Commit graph

265 commits

Author SHA1 Message Date
Richard Levitte
75df0bb231 perl util/mkerr.pl -recurse -write -rebuild 2001-11-15 12:44:57 +00:00
Richard Levitte
479275ef18 make update
perl util/mkdef.pl crypto update rewrite
2001-11-15 12:36:30 +00:00
Bodo Möller
19c3f1c40d typo 2001-11-09 13:10:47 +00:00
Bodo Möller
cbb5f1f025 cast to 'unsigned long' before using ~ if we need an unsigned long result
Submitted by: "Stefan Marxen" <stefan.marxen@gmx.net>
2001-11-09 12:59:15 +00:00
Dr. Stephen Henson
1498ad74bb Another empty X509_NAME fix. 2001-06-26 12:38:33 +00:00
Dr. Stephen Henson
4b04466f14 Fix for missing DSA parameters. 2001-05-24 22:33:16 +00:00
Dr. Stephen Henson
ce3fc3956d Fix asn1_GetSequence() for indefinite length sequences. 2001-03-30 13:42:32 +00:00
Dr. Stephen Henson
a858b8036c Fix a bug caused by the 'fix' for empty X509_NAME encoding. 2001-03-30 00:58:49 +00:00
Dr. Stephen Henson
3485cdb98e Oops... fix PKCS#7 bug properly this time. 2001-03-22 18:03:22 +00:00
Dr. Stephen Henson
8d82218269 Fix bug in PKCS#7 decode routines when indefinite length
encoding is used inside definite length encoding.
2001-03-22 13:49:15 +00:00
Dr. Stephen Henson
e15abbc69f Make X509_NAME produce correct encoding when empty. 2001-02-12 03:16:13 +00:00
Dr. Stephen Henson
943f8a46a4 For CRLs.
Shouldn't use the "encode empty" macros with the
revoked field since that is initialised.

Extensions should now be set to NULL so they
encode as absent if none are added.
2001-01-28 14:48:13 +00:00
Dr. Stephen Henson
7a60df7dd3 New ASN1 macros which will encode an empty SEQUENCE OF.
Fix CRL encoders to encode empty SEQUENCE OF.

The old code was breaking CRL signatures.

Note: it is best to add new macros because changing the
old ones could break other code which expects that behaviour.
None of this is needed with the new ASN1 code anyway...
2001-01-28 14:18:20 +00:00
Dr. Stephen Henson
6502735b9c Fix from main trunk, 2000-10-04 03:16:34 steve:
Fix for bug in DirectoryString mask setting.

Fix from main trunk, 2000-10-20 01:16:49 steve:

Move expired CA certificate.

Fix from main trunk, 2000-10-20 02:36:47 steve:

Stop MASM debug warning.
2000-10-27 23:52:35 +00:00
Richard Levitte
eb3633164e Fix from main trunk, 2000-09-25 10:52 levitte:
'ranlib' doesn't always run on some systems.  That's actually
acceptable, since all that happens if it fails is a library with an
index, which makes linking slower, but still working correctly.
2000-10-11 02:04:16 +00:00
Richard Levitte
3f8b90c345 Catch V_ASN1_NULL. 2000-09-22 13:15:16 +00:00
Dr. Stephen Henson
6cffb201f3 Fix ASN1_TYPE bug. 2000-09-21 18:57:00 +00:00
Richard Levitte
62324627aa Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
2000-09-17 18:21:27 +00:00
Richard Levitte
97d8e82c4c Marin Kraemer <Martin.Kraemer@MchP.Siemens.De> sent us patches to make
the OpenSSL commands x50 and req work better on a EBCDIC system.
2000-09-10 14:45:19 +00:00
Richard Levitte
0baed24c1b More VMS synchronisation 2000-09-09 18:05:27 +00:00
Ulf Möller
4f7068c165 Fix some CygWin problems. 2000-09-09 04:45:18 +00:00
Richard Levitte
a1b15ac21f Two places where I forgot to change vms_idhacks to symhacks. 2000-09-08 06:28:09 +00:00
Dr. Stephen Henson
84b65340e1 Two new PKCS#12 demo programs.
Update PKCS12_parse().

Make the keyid in certificate aux info more usable.
2000-09-07 23:14:26 +00:00
Richard Levitte
62ab514e98 'make update' 2000-09-07 08:46:51 +00:00
Bodo Möller
61f175f4ba Get rid of ASN1_UTCTIME_get, which cannot work with time_t
return type (on platforms where time_t is a 32 bit value).

New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.
2000-09-06 15:40:52 +00:00
Bodo Möller
75cb225989 'make update' 2000-09-06 12:34:10 +00:00
Dr. Stephen Henson
2f043896d1 *BIG* verify code reorganisation.
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(
2000-09-05 17:53:58 +00:00
Dr. Stephen Henson
34216c0422 Keep a not of original encoding in certificate requests.
Add new option to PKCS7_sign to exclude S/MIME capabilities.
2000-09-05 13:27:57 +00:00
Dr. Stephen Henson
7df1c720f6 Fix typo in i2d_ASN1_ENUMERATED
Fix bug in read only memory BIOs so BIO_reset() works.

