| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
This picks up most of the remaining public symbols in
x509.h
ok tb@
|
| |
|
|
|
|
|
|
| |
One of those void APIs that are super hard to use safely since they can
fail but can't communicate failure. Nothing uses this. Internal uses have
been converted to error checked X509_ALGOR_set_evp_md().
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
X509_ALGOR_set0() is annoyingly unergonomic since it takes an ASN1_OBJECT
rather than a nid. This means that almost all callers call OBJ_obj2nid()
and they often do this inline without error checking so that the resulting
X509_ALGOR object is corrupted and may lead to incorrect encodings.
Provide an internal alternative X509_ALGOR_set0_by_nid() that takes a nid
instead of an ASN1_OBJECT and performs proper error checking. This will be
used to convert callers of X509_ALGOR_set0() in the library.
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
Fix includes and zap an empty line.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current implementation is a complete mess. There are three cases:
1) ptype == V_ASN1_UNDEF: parameter must be freed and set to NULL.
2) ptype == 0: existing non-NULL parameters are left untouched, NULL
parameters are replaced with ASN1_TYPE_new()'s wacky defaults.
3) otherwise allocate new parameters if needed and set them to ptype/pval.
In all three cases free the algorithm and set it to aobj.
The challenge now is to implement this using nine if statements and one
else clause... We can do better. This preserves existing behavior. There
would be cleaner implementations possible, but they would change behavior.
There are many callers in the ecosystem that do not error check
X509_ALGOR_set0() since OpenSSL failed to do so. So this was carefully
rewritten to leave alg in a consisten state so that unchecking callers
don't encounter corrupted algs.
ok jsing
|
| |
|
|
|
|
| |
This fixes the printf in the x509_algor regress.
ok jsing
|
| |
|
|
|
|
|
|
| |
Make the logic slightly less convoluted. Preserve the behavior that
*ppval remains unset if pptype == NULL for now. However, ensure that
*ppval is set to NULL if pptype is V_ASN1_UNDER.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509_ALGOR_set_md() is a void function that cannot easily be error checked.
The caller has to jump through hoops to make sure this function doesn't
fail. Prepare replacing this internally with X509_ALGOR_set_evp_md(), which
allows error checking. There is one slight change of behavior: if the EVP_MD
object passed in does not have an OID known to the library, then this new
API fails.
It is unclear what the library should do with such an object and people
who use EVP_MD_meth_new() need to know what they are doing anyway and they
are better off teaching the lib about the OID if they're going to be
messing with certs.
Oh, and the prototype is in x509_local.h because the rest of this API is
in x509.h despite being implemented in asn1/.
ok jsing
|
| |
|
|
|
|
|
| |
This is currently written in what is likely the most stupid way possible.
Rewrite this function in a more straightforward way.
ok jsing
|
| |
|
|
|
|
|
|
| |
me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok inoguchi schwarze
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
| |
macros - the generated assembly only differs by changes to line numbers.
|
| |
|
|
|
| |
Minor changes in generated assembly due to the compiler swapping from
.quad 0/.long 0 to .zero, along with changes due to line numbering.
|
| |
|
|
|
|
|
|
|
|
| |
structures visible and easier to review, without having to wade through
layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
|
| |
|
|
|
| |
noops around 15 years ago. Remove multiple occurances of both that still
exist in the code today.
|
| | |
|
| |
|
|
| |
the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
| |
|
|
|
|
|
|
|
| |
and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
|
| |
|
|
|
|
|
|
|
| |
functions can be readily located.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
|
| |
|
|
|
|
| |
from OpenSSL with a hint of boring and some things done here. Addresses
CVE-2014-8275 for OpenSSL fully
ok miod@ doug@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
| | |
|
|
|
functionality for shared libs.
Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.
Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.
|
