Ben Laurie
ec40e5ff42
Tabification. Remove accidental duplication.
2012-12-10 16:52:17 +00:00
Ben Laurie
30c278aa6b
Fix OCSP checking.
2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
2fceff5ba3
PR: 2803
...
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
2012-11-29 19:15:14 +00:00
Dr. Stephen Henson
68f5500d31
constify
2012-11-29 01:13:38 +00:00
Dr. Stephen Henson
6f9076ff37
Generalise OCSP I/O functions to support dowloading of other ASN1
...
structures using HTTP. Add wrapper function to handle CRL download.
2012-11-28 16:22:53 +00:00
Dr. Stephen Henson
a26e245ecd
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:52:21 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
983768997e
We can't always read 6 bytes in an OCSP response: fix so error statuses
...
are read correctly for non-blocking I/O.
2010-10-06 18:00:59 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
e45c32fabf
missing goto meant signature was never printed out
2010-03-12 12:06:48 +00:00
Dr. Stephen Henson
aec13c1a9f
PR: 2063
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write error handling in ocsp_prn.c
2009-09-30 23:58:37 +00:00
Dr. Stephen Henson
18e503f30f
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Ben Laurie
23b973e600
Calculate offset correctly. (Coverity ID 233)
2009-01-01 18:30:51 +00:00
Ben Laurie
0eab41fb78
If we're going to return errors (no matter how stupid), then we should
...
test for them!
2008-12-29 16:11:58 +00:00
Andy Polyakov
e527201f6b
This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another
...
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
2008-12-22 13:54:12 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
cec2538ca9
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
...
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Andy Polyakov
ebc06fba67
Bunch of constifications.
2007-10-13 15:51:32 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
710069c19e
Fix warnings.
2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
3c07d3a3d3
Finish gcc 4.2 changes.
2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
4d7aff707e
Update dependencies.
2006-11-30 13:41:47 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
28b987aec9
Don't assume requestorName is present for signed requests. ASN1 OCSP module
...
fix: certs field is OPTIONAL.
2006-11-13 13:21:47 +00:00
Dr. Stephen Henson
fb596f3bb7
OCSP library tidy. Use extension to encode OCSP extensions instead of doing
...
it manually. Make OCSP_CERTID_dup() a real function instead of a macro.
2006-11-13 13:18:28 +00:00
Dr. Stephen Henson
b589427941
WIN32 fixes signed/unsigned issues and slightly socket semantics.
2006-07-17 18:52:51 +00:00
Dr. Stephen Henson
5c95c2ac23
Fix various error codes to match functions.
2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
c1c6c0bf45
New non-blocking OCSP functionality.
2006-07-17 12:18:28 +00:00
Nils Larsch
c755c5fd8b
improved error checking and some fixes
...
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 21:10:34 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
fe86616c72
Some C compilers produce warnings or compilation errors if an attempt
...
is made to directly cast a function of one type to what it considers and
incompatible type. In particular gcc 3.4.2.
Add new openssl_fcast macro to place functions into a form where the compiler
will allow them to be cast.
The current version achives this by casting to: void function(void).
2005-05-12 23:01:44 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Ben Laurie
8bb826ee53
Consistency.
2005-03-31 13:57:54 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Geoff Thorpe
9c52d2cc75
After the latest round of header-hacking, regenerate the dependencies in
...
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
c57bc2dc51
make update
2004-04-19 18:33:41 +00:00
Dr. Stephen Henson
91180d45f9
Typos.
...
Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>
2004-03-04 21:44:39 +00:00
Richard Levitte
4cfa4ae820
Avoid a memory leak in OCSP_parse_url().
...
Notified by Paul Siegel <psiegel@corestreet.com>
2004-03-01 14:58:22 +00:00
Dr. Stephen Henson
dc90f64d56
Use an OCTET STRING for the encoding of an OCSP nonce value.
...
The old raw format can't be handled by some implementations
and updates to RFC2560 will make this mandatory.
2004-02-19 18:16:38 +00:00
Richard Levitte
79b42e7654
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Dr. Stephen Henson
bc441b739b
Don't give an error if response reason absent in OCSP HTTP.
2003-03-14 23:38:34 +00:00
Lutz Jänicke
018c56fdca
Armor against systems without ranlib...
...
Submitted by: Thierry Lelegard <thierry.lelegard@canal-plus.fr>
PR: 461
2003-01-16 17:22:30 +00:00
Richard Levitte
5e42f9ab46
make update
2002-12-29 01:38:15 +00:00
Richard Levitte
0709385d3c
Correct support for SunOS 4.1.3_U1.
...
PR: 227
2002-11-13 16:11:14 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Dr. Stephen Henson
491659c436
Typo in OCSP ASN1 module
2002-11-07 17:42:59 +00:00
Richard Levitte
001ab3abad
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Bodo Möller
74cc4903ef
make update
2002-08-09 12:16:15 +00:00
Richard Levitte
bd45950f4a
OCSP and KRB5 Makefil.ssl should be consistent with all the others
2002-08-01 14:18:52 +00:00
Lutz Jänicke
3aecef7697
"make update"
2002-07-30 12:44:33 +00:00
Bodo Möller
5dbd3efce7
Replace 'ecdsaparam' commandline utility by 'ecparam'
...
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Richard Levitte
17085b022c
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Bodo Möller
4d94ae00d5
ECDSA support
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Bodo Möller
4d7072f4b5
remove redundant ERR_load_... declarations
2001-12-17 19:22:23 +00:00
Richard Levitte
b476df64a1
make update
...
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Dr. Stephen Henson
20d2186c87
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
...
with existing code.
Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Richard Levitte
f8000b9345
'make update'
2001-10-04 07:49:09 +00:00
Geoff Thorpe
79aa04ef27
Make the necessary changes to work with the recent "ex_data" overhaul.
