| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
| |
errors which should cause abort. A few are not enabled yet, they
will be once the corresponding diffs in malloc are committed.
|
| |
|
|
|
|
|
|
|
| |
roots was used to store the trusted stack or pull the roots out of the
X509_STORE before beck unmooned Ethel in x509_vfy.c r1.88. Since then
this variable is effectively unused. It seems the STACK_OF(3) madness
is too complicated for -Wunused-but-set-variable to notice.
ok miod
|
| |
|
|
|
|
|
| |
If an extension is non-critical, X509V3_extensions_print() would leave
trailing whitespace. This can be trivially avoided.
ok miod
|
| | |
|
| |
|
|
| |
Found by, compile tested & ok bluhm.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This drops a few certs per the CA's request and TrustCor because of drama.
Certainly, a new CA, is added as well as new certs for DigiCert, SECOM and
E-Tugra. Unizeto still haven't fixed one of their certs and we still don't
want the alternative Firmaprofesional with sha1WithRSAEncryption.
ok sthen
|
| |
|
|
| |
ok jsing (a very long time ago)
|
| | |
|
| |
|
|
|
|
|
|
| |
A calloc failure should be a fatal error, so make it return -1.
Also switch the default rv to -1 and distinguish error cases with
acceptable situations with goto err/goto done.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This makes the custom stalt stack work again.
Tested by robert as part of a larger diff
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Nothing should be using this anymore, except that salt decided to use
it in its home-cooked protocol, which already had its share of issues.
Hopefully the efforts to switch salt to something more reasonable and
standardized like mTLS will succeed sooner rather than later.
tested as part of a larger patch by robert
ok jsing
|
| |
|
|
| |
With e_old.c gone, we no longer need this.
|
| |
|
|
|
|
|
| |
This should leak slightly less than the direct expansion of ASN1_dup_of().
Use freezero() since the DER could contain a private key.
ok jsing
|
| | |
|
| |
|
|
| |
This currently leaks, which will fixed in a follow-on commit.
|
| |
|
|
|
|
| |
This test depends on RAND_set_rand_method() allowing stupid things like
making ECDSA signatures deterministic. This was gutted a long time ago
and the function should have followed its wrappers into the attic.
|
| |
|
|
|
|
|
| |
An int would be perfectly sufficient for this, but then again there would
be fewer traps.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
regress for the moment. this will come back after we rethink
the failure versus not there case.
ok tb@ jsing@
|
| |
|
|
|
|
| |
changing tests.
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently these functions return raw ASN1_STRING bytes as
a C string and ignore the encoding in a "hold my beer I am
a toolkit not a functioning API surely it's just for testing
and you'd never send nasty bytes" kind of way.
Sadly some callers seem to use them to fetch things liks
subject name components for comparisons, and often just
use the result as a C string.
Instead, encode the resulting bytes as UTF-8 so it is
something like "text",
Add a failure case if the length provided is inadequate
or if the resulting text would contain an nul byte.
based on boringssl.
nits by dlg@
ok tb@
|
| |
|
|
|
|
| |
and for now, skip the the BIO_R_* reason codes.
It looks like all public symbols in the BIO library
are now documented or marked as intentionally undocumented.
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Pull the setting of the name a.k.a. nid into ec_group_new_from_data().
This way, we can return early on finding the nid in the curve_list[].
This also avoids a silly bug where a bogus ERR_R_UNKNOWN_BUG is pushed
onto the error stack when ec_group_new_from_data() failed.
While there rework the exit path of ec_group_new_from_data() a bit.
Instead of an ok variable we can use an additional pointer to keep
track of the return value and free the EC_GROUP unconditionally.
ok jsing
|
| |
|
|
|
|
|
|
| |
Initialize the mdalgs stack at the top and test and assign for ctype_nid.
Use an empty line to separate variable declarations from the actual code
and zap an extra empty line.
ok jsing
|
| | |
|
| |
|
|
|
| |
This is a wrapper of i2d_ASN1_bio_stream() that doesn't require us to
pass in PKCS7_it.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
serialized format.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
Also clean up the definition of EC_CURVE_DATA a bit.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
We have a BN_CTX available, so we may as well use it. This simplifies
the cleanup path at the cost of a bit more code in the setup. Also use
an extra BIGNUM for the cofactor. Reusing x for this is just silly. If
you were really going to avoid extra allocations, this entire function
could easily have been written with three BIGNUMs.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
No member of the curve_list[] table has a method set. Thus, curve.meth
is always NULL and we never take the EC_GROUP_new(meth) code path.
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
There's no point in introducing a typedef only for two sizeof() calls.
We might as well use an anonymous struct for this list. Make it const
while there, drop some braces and compare strcmp() return value to 0.
ok jsing
|
