Commit graph

328 commits

Author SHA1 Message Date
Lutz Jänicke
db089ad60d Don't miss files... 2001-07-30 11:50:37 +00:00
Lutz Jänicke
1f0c9ad7e1 Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:45:34 +00:00
Dr. Stephen Henson
1241126adf More linker bloat reorganisation:
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
1e325f6149 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:35 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Dr. Stephen Henson
f2a253e0dd Add support for MS CSP Name PKCS#12 attribute. 2001-06-11 00:43:20 +00:00
Dr. Stephen Henson
76c919c1a3 Add missing variable length cipher flag for Blowfish.
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
2001-05-24 22:58:35 +00:00
Dr. Stephen Henson
4831e626aa Change Win32 to use EXPORT_VAR_AS_FN.
Fix OPENSSL_IMPLEMENT_GLOBAL.

Allow Win32 to use EXPORT_VAR_AS_FN in mkdef.pl

make update.
2001-05-12 23:57:41 +00:00
Dr. Stephen Henson
926a56bfe3 Purpose and trust setting functions for X509_STORE.
Tidy existing code.
2001-05-10 00:13:59 +00:00
Dr. Stephen Henson
bdee69f718 Allow various X509_STORE_CTX properties to be
inherited from X509_STORE.

Add CRL checking options to other applications.
2001-05-09 00:30:39 +00:00
Dr. Stephen Henson
b545dc6775 Initial CRL based revocation checking. 2001-05-07 22:52:50 +00:00
Dr. Stephen Henson
535d79da63 Overhaul the display of certificate details in
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.

This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
2001-03-15 19:13:40 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Dr. Stephen Henson
fafc7f9875 Enhance OCSP_request_verify() so it finds the signers certificate
properly and supports several flags.
2001-02-26 14:17:58 +00:00
Richard Levitte
d88a26c489 make update
Note that all *_it variables are suddenly non-existant according to
libeay.num.  This is a bug that will be corrected.  Please be patient.
2001-02-26 10:54:08 +00:00
Dr. Stephen Henson
bb5ea36b96 Initial support for ASN1_ITEM_FUNCTION option to
change the way ASN1 modules are exported.

Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
2001-02-23 03:16:09 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
94fcd01349 Work around for libsafe "error". 2001-02-12 03:22:49 +00:00
Ben Laurie
4978361212 Make depend. 2001-02-04 21:06:55 +00:00
Dr. Stephen Henson
88ce56f8c1 Various function for commmon operations. 2001-02-02 00:45:54 +00:00
Bodo Möller
78f3a2aad7 Comment and indentation 2001-01-28 14:38:11 +00:00
Dr. Stephen Henson
ba8e28248f Fix to stop X509_time_adj() using GeneralizedTime. 2001-01-20 13:38:45 +00:00
Dr. Stephen Henson
81f169e95c Initial OCSP certificate verify. Not complete,
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Dr. Stephen Henson
4e1209ebf8 ASN1_ITEM versions of ASN1_d2i_{fp, bio} and replacement of
most of the old wrappers. A few of the old versions remain
because they are non standard and the corresponding ASN1
code has not been reimplemented yet.
2000-12-30 02:40:26 +00:00
Dr. Stephen Henson
78d3b819f0 Replace the old ASN1_dup() with ASN1_item_dup() and
zap some evil function pointers casts along the way...
2000-12-29 18:23:55 +00:00
Dr. Stephen Henson
73e92de577 Add NO_ASN1_OLD to remove some old style functions:
currently OpenSSL itself wont compile with this set
because some old style stuff remains.

Change old functions X509_sign(), X509_verify() etc
to use new item based functions.

Replace OCSP function declarations with DECLARE macros.
2000-12-28 22:24:50 +00:00
Dr. Stephen Henson
09ab755c55 ASN1_ITEM versions of sign, verify, pack and unpack.
The old function pointer versions will eventually go
away.
2000-12-28 19:18:48 +00:00
Dr. Stephen Henson
28ddfc61dc X509V3_add_i2d() needs to be able to allocate a
STACK_OF(X509_EXTENSION) so it should be passed
STACK_OF(X509_EXTENSION) ** in the first argument.

Modify wrappers appropriately.
2000-12-27 13:42:43 +00:00
Dr. Stephen Henson
57d2f21782 New function X509V3_add_i2d() this is used for
encoding, replacing and deleting extensions.

