
Only accept exact match for modifier or tag name
2002-11-13 00:57:41 +00:00
Dr. Stephen Henson
9ea1b87862
Initial ASN1 generation code. This can construct
...
arbitrary encodings from strings and config files.
Documentation to follow...
2002-11-12 13:34:51 +00:00
Dr. Stephen Henson
38c7271a39
Check for NULL ASN1_ITEM when initializeing
...
boolean option in ASN1_TYPE.
2002-11-05 13:48:33 +00:00
Bodo Möller
b53e44e572
implement and use new macros BN_get_sign(), BN_set_sign()
...
Submitted by: Nils Larsch
2002-11-04 13:17:22 +00:00
Richard Levitte
ffd418f217
In my extreme debug mode, gcc complains that 'static' doesn't come
...
first.
2002-10-20 20:38:18 +00:00
Richard Levitte
677532629d
makedepend complains when a header file is included more than once in
...
the same source file.
2002-10-14 10:02:36 +00:00
Richard Levitte
001ab3abad
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Dr. Stephen Henson
74e3931f84
Various Win32 fixes.
...
Resolve signed/unsigned conflicts
Make dso_win32.c compile.
2002-10-06 12:14:55 +00:00
Dr. Stephen Henson
12dadc555f
Oops, remove old comment out debugging printf...
2002-10-06 12:10:35 +00:00
Richard Levitte
12f27bd414
Please do not use C++ comments in C code.
2002-10-06 00:33:23 +00:00
Dr. Stephen Henson
9a48b07ee4
Various enhancements to PKCS#12 code, new
...
medium level API, improved PKCS12_create
and additional functionality in pkcs12
utility.
2002-10-03 23:53:52 +00:00
Dr. Stephen Henson
230fd6b7b6
Preliminary streaming ASN1 encode support.
2002-10-03 12:38:52 +00:00
Dr. Stephen Henson
b499ed06d2
Fix ASN1_STRING_to_UTF8: remove non sensical !*out test.
2002-08-30 17:18:22 +00:00
Bodo Möller
34f1f2a81c
less specific interface for EC_GROUP_get_basis_type
...
Submitted by: Nils Larsch, Bodo Moeller
2002-08-26 18:08:53 +00:00
Bodo Möller
7e31164ae0
ASN1 for binary curves
...
Submitted by: Nils Larsch
2002-08-26 11:25:54 +00:00
Dr. Stephen Henson
41ab00bedf
Reinstate the check for invalid length BIT STRINGS,
...
which was effectively bypassed in the ASN1 changed.
2002-08-23 00:02:11 +00:00
Dr. Stephen Henson
fc85ac20c7
Make -nameopt work in req and add support for -reqopt
2002-08-22 23:43:48 +00:00
Bodo Möller
74cc4903ef
make update
2002-08-09 12:16:15 +00:00
Bodo Möller
60cc56b1a9
add field type to text output
...
don't print seed value as a number (leading zeros must not be removed)
Submitted by: Nils Larsch
2002-08-09 10:44:44 +00:00
Bodo Möller
e172d60ddb
Add ECDH support.
...
Additional changes:
- use EC_GROUP_get_degree() in apps/req.c
- add ECDSA and ECDH to apps/speed.c
- adds support for EC curves over binary fields to ECDSA
- new function EC_KEY_up_ref() in crypto/ec/ec_key.c
- reorganize crypto/ecdsa/ecdsatest.c
- add engine support for ECDH
- fix a few bugs in ECDSA engine support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
2002-08-09 08:43:04 +00:00
Bodo Möller
14a7cfb32a
use a generic EC_KEY structure (EC keys are not ECDSA specific)
...
Submitted by: Nils Larsch
2002-08-07 10:49:54 +00:00
Dr. Stephen Henson
aaa384ca1a
Fix typo
2002-08-02 18:58:33 +00:00
Dr. Stephen Henson
f908226898
Fix the ASN1 sanity check: correct header length
...
calculation and check overflow against LONG_MAX.
2002-08-02 18:48:55 +00:00
Lutz Jänicke
c046fffa16
OpenSSL Security Advisory [30 July 2002]
...
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
2002-07-30 13:04:04 +00:00
Lutz Jänicke
3aecef7697
"make update"
2002-07-30 12:44:33 +00:00
Bodo Möller
5dbd3efce7
Replace 'ecdsaparam' commandline utility by 'ecparam'
...
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Bodo Möller
ea4f109c99
AES cipher suites are now official (RFC3268)
2002-07-04 08:51:09 +00:00
Richard Levitte
17085b022c
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Bodo Möller
9ae08a9c04
Make sure buffers are large enough even for weird parameters
...
Submitted by: Nils Larsch
2002-06-26 14:28:41 +00:00
Bodo Möller
5f3d6f70f6
Implement handling of EC parameter seeds (new functions
...
EC_GROUP_set_seed(), EC_GROUP_get0_seed(), EC_GROUP_get_seed_len()).
New functions ECPKParameters_print(), ECPKParameters_print_fp().
Submitted by: Nils Larsch
2002-06-18 08:38:59 +00:00
Lutz Jänicke
65ee74fbc7
Some more prototype fixes.
...
Use DECLARE macros in asn1* instead of direct declaration.
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by:
PR: 89
2002-06-14 19:01:52 +00:00
Richard Levitte
451dc18f10
Add support for DJGPP.
...
PR: 75
2002-06-13 20:42:35 +00:00
Lutz Jänicke
40889b9cd3
Add missing prototypes.
...
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
PR: 89
2002-06-13 17:40:27 +00:00
Bodo Möller
254ef80db1
simplify asn1_flag
...
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2002-06-12 14:01:17 +00:00
Ben Laurie
25ace3ed25
Fix warnings.
2002-06-11 12:03:51 +00:00
Bodo Möller
458c29175e
move ECC ASN1 that is not specific to ECDSA into crypto/ec/,
...
and make some appropriate changes to the EC library.
Submitted by: Nils Larsch
2002-06-10 12:18:21 +00:00
Richard Levitte
b6fc2386f0
It's not good to have a pointer point at something in an inner block.
...
PR: 66
2002-06-05 13:47:29 +00:00
Richard Levitte
9cdf87f194
Check the return values where memory allocation failures may happen.
...
PR: 49
2002-05-30 16:47:45 +00:00
Bodo Möller
6cbe638294
New functions EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex(), EC_POINT_hex2point()
...
Submitted by: Nils Larsch
2002-05-30 13:16:03 +00:00
Dr. Stephen Henson
08241a5814
Make i2c_ASN1_BIT_STRING return the correct length.
2002-05-29 23:14:01 +00:00
Dr. Stephen Henson
0fccb00b5b
Add missing EVP_CIPHER_CTX_init call.
2002-05-18 23:43:10 +00:00