Commit graph

34 commits

Author SHA1 Message Date
Dr. Stephen Henson
3795297af8 Change old obsolete email address... 2008-11-05 18:36:57 +00:00
Dr. Stephen Henson
5f297c4504 Updates from HEAD. 2007-12-16 16:38:22 +00:00
Dr. Stephen Henson
927a28ba3b gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
Fix various "computed value not used" warnings too.
2007-09-06 12:43:54 +00:00
Dr. Stephen Henson
dc3b721fa0 Update from 0.9.7-stable. 2007-01-23 17:54:22 +00:00
Mark J. Cox
951dfbb13a Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 11:29:03 +00:00
Dr. Stephen Henson
340b4dd7df Fix from HEAD. 2006-08-31 20:11:09 +00:00
Dr. Stephen Henson
e27c67c5c5 Fix from HEAD. 2006-02-19 13:45:22 +00:00
Nils Larsch
22d1087e16 backport recent changes from the cvs head 2006-02-08 19:16:33 +00:00
Dr. Stephen Henson
c42cd4b831 Fix from HEAD. 2006-01-31 18:37:41 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes.
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
98a2fd32a0 Typo. 2005-04-30 18:07:30 +00:00
Dr. Stephen Henson
7bdeeb64ac Don't attempt to parse nested ASN1 strings by default. 2005-04-30 18:02:54 +00:00
Dr. Stephen Henson
e1cc0671ac Use more efficient way to locate end of an ASN1 structure. 2005-04-30 13:06:45 +00:00
Dr. Stephen Henson
bd1640bb01 Make ASN1 code work again... 2004-04-27 18:33:40 +00:00
Dr. Stephen Henson
f3f52d7f45 More ASN1 reformat/tidy. 2004-04-25 12:46:39 +00:00
Dr. Stephen Henson
8845420f4e Reformat/tidy some of the ASN1 code. 2004-04-24 17:02:48 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Dr. Stephen Henson
2990244980 ASN1 parse fix and release file changes. 2003-09-30 16:47:33 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Dr. Stephen Henson
230fd6b7b6 Preliminary streaming ASN1 encode support. 2002-10-03 12:38:52 +00:00
Dr. Stephen Henson
41ab00bedf Reinstate the check for invalid length BIT STRINGS,
which was effectively bypassed in the ASN1 changed.
2002-08-23 00:02:11 +00:00
Lutz Jänicke
866eedb936 Shut up compiler warnings for inconsistent declarations. 2002-01-29 17:14:50 +00:00
Dr. Stephen Henson
1241126adf More linker bloat reorganisation:
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
c962479bdf Fix ASN1 bug when decoding OTHER type.
Various S/MIME DSA related fixes.
2001-04-21 12:06:01 +00:00
Bodo Möller
83d968df60 Don't use 'tt' uninitialized when reporting an error
(we don't have an ASN1_TEMPLATE to complain about at this stage,
so  errtt == NULL  should be OK)
2001-04-05 11:40:16 +00:00
Dr. Stephen Henson
722ca2781c Rewrite CHOICE field setting code to properly handle
combine in CHOICE options.

This was causing d2i_DSAPublicKey() to misbehave.
2001-04-02 00:59:19 +00:00
Dr. Stephen Henson
b31cc2d9f7 Trap an invalid ASN1_ITEM construction and print out
the errant field for more ASN1 error conditions.
2001-02-25 14:11:31 +00:00
Dr. Stephen Henson
bb5ea36b96 Initial support for ASN1_ITEM_FUNCTION option to
change the way ASN1 modules are exported.

Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
2001-02-23 03:16:09 +00:00
Richard Levitte
a9daa46758 Include string.h so mem*() functions get properly declared. 2001-02-20 13:41:11 +00:00
Dr. Stephen Henson
a8312c0e24 Fix typo in OCSP nonce extension.
Set correct type in ASN1_STRING for
INTEGER and ENUMERATED types.

Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
return -1 for invalid type rather than 0 (which is
often valid). -1 may also be valid but this is less
likely.

Load OCSP error strings in ERR_load_crypto_strings().
2001-01-04 19:53:48 +00:00
Dr. Stephen Henson
bf0d176e48 Update OCSP API.
Remove extensions argument from various functions
because it is not needed with the new extension
code.

New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.

New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.

Fix typo in CRL distribution points extension.

Fix ASN1 code so it adds a final null to constructed
strings.
2001-01-04 01:46:36 +00:00
Dr. Stephen Henson
ecbe07817a Rewrite PKCS#12 code and remove some of the old
horrible macros.

Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
2000-12-31 01:13:04 +00:00
Dr. Stephen Henson
3c07b4c2ee Various Win32 related fixes. Doesn't compile yet on
Win32 but it is getting there...

Update mkdef.pl to handle ASN1_ANY and fix headers.

Stop various VC++ warnings.

Include some fixes from "Peter 'Luna' Runestig"
<peter@runestig.com>

Remove external declaration for des_set_weak_key_flag:
it doesn't exist.
2000-12-21 01:38:55 +00:00
Dr. Stephen Henson
9d6b1ce644 Merge from the ASN1 branch of new ASN1 code
to main trunk.

Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00