Fix X509V3_get_d2i() so it uses takes note of
new critical behaviour.
2000-12-24 18:02:33 +00:00
Bodo Möller
3ac82faae5 Locking issues. 2000-12-15 16:40:35 +00:00
Dr. Stephen Henson
de487514ae New function X509_signature_print() to remove some duplicate
code from certificate, CRL and request printing routines.
2000-12-14 00:53:10 +00:00
Dr. Stephen Henson
9d6b1ce644 Merge from the ASN1 branch of new ASN1 code
to main trunk.

Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00
Ulf Möller
6a8ba34f9d in some new file names the first 8 characters were not unique 2000-11-12 22:32:18 +00:00
Richard Levitte
eb64730b9c The majority of the OCSP code from CertCo. 2000-10-27 11:05:35 +00:00
Dr. Stephen Henson
71d525c9f6 Fix for typo in certificate directory lookup code. 2000-10-14 23:51:52 +00:00
Richard Levitte
3ab5651112 The experimental Rijndael code moved to the main trunk.
make update done.
2000-10-14 20:09:54 +00:00
Dr. Stephen Henson
d0c9858914 Global DirectoryString mask fix.
Add support for X509_NAME_print_ex() in req.

Initial code for cutomizable X509 print routines.
2000-10-04 01:16:32 +00:00
Richard Levitte
4e20a4e688 'ranlib' doesn't always run on some systems. That's actually
acceptable, since all that happens if it fails is a library with
an index, which makes linking slower, but still working correctly.
2000-09-25 08:53:15 +00:00
Dr. Stephen Henson
dbba890cf1 Only use the new informational verify codes if we
specifically ask for them.

Fix typo in docs.
2000-09-22 21:32:08 +00:00
Dr. Stephen Henson
84b65340e1 Two new PKCS#12 demo programs.
Update PKCS12_parse().

Make the keyid in certificate aux info more usable.
2000-09-07 23:14:26 +00:00
Richard Levitte
62ab514e98 'make update' 2000-09-07 08:46:51 +00:00
Richard Levitte
9fc2570677 It's not just VMS that needs some symbols to be hacked. Let's
centralise those hacks in crypto/symhacks.h and use it everywhere it's
needed.
2000-09-07 08:18:05 +00:00
Bodo Möller
15387be289 Another superfluous pair of parentheses. 2000-09-06 14:34:32 +00:00
Bodo Möller
f684090cbe Another round of indentation changes: Position braces consistently,
add some whitespace for 'if ()', 'for ()', 'while ()' to distinguish
keywords from function names, and finally remove parens around return
values (why be stingy with whitespace but fill the source code
with an abundance of parentheses that are not needed to structure
expressions for readability?).
2000-09-06 14:14:20 +00:00
Bodo Möller
b7c190d97b More indentation consistency: for (), while (), if (), return ()
usually get a space between keyword and opening paranthesis
so that they don't look like function calls, where no space is
used.
2000-09-06 13:31:44 +00:00
Bodo Möller
82aec1cc35 Fix X509_STORE_CTX_init. Make indentation more consistent. Dump core less often. 2000-09-06 13:24:10 +00:00
Dr. Stephen Henson
bbb720034a Fix typo in rsautl.
Add support for settable verify time in X509_verify_cert().

Document rsautl utility.
2000-09-05 22:30:38 +00:00
Dr. Stephen Henson
2f043896d1 *BIG* verify code reorganisation.
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(
2000-09-05 17:53:58 +00:00
Dr. Stephen Henson
34216c0422 Keep a not of original encoding in certificate requests.
Add new option to PKCS7_sign to exclude S/MIME capabilities.
2000-09-05 13:27:57 +00:00
Bodo Möller
bbb8de0966 Avoid abort() throughout the library, except when preprocessor
symbols for debugging are defined.
2000-09-04 15:34:43 +00:00
Dr. Stephen Henson
bd08a2bd0c Add 'rsautl' low level RSA utility.
Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.
2000-09-03 23:13:48 +00:00
Dr. Stephen Henson
eaa2818189 Various fixes...
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
2000-08-21 22:02:23 +00:00
Richard Levitte
3009458e2f MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test 2000-08-14 14:05:53 +00:00
Dr. Stephen Henson
bd4e152791 Document the new DN printing options.
Change a few names to be more meaningful.

