| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
and primitive types.
This is needed when a type is OPTIONAL and it should
be set to the value that signifies its absence. This
will normally be NULL but there are some exceptions
that have to be handled: currenly BOOLEAN and LONG.
|
|
|
|
| |
Add comment about OPTIONAL type.
|
|
|
|
|
| |
Fix typo that didn't zero *inf and
broke everything...
|
|
|
|
|
|
|
|
|
|
| |
Needs a new flag to allow broken SEQUENCEs
which are known to exist in some forms of this
structure.
Also added a length check to reject a SEQUENCE
of length greater than the amount of data available
in the buffer.
|
|
|
|
|
|
|
| |
Change the X509V3 code to use new typedefs
(GENERAL_NAMES etc).
Implement extended key usage.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ASN1 code has two forms: just public key and public key with
paramaters. Use a modified CHOICE type to handle this.
Added new/free overrides to CHOICE type (needed for above).
Fix a typo in DSAPrivateKey.
Fix basicConstraints: fields should be OPTIONAL.
Delete some obsolete files.
There's not much of the old ASN1 code left now...
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
parameters. DSA public keys will come later...
Modify DSA_SIG so its allocation routine initialises
its components to NULL: the default routines would
set them using BN_new().
Make LONG types 'omit' value selectable by the ASN1_ITEM
size field.
Add ZLONG type with 0 omit value: used for DH parameters.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to crypto/rsa.
This makes use of the BIGNUM and LONG ASN1 types
and the new/free overrides.
Reimplement NETSCAPE_PKEY. The rest of the "NET"
form will be trickier due to broken encoding issues
with IIS and because the current code manually handles
the encoding in a convoluted way.
Zap all the old ASN1 error codes and rebuild. This
has deleted lots of old error codes because the
new ASN1 doesn't use two function codes per structure.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and stores the result in a long directly. This handles
negative longs OK and has range checking.
The value ASN1_LONG_UNDEF is used to indicate that the long
should be omitted (for OPTIONAL types). This is set to
0x7fffffff which is well beyond the normal expected range
of this type: it will typically be used for version numbers
where only a small value is used.
Also used the return value 2 from the callbacks to new/free
as a magic value which means that the callback itself will
handle new/free operations and the standard behaviour is
inappropriate.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
directly between an ASN1 INTEGER and a BIGNUM. CBIGNUM clears the
BIGNUM when it is freed (for sensitive information).
These types will interpret an negative INTEGER as positive because
this is a common encoding error. Negative INTEGERs are rarely used
legitimately for large integers.
Fix for some encoding bugs with ASN1_TYPE and SEQUENCEs.
Remove some unnecessary dependencies on asn1_mac.h.
|
|
|
|
|
|
|
| |
and DEFAULT FALSE. The type is reflected in the 'size' field which
is unused for primitive types.
Implement basicConstraints and cRLDistributionPoints.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
octets and C structures.
Add support for custom primitive types by allowing the content
translations functions to be overridden. This can be used to either
handle currently unsupported types or provide custom structures
for existing types (BIGNUM or long for INTEGER, char * for strings
for example).
BIGNUM and long versions of ASN1_INTEGER will be needed later...
Make X509_NAME_free zero passed pointer.
|
|
|
|
| |
populate a buffer automatically.
|
|
|
|
|
|
| |
field as well as freeing it. 'clear' does not
necessarily mean setting to zero: in the case
of ASN1_BOOLEAN it is set to -1.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cache the received encoding of a structure. This is useful
partly for efficiency but mainly because the signatures may
be wrong if calculated on a re-encoded structure.
Replace old X509_REQ handling. This results in slightly different
'kludge' behaviour. X509_REQ_print() and the 'req' utility
have been modified to accommodate this.
Free up a STACK before reusing it in the decode routines for
SET OF and STACK OF. Also free up and zero any OPTIONAL sequence
components. Can probably be handled more cleanly in the free
routines themselves by passing (ASN1_VALUE **).
|
|
|
|
|
|
|
|
|
| |
means an absent type everywhere since this can break
non pointer types. So only assume NULL is absent if
the type is not primitive.
Then the primitive routines can decide how to handle
the pointer. Currently this only applies to BOOLEAN.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
free and encoding routines causes problems with non pointer types
(such as ASN1_BOOLEAN) and have to be treated as special cases.
Changed this to use (ASN1_VALUE **) throughout which makes
results in (ASN1_BOOLEAN *) which is a pointer type and can be
treated in a similar way to others.
This is in preparation for customised primitive types. This
would allow (for example) an ASN1_INTEGER to be represented
as a BIGNUM directly or an int or long. This will be needed
for some of the remaining ASN1 code relating to public key
representations.
|
|
|
|
|
|
|
|
| |
Fix typo in PKCS#12 ASN1 module.
Fix indefinite length constructed gathering.
Fix memory leak in ASN1_new()/ASN1_free()
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement GENERAL_NAME and add support for EDIPartyName as well.
Authority keyid, private key usage, strong extranet redone too.
New type ASN1_SEQUENCE which simply encodes a SEQUENCE in an
ASN1_STRING leaving its encoding intact.
Fix PKCS7 memory leak.
Remove couple of redundant files
|
|
|
|
|
|
|
|
|
| |
the old stuff has been replaced by
the single file p12_asn.c.
Various related replacements.
Fix for typo in PKCS7 module.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
code is now in the single file p7_asn.c rather
than sprawled over 9 files.
