Dr. Stephen Henson
dfcf48f499
New functions to retrieve certificate signatures and signature OID NID.
2012-06-13 13:08:12 +00:00
Dr. Stephen Henson
4b9e0b5f74
print out issuer and subject unique identifier fields in certificates
2012-06-12 13:41:18 +00:00
Andy Polyakov
9eba5614fe
Minor compatibility fixes.
...
PR: 2790
Submitted by: Alexei Khlebnikov
2012-04-16 17:35:30 +00:00
Dr. Stephen Henson
d895f7f060
don't do loop check for single self signed certificate
2012-03-05 15:48:13 +00:00
Ben Laurie
ae55176091
Fix some warnings caused by __owur. Temporarily (I hope) remove the more
...
aspirational __owur annotations.
2011-11-14 00:36:10 +00:00
Dr. Stephen Henson
66bb328e11
? crypto/aes/aes-armv4.S
...
? crypto/aes/aesni-sha1-x86_64.s
? crypto/aes/aesni-x86_64.s
? crypto/aes/foo.pl
? crypto/aes/vpaes-x86_64.s
? crypto/bn/.bn_lib.c.swp
? crypto/bn/armv4-gf2m.S
? crypto/bn/diffs
? crypto/bn/modexp512-x86_64.s
? crypto/bn/x86_64-gf2m.s
? crypto/bn/x86_64-mont5.s
? crypto/ec/bc.txt
? crypto/ec/diffs
? crypto/modes/a.out
? crypto/modes/diffs
? crypto/modes/ghash-armv4.S
? crypto/modes/ghash-x86_64.s
? crypto/modes/op.h
? crypto/modes/tst.c
? crypto/modes/x.h
? crypto/objects/.obj_xref.txt.swp
? crypto/rand/diffs
? crypto/sha/sha-512
? crypto/sha/sha1-armv4-large.S
? crypto/sha/sha256-armv4.S
? crypto/sha/sha512-armv4.S
Index: crypto/objects/obj_xref.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v
retrieving revision 1.9
diff -u -r1.9 obj_xref.c
--- crypto/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9
+++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000
@@ -110,8 +110,10 @@
#endif
if (rv == NULL)
return 0;
- *pdig_nid = rv->hash_id;
- *ppkey_nid = rv->pkey_id;
+ if (pdig_nid)
+ *pdig_nid = rv->hash_id;
+ if (ppkey_nid)
+ *ppkey_nid = rv->pkey_id;
return 1;
}
@@ -144,7 +146,8 @@
#endif
if (rv == NULL)
return 0;
- *psignid = (*rv)->sign_id;
+ if (psignid)
+ *psignid = (*rv)->sign_id;
return 1;
}
Index: crypto/x509/x509type.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v
retrieving revision 1.10
diff -u -r1.10 x509type.c
--- crypto/x509/x509type.c 26 Oct 2007 12:06:33 -0000 1.10
+++ crypto/x509/x509type.c 6 Oct 2011 20:36:04 -0000
@@ -100,20 +100,26 @@
break;
}
- i=X509_get_signature_type(x);
- switch (i)
+ i=OBJ_obj2nid(x->sig_alg->algorithm);
+ if (i && OBJ_find_sigid_algs(i, NULL, &i))
{
- case EVP_PKEY_RSA:
- ret|=EVP_PKS_RSA;
- break;
- case EVP_PKEY_DSA:
- ret|=EVP_PKS_DSA;
- break;
- case EVP_PKEY_EC:
- ret|=EVP_PKS_EC;
- break;
- default:
- break;
+
+ switch (i)
+ {
+ case NID_rsaEncryption:
+ case NID_rsa:
+ ret|=EVP_PKS_RSA;
+ break;
+ case NID_dsa:
+ case NID_dsa_2:
+ ret|=EVP_PKS_DSA;
+ break;
+ case NID_X9_62_id_ecPublicKey:
+ ret|=EVP_PKS_EC;
+ break;
+ default:
+ break;
+ }
}
if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
2011-10-06 20:44:02 +00:00
Dr. Stephen Henson
c2035bffe7
PR: 2606
...
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve
Handle timezones correctly in UTCTime.
2011-09-23 13:39:23 +00:00
Dr. Stephen Henson
0486cce653
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
...
produce an error (CVE-2011-3207)
2011-09-06 15:15:09 +00:00
Dr. Stephen Henson
a52b7b44b2
allow MD5 use for computing old format hash links
2011-06-22 02:18:19 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
2b3936e882
avoid verification loops in trusted store when path building
2010-12-25 20:45:59 +00:00
Dr. Stephen Henson
da7b0b2261
Submitted by: Jonathan Dixon <joth@chromium.org>
...
Reviewed by: steve
If store is NULL set flags correctly.