Fix typos in CA.pl docs.
2000-07-30 01:27:59 +00:00
Dr. Stephen Henson
a657546f9c New ASN1_STRING_print_ex() and X509_NAME_print_ex()
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.

The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).

Still needs to be documented, integrated into other
utilities and extensively tested.
2000-07-28 01:58:15 +00:00
Dr. Stephen Henson
284ef5f357 Make NEG_PUBKEY_BUG on by default.
ASN1_TIME fixes.

New function c2i_ASN1_OBJECT().
2000-07-26 01:18:37 +00:00
Richard Levitte
c2bbf9cf6c I got sick and tired of having to keep track of NIDs when such a thing
could be done automagically, much like the numbering in libeay.num and
ssleay.num.  The solution works as follows:

  - New object identifiers are inserted in objects.txt, following the
    syntax given in objects.README.
  - objects.pl is used to process obj_mac.num and create a new
    obj_mac.h.
  - obj_dat.pl is used to create a new obj_dat.h, using the data in
    obj_mac.h.

This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended.  The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!).  Additions are OK, as well as consistent name changes.
2000-07-05 02:45:36 +00:00
Dr. Stephen Henson
7ef8206859 Handle ASN1_SET_OF and PKCS12_STACK_OF using function
casts in the same way as STACK_OF.
2000-06-20 18:45:28 +00:00
Dr. Stephen Henson
3aceb94b9e Safe stack reorganisation in terms of function casts.
After some messing around this seems to work but needs
a few more tests. Working out the syntax for sk_set_cmp_func()
(cast it to a function that itself returns a function pointer)
was painful :-(

Needs some testing to see what other compilers think of this
syntax.

Also needs similar stuff for ASN1_SET_OF etc etc.
2000-06-16 23:29:26 +00:00
Geoff Thorpe
1c4f90a05d Enable DSO support on alpha (OSF1), cc and gcc.
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
2000-06-13 12:59:38 +00:00
Richard Levitte
ef33b97050 Using checks of the existence of HEADER_{foo}_H in other header files
was a really bad idea.  For example, the following:

	#include <x509.h>
	#include <bio.h>
	#include <asn1.h>

would make sure that things like ASN1_UTCTIME_print() wasn't defined
unless you moved the inclusion of bio.h to above the inclusion of
x509.h.  The reason is that x509.h includes asn1.h, and the
declaration of ASN1_UTCTIME_print() depended on the definition of
HEADER_BIO_H.  That's what I call an obscure bug.

Instead, this change makes sure that whatever header files are needed
for the correct process of one header file are included automagically,
and that the definitions of, for example, BIO-related things are
dependent on the absence of the NO_{foo} macros.  This is also
consistent with the way parts of OpenSSL can be excluded at will.
2000-06-09 10:41:35 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Geoff Thorpe
7edd20916a "make update" + stripping the type-specific stack functions out of
libeay.num and ssleay.num.
2000-06-01 06:07:19 +00:00
Geoff Thorpe
ccd86b68ef The previous commit to crypto/stack/*.[ch] pulled the type-safety strings
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;

X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).

Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
2000-06-01 02:36:58 +00:00
Dr. Stephen Henson
439df5087f Fix c_rehash script, add -fingerprint option to crl. 2000-05-18 00:33:00 +00:00
Ben Laurie
5de603abc8 Typesafety Thought Police part 3. 2000-05-16 21:22:45 +00:00
Richard Levitte
82271cee5b In Message-ID: <003201bfb332$14a07520$0801a8c0@janm.transactionsite.com>,
"Jan Mikkelsen" <janm@transactionsite.com> correctly states that the
OpenSSL header files have #include's and extern "C"'s in an incorrect
order.  Thusly fixed.
2000-05-02 12:16:01 +00:00
Richard Levitte
7a807ad8a7 "make update" 2000-04-09 12:52:40 +00:00
Dr. Stephen Henson
80870566cf Make V_ASN1_APP_CHOOSE work again. 2000-03-14 03:29:57 +00:00
Dr. Stephen Henson
068fdce877 New compatability trust and purpose settings. 2000-03-07 14:04:29 +00:00
Bodo Möller
59fc2b0fc2 Preserve reason strings in automatically build tables. 2000-03-05 00:19:36 +00:00
Dr. Stephen Henson
582e592924 Fix bug which would free up a public key
twice if the verify callback tried to
continue after a signature failure.
2000-03-02 00:37:53 +00:00
Bodo Möller
6d0d5431d4 More get0 et al. changes. Also provide fgrep targets in CHANGES
where the new functions are mentioned.
2000-02-26 08:36:46 +00:00
Dr. Stephen Henson
c7cb16a8ff Rename functions for new convention. 2000-02-26 01:55:33 +00:00
Dr. Stephen Henson
d754b3850f Change the 'other' structure in certificate aux info. 2000-02-20 18:27:23 +00:00
Bodo Möller
5c2ec54f12 Make sure the return value of by_file_ctrl(..., X509_L_FILE_LOAD, ...)
aka X509_LOOKUP_load_file(...) is always 0 or 1, not the counter
returned from the recently introduced function X509_load_cert_crl_file.
X509_STORE_load_locations expects X509_LOOKUP_load_file to return 1 on
success, and possibly there's other software that relies on this too.
2000-02-17 21:04:40 +00:00
Bodo Möller
cbcc5c01f9 Update. 2000-02-11 16:31:04 +00:00
Ben Laurie
b1f8affbd5 Correct time in seconds instead of minutes. 2000-02-11 16:08:40 +00:00
Dr. Stephen Henson
ff8a4c47ce Rename the X509V3_*_d2i functions to X509_get_ext_d2i() etc.
This better reflects their behaviour.
2000-02-07 01:17:22 +00:00
Dr. Stephen Henson
66430207a4 Add support for some broken PKCS#8 formats. 2000-02-05 21:07:56 +00:00
Ulf Möller
657e60fa00 ispell (and minor modifications) 2000-02-03 23:23:24 +00:00
Ulf Möller
51ca375e7e Seek out and destroy another evil cast. 2000-01-30 23:33:40 +00:00
Ulf Möller
9d1a01be8f Source code cleanups: Use void * rather than char * in lhash,
eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
2000-01-30 22:20:28 +00:00
Dr. Stephen Henson
dd9d233e2a Tidy up CRYPTO_EX_DATA structures. 2000-01-23 23:41:49 +00:00
Ulf Möller
731d9c5fb5 Some more ifdefs for no-xxx options. 2000-01-21 00:03:51 +00:00
Dr. Stephen Henson
281959aa61 Oops... undo change to wrong prototype. 2000-01-20 02:27:36 +00:00
Dr. Stephen Henson
6e6bc352b1 Finish off the X509_ATTRIBUTE string stuff. 2000-01-20 01:37:17 +00:00
Dr. Stephen Henson
77b47b9036 Rename X509_att*() stuff to X509at_*(), add X509_REQ wrappers. 2000-01-19 01:02:13 +00:00
Bodo Möller
a8eeb155b5 Avoid some warnings, and run "make update". 2000-01-14 17:28:48 +00:00
Ulf Möller
eb952088f0 Precautions against using the PRNG uninitialized: RAND_bytes() now
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
2000-01-13 20:59:17 +00:00
Dr. Stephen Henson
25f923ddd1 New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code.
Remove references to 'TXT' in -inform and -outform switches.
2000-01-09 14:21:40 +00:00
Dr. Stephen Henson
35f4850ae0 More X509_ATTRIBUTE changes. 2000-01-07 00:55:54 +00:00
Dr. Stephen Henson
b38f9f66c3 Initial automation changes to 'req' and X509_ATTRIBUTE functions. 2000-01-06 01:26:48 +00:00
Dr. Stephen Henson
20432eae41 Fix some of the command line password stuff. New function
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
2000-01-01 16:42:49 +00:00
Dr. Stephen Henson
6447cce372 Simplify the trust structure: basically zap the bit strings and
represent everything by OIDs.
1999-12-29 00:40:28 +00:00
Dr. Stephen Henson
e6f3c5850e New {i2d,d2i}_PrivateKey_{bio, fp} functions. 1999-12-26 19:20:03 +00:00
Dr. Stephen Henson
36217a9424 Allow passwords to be included on command line for a few
more utilities.
1999-12-24 23:53:57 +00:00
Dr. Stephen Henson
12aefe78f0 Fixes so NO_RSA works again. 1999-12-24 17:26:33 +00:00
Dr. Stephen Henson
dd4134101f Change the trust and purpose code so it doesn't need init
either and has a static and dynamic mix.
1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
bb7cd4e3eb Remainder of SSL purpose and trust code: trust and purpose setting in
SSL_CTX and SSL, functions to set them and defaults if no values set.
1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
13938aceca Add part of chain verify SSL support code: not complete or doing anything
yet.

Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.

Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
1999-11-29 01:09:25 +00:00
Dr. Stephen Henson
51630a3706 Add trust setting support to the verify code. It now checks the
trust settings of the root CA.

After a few fixes it seems to work OK.

Still need to add support to SSL and S/MIME code though.
1999-11-27 19:43:10 +00:00
Dr. Stephen Henson
21f775522b Oops! Commit died on me :-( 1999-11-27 01:18:39 +00:00
Dr. Stephen Henson
9868232ae1 Initial trust code: allow setting of trust checking functions
in a table. Doesn't do too much yet.

Make the -<digestname> options in 'x509' affect all relevant
options.

Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.

A few constification changes.
1999-11-27 01:14:04 +00:00
Dr. Stephen Henson
d4cec6a13d New options to the -verify program which can be used for chain verification.
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.

Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
1999-11-26 00:27:07 +00:00
Dr. Stephen Henson
1126239111 Initial chain verify code: not tested probably not working
at present. However nothing enables it yet so this doesn't
matter :-)
1999-11-24 01:31:49 +00:00
Dr. Stephen Henson
52664f5081 Transparent support for PKCS#8 private keys in RSA/DSA.
New universal public key format.

Fix CRL+cert load problem in by_file.c

Make verify report errors when loading files or dirs
1999-11-21 22:28:31 +00:00
Ben Laurie
44eca70641 Update dependencies. 1999-11-18 14:32:54 +00:00
Dr. Stephen Henson
f76d8c4747 Modify verify code to handle self signed certificates. 1999-11-17 01:20:29 +00:00
Bodo Möller
b1fe6ca175 Store verify_result with sessions to avoid potential security hole. 1999-11-16 23:15:41 +00:00
Dr. Stephen Henson
e947f39689 New function X509_cmp(). 1999-11-16 00:56:03 +00:00
Dr. Stephen Henson
06556a1744 'req' fixes. Reinstate length check one request fields.
Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
1999-11-14 23:10:50 +00:00
Dr. Stephen Henson
a0ad17bb6c Fix to the -revoke option in ca. It was leaking memory, crashing and just
plain not working :-(

Also fix some memory leaks in the new X509_NAME code.

Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
1999-11-08 13:58:08 +00:00
Dr. Stephen Henson
ce1b4fe146 Allow additional information to be attached to a
certificate: currently this includes trust settings
and a "friendly name".
1999-11-04 00:45:35 +00:00
Dr. Stephen Henson
74400f7348 Continued multibyte character support.
Add a bunch of functions to simplify the creation of X509_NAME structures.

Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
1999-10-27 00:15:11 +00:00
Bodo Möller
38899535f8 Report an error from X509_STORE_load_locations
when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
1999-10-26 01:52:16 +00:00
Dr. Stephen Henson
f769ce3ea4 More multibyte character support.
Functions to get keys from EVP_PKEY structures.
1999-10-25 02:00:09 +00:00
Dr. Stephen Henson
08e9c1af6c Replace the macros in asn1.h with function equivalents. Also make UTF8Strings
tolerated in certificates.
1999-10-20 01:50:23 +00:00
Dr. Stephen Henson
673b102c5b Initial support for certificate purpose checking: this will
ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.
1999-10-13 01:11:56 +00:00
Dr. Stephen Henson
56a3fec1b1 Add EX_DATA support to X509.
Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.
1999-10-11 01:30:04 +00:00
Dr. Stephen Henson
3ea23631d4 Add support for public key input and output in rsa and dsa utilities with some
new DSA public key functions that were missing.

Also beginning of a cache for X509_EXTENSION structures: this will allow them
to be accessed more quickly for things like certificate chain verification...
1999-10-04 21:17:47 +00:00
Dr. Stephen Henson
393f2c651d Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message
contains no certificates.

Also fix typo in RANLIB changes.
1999-10-04 12:08:59 +00:00
Andy Polyakov
17f389bbbf Initial support for MacOS.
This will soon be complemented with MacOS specific source code files and
INSTALL.MacOS.

I (Andy) have decided to get rid of a number of #include <sys/types.h>.
I've verified it's ok (both by examining /usr/include/*.h and compiling)
on a number of Unix platforms. Unfortunately I don't have Windows box
to verify this on. I really appreciate if somebody could try to compile
it and contact me a.s.a.p. in case a problem occurs.

