Commit graph

437 commits

Author SHA1 Message Date
Dr. Stephen Henson
df6de39fe7 Change AR to ARX to allow exclusion of fips object modules 2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
2b3936e882 avoid verification loops in trusted store when path building 2010-12-25 20:45:59 +00:00
Dr. Stephen Henson
da7b0b2261 Submitted by: Jonathan Dixon <joth@chromium.org>
Reviewed by: steve

If store is NULL set flags correctly.
2010-11-02 15:58:58 +00:00
Dr. Stephen Henson
39239280f3 Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:58:09 +00:00
Dr. Stephen Henson
a033c3c72b PR: 2250
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Don't overwrite return value with strlen(f).
2010-05-03 12:24:01 +00:00
Dr. Stephen Henson
8d207ee3d1 add X509_CRL_sign_ctx function 2010-03-14 12:52:38 +00:00
Dr. Stephen Henson
17c63d1cca RSA PSS ASN1 signing method 2010-03-11 14:06:46 +00:00
Dr. Stephen Henson
ce25c7207b New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier)
from a digest algorithm.
2010-03-11 13:27:05 +00:00
Dr. Stephen Henson
fa1ba589f3 Add algorithm specific signature printing. An individual ASN1 method can
now print out signatures instead of the standard hex dump.

More complex signatures (e.g. PSS) can print out more meaningful information.

Sample DSA version included that prints out the signature parameters r, s.

[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
 new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
db28aa86e0 add -trusted_first option and verify flag 2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
2da2ff5065 tidy verify code. xn not used any more and check for self signed more efficiently 2010-02-25 11:18:26 +00:00
Dr. Stephen Henson
fbd2164044 Experimental support for partial chain verification: if an intermediate
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
2010-02-25 00:17:22 +00:00
Dr. Stephen Henson
9b3d75706e verify parameter enumeration functions 2010-02-25 00:08:23 +00:00
Bodo Möller
a839755329 Fix X509_STORE locking 2010-02-19 18:27:07 +00:00
Dr. Stephen Henson
ba64ae6cd1 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:12 +00:00
Dr. Stephen Henson
0e0c6821fa PR: 2136
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:29:34 +00:00
Dr. Stephen Henson
fdb2c6e4e5 PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
2009-12-09 13:38:05 +00:00
Dr. Stephen Henson
007f7ec1bd Add PBKFD2 prototype. 2009-11-25 22:07:22 +00:00
Dr. Stephen Henson
446a6a8af7 PR: 2103
Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org

Initialise atm.flags to 0.
2009-11-17 13:25:53 +00:00
Dr. Stephen Henson
2008e714f3 Add missing functions to allow access to newer X509_STORE_CTX status
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
2009-10-31 19:22:18 +00:00
Dr. Stephen Henson
45cd59ac71 If not checking all certificates don't attempt to find a CRL
for the leaf certificate of a CRL path.
2009-10-23 12:06:35 +00:00
Dr. Stephen Henson
d11d977da4 Need to check <= 0 here. 2009-10-22 23:12:05 +00:00
Dr. Stephen Henson
a5b37fca0a Add "missing" function X509_STORE_set_verify_cb(). 2009-10-18 13:24:16 +00:00
Dr. Stephen Henson
b6dcdbfc94 Audit libcrypto for unchecked return values: fix all cases enountered 2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
4f59432c06 Oops, s can be NULL 2009-09-04 11:30:59 +00:00
Dr. Stephen Henson
17b5326ba9 PR: 2013
Submitted by: steve@openssl.org

Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.

Add error checking to CRL generation in ca utility when nextUpdate is being
set.
2009-09-02 13:54:50 +00:00
Dr. Stephen Henson
508c535221 Update from 1.0.0-stable 2009-06-30 11:24:57 +00:00
Dr. Stephen Henson
f3be6c7b7d Update from 1.0.0-stable. 2009-06-26 11:29:26 +00:00
Dr. Stephen Henson
31db43df08 Update from 0.9.8-stable. 2009-06-15 15:01:00 +00:00
Dr. Stephen Henson
8132d3ac40 Update from 1.0.0-stable. 2009-05-30 18:11:26 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
06ddf8eb08 Updates from 1.0.0-stable 2009-04-04 19:54:06 +00:00
Dr. Stephen Henson
237d7b6cae Fix from stable branch. 2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
30e5e39a3d PR: 1778
Increase default verify depth to 100.
2009-02-16 23:23:21 +00:00
Dr. Stephen Henson
b5d5c0a21f PR: 1843
Use correct array size for SHA1 hash.
2009-02-16 21:42:48 +00:00
Dr. Stephen Henson
c2c99e2860 Update certificate hash line format to handle canonical format
and avoid MD5 dependency.
2009-01-15 13:22:39 +00:00
Andy Polyakov
e527201f6b This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
2008-12-22 13:54:12 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Dr. Stephen Henson
e19106f5fb Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Dr. Stephen Henson
606f6c477a Fix a shed load or warnings:
Duplicate const.
Use of ; outside function.
2008-10-20 15:12:00 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj()
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Geoff Thorpe
fa0f834c20 Fix build warnings. 2008-09-15 04:02:37 +00:00
Ben Laurie
43048d13c8 Fix warning. 2008-09-07 13:22:34 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06 Add support for CRLs partitioned by reason code.
Tidy CRL scoring system.

Add new CRL path validation error.
2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
d0fff69dc9 Initial indirect CRL support. 2008-08-20 16:42:19 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate
and CRL signing keys.
2008-08-13 16:00:11 +00:00