Commit graph

247 commits

Author SHA1 Message Date
Richard Levitte
26414ee013 Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:42:19 +00:00
Dr. Stephen Henson
a3829cb720 Updates from stable branch. 2002-02-23 13:50:29 +00:00
Bodo Möller
4d94ae00d5 ECDSA support
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Dr. Stephen Henson
f1558bb424 Reject certificates with unhandled critical extensions. 2001-10-21 02:09:15 +00:00
Dr. Stephen Henson
98e6654938 Typo. 2001-10-20 16:22:28 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Lutz Jänicke
e1c279b63d Small documentation fixes (Howard Lum <howard@pumpkin.canada.sun.com>) 2001-10-08 08:37:24 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our
types.h to ossl_typ.h.
2001-10-04 07:32:46 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Ben Laurie
354c3ace73 Add first cut symmetric crypto support. 2001-08-18 10:22:54 +00:00
Dr. Stephen Henson
35bf35411c Add CRL utility functions to allow CRLs to be
built up without accessing structures directly.

Update ca.c to use new functions.

Fix ca.c so it now build CRLs correctly again.
2001-08-17 00:33:43 +00:00
Geoff Thorpe
b7727ee616 The indexes returned by ***_get_ex_new_index() functions are used when
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
2001-08-12 16:52:00 +00:00
Bodo Möller
e51d1321fc More typedef'd struct names as search targets 2001-08-06 11:57:08 +00:00
Bodo Möller
b9fdb3eb99 Reinsert typedef'ed names for structs to help those trying to read the
sourcecode (including fgrep)
2001-08-06 11:49:31 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Lutz Jänicke
db089ad60d Don't miss files... 2001-07-30 11:50:37 +00:00
Lutz Jänicke
1f0c9ad7e1 Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:45:34 +00:00
Dr. Stephen Henson
1241126adf More linker bloat reorganisation:
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
1e325f6149 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:35 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Dr. Stephen Henson
f2a253e0dd Add support for MS CSP Name PKCS#12 attribute. 2001-06-11 00:43:20 +00:00
Dr. Stephen Henson
76c919c1a3 Add missing variable length cipher flag for Blowfish.
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
2001-05-24 22:58:35 +00:00
Dr. Stephen Henson
4831e626aa Change Win32 to use EXPORT_VAR_AS_FN.
Fix OPENSSL_IMPLEMENT_GLOBAL.

Allow Win32 to use EXPORT_VAR_AS_FN in mkdef.pl

make update.
2001-05-12 23:57:41 +00:00
Dr. Stephen Henson
926a56bfe3 Purpose and trust setting functions for X509_STORE.
Tidy existing code.
2001-05-10 00:13:59 +00:00
Dr. Stephen Henson
bdee69f718 Allow various X509_STORE_CTX properties to be
inherited from X509_STORE.

Add CRL checking options to other applications.
2001-05-09 00:30:39 +00:00
Dr. Stephen Henson
b545dc6775 Initial CRL based revocation checking. 2001-05-07 22:52:50 +00:00
Dr. Stephen Henson
535d79da63 Overhaul the display of certificate details in
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.

This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
2001-03-15 19:13:40 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Dr. Stephen Henson
fafc7f9875 Enhance OCSP_request_verify() so it finds the signers certificate
properly and supports several flags.
2001-02-26 14:17:58 +00:00
Richard Levitte
d88a26c489 make update
Note that all *_it variables are suddenly non-existant according to
libeay.num.  This is a bug that will be corrected.  Please be patient.
2001-02-26 10:54:08 +00:00
Dr. Stephen Henson
bb5ea36b96 Initial support for ASN1_ITEM_FUNCTION option to
change the way ASN1 modules are exported.

Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
2001-02-23 03:16:09 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
94fcd01349 Work around for libsafe "error". 2001-02-12 03:22:49 +00:00
Ben Laurie
4978361212 Make depend. 2001-02-04 21:06:55 +00:00
Dr. Stephen Henson
88ce56f8c1 Various function for commmon operations. 2001-02-02 00:45:54 +00:00
Bodo Möller
78f3a2aad7 Comment and indentation 2001-01-28 14:38:11 +00:00
Dr. Stephen Henson
ba8e28248f Fix to stop X509_time_adj() using GeneralizedTime. 2001-01-20 13:38:45 +00:00
Dr. Stephen Henson
81f169e95c Initial OCSP certificate verify. Not complete,
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Dr. Stephen Henson
4e1209ebf8 ASN1_ITEM versions of ASN1_d2i_{fp, bio} and replacement of
most of the old wrappers. A few of the old versions remain
because they are non standard and the corresponding ASN1
code has not been reimplemented yet.
2000-12-30 02:40:26 +00:00
Dr. Stephen Henson
78d3b819f0 Replace the old ASN1_dup() with ASN1_item_dup() and
zap some evil function pointers casts along the way...
2000-12-29 18:23:55 +00:00
Dr. Stephen Henson
73e92de577 Add NO_ASN1_OLD to remove some old style functions:
currently OpenSSL itself wont compile with this set
because some old style stuff remains.

Change old functions X509_sign(), X509_verify() etc
to use new item based functions.

Replace OCSP function declarations with DECLARE macros.
2000-12-28 22:24:50 +00:00
Dr. Stephen Henson
09ab755c55 ASN1_ITEM versions of sign, verify, pack and unpack.
The old function pointer versions will eventually go
away.
2000-12-28 19:18:48 +00:00
Dr. Stephen Henson
28ddfc61dc X509V3_add_i2d() needs to be able to allocate a
STACK_OF(X509_EXTENSION) so it should be passed
STACK_OF(X509_EXTENSION) ** in the first argument.

Modify wrappers appropriately.
2000-12-27 13:42:43 +00:00
Dr. Stephen Henson
57d2f21782 New function X509V3_add_i2d() this is used for
encoding, replacing and deleting extensions.

Fix X509V3_get_d2i() so it uses takes note of
new critical behaviour.
2000-12-24 18:02:33 +00:00
Bodo Möller
3ac82faae5 Locking issues. 2000-12-15 16:40:35 +00:00