Commit graph

111 commits

Author SHA1 Message Date
Dr. Stephen Henson
75fcbb43a7 Typo. 2003-04-10 00:03:22 +00:00
Dr. Stephen Henson
624feae8af Check return value of gmtime() and add error codes
where it fails in ASN1_TIME_set().

Clear error queue in req.c if *_min or *_max is absent.
2003-01-24 00:42:50 +00:00
Richard Levitte
f6733ae577 makedepend complains when a header file is included more than once in
the same source file.
2002-10-14 09:53:46 +00:00
Lutz Jänicke
4673461789 Some more prototype fixes.
Use DECLARE macros in asn1* instead of direct declaration.
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by:
PR: 89
2002-06-14 18:59:53 +00:00
Dr. Stephen Henson
e50baf58ab Fix various warnings when compiling with KRB5 code. 2002-03-12 03:00:59 +00:00
Dr. Stephen Henson
834d37ed86 Don't call finish function if it isn't set.
Fix OID module.
2002-02-15 00:33:35 +00:00
Dr. Stephen Henson
bc37d996fc Experimental configuration code.
Incomplete, largely untested and subject to change/deletion.
2002-01-05 01:37:16 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Richard Levitte
b476df64a1 make update
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our
types.h to ossl_typ.h.
2001-10-04 07:32:46 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Richard Levitte
2a1ef75435 Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in
SSL according to RFC 2712.  His comment is:

This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication.  I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week.  The full kit includes patches
for mod-ssl, apache, and a few text clients.  The sourceforge URL
is http://sourceforge.net/projects/kssl/ .

Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct.  I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field.  I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
2001-07-09 21:46:58 +00:00
Richard Levitte
62dc5aad06 Introduce the possibility to access global variables through
functions on platform were that's the best way to handle exporting
global variables in shared libraries.  To enable this functionality,
one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
"OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
is normally done by Configure or something similar).

To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
in the source file (foo.c) like this:

	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
	OPENSSL_IMPLEMENT_GLOBAL(double,bar);

To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:

	OPENSSL_DECLARE_GLOBAL(int,foo);
	#define foo OPENSSL_GLOBAL_REF(foo)
	OPENSSL_DECLARE_GLOBAL(double,bar);
	#define bar OPENSSL_GLOBAL_REF(bar)

The #defines are very important, and therefore so is including the
header file everywere where the defined globals are used.

The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
of ASN.1 items, but that structure is a bt different.

The largest change is in util/mkdef.pl which has been enhanced with
better and easier to understand logic to choose which symbols should
go into the Windows .def files as well as a number of fixes and code
cleanup (among others, algorithm keywords are now sorted
lexicographically to avoid constant rewrites).
2001-03-02 10:38:19 +00:00
Dr. Stephen Henson
b31cc2d9f7 Trap an invalid ASN1_ITEM construction and print out
the errant field for more ASN1 error conditions.
2001-02-25 14:11:31 +00:00
Dr. Stephen Henson
bb5ea36b96 Initial support for ASN1_ITEM_FUNCTION option to
change the way ASN1 modules are exported.

Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
2001-02-23 03:16:09 +00:00
Richard Levitte
c38171ba1f Exported header files should not include e_os.h. 2001-02-22 14:27:22 +00:00
Dr. Stephen Henson
72e3c20c14 Rebuild ASN1 error codes to remove unused function and reason codes. 2001-02-22 00:39:06 +00:00
Geoff Thorpe
47ddf355b4 'make update' 2001-02-21 17:43:52 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
a6b7ffddac New options to 'ca' utility to support CRL entry extensions.
Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.
2001-02-16 01:35:44 +00:00
Dr. Stephen Henson
02e4fbed3d Various OCSP responder utility functions.
Delete obsolete OCSP functions.

Largely untested at present...
2001-02-03 19:20:45 +00:00
Richard Levitte
e102a3dcfd Since asn1.h gets included recursively from many places, the easiest
is to have asn1.h include e_os.h and e_os2.h.  Of course, this makes
the unofficial "non-export" status of e_os.h a bit delicate...
2000-12-31 01:18:50 +00:00
Dr. Stephen Henson
ecbe07817a Rewrite PKCS#12 code and remove some of the old
horrible macros.

Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
2000-12-31 01:13:04 +00:00
Richard Levitte
26da3e65ac If OPENSSL_BUILD_SHLIBCRYPTO (for files that end up as libcrypto
objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl
objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT.
This is actually only important on Win32, and can safely be ignored in
all other cases, at least for now.
2000-12-31 00:23:17 +00:00
Dr. Stephen Henson
4e1209ebf8 ASN1_ITEM versions of ASN1_d2i_{fp, bio} and replacement of
most of the old wrappers. A few of the old versions remain
because they are non standard and the corresponding ASN1
code has not been reimplemented yet.
2000-12-30 02:40:26 +00:00
Dr. Stephen Henson
f86c5c9ac7 ASN1_ITEM version of ASN1_dup(). Might want
something more efficient later...
2000-12-28 22:41:46 +00:00
Dr. Stephen Henson
09ab755c55 ASN1_ITEM versions of sign, verify, pack and unpack.
The old function pointer versions will eventually go
away.
2000-12-28 19:18:48 +00:00
Dr. Stephen Henson
3c07b4c2ee Various Win32 related fixes. Doesn't compile yet on
Win32 but it is getting there...

Update mkdef.pl to handle ASN1_ANY and fix headers.