This is the first use of ANY DEFINED BY.
ANY DEFINED BY code tidied up and fixed.
PBE ASN1 code implemented.
Fixes for EOC checking.
Fix for ASN1 STACK memory leak.
|
|
|
|
|
|
|
| |
This is the first CHOICE type used and it also uses
the combine option...
Fix so the combine option now works :-)
|
|
|
|
| |
Remove redundant file a_vis.c
|
|
|
|
|
|
| |
of PKCS#7.
Merge a few templates and remove some redundant files.
|
|
|
|
|
|
|
|
|
|
| |
Only exceptions are ASN1_OBJECT and ASN1_BOOLEAN which
are non standard.
Also X509_SIG, NETSCAPE_SPKI , PKCS8_PRIVATE_KEY_INFO
Initial ANY DEFINED BY macros (untested): will be used
for PKCS#7 replacement.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
certificate ASN1 routines.
Quite a bit of extra development on the base code was needed
to do this. In particular a new ASN1_AUX structure has been
added to carry miscellaneous information which most types wont
need.
Currently it includes a set of flags and information about the
reference count pointer.
It also has a callback function which is called at various
points in the ASN1 processing. This allows minor tweaks to be
performed such as caching data, freeing up extra fields and
various miscellaneous operations which can't be handled by
the core code. It is intended for minor customisation: for
major variations the use of external types is recommended.
And it still seems to work...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is probably the most complex type because we have
SEQUENCE OF { SET OF X509_NAME_ENTRY }
which would normally result in two nested STACKs.
However instead the data is stored in an X509_NAME structure which has a
single STACK_OF(X509_NAME_ENTRY) and a field in X509_NAME_ENTRY called
'set' which indicates the index of the SET OF structure for each entry.
It also caches the encoding for efficiency reasons.
This is implemented as an "external type" where the encoding and decoding
is done by explicit functions rather than via a template. We actually do
use an internal template though and convert the nested STACKs to X509_NAME
and back again.
The strange thing is this actually seems to work...
|
|
|
|
|
|
|
|
|
|
|
|
| |
also include extern declarations for the ASN1_ITEM structure.
Implement the PRINTABLE type using the MSTRING on the new ASN1 code.
Fix the MSTRING type because it didn't work :-)
Replace the X509_NAME_ENTRY type with a template.
This is in preparation for replacing X509_NAME which is a bit trickier...
|
|
|
|
|
|
|
|
| |
Change the name from "parent" to "combine" which better
describes the function. Add macros to handle this and
fix the handling.
Add some info to README.ASN1 describing major changes.
|
|
|
|
|
|
|
| |
with indefinite length constructed types and give an error
if the tag contains trailing garbage. Still needs testing.
Make the various string type macros available in asn1t.h.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TRUE value (0xff).
More ASN1 replacement: this time ASN1_TYPE routines.
The new template equivalent should do everything the
old code can do and a few things it cannot: for example
the old code would not correctly read an indefinite length
constructed SEQUENCE.
The old new/free functionality is now in tasn_fre.c and
tasn_new.c. The only remaining stuff it in a_type.c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509_ALGOR and X509_EXTENSION structures.
This turned up loads of bugs in the encoder
and decoder which are now fixed. Mainly due
to mishandling of SEQUENCEs in the ASN1_ANY
type.
It also removes an issue with the "netscape_hack"
field of X509_EXTENSION. Since the critical
flag is DEFAULT FALSE it will be omitted if it
is FALSE. However some broken certificates encode
it anyway for FALSE so historically the "netscape_hack"
flag was set to mean "encode even if its FALSE". Now
however the ASN1_BOOLEAN type has three values > 0
for TRUE (of which 0xff is the correct DER value)
== 0 for FALSE and < 0 to omit the encoding so the
information is stored in its normal value. This does
however mean that we have to interpret the < 0 value
as FALSE in the relevant X509 code.
|
|
|
|
|
|
| |
and set the selector to -1 (undefined).
Don't use int for boolean use ASN1_BOOLEAN type instead.
|
|
|
|
|
|
|
|
|
| |
Add macros to declare and implement ASN1 functions in terms of
templates.
Note: declare in in asn1.h but implement is in asn1t.h. This
is so applications that simply use ASN1 functions only include
asn1.h, but those that implement them include asn1t.h as well.
|
|
|
|
|
|
|
|
|
|
|
| |
experimental, doesn't work properly and does
lots of evil things. Quite a few of the files
aren't even compile in yet.
It should however give a rough idea of how
things will ultimately work.
Don't even think about modifying any of this yet...
|
|
|
|
| |
This implements the relevant stuff from OCSP.
|
| |
|
|
|
|
| |
The randomness may not actually be very good (we don't know).
|
| |
|
|
|
|
| |
needed now.
|
|
|
|
| |
From: Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
load the "external" built-in engines (those that require DSO). This
makes linking with libdl or other dso libraries non-mandatory.
Change 'openssl engine' accordingly.
Change the engine header files so some declarations (that differed at
that!) aren't duplicated, and make sure engine_int.h includes
engine.h. That way, there should be no way of missing the needed
info.
|
|
|
|
|
|
|
| |
implementation is contained in the application, and the capability
string building part should really be part of the engine library.
This is therefore an experimental hack, and will be changed in the
near future.
|
| |
|
| |
|
|
|
|
| |
fopen(NULL).
|