Commit Graph

150 Commits

Author SHA1 Message Date
Geoff Thorpe
9c52d2cc75 After the latest round of header-hacking, regenerate the dependencies in
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Dr. Stephen Henson
d735c64905 Fix leak.
PR:870
2004-04-22 12:37:16 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Geoff Thorpe
60a938c6bc (oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Dr. Stephen Henson
216ad9ef58 Memory leak fix. 2004-03-05 23:39:42 +00:00
Richard Levitte
f727266ae8 Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also.
PR: 833
2004-02-26 22:07:45 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Richard Levitte
741dae576f Make sure we get the definition of OPENSSL_NO_BIO. 2003-03-20 23:26:46 +00:00
Richard Levitte
5e42f9ab46 make update 2002-12-29 01:38:15 +00:00
Richard Levitte
43d601641f A few more memset()s converted to OPENSSL_cleanse().
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
2002-11-29 11:30:45 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
711f1a3c26 Add the ASN.1 structures and functions for CertificatePair, which is
defined as follows (according to X.509_4thEditionDraftV6.pdf):

CertificatePair ::= SEQUENCE {
	forward		[0]	Certificate OPTIONAL,
	reverse		[1]	Certificate OPTIONAL,
	-- at least one of the pair shall be present -- }

The only thing I'm not sure about is if it's implicit or explicit tags
that I should count on.  For now, I'm thinking explicit, but will
gladly stand corrected.

Also implement the PEM functions to read and write certificate pairs,
and defined the PEM tag as "CERTIFICATE PAIR".

This needed to be defined, mostly for the sake of the LDAP attribute
crossCertificatePair, but may prove useful elsewhere as well.
2002-11-18 23:54:27 +00:00
Richard Levitte
17ed6c06a7 Merge from 0.9.7-stable. 2002-11-13 18:10:30 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Richard Levitte
40efa67248 Plug potential memory leak.
Identified by Goetz Babin-Ebell <babinebell@trustcenter.de>
2002-10-30 09:42:42 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Bodo Möller
6ff7c95843 don't memset(data,0,...) if data is NULL
Submitted by: anonymous
PR: 254
2002-08-29 11:45:40 +00:00
Bodo Möller
5488bb6197 get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
Submitted by: Nils Larsch
2002-08-12 08:47:41 +00:00
Bodo Möller
74cc4903ef make update 2002-08-09 12:16:15 +00:00
Bodo Möller
14a7cfb32a use a generic EC_KEY structure (EC keys are not ECDSA specific)
Submitted by: Nils Larsch
2002-08-07 10:49:54 +00:00
Lutz Jänicke
3aecef7697 "make update" 2002-07-30 12:44:33 +00:00
Bodo Möller
0bee0e6294 Use SEC1 format for EC private keys.
This is not ECDSA specific, so it's now PEM_STRING_ECPRIVATEKEY etc.

Submitted by: Nils Larsch <nlarsch@compuserve.de>
2002-07-26 08:41:04 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam'
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Richard Levitte
47f3eafb8d Try to avoid double declaration of ERR_load_PEM_strings().
PR 71
2002-06-27 17:06:28 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Richard Levitte
9f353dd662 Check errors when parsing a PKCS8INF PEM FILE, or there will be a core dump on error.
PR: 77
2002-06-05 11:58:29 +00:00
Richard Levitte
35c2b3a9ac Uhmmm, if we use && after having tested for the presence of the certificate,
we just *might* stand a certain chance of actually getting it written
to file...
2002-04-23 13:15:08 +00:00
Bodo Möller
16b0384bd2 use ERR_peek_last_error() instead of ERR_peek_error() to ignore
any other errors that may be left in the error queue

Submitted by: Jeffrey Altman
2002-02-28 14:05:13 +00:00
Richard Levitte
915c6a21ba Stop assuming the IV is 8 bytes long, use the real size instead.
This is especially important for AES that has a 16 bytes IV.
2002-02-20 17:55:08 +00:00
Bodo Möller
4d94ae00d5 ECDSA support
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Richard Levitte
de2f6e4dae 'make update' 2002-02-05 17:34:58 +00:00
Richard Levitte
fe19c448f0 make update
libeay.num got tweaked so the old des symbols would retain their
positions.
2002-01-24 12:31:54 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Richard Levitte
b476df64a1 make update
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Dr. Stephen Henson
cecd263878 Add missing EVP_CIPHER_CTX_{init,cleanup} 2001-10-20 16:18:03 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
1241126adf More linker bloat reorganisation:
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
19da130053 First of several reorganisations to
reduce linker bloat. For example the
single line:

PEM_read_X509()

results in a binary of around 400K in Linux!

This first step separates some of the PEM functions and
avoids linking in some PKCS#7 and PKCS#12 code.
2001-07-26 22:34:45 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Richard Levitte
d88a26c489 make update
Note that all *_it variables are suddenly non-existant according to
libeay.num.  This is a bug that will be corrected.  Please be patient.
2001-02-26 10:54:08 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00