summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1/asn1_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use size_t for ASN.1 lengths.jsing2022-05-051-7/+9
| | | | | | | | Change asn1_get_length_cbs() and asn1_get_object_cbs() to handle and return a length as a size_t rather than a uint32_t. This makes it simpler and less error prone in the callers. Suggested by and ok tb@
* Rewrite asn1_check_tlen() using CBS.jsing2022-04-281-3/+3
| | | | | | | | | | | | | | | Rather than calling asn1_get_object_cbs(), call asn1_get_identifier_cbs(), then immediately proceed with the tag number and tag class check. Only if that succeeds (or it is not required) do we call asn1_get_length_cbs(). This avoids incurring the overhead of decoding the length in the case where the tag number and tag class do not match. While here rename asn1_check_tlen() to asn1_check_tag() - while we decode the length, what we are normally checking is the tag number and tag class. Also rename the arguments for readability. For now the argument types and encoding remain unchanged. ok inoguchi@ tb@
* Provide asn1_get_primitive()jsing2022-03-261-1/+32
| | | | | | | | This takes a CBS, gets the ASN.1 identifier and length, ensures the resulting identifier is a valid primitive, then returns the tag number and the content as a CBS. ok inoguchi@ tb@
* Rewrite ASN.1 identifier/length parsing in CBS.jsing2021-12-251-0/+171
| | | | | | | | | Provide internal asn1_get_identifier_cbs() and asn1_get_length_cbs() functions that are called from asn1_get_object_cbs(). Convert the existing ASN1_get_object() function so that it calls asn1_get_object_cbs(), before mapping the result into the API that it implements. ok tb@
* Rename asn1_lib.c to asn1_old_lib.cjsing2021-12-151-286/+0
| | | | | | | This will allow us to add a new asn1_lib.c while replacing the code that is in currently in asn1_old_lib.c. Discussed with tb@
* Consolidate various ASN.1 code.jsing2021-12-151-147/+1
| | | | | | | | | Rather than having multiple files per type (with minimal code per file), use one file per type (a_<type>.c). No functional change. Discussed with tb@
* Rewrite ASN1_STRING_cmp().jsing2021-12-031-11/+8
| | | | | | This removes nested ifs and uses more sensible variable names. ok schwarze@ tb@
* Convert ASN1_STRING_type_new() to calloc().jsing2021-12-031-10/+7
| | | | | | | Rather than using malloc() and then initialising all struct members, use calloc() and only initialise the single non-zero value member. ok schwarze@ tb@
* Fix a nasty quirk in ASN1_STRING_copy(3).schwarze2021-11-131-2/+2
| | | | | | | | | In case of failure, it reported the failure but corrupted the type of the destination string. Instead, let's make sure that in case of failure, existing objects remain in their original state. OK tb@
* Fix a NULL dereference in GENERAL_NAME_cmp()tb2020-12-081-1/+3
| | | | | | | | | | | | Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead to a crash. This enables a denial of service attack for an attacker who can control both sides of the comparison. Issue reported to OpenSSL on Nov 9 by David Benjamin. OpenSSL shared the information with us on Dec 1st. Fix from Matt Caswell (OpenSSL) with a few small tweaks. ok jsing
* Fix whitespace around assignment operators.tb2018-11-171-7/+7
|
* whitespacetb2018-11-021-2/+2
|
* Remove a bunch of ancient and highly crufty ASN.1 related code fromjsing2018-10-241-57/+1
| | | | | | libcrypto (the "new" stuff replaced this back around 2000 or so...). ok tb@
* Add const to functions in asn1/asn1.h as they did in OpenSSL.tb2018-04-251-2/+2
| | | | | | | BIO_f_asn1() will be taken care of later. Tested in a bulk by sthen ok bcook jca jsing
* Provide ASN1_STRING_get0_data().jsing2018-02-141-1/+7
|
* use freezero() instead of memset/explicit_bzero + free. Substantiallyderaadt2017-05-021-8/+4
| | | | | | | | | | reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-5/+5
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* explict_bzero for some asn1 free's - ok miod@beck2016-03-061-2/+6
|
* Expand obsolete M_ASN1_STRING_* macros in asn1_lib.c, apply some style(9)jsing2015-07-291-6/+5
| | | | | | and drop an unnecessary return from a void function. ok bcook@ doug@
* Less asn1_mac.h - asn1_lib.c does not need it and x_pkey.c should bejsing2015-07-271-2/+1
| | | | | | using ASN1err() instead of ASN1_MAC_H_err(). ok miod@
* Don't leak addresses in error messages.miod2015-02-071-2/+2
|
* Delete a lot of #if 0 code in libressl.doug2015-02-071-7/+1
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* In ASN1_get_object(), reject primitive encodings using the indefinite lengthmiod2014-07-111-1/+4
| | | | constructed form. OpenSSL PR #2438 via OpenSSL trunk
* In asn1_get_length(), tolerate leading zeroes in BER encoding.miod2014-07-111-5/+8
| | | | OpenSSL PR #2746 via OpenSSL trunk
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-2/+2
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-101-2/+4
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* remove unused, private version strings except SSL_version_strbcook2014-07-091-2/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* no need for null check before free. from Brendan MacDonelltedu2014-05-301-2/+1
|
* Replace all use of ERR_add_error_data with ERR_asprintf_error_data.beck2014-04-261-4/+1
| | | | | | | | This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
* improve realloc/calloc/malloc patterns; ok guentherderaadt2014-04-211-1/+1
|
* ASN1_STRING cleanup - realloc has handled NULL since I had a mulletbeck2014-04-201-17/+10
| | | | | | | | | and parachute pants - and since it's obvious there is no guarantee the caller doesn't pass in the data area in the argument, use memmove instead of memcpy so overlapping areas are handled correctly. Also, pointers can be usefully printed in hex with %p, in error messaeges rather than the bizzaro stuff that was there using mystical buffer lengths and abuse of strlcpy-converted-blindly-from-strcpy
* We'll interpret a (void) cast on snprintf() to mean it's been verified thatguenther2014-04-191-2/+2
| | | | | | truncation is either desirable, not an issue, or is detected and handled later ok deraadt@
* More KNF.jsing2014-04-191-178/+226
|
* lob a few more knf grenades in here to soften things up.tedu2014-04-181-62/+30
|
* putting most of the braces in the right column is the very least we can do.tedu2014-04-181-99/+99
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-6/+6
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* Part 1 of eliminating BIO_snprintf(). This fixes mechanical conversionsbeck2014-04-151-2/+2
| | | | | where the return value is ignored changing to (void) snprintf. ok deraadt@
* resolve conflicts, fix local changesdjm2010-10-011-12/+24
|
* resolve conflictsdjm2008-09-061-18/+55
|
* resolve conflictsdjm2005-04-291-0/+1
|
* merge 0.9.7dmarkus2004-04-081-2/+2
|
* security fix from http://www.openssl.org/news/secadv_20030930.txtmarkus2003-09-301-0/+2
| | | | see also http://cvs.openssl.org/chngview?cn=11471
* Trivial sprintf() -> snprintf() changes. ok deraadt@ho2003-04-051-2/+2
|
* merge openssl-0.9.7-beta3, tested on vax by miod@markus2002-09-101-0/+1
|
* Better fixes from openssl cvs; from markus@miod2002-08-051-3/+4
|
* typo; from openssl cvsmarkus2002-08-021-1/+1
|
* apply patches from OpenSSL Security Advisory [30 July 2002],markus2002-07-301-4/+6
| | | | http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-2/+1
|
* openssl-engine-0.9.6a mergebeck2001-06-221-1/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-05 04:53:25 +0000