wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8546 commits 20 branches 302 tags 153 MiB
Commit graph

159 commits

Author SHA1 Message Date
Dr. Stephen Henson
e9746e03ee Initial support for name constraints certificate extension. 
TODO: robustness checking on name forms.
 2008-08-08 15:35:29 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins... 
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
 2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
4d318c79b2 Utility attribute function to retrieve attribute data from an expected 
type. Useful for many attributes which are single valued and can only
have one type.
 2008-02-11 17:52:38 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Nils Larsch
91b73acb19 use const ASN1_TIME * 2006-12-11 22:35:51 +00:00
Dr. Stephen Henson
10ca15f3fa Fix change to OPENSSL_NO_RFC3779 2006-12-06 13:36:48 +00:00
Ben Laurie
96ea4ae91c Add RFC 3779 support. 2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
14975faa60 Remove illegal IMPLEMENT macros from header file. 2006-11-16 00:55:33 +00:00
Nils Larsch
1611b9ed80 remove SSLEAY_MACROS code 2006-11-06 19:53:39 +00:00
Dr. Stephen Henson
f4c630abb3 Place standard CRL behaviour in default X509_CRL_METHOD new functions to 
create, free and set default CRL method.
 2006-10-03 02:47:59 +00:00
Dr. Stephen Henson
010fa0b331 Tidy up CRL handling by checking for critical extensions when it is 
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
 2006-09-21 12:42:15 +00:00
Dr. Stephen Henson
4d50a2b4d6 Add verify callback functions to lookup a STACK of matching certs or CRLs 
based on subject name.

New thread safe functions to retrieve matching STACK from X509_STORE.

Cache some IDP components.
 2006-09-10 12:38:37 +00:00
Dr. Stephen Henson
f6e7d01450 Support for multiple CRLs with same issuer name in X509_STORE. Modify 
verify logic to try to use an unexpired CRL if possible.
 2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
edc540211c Cache some CRL related extensions. 2006-07-24 12:39:22 +00:00
Dr. Stephen Henson
786aa98da1 Use correct pointer types for various functions. 2006-07-20 16:56:47 +00:00
Dr. Stephen Henson
450ea83495 Store canonical encodings of Name structures. Update X509_NAME_cmp() to use 
them.
 2006-07-18 12:36:19 +00:00
Dr. Stephen Henson
ae519a247f Extended PBES2 function supporting application supplied IV and PRF NID. 2006-05-17 12:47:17 +00:00
Dr. Stephen Henson
448be74335 Initial support for pluggable public key ASN1 support. Process most public 
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
 2006-03-20 12:22:24 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation 
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
 2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
b6995add5c Make -CSP option work again in pkcs12 utility by checking for 
attribute in EVP_PKEY structure.
 2005-05-15 00:54:45 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes. 
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
 2005-05-11 03:45:39 +00:00
Ben Laurie
8bb826ee53 Consistency. 2005-03-31 13:57:54 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Ben Laurie
0821bcd4de Constification. 2005-03-30 10:26:02 +00:00
Richard Levitte
6951c23afd Add functionality needed to process proxy certificates. 2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
2f605e8d24 Fix race condition when CRL checking is enabled. 2004-10-04 16:30:12 +00:00
Geoff Thorpe
60a938c6bc (oops) Apologies all, that last header-cleanup commit was from the wrong 
tree. This further reduces header interdependencies, and makes some
associated cleanups.
 2004-04-19 18:09:28 +00:00
Dr. Stephen Henson
4acc3e907d Initial support for certificate policy checking and evaluation. 
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
 2004-03-23 14:14:35 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated 
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
 2004-03-15 23:15:26 +00:00
Geoff Thorpe
8ad7e3ad2a Remove duplicate prototypes have already been (correctly) added to rsa.h, 
as this is already included by x509.h anyway.
 2003-10-24 16:17:11 +00:00
Dr. Stephen Henson
f96d1af449 Avoid clashes with Win32 names in WinCrypt.h 2003-07-23 00:10:43 +00:00
Richard Levitte
e6526fbf4d Add functionality to help making self-signed certificate. 2003-04-03 22:27:24 +00:00
Richard Levitte
d5ef144222 Make sure we get the definition of a number of OPENSSL_NO_* macros. 2003-03-20 23:27:17 +00:00
Richard Levitte
711f1a3c26 Add the ASN.1 structures and functions for CertificatePair, which is 
defined as follows (according to X.509_4thEditionDraftV6.pdf):

CertificatePair ::= SEQUENCE {
	forward		[0]	Certificate OPTIONAL,
	reverse		[1]	Certificate OPTIONAL,
	-- at least one of the pair shall be present -- }

The only thing I'm not sure about is if it's implicit or explicit tags
that I should count on.  For now, I'm thinking explicit, but will
gladly stand corrected.

Also implement the PEM functions to read and write certificate pairs,
and defined the PEM tag as "CERTIFICATE PAIR".

This needed to be defined, mostly for the sake of the LDAP attribute
crossCertificatePair, but may prove useful elsewhere as well.
 2002-11-18 23:54:27 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Richard Levitte
677532629d makedepend complains when a header file is included more than once in 
the same source file.
 2002-10-14 10:02:36 +00:00
Dr. Stephen Henson
9a48b07ee4 Various enhancements to PKCS#12 code, new 
medium level API, improved PKCS12_create
and additional functionality in pkcs12
utility.
 2002-10-03 23:53:52 +00:00
Dr. Stephen Henson
fc85ac20c7 Make -nameopt work in req and add support for -reqopt 2002-08-22 23:43:48 +00:00
Bodo Möller
e172d60ddb Add ECDH support. 
Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
 2002-08-09 08:43:04 +00:00
Bodo Möller
14a7cfb32a use a generic EC_KEY structure (EC keys are not ECDSA specific) 
Submitted by: Nils Larsch
 2002-08-07 10:49:54 +00:00
Bodo Möller
4d94ae00d5 ECDSA support 
Submitted by: Nils Larsch <nla@trustcenter.de>
 2002-02-13 18:21:51 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our 
types.h to ossl_typ.h.
 2001-10-04 07:32:46 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul. 
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
 2001-09-01 20:02:13 +00:00
Dr. Stephen Henson
35bf35411c Add CRL utility functions to allow CRLs to be 
built up without accessing structures directly.

Update ca.c to use new functions.

Fix ca.c so it now build CRLs correctly again.
 2001-08-17 00:33:43 +00:00
Bodo Möller
b9fdb3eb99 Reinsert typedef'ed names for structs to help those trying to read the 
sourcecode (including fgrep)
 2001-08-06 11:49:31 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
f2a253e0dd Add support for MS CSP Name PKCS#12 attribute. 2001-06-11 00:43:20 +00:00
Dr. Stephen Henson
926a56bfe3 Purpose and trust setting functions for X509_STORE. 
Tidy existing code.
 2001-05-10 00:13:59 +00:00