Commit graph

343 commits

Author SHA1 Message Date
Richard Levitte
a9daa46758 Include string.h so mem*() functions get properly declared. 2001-02-20 13:41:11 +00:00
Richard Levitte
7ab1a39181 Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS
get a chance to be defined.
2001-02-20 13:22:35 +00:00
Richard Levitte
d8770f3ece Include string.h so mem* functions get properly declared. 2001-02-20 12:51:56 +00:00
Richard Levitte
3ebac273f5 Include string.h so mem* functions get properly declared. 2001-02-20 12:43:11 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
a6b7ffddac New options to 'ca' utility to support CRL entry extensions.
Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.
2001-02-16 01:35:44 +00:00
Dr. Stephen Henson
ccb08f98ae Fix CRL printing to correctly show when there are no revoked certificates.
Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
2001-02-10 00:56:45 +00:00
Dr. Stephen Henson
c063f2c5ec Various Win32 related fixed. Make no-krb5 work in mkdef.pl .
Fix warning in apps/engine.c

Remove definitions of deleted functions.

Add missing definition of X509_VAL.
2001-02-09 18:16:12 +00:00
Bodo Möller
448361a86c Include string.h (whis is in all relevant standards) instead of
memory.h (which is not).
2001-02-05 09:07:50 +00:00
Ben Laurie
4978361212 Make depend. 2001-02-04 21:06:55 +00:00
Ben Laurie
1b843d3c69 Fix a warning. 2001-02-04 21:01:32 +00:00
Dr. Stephen Henson
2b916952a8 Fix ASN1_TIME_to_generlizedtime().
Add protoype for OCSP_response_create().

Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
2001-02-04 03:04:43 +00:00
Dr. Stephen Henson
02e4fbed3d Various OCSP responder utility functions.
Delete obsolete OCSP functions.

Largely untested at present...
2001-02-03 19:20:45 +00:00
Dr. Stephen Henson
88ce56f8c1 Various function for commmon operations. 2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
a43cf9fae9 Add debugging info to new ASN1 code to trace memory leaks.
Fix PKCS7 and PKCS12 memory leaks.

Initialise encapsulated content type properly.
2001-01-24 18:39:54 +00:00
Dr. Stephen Henson
8e8972bb68 Fixes to various ASN1_INTEGER routines for negative case.
Enhance s2i_ASN1_INTEGER().
2001-01-19 14:21:48 +00:00
Dr. Stephen Henson
adf87b2df5 Fix typo in OCSP ASN1 module, this caused
invalid format in OCSP request signatures.

Add spaces to OCSP HTTP header.

Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.
2001-01-11 23:24:28 +00:00
Dr. Stephen Henson
a8312c0e24 Fix typo in OCSP nonce extension.
Set correct type in ASN1_STRING for
INTEGER and ENUMERATED types.

Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
return -1 for invalid type rather than 0 (which is
often valid). -1 may also be valid but this is less
likely.

Load OCSP error strings in ERR_load_crypto_strings().
2001-01-04 19:53:48 +00:00
Dr. Stephen Henson
bf0d176e48 Update OCSP API.
Remove extensions argument from various functions
because it is not needed with the new extension
code.

New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.

New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.

Fix typo in CRL distribution points extension.

Fix ASN1 code so it adds a final null to constructed
strings.
2001-01-04 01:46:36 +00:00
Richard Levitte
e102a3dcfd Since asn1.h gets included recursively from many places, the easiest
is to have asn1.h include e_os.h and e_os2.h.  Of course, this makes
the unofficial "non-export" status of e_os.h a bit delicate...
2000-12-31 01:18:50 +00:00
Dr. Stephen Henson
ecbe07817a Rewrite PKCS#12 code and remove some of the old
horrible macros.

Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
2000-12-31 01:13:04 +00:00
Richard Levitte
26da3e65ac If OPENSSL_BUILD_SHLIBCRYPTO (for files that end up as libcrypto
objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl
objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT.
This is actually only important on Win32, and can safely be ignored in
all other cases, at least for now.
2000-12-31 00:23:17 +00:00
Dr. Stephen Henson
4e1209ebf8 ASN1_ITEM versions of ASN1_d2i_{fp, bio} and replacement of
most of the old wrappers. A few of the old versions remain
because they are non standard and the corresponding ASN1
code has not been reimplemented yet.
2000-12-30 02:40:26 +00:00
Dr. Stephen Henson
f86c5c9ac7 ASN1_ITEM version of ASN1_dup(). Might want
something more efficient later...
2000-12-28 22:41:46 +00:00
Dr. Stephen Henson
73e92de577 Add NO_ASN1_OLD to remove some old style functions:
currently OpenSSL itself wont compile with this set
because some old style stuff remains.

Change old functions X509_sign(), X509_verify() etc
to use new item based functions.

Replace OCSP function declarations with DECLARE macros.
2000-12-28 22:24:50 +00:00
Dr. Stephen Henson
09ab755c55 ASN1_ITEM versions of sign, verify, pack and unpack.
The old function pointer versions will eventually go
away.
2000-12-28 19:18:48 +00:00
Dr. Stephen Henson
3c07b4c2ee Various Win32 related fixes. Doesn't compile yet on
Win32 but it is getting there...

Update mkdef.pl to handle ASN1_ANY and fix headers.

Stop various VC++ warnings.

Include some fixes from "Peter 'Luna' Runestig"
<peter@runestig.com>

Remove external declaration for des_set_weak_key_flag:
it doesn't exist.
2000-12-21 01:38:55 +00:00
Dr. Stephen Henson
2c15d426b9 New function X509V3_extensions_print() this removes extension duplication
from the print routines.

Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.

Implement some ASN1 functions needed to compile OCSP code.
2000-12-14 18:42:28 +00:00
Dr. Stephen Henson
de487514ae New function X509_signature_print() to remove some duplicate
code from certificate, CRL and request printing routines.
2000-12-14 00:53:10 +00:00
Dr. Stephen Henson
06db4253e2 Change the PKCS7 structure to use SEQUENCE OF for the
authenticated attributes: this is used to retain the
original encoding and not break signatures.

Support for a SET OF which reorders the STACK when
encoding a structure. This will be used with the
PKCS7 code.
2000-12-13 23:54:30 +00:00
Richard Levitte
8d28d5f81b Constification of the data of a hash table. This means the callback
functions need to be constified, and therefore meant a number of easy
changes a little everywhere.

Now, if someone could explain to me why OBJ_dup() cheats...
2000-12-13 17:15:03 +00:00
Dr. Stephen Henson
9d6b1ce644 Merge from the ASN1 branch of new ASN1 code
to main trunk.

Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00
Richard Levitte
0cc1115643 Make sure bs is assigned NULL when it's free'd, or there will be an
(incorrect) attempt to free it once more...
2000-11-19 14:14:52 +00:00
Ulf Möller
6a8ba34f9d in some new file names the first 8 characters were not unique 2000-11-12 22:32:18 +00:00
Richard Levitte
f971ccb264 Constify DH-related code. 2000-11-07 14:30:37 +00:00
Richard Levitte
a4aba800d9 Constify DSA-related code. 2000-11-07 13:54:39 +00:00
Richard Levitte
7081f3bd89 Constify the RSA parts of the ASN.1 library. Note some ugly casts
that are needed in the ASN.1 macros.  Hopefully, we can get rid of
those in an elegant way in the future.
2000-11-06 23:04:15 +00:00
Richard Levitte
eb64730b9c The majority of the OCSP code from CertCo. 2000-10-27 11:05:35 +00:00
Richard Levitte
3ab5651112 The experimental Rijndael code moved to the main trunk.
make update done.
2000-10-14 20:09:54 +00:00
Dr. Stephen Henson
8ca533e378 More code for X509_print_ex() support. 2000-10-06 11:51:47 +00:00
Dr. Stephen Henson
d0c9858914 Global DirectoryString mask fix.
Add support for X509_NAME_print_ex() in req.