2010-11-02 15:58:58 +00:00
Dr. Stephen Henson
39239280f3
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:58:09 +00:00
Dr. Stephen Henson
a033c3c72b
PR: 2250
...
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Don't overwrite return value with strlen(f).
2010-05-03 12:24:01 +00:00
Dr. Stephen Henson
8d207ee3d1
add X509_CRL_sign_ctx function
2010-03-14 12:52:38 +00:00
Dr. Stephen Henson
17c63d1cca
RSA PSS ASN1 signing method
2010-03-11 14:06:46 +00:00
Dr. Stephen Henson
ce25c7207b
New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier)
...
from a digest algorithm.
2010-03-11 13:27:05 +00:00
Dr. Stephen Henson
fa1ba589f3
Add algorithm specific signature printing. An individual ASN1 method can
...
now print out signatures instead of the standard hex dump.
More complex signatures (e.g. PSS) can print out more meaningful information.
Sample DSA version included that prints out the signature parameters r, s.
[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
db28aa86e0
add -trusted_first option and verify flag
2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
2da2ff5065
tidy verify code. xn not used any more and check for self signed more efficiently
2010-02-25 11:18:26 +00:00
Dr. Stephen Henson
fbd2164044
Experimental support for partial chain verification: if an intermediate
...
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
2010-02-25 00:17:22 +00:00
Dr. Stephen Henson
9b3d75706e
verify parameter enumeration functions
2010-02-25 00:08:23 +00:00
Bodo Möller
a839755329
Fix X509_STORE locking
2010-02-19 18:27:07 +00:00
Dr. Stephen Henson
ba64ae6cd1
Tolerate PKCS#8 DSA format with negative private key.
2010-01-22 20:17:12 +00:00
Dr. Stephen Henson
0e0c6821fa
PR: 2136
...
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>
Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:29:34 +00:00
Dr. Stephen Henson
fdb2c6e4e5
PR: 2124
...
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>
Check for memory allocation failures.
2009-12-09 13:38:05 +00:00
Dr. Stephen Henson
007f7ec1bd
Add PBKFD2 prototype.
2009-11-25 22:07:22 +00:00
Dr. Stephen Henson
446a6a8af7
PR: 2103
...
Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org
Initialise atm.flags to 0.
2009-11-17 13:25:53 +00:00
Dr. Stephen Henson
2008e714f3
Add missing functions to allow access to newer X509_STORE_CTX status
...
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
2009-10-31 19:22:18 +00:00
Dr. Stephen Henson
45cd59ac71
If not checking all certificates don't attempt to find a CRL
...
for the leaf certificate of a CRL path.
2009-10-23 12:06:35 +00:00
Dr. Stephen Henson
d11d977da4
Need to check <= 0 here.
2009-10-22 23:12:05 +00:00
Dr. Stephen Henson
a5b37fca0a
Add "missing" function X509_STORE_set_verify_cb().
2009-10-18 13:24:16 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
4f59432c06
Oops, s can be NULL
2009-09-04 11:30:59 +00:00
Dr. Stephen Henson
17b5326ba9
PR: 2013
...
Submitted by: steve@openssl.org
Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.
Add error checking to CRL generation in ca utility when nextUpdate is being
set.
2009-09-02 13:54:50 +00:00
Dr. Stephen Henson
508c535221
Update from 1.0.0-stable
2009-06-30 11:24:57 +00:00
Dr. Stephen Henson
f3be6c7b7d
Update from 1.0.0-stable.
2009-06-26 11:29:26 +00:00
Dr. Stephen Henson
31db43df08
Update from 0.9.8-stable.
2009-06-15 15:01:00 +00:00
Dr. Stephen Henson
8132d3ac40
Update from 1.0.0-stable.
2009-05-30 18:11:26 +00:00
Dr. Stephen Henson
e5fa864f62
Updates from 1.0.0-stable.
2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
06ddf8eb08
Updates from 1.0.0-stable
2009-04-04 19:54:06 +00:00
Dr. Stephen Henson
237d7b6cae
Fix from stable branch.
2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
30e5e39a3d
PR: 1778
...
Increase default verify depth to 100.
2009-02-16 23:23:21 +00:00
Dr. Stephen Henson
b5d5c0a21f
PR: 1843
...
Use correct array size for SHA1 hash.
2009-02-16 21:42:48 +00:00
Dr. Stephen Henson
c2c99e2860
Update certificate hash line format to handle canonical format
...
and avoid MD5 dependency.
2009-01-15 13:22:39 +00:00
Andy Polyakov
e527201f6b
This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another
...
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
2008-12-22 13:54:12 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Ben Laurie
5e4430e70d
More size_tification.
2008-11-01 16:40:37 +00:00
Dr. Stephen Henson
e19106f5fb
Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
...
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.
This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00