Submitted by: Roy Wood <roy@centricsystems.ca>
Reviewed by: Andy Polyakov <appro@fy.chalmers.se>
1999-09-11 17:54:18 +00:00
Ben Laurie
092ec334f0 Fix warnings. 1999-09-06 11:06:54 +00:00
Dr. Stephen Henson
8ce97163a2 Add new 'spkac' utility and several SPKAC utility functions. 1999-09-03 01:08:34 +00:00
Dr. Stephen Henson
fd52057729 Add functions to allow extensions to be added to certificate requests.
Modify obj_dat.pl to take its files from the command line. Usage is now
perl obj_dat.pl objects.h obj_dat.h
this should avoid redirection shell escape problems under Win32.
1999-08-11 13:08:58 +00:00
Dr. Stephen Henson
87c49f622e Support for parsing of certificate extensions in PKCS#10 requests: these are
used by things like Xenroll. Also include documentation for extendedKeyUsage
extension.
1999-08-09 22:38:05 +00:00
Bodo Möller
a9642be663 more consistent formatting 1999-08-08 14:06:29 +00:00
Bodo Möller
74678cc2f8 Additional user data argument to pem_password_cb function type
and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>
1999-07-21 20:57:16 +00:00
Bodo Möller
16bc9fea4d slight clean-up 1999-07-21 20:47:51 +00:00
Ulf Möller
5271ebd9a3 More no-xxx option tweaks. 1999-06-30 00:42:56 +00:00
Dr. Stephen Henson
8eb57af5fe Complete support for PKCS#5 v2.0. Still needs extensive testing. 1999-06-08 00:09:51 +00:00
Dr. Stephen Henson
8e21c14607 More PKCS#5 v2.0 development. Add a function to setup a PKCS#5 v2.0
AlgorithmIdentifier and make various ASN1 fixes.
1999-06-06 23:34:44 +00:00
Dr. Stephen Henson
69cbf46811 Rewrite PBE handling read to support PKCS#5 v2.0 and update the function
list for Win32.
1999-06-06 13:07:13 +00:00
Dr. Stephen Henson
3cbb7937fa Add d2i,i2d bio and fp functions for PKCS#8 and add -inform and -outform
arguments to pkcs8 application.
1999-06-05 01:45:20 +00:00
Ulf Möller
a53955d8ab Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
Submitted by: Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>
1999-06-04 21:35:58 +00:00
Ben Laurie
5c0a48655f stack 1999-06-02 22:01:56 +00:00
Ben Laurie
6d114240b9 stack. 1999-05-31 21:00:25 +00:00
Ben Laurie
426edadf98 Stack. 1999-05-31 20:35:31 +00:00
Ben Laurie
7e258a56da Yet another stack. 1999-05-30 22:25:19 +00:00
Ben Laurie
fc875472d0 Another stack. 1999-05-30 21:16:24 +00:00
Ben Laurie
e5e932d212 Another safe stack. 1999-05-30 15:40:21 +00:00
Ben Laurie
ee8ba0b26c Another safe stack. 1999-05-30 15:25:47 +00:00
Dr. Stephen Henson
4b55c2a3a9 Move the Win32 #undefs of X509_NAME and PKCS7_ISSUER_AND_SERIAL so they will
always get included with the relevant files.
1999-05-21 12:14:35 +00:00
Bodo Möller
7e70181723 It was a very bad idea to use #include "../e_os.h" -- when this occurs
in cryptlib.h (which is often included as "../cryptlib.h"), then the
question remains relative to which directory this is to be interpreted.
gcc went one further directory up, as intended; but makedepend thinks
differently, and so probably do some C compilers.  So the ../ must go away;
thus e_os.h goes back into include/openssl (but I now use
#include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) --
and we have another huge bunch of dependency changes.  Argh.
1999-05-21 11:16:48 +00:00
Dr. Stephen Henson
31a352d191 The last argument in the d2i_XXX_fp and d2i_XXX_bio functions should be
of type XXX ** not XXX *
1999-05-21 01:06:23 +00:00
Bodo Möller
17e3dd1c62 Don't install e_os.h in include/openssl, use it only as a local
include file.
1999-05-20 21:59:20 +00:00
Bodo Möller
127640b449 Update dependencies. 1999-05-15 13:38:48 +00:00
Ben Laurie
2adca9cdc6 Update dependencies. 1999-05-13 17:33:27 +00:00