generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7,102 Commits 16 Branches 258 Tags
Commit Graph

270 Commits

Author SHA1 Message Date
Richard Levitte
370d5a72db Recent changes from 0.9.7-stable. 2004-01-23 16:09:01 +00:00
Richard Levitte
8b79f2051d Recent and not so recent changes from 0.9.7-stable, all conflicts resolved. 2004-01-19 08:53:02 +00:00
Richard Levitte
10fdd8d5fd I haven't merged from 0.9.7-stable in a loooong time. It shows :-). 2003-12-18 19:26:40 +00:00
Richard Levitte
95a64aa4b8 Recent changes from 0.9.7-stable 2003-10-02 10:55:25 +00:00
Richard Levitte
4aae637f6c We set the export flag for 512 *bit* keys, not 512 *byte* ones. 
PR: 587
 2003-06-19 18:55:56 +00:00
Richard Levitte
6e260c4093 Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[]. 
PR: 617
 2003-06-11 21:22:34 +00:00
Dr. Stephen Henson
476f09712c Really get X509_CRL_CHECK_ALL right this time... 2003-06-04 00:40:47 +00:00
Bodo Möller
ce8a202831 fix typo 
Submitted by: Nils Larsch
 2003-04-22 12:44:58 +00:00
Dr. Stephen Henson
1e2b14e9ca Get X509_V_FLAG_CRL_CHECK_ALL logic the right way round. 
PR:544
 2003-03-24 16:58:01 +00:00
Dr. Stephen Henson
4fe70c7812 Get X509_V_FLAG_CRL_CHECK_ALL logic the right way round. 
PR:544
 2003-03-24 16:57:08 +00:00
Dr. Stephen Henson
5250725ba5 Fix Certificate and CRL adding in X509_load_cert_crl_file: 
an X509_INFO structure can contain more than one object,
for example a certififcate and a CRL.
 2003-03-19 13:56:32 +00:00
Richard Levitte
2581aacd52 A memset() too many got converted into a OPENSSL_cleanse(). 
PR: 393
 2002-12-10 08:26:10 +00:00
Richard Levitte
b3dd9f3bb5 SSL_CERT_FILE should be used in place of the system default file, not as 
a first alternative to try
 2002-12-05 21:07:35 +00:00
Richard Levitte
2589b74fd8 Make sure using SSL_CERT_FILE actually works, and has priority over system defaults. 
PR: 376
 2002-12-05 01:20:59 +00:00
Dr. Stephen Henson
e758ce69a3 Typo in X509v3_get_ext_by_critical 2002-12-04 00:14:00 +00:00
Richard Levitte
75e3026a14 Cleanse memory using the new OPENSSL_cleanse() function. 
I've covered all the memset()s I felt safe modifying, but may have missed some.
 2002-11-28 08:09:03 +00:00
Richard Levitte
c83d8e2ba6 A variable of type time_t is supposed to be a time measurement starting at 
Epoch.  offset isn't such a measurement, so let's stop pretend it is.
 2002-11-18 13:04:29 +00:00
Ben Laurie
9831d941ca Many security improvements (CHATS) and a warning fix. 2002-11-12 13:23:40 +00:00
Richard Levitte
8bcc049399 X509_NAME_cmp() now compares PrintableString and emailAddress with a value of type 
ia5String correctly.
PR: 244
 2002-11-09 21:55:12 +00:00
Richard Levitte
f6733ae577 makedepend complains when a header file is included more than once in 
the same source file.
 2002-10-14 09:53:46 +00:00
Richard Levitte
ff90d659e6 Use double dashes so makedepend doesn't misunderstand the flags we 
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
 2002-10-09 13:21:33 +00:00
Dr. Stephen Henson
a98beb3a2d Apply -nameopt patches to 0.9.7 2002-08-30 18:26:26 +00:00
Lutz Jänicke
3720ea24f0 "make update" 
Submitted by:
Reviewed by:
PR:
 2002-07-30 07:18:03 +00:00
Richard Levitte
ca55c617e5 Pass CFLAG to dependency makers, so non-standard system include paths are 
handled properly.
Part of PR 75
 2002-06-27 16:44:52 +00:00
Richard Levitte
421d474332 Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:44:05 +00:00
Dr. Stephen Henson
14e14ea68c Allow a NULL store parameter to X509_STORE_CTX_init(). 2002-02-15 00:58:14 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Dr. Stephen Henson
f1558bb424 Reject certificates with unhandled critical extensions. 2001-10-21 02:09:15 +00:00
Dr. Stephen Henson
98e6654938 Typo. 2001-10-20 16:22:28 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() 
with existing code.

Modify library to use digest *_ex() functions.
 2001-10-16 01:24:29 +00:00
Lutz Jänicke
e1c279b63d Small documentation fixes (Howard Lum <howard@pumpkin.canada.sun.com>) 2001-10-08 08:37:24 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our 
types.h to ossl_typ.h.
 2001-10-04 07:32:46 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul. 
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
 2001-09-01 20:02:13 +00:00
Ben Laurie
354c3ace73 Add first cut symmetric crypto support. 2001-08-18 10:22:54 +00:00
Dr. Stephen Henson
35bf35411c Add CRL utility functions to allow CRLs to be 
built up without accessing structures directly.

Update ca.c to use new functions.

Fix ca.c so it now build CRLs correctly again.
 2001-08-17 00:33:43 +00:00
Geoff Thorpe
b7727ee616 The indexes returned by ***_get_ex_new_index() functions are used when 
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
 2001-08-12 16:52:00 +00:00
Bodo Möller
e51d1321fc More typedef'd struct names as search targets 2001-08-06 11:57:08 +00:00
Bodo Möller
b9fdb3eb99 Reinsert typedef'ed names for structs to help those trying to read the 
sourcecode (including fgrep)
 2001-08-06 11:49:31 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Lutz Jänicke
db089ad60d Don't miss files... 2001-07-30 11:50:37 +00:00
Lutz Jänicke
1f0c9ad7e1 Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:45:34 +00:00
Dr. Stephen Henson
1241126adf More linker bloat reorganisation: 
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
 2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
1e325f6149 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:35 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and 
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
 2001-06-19 22:30:40 +00:00
Dr. Stephen Henson
f2a253e0dd Add support for MS CSP Name PKCS#12 attribute. 2001-06-11 00:43:20 +00:00
Dr. Stephen Henson
76c919c1a3 Add missing variable length cipher flag for Blowfish. 
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
 2001-05-24 22:58:35 +00:00
Dr. Stephen Henson
4831e626aa Change Win32 to use EXPORT_VAR_AS_FN. 
Fix OPENSSL_IMPLEMENT_GLOBAL.

Allow Win32 to use EXPORT_VAR_AS_FN in mkdef.pl

make update.
 2001-05-12 23:57:41 +00:00