Stop various VC++ warnings.

Include some fixes from "Peter 'Luna' Runestig"
<peter@runestig.com>

Remove external declaration for des_set_weak_key_flag:
it doesn't exist.
2000-12-21 01:38:55 +00:00
Richard Levitte
8d28d5f81b Constification of the data of a hash table. This means the callback
functions need to be constified, and therefore meant a number of easy
changes a little everywhere.

Now, if someone could explain to me why OBJ_dup() cheats...
2000-12-13 17:15:03 +00:00
Dr. Stephen Henson
9d6b1ce644 Merge from the ASN1 branch of new ASN1 code
to main trunk.

Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00
Richard Levitte
eb64730b9c The majority of the OCSP code from CertCo. 2000-10-27 11:05:35 +00:00
Dr. Stephen Henson
6cffb201f3 Fix ASN1_TYPE bug. 2000-09-21 18:57:00 +00:00
Richard Levitte
a1b15ac21f Two places where I forgot to change vms_idhacks to symhacks. 2000-09-08 06:28:09 +00:00
Bodo Möller
61f175f4ba Get rid of ASN1_UTCTIME_get, which cannot work with time_t
return type (on platforms where time_t is a 32 bit value).

New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.
2000-09-06 15:40:52 +00:00
Dr. Stephen Henson
d428bf8c56 New option to CA.pl to sign request using CA extensions.
This allows intermediate CAs to be created more easily.

PKCS12_create() now checks private key matches certificate.

Fix typo in x509 app.

Update docs.

New function ASN1_STRING_to_UTF8() converts any ASN1_STRING
type to UTF8.
2000-08-24 23:24:18 +00:00
Dr. Stephen Henson
bd4e152791 Document the new DN printing options.
Change a few names to be more meaningful.

Fix typos in CA.pl docs.
2000-07-30 01:27:59 +00:00
Dr. Stephen Henson
a657546f9c New ASN1_STRING_print_ex() and X509_NAME_print_ex()
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.

The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).

Still needs to be documented, integrated into other
utilities and extensively tested.
2000-07-28 01:58:15 +00:00
Richard Levitte
ca1e465f6d Add the possibility to get hexdumps of unprintable data when using
'openssl asn1parse'.  As a side effect, the functions ASN1_parse_dump
and BIO_dump_indent are added.
2000-07-27 17:28:25 +00:00
Dr. Stephen Henson
284ef5f357 Make NEG_PUBKEY_BUG on by default.
ASN1_TIME fixes.

New function c2i_ASN1_OBJECT().
2000-07-26 01:18:37 +00:00
Dr. Stephen Henson
a338e21bd1 New ASN1 functions that just deal with
content octets, not tag+length.
2000-07-07 13:24:36 +00:00
Dr. Stephen Henson
130832150c Fixes for Win32 build.
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).

Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.

The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.

Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
2000-06-21 02:25:30 +00:00
Dr. Stephen Henson
7ef8206859 Handle ASN1_SET_OF and PKCS12_STACK_OF using function
casts in the same way as STACK_OF.
2000-06-20 18:45:28 +00:00
Dr. Stephen Henson
3aceb94b9e Safe stack reorganisation in terms of function casts.
After some messing around this seems to work but needs
a few more tests. Working out the syntax for sk_set_cmp_func()
(cast it to a function that itself returns a function pointer)
was painful :-(

Needs some testing to see what other compilers think of this
syntax.

Also needs similar stuff for ASN1_SET_OF etc etc.
2000-06-16 23:29:26 +00:00
Richard Levitte
ef33b97050 Using checks of the existence of HEADER_{foo}_H in other header files
was a really bad idea.  For example, the following:

	#include <x509.h>
	#include <bio.h>
	#include <asn1.h>

would make sure that things like ASN1_UTCTIME_print() wasn't defined
unless you moved the inclusion of bio.h to above the inclusion of
x509.h.  The reason is that x509.h includes asn1.h, and the
declaration of ASN1_UTCTIME_print() depended on the definition of
HEADER_BIO_H.  That's what I call an obscure bug.

Instead, this change makes sure that whatever header files are needed
for the correct process of one header file are included automagically,
and that the definitions of, for example, BIO-related things are
dependent on the absence of the NO_{foo} macros.  This is also
consistent with the way parts of OpenSSL can be excluded at will.
2000-06-09 10:41:35 +00:00
Geoff Thorpe
7edd20916a "make update" + stripping the type-specific stack functions out of
libeay.num and ssleay.num.
2000-06-01 06:07:19 +00:00
Ben Laurie
abc9400e10 Typesafety Thought Police part 5. 2000-05-17 09:13:36 +00:00
Ben Laurie
f2716dada0 Typesafety Thought Police Part 2. 2000-05-16 19:53:50 +00:00
Ben Laurie
fd73a2121c Allow UTCTIME objects to be retrieved. Check for imminent cert expiry. 2000-05-14 12:39:53 +00:00
Richard Levitte
82271cee5b In Message-ID: <003201bfb332$14a07520$0801a8c0@janm.transactionsite.com>,
"Jan Mikkelsen" <janm@transactionsite.com> correctly states that the
OpenSSL header files have #include's and extern "C"'s in an incorrect
order.  Thusly fixed.
2000-05-02 12:16:01 +00:00
Dr. Stephen Henson
0202197dbf Make ASN1 types real typedefs.
Rebuild error files.
2000-02-26 19:25:31 +00:00