Initial code for cutomizable X509 print routines.
2000-10-04 01:16:32 +00:00
Richard Levitte
4e20a4e688 'ranlib' doesn't always run on some systems. That's actually
acceptable, since all that happens if it fails is a library with
an index, which makes linking slower, but still working correctly.
2000-09-25 08:53:15 +00:00
Richard Levitte
3f8b90c345 Catch V_ASN1_NULL. 2000-09-22 13:15:16 +00:00
Dr. Stephen Henson
6cffb201f3 Fix ASN1_TYPE bug. 2000-09-21 18:57:00 +00:00
Richard Levitte
62324627aa Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
2000-09-17 18:21:27 +00:00
Richard Levitte
97d8e82c4c Marin Kraemer <Martin.Kraemer@MchP.Siemens.De> sent us patches to make
the OpenSSL commands x50 and req work better on a EBCDIC system.
2000-09-10 14:45:19 +00:00
Richard Levitte
0baed24c1b More VMS synchronisation 2000-09-09 18:05:27 +00:00
Ulf Möller
4f7068c165 Fix some CygWin problems. 2000-09-09 04:45:18 +00:00
Richard Levitte
a1b15ac21f Two places where I forgot to change vms_idhacks to symhacks. 2000-09-08 06:28:09 +00:00
Dr. Stephen Henson
84b65340e1 Two new PKCS#12 demo programs.
Update PKCS12_parse().

Make the keyid in certificate aux info more usable.
2000-09-07 23:14:26 +00:00
Richard Levitte
62ab514e98 'make update' 2000-09-07 08:46:51 +00:00
Bodo Möller
61f175f4ba Get rid of ASN1_UTCTIME_get, which cannot work with time_t
return type (on platforms where time_t is a 32 bit value).

New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.
2000-09-06 15:40:52 +00:00
Bodo Möller
75cb225989 'make update' 2000-09-06 12:34:10 +00:00
Dr. Stephen Henson
2f043896d1 *BIG* verify code reorganisation.
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(
2000-09-05 17:53:58 +00:00
Dr. Stephen Henson
34216c0422 Keep a not of original encoding in certificate requests.
Add new option to PKCS7_sign to exclude S/MIME capabilities.
2000-09-05 13:27:57 +00:00
Dr. Stephen Henson
7df1c720f6 Fix typo in i2d_ASN1_ENUMERATED
Fix bug in read only memory BIOs so BIO_reset() works.

Add sign and verify options to dgst utility, need
to update docs.
2000-08-30 16:14:29 +00:00
Dr. Stephen Henson
d428bf8c56 New option to CA.pl to sign request using CA extensions.
This allows intermediate CAs to be created more easily.

PKCS12_create() now checks private key matches certificate.

Fix typo in x509 app.

Update docs.

New function ASN1_STRING_to_UTF8() converts any ASN1_STRING
type to UTF8.
2000-08-24 23:24:18 +00:00
Dr. Stephen Henson
d096b524af Add support for 'other' PKCS#7 content types. 2000-08-22 22:20:25 +00:00
Dr. Stephen Henson
cae0ae2e4b Fix ASN1_INTEGER_to_BN properly this time... 2000-08-22 16:06:24 +00:00
Dr. Stephen Henson
469938cb40 Fixes to d2i_ASN1_OBJECT, ASN1_INTEGER_to_BN and a_strex.c 2000-08-22 12:54:21 +00:00
Dr. Stephen Henson
eaa2818189 Various fixes...
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
2000-08-21 22:02:23 +00:00
Richard Levitte
3009458e2f MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test 2000-08-14 14:05:53 +00:00
Richard Levitte
5584fa1709 For n > 7, we might get uninitialized (unzeroed) data.
Spotted by "Kyoungho Jeon" <k.h.jeon@securesoft.co.kr>.
2000-08-06 01:35:03 +00:00
Dr. Stephen Henson
2d978cbd30 Changes needed for Tandem NSK, supplied by Scott Uroff (scott@xypro.com).
Fix warnings with BIO_dump_indent().
2000-08-04 00:01:39 +00:00
Dr. Stephen Henson
bd4e152791 Document the new DN printing options.
Change a few names to be more meaningful.