Add sign and verify options to dgst utility, need
to update docs.
2000-08-30 16:14:29 +00:00
Dr. Stephen Henson
d428bf8c56 New option to CA.pl to sign request using CA extensions.
This allows intermediate CAs to be created more easily.

PKCS12_create() now checks private key matches certificate.

Fix typo in x509 app.

Update docs.

New function ASN1_STRING_to_UTF8() converts any ASN1_STRING
type to UTF8.
2000-08-24 23:24:18 +00:00
Dr. Stephen Henson
d096b524af Add support for 'other' PKCS#7 content types. 2000-08-22 22:20:25 +00:00
Dr. Stephen Henson
cae0ae2e4b Fix ASN1_INTEGER_to_BN properly this time... 2000-08-22 16:06:24 +00:00
Dr. Stephen Henson
469938cb40 Fixes to d2i_ASN1_OBJECT, ASN1_INTEGER_to_BN and a_strex.c 2000-08-22 12:54:21 +00:00
Dr. Stephen Henson
eaa2818189 Various fixes...
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
2000-08-21 22:02:23 +00:00
Richard Levitte
3009458e2f MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test 2000-08-14 14:05:53 +00:00
Richard Levitte
5584fa1709 For n > 7, we might get uninitialized (unzeroed) data.
Spotted by "Kyoungho Jeon" <k.h.jeon@securesoft.co.kr>.
2000-08-06 01:35:03 +00:00
Dr. Stephen Henson
2d978cbd30 Changes needed for Tandem NSK, supplied by Scott Uroff (scott@xypro.com).
Fix warnings with BIO_dump_indent().
2000-08-04 00:01:39 +00:00
Dr. Stephen Henson
bd4e152791 Document the new DN printing options.
Change a few names to be more meaningful.

Fix typos in CA.pl docs.
2000-07-30 01:27:59 +00:00
Dr. Stephen Henson
a657546f9c New ASN1_STRING_print_ex() and X509_NAME_print_ex()
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.

The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).

Still needs to be documented, integrated into other
utilities and extensively tested.
2000-07-28 01:58:15 +00:00
Richard Levitte
ca1e465f6d Add the possibility to get hexdumps of unprintable data when using
'openssl asn1parse'.  As a side effect, the functions ASN1_parse_dump
and BIO_dump_indent are added.
2000-07-27 17:28:25 +00:00
Dr. Stephen Henson
f6c1c9e95d Fix a bug in the new i2d_{ENUMERATED,INTEGER} that
didn't recognise NULL to mean 'don't output anything'
2000-07-27 01:27:22 +00:00
Dr. Stephen Henson
284ef5f357 Make NEG_PUBKEY_BUG on by default.
ASN1_TIME fixes.

New function c2i_ASN1_OBJECT().
2000-07-26 01:18:37 +00:00
Dr. Stephen Henson
094fe66d9f Fix some typose in the i2d/d2i functions that
call the i2c/c2i (they were not using the
content length for the headers).

Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.

New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.
2000-07-10 18:33:05 +00:00
Dr. Stephen Henson
a338e21bd1 New ASN1 functions that just deal with
content octets, not tag+length.
2000-07-07 13:24:36 +00:00
Richard Levitte
c2bbf9cf6c I got sick and tired of having to keep track of NIDs when such a thing
could be done automagically, much like the numbering in libeay.num and
ssleay.num.  The solution works as follows:

  - New object identifiers are inserted in objects.txt, following the
    syntax given in objects.README.
  - objects.pl is used to process obj_mac.num and create a new
    obj_mac.h.
  - obj_dat.pl is used to create a new obj_dat.h, using the data in
    obj_mac.h.

This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended.  The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!).  Additions are OK, as well as consistent name changes.
2000-07-05 02:45:36 +00:00
Dr. Stephen Henson
130832150c Fixes for Win32 build.
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).

Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.

The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.

Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
2000-06-21 02:25:30 +00:00
Dr. Stephen Henson
7ef8206859 Handle ASN1_SET_OF and PKCS12_STACK_OF using function
casts in the same way as STACK_OF.
2000-06-20 18:45:28 +00:00
Dr. Stephen Henson
3aceb94b9e Safe stack reorganisation in terms of function casts.
After some messing around this seems to work but needs
a few more tests. Working out the syntax for sk_set_cmp_func()
(cast it to a function that itself returns a function pointer)
was painful :-(

Needs some testing to see what other compilers think of this
syntax.

Also needs similar stuff for ASN1_SET_OF etc etc.
2000-06-16 23:29:26 +00:00
Dr. Stephen Henson
d3ed8ceb3d Add support for the modified SGC key format used in IIS. 2000-06-15 23:48:05 +00:00
Richard Levitte
f20ee31477 Make sure that bs is not getting free'd again.
Reported by Robert Eiglmaier <robert.eiglmaier@ixos.de>
2000-06-15 11:10:15 +00:00