...
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Ben Laurie
d66ace9da5
Start to reduce some of the header bloat.
2001-08-05 18:02:16 +00:00
Richard Levitte
710e5d5639
make update
2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019
Really add the EVP and all of the DES changes.
2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
192ebef8cf
In ocsp_match_issuerid() we are passed the CA that signed the responder
...
certificate so need to match its subject with the certificate IDs in the
response.
2001-07-11 22:42:20 +00:00
Dr. Stephen Henson
d7bbd31efe
Typo in comment.
2001-02-26 23:34:14 +00:00
Dr. Stephen Henson
fafc7f9875
Enhance OCSP_request_verify() so it finds the signers certificate
...
properly and supports several flags.
2001-02-26 14:17:58 +00:00
Richard Levitte
d88a26c489
make update
...
Note that all *_it variables are suddenly non-existant according to
libeay.num. This is a bug that will be corrected. Please be patient.
2001-02-26 10:54:08 +00:00
Dr. Stephen Henson
f196522159
New function and options to check OCSP response validity.
2001-02-24 13:50:06 +00:00
Dr. Stephen Henson
d7c06e9ec7
Make OCSP cert id code tolerate a missing issuer certificate
...
or serial number.
2001-02-23 13:04:24 +00:00
Dr. Stephen Henson
d339187b1a
Get rid of ASN1_ITEM_FUNCTIONS dummy function
...
prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;
2001-02-23 12:47:06 +00:00
Dr. Stephen Henson
bb5ea36b96
Initial support for ASN1_ITEM_FUNCTION option to
...
change the way ASN1 modules are exported.
Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
2001-02-23 03:16:09 +00:00
Richard Levitte
41d2a336ee
e_os.h does not belong with the exported headers. Do not put it there
...
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
e28e42a549
Use sk_*_new_null() instead of sk_*_new(NULL). That avoids getting
...
lots of silly warnings from the compiler.
2001-02-20 13:06:10 +00:00
Richard Levitte
3ebac273f5
Include string.h so mem* functions get properly declared.
2001-02-20 12:43:11 +00:00
Richard Levitte
cf1b7d9664
Make all configuration macros available for application by making
...
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
67c1801924
New function OCSP_parse_url() and -url option for ocsp utility.
...
Doesn't handle SSL URLs yet.
2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946
Modify OCSP nonce behaviour.
2001-02-12 23:28:45 +00:00
Richard Levitte
c2bf70a27c
The check for request including a nonce and response not having it was
...
inversed. Corrected. Hopefully, this will make it work without
dumping core.
2001-02-08 19:28:10 +00:00
Dr. Stephen Henson
deb2c1a1c5
Fix AES code.
...
Update Rijndael source to v3.0
Add AES OIDs.
Change most references of Rijndael to AES.
Add new draft AES ciphersuites.
2001-02-07 18:15:18 +00:00
Dr. Stephen Henson
26e083ccb7
New function to copy nonce values from OCSP
...
request to response.
2001-02-05 00:35:06 +00:00
Ben Laurie
4978361212
Make depend.
2001-02-04 21:06:55 +00:00
Dr. Stephen Henson
2b916952a8
Fix ASN1_TIME_to_generlizedtime().
...
Add protoype for OCSP_response_create().
Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
2001-02-04 03:04:43 +00:00
Dr. Stephen Henson
02e4fbed3d
Various OCSP responder utility functions.
...
Delete obsolete OCSP functions.
Largely untested at present...
2001-02-03 19:20:45 +00:00
Dr. Stephen Henson
88ce56f8c1
Various function for commmon operations.
2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
50d5199120
New OCSP response verify option OCSP_TRUSTOTHER
2001-01-26 01:55:52 +00:00
Dr. Stephen Henson
73758d435b
Additional functionality in ocsp utility: print summary
...
of status info. Check nonce values. Option to disable
verify. Update usage message.
Rename status to string functions and make them global.
2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
e8af92fcb1
Implement remaining OCSP verify checks in
...
accordance with RFC2560.
2001-01-18 01:35:39 +00:00
Dr. Stephen Henson
81f169e95c
Initial OCSP certificate verify. Not complete,
...
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Dr. Stephen Henson
5782ceb298
New OCSP utility. This can generate, parse and print
...
OCSP requests. It can also query reponders and parse or
print out responses.
Still needs some more work: OCSP response checks and
of course documentation.
2001-01-13 01:48:38 +00:00
Bodo Möller
af5473c45a
isspace must be used only on *unsigned* chars
2001-01-12 14:45:12 +00:00
Dr. Stephen Henson
adf87b2df5
Fix typo in OCSP ASN1 module, this caused
...
invalid format in OCSP request signatures.
Add spaces to OCSP HTTP header.
Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.
2001-01-11 23:24:28 +00:00
Dr. Stephen Henson
9b4dc8308f
OCSP basic response verify. Very incomplete
...
but will verify the signatures on a response
and locate the signers certifcate.
Still needs to implement a proper OCSP certificate
verify.
Fix warning in RAND_egd().
2001-01-11 00:52:50 +00:00
Dr. Stephen Henson
b5524a3ac3
Add prototypes for new OCSP functions.
...
Fix bug in OCSP_find_status().
2001-01-08 13:39:06 +00:00
Dr. Stephen Henson
0b33bc65cd
Add set of OCSP client functions. All experimental
...
and subject to addition, modifcation or deletion.
Add two OCSP nonce utility functions.
Fix typo in status code name.
2001-01-08 01:21:55 +00:00
Dr. Stephen Henson
8e96183506
Modify OCSP API to more closely reflect
...
application needs.
Add OCSP library name to error code.
2001-01-05 03:31:51 +00:00