Fix typos in CA.pl docs.
2000-07-30 01:27:59 +00:00
Dr. Stephen Henson
a657546f9c New ASN1_STRING_print_ex() and X509_NAME_print_ex()
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.

The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).

Still needs to be documented, integrated into other
utilities and extensively tested.
2000-07-28 01:58:15 +00:00
Richard Levitte
ca1e465f6d Add the possibility to get hexdumps of unprintable data when using
'openssl asn1parse'.  As a side effect, the functions ASN1_parse_dump
and BIO_dump_indent are added.
2000-07-27 17:28:25 +00:00
Dr. Stephen Henson
f6c1c9e95d Fix a bug in the new i2d_{ENUMERATED,INTEGER} that
didn't recognise NULL to mean 'don't output anything'
2000-07-27 01:27:22 +00:00
Dr. Stephen Henson
284ef5f357 Make NEG_PUBKEY_BUG on by default.
ASN1_TIME fixes.

New function c2i_ASN1_OBJECT().
2000-07-26 01:18:37 +00:00
Dr. Stephen Henson
094fe66d9f Fix some typose in the i2d/d2i functions that
call the i2c/c2i (they were not using the
content length for the headers).

Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.

New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.
2000-07-10 18:33:05 +00:00
Dr. Stephen Henson
a338e21bd1 New ASN1 functions that just deal with
content octets, not tag+length.
2000-07-07 13:24:36 +00:00
Richard Levitte
c2bbf9cf6c I got sick and tired of having to keep track of NIDs when such a thing
could be done automagically, much like the numbering in libeay.num and
ssleay.num.  The solution works as follows:

  - New object identifiers are inserted in objects.txt, following the
    syntax given in objects.README.
  - objects.pl is used to process obj_mac.num and create a new
    obj_mac.h.
  - obj_dat.pl is used to create a new obj_dat.h, using the data in
    obj_mac.h.

This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended.  The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!).  Additions are OK, as well as consistent name changes.
2000-07-05 02:45:36 +00:00
Dr. Stephen Henson
130832150c Fixes for Win32 build.
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).

Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.

The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.

Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
2000-06-21 02:25:30 +00:00
Dr. Stephen Henson
7ef8206859 Handle ASN1_SET_OF and PKCS12_STACK_OF using function
casts in the same way as STACK_OF.
2000-06-20 18:45:28 +00:00
Dr. Stephen Henson
3aceb94b9e Safe stack reorganisation in terms of function casts.
After some messing around this seems to work but needs
a few more tests. Working out the syntax for sk_set_cmp_func()
(cast it to a function that itself returns a function pointer)
was painful :-(

Needs some testing to see what other compilers think of this
syntax.

Also needs similar stuff for ASN1_SET_OF etc etc.
2000-06-16 23:29:26 +00:00
Dr. Stephen Henson
d3ed8ceb3d Add support for the modified SGC key format used in IIS. 2000-06-15 23:48:05 +00:00
Richard Levitte
f20ee31477 Make sure that bs is not getting free'd again.
Reported by Robert Eiglmaier <robert.eiglmaier@ixos.de>
2000-06-15 11:10:15 +00:00
Geoff Thorpe
1c4f90a05d Enable DSO support on alpha (OSF1), cc and gcc.
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
2000-06-13 12:59:38 +00:00
Richard Levitte
ef33b97050 Using checks of the existence of HEADER_{foo}_H in other header files
was a really bad idea.  For example, the following:

	#include <x509.h>
	#include <bio.h>
	#include <asn1.h>

would make sure that things like ASN1_UTCTIME_print() wasn't defined
unless you moved the inclusion of bio.h to above the inclusion of
x509.h.  The reason is that x509.h includes asn1.h, and the
declaration of ASN1_UTCTIME_print() depended on the definition of
HEADER_BIO_H.  That's what I call an obscure bug.

