Commit graph

70 commits

Author SHA1 Message Date
Dr. Stephen Henson
2ca873e8d8 transparently handle X9.42 DH parameters 2011-12-07 12:44:03 +00:00
Ben Laurie
c8bbd98a2b Fix warnings. 2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
08df41277a PR: 1904
Submitted by: David Woodhouse <dwmw2@infradead.org>

Pass passphrase minimum length down to UI.
2010-03-27 19:31:55 +00:00
Dr. Stephen Henson
b6dcdbfc94 Audit libcrypto for unchecked return values: fix all cases enountered 2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
2401debe83 Tolerate -----BEGIN PKCS #7 SIGNED DATA----- header lines as used by some
implementations.
2008-11-11 12:38:25 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins...
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
297e6f1917 Avoid use of function pointer casts in pem library. Modify safestack to
always use inline functions.
2007-06-04 17:53:04 +00:00
Dr. Stephen Henson
a2e623c011 Update from 0.9.7-stable. 2007-02-21 13:49:35 +00:00
Dr. Stephen Henson
560b79cbff Constify version strings and some structures. 2007-01-21 13:07:17 +00:00
Dr. Stephen Henson
01b8b3c7d2 Complete EVP_PKEY_ASN1_METHOD ENGINE support. 2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
3e4585c8fd New utility pkeyparam. Enhance and bugfix algorithm specific parameter
functions to support it.
2006-03-28 14:35:32 +00:00
Dr. Stephen Henson
e42633140e Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD. 2006-03-23 18:02:23 +00:00
Dr. Stephen Henson
d82e2718e2 Add information and pem strings. Update dependencies. 2006-03-23 11:54:51 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes.
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Ben Laurie
8bb826ee53 Consistency. 2005-03-31 13:57:54 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Bodo Möller
2b61034b0b fix potential memory leak when allocation fails
PR: 801
Submitted by: Nils Larsch
2005-03-11 09:01:24 +00:00
Richard Levitte
8c3c570134 The first argument to load_iv should really be a char ** instead of an
unsigned char **, since it points at text.

Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out
the inelegance of our code :-)
2005-01-27 11:42:28 +00:00
Richard Levitte
a229e3038e Get rid if the annoying warning 2005-01-27 01:47:31 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620
2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
216ad9ef58 Memory leak fix. 2004-03-05 23:39:42 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Richard Levitte
43d601641f A few more memset()s converted to OPENSSL_cleanse().
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
2002-11-29 11:30:45 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
17ed6c06a7 Merge from 0.9.7-stable. 2002-11-13 18:10:30 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Richard Levitte
40efa67248 Plug potential memory leak.
Identified by Goetz Babin-Ebell <babinebell@trustcenter.de>
2002-10-30 09:42:42 +00:00
Bodo Möller
6ff7c95843 don't memset(data,0,...) if data is NULL
Submitted by: anonymous
PR: 254
2002-08-29 11:45:40 +00:00
Bodo Möller
0bee0e6294 Use SEC1 format for EC private keys.
This is not ECDSA specific, so it's now PEM_STRING_ECPRIVATEKEY etc.

Submitted by: Nils Larsch <nlarsch@compuserve.de>
2002-07-26 08:41:04 +00:00
Richard Levitte
915c6a21ba Stop assuming the IV is 8 bytes long, use the real size instead.
This is especially important for AES that has a 16 bytes IV.
2002-02-20 17:55:08 +00:00
Bodo Möller
4d94ae00d5 ECDSA support
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Dr. Stephen Henson
cecd263878 Add missing EVP_CIPHER_CTX_{init,cleanup} 2001-10-20 16:18:03 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Dr. Stephen Henson
1241126adf More linker bloat reorganisation:
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
19da130053 First of several reorganisations to
reduce linker bloat. For example the
single line:

PEM_read_X509()

results in a binary of around 400K in Linux!

This first step separates some of the PEM functions and
avoids linking in some PKCS#7 and PKCS#12 code.
2001-07-26 22:34:45 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
ecbe07817a Rewrite PKCS#12 code and remove some of the old
horrible macros.

Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
2000-12-31 01:13:04 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Bodo Möller
d6f68fa314 Fix for previous patch: If RAND_pseudo_bytes returns 0, this is not an error. 2000-03-03 07:51:25 +00:00
Bodo Möller
7c472f706e Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts. 2000-03-02 22:29:38 +00:00
Dr. Stephen Henson
3142c86d65 Allow ADH to be used but not present in the default cipher
list.

Allow CERTIFICATE to be used in PEM headers for PKCS#7 structures:
some CAs do this.
2000-02-23 01:11:01 +00:00
Dr. Stephen Henson
a3fe382e2d Pass phrase reorganisation. 2000-02-16 23:16:01 +00:00
Ulf Möller
e7f97e2d22 Check RAND_bytes() return value or use RAND_pseudo_bytes(). 2000-01-21 01:15:56 +00:00
Ulf Möller
eb952088f0 Precautions against using the PRNG uninitialized: RAND_bytes() now
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
2000-01-13 20:59:17 +00:00
Dr. Stephen Henson
36217a9424 Allow passwords to be included on command line for a few
more utilities.
1999-12-24 23:53:57 +00:00
Dr. Stephen Henson
525f51f6c9 Add PKCS#8 utility functions and add PBE options. 1999-12-23 02:02:42 +00:00
Dr. Stephen Henson
53b1899e3c Fix a couple of outstanding issues: update STATUS file, fix NO_FP_API problems.
Update docs, change 'ca' to use the new callback parameter. Now moved key_callback
into app.c because some other utilities will use it soon.
1999-11-11 13:58:41 +00:00
Dr. Stephen Henson
ce1b4fe146 Allow additional information to be attached to a
certificate: currently this includes trust settings
and a "friendly name".
1999-11-04 00:45:35 +00:00
Dr. Stephen Henson
f769ce3ea4 More multibyte character support.
Functions to get keys from EVP_PKEY structures.
1999-10-25 02:00:09 +00:00