Instead, this change makes sure that whatever header files are needed
for the correct process of one header file are included automagically,
and that the definitions of, for example, BIO-related things are
dependent on the absence of the NO_{foo} macros.  This is also
consistent with the way parts of OpenSSL can be excluded at will.
2000-06-09 10:41:35 +00:00
Bodo Möller
849c0e3046 int may be smaller than 32 bits. 2000-06-05 13:50:57 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Geoff Thorpe
7edd20916a "make update" + stripping the type-specific stack functions out of
libeay.num and ssleay.num.
2000-06-01 06:07:19 +00:00
Geoff Thorpe
ccd86b68ef The previous commit to crypto/stack/*.[ch] pulled the type-safety strings
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;

X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).

Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
2000-06-01 02:36:58 +00:00
Geoff Thorpe
a4e31088ce sk_***_new_null() seems to be there to avoid exactly this sort of thing
which is a cast between NULL and a function pointer.
2000-05-31 17:41:34 +00:00
Bodo Möller
939fff6799 Add "FIXME" comment. 2000-05-31 09:51:55 +00:00
Geoff Thorpe
4dbe060f2c It seems that mktime does what is required here. Certainly timegm() can
not be used because it is not available on all systems (most notably,
win32).
2000-05-29 03:50:37 +00:00
Dr. Stephen Henson
b4b41f48d1 Add DSA library string. Workaround for IIS .key file invalid
ASN1 encoding.
2000-05-24 13:09:59 +00:00
Bodo Möller
c95b7a723f Fix "FIXME" indentation :-) 2000-05-19 12:02:09 +00:00
Bodo Möller
5569e1c39a Add "FIXME" comment, and adjust the indentation. 2000-05-19 11:59:55 +00:00
Ben Laurie
abc9400e10 Typesafety Thought Police part 5. 2000-05-17 09:13:36 +00:00
Ben Laurie
5de603abc8 Typesafety Thought Police part 3. 2000-05-16 21:22:45 +00:00
Ben Laurie
f2716dada0 Typesafety Thought Police Part 2. 2000-05-16 19:53:50 +00:00
Ben Laurie
fd73a2121c Allow UTCTIME objects to be retrieved. Check for imminent cert expiry. 2000-05-14 12:39:53 +00:00
Richard Levitte
82271cee5b In Message-ID: <003201bfb332$14a07520$0801a8c0@janm.transactionsite.com>,
"Jan Mikkelsen" <janm@transactionsite.com> correctly states that the
OpenSSL header files have #include's and extern "C"'s in an incorrect
order.  Thusly fixed.
2000-05-02 12:16:01 +00:00
Richard Levitte
7a807ad8a7 "make update" 2000-04-09 12:52:40 +00:00
Dr. Stephen Henson
e77066ea0a Fix a memory leak in PKCS12_parse.
Don't copy private key to X509 etc public key structures.
Fix for warning.
2000-03-22 13:50:23 +00:00
Bodo Möller
65b002f399 Update test suite so that 'make test' succeeds in 'no-rsa' configuration. 2000-03-13 19:24:39 +00:00
Bodo Möller
59fc2b0fc2 Preserve reason strings in automatically build tables. 2000-03-05 00:19:36 +00:00
Bodo Möller
d6f68fa314 Fix for previous patch: If RAND_pseudo_bytes returns 0, this is not an error. 2000-03-03 07:51:25 +00:00