summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1/x_crl.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add missing check to X509_CRL_verify()tb2025-07-101-1/+7
| | | | | | | | | | | | | When fixing CVE-2014-8275 in commit 684400ce, Henson added a check that the AlgorithmIdentifier in the certificate's signature matches the one in the tbsCertificate. A corresponding check for CRLs was missed. BoringSSL added such a check in 2022, so this should be fine for us to do as well even though OpenSSL still doesn't have it. The only caller will set an error on the stack, so we don't do it here. There's no obvious check that X509_REQ_verify() could do. ok beck kenjiro
* Use err_local.h rather than err.h in most placestb2025-05-101-2/+2
| | | | ok jsing
* Rename the crl_inf_cb() to crl_info_cb()tb2025-02-271-3/+3
|
* Hoist X509_REVOKED_cmp() above its only callertb2025-02-271-9/+7
| | | | | This way we don't need a prototype and things that belong together are together. Slight KNF tweak while there
* x_crl.c: remove two NULL checks before *_free()tb2025-02-241-5/+3
|
* Hide global _it variables in x509.hbeck2024-07-081-1/+4
| | | | ok tb@
* Hide public symbols in x509.hbeck2024-04-091-1/+30
| | | | | | | This picks up most of the remaining public symbols in x509.h ok tb@
* Remove X509_CRL_METHOD APItb2024-03-021-34/+1
| | | | | | I would keep repeating myself... In the bit bucket you go. ok jsing
* Remove X509_CRL_METHOD internalstb2024-01-061-79/+23
| | | | | | | | | | | | | | | Another complication of dubious value that nobody's ever used. crl_init(), crl_free() and the meth_data are dead weight, as are their accessors. Inline def_crl_verify() in X509_CRL_verify() so that the latter becomes the trivial wrapper of ASN1_item_verify() that one would expect it to be. It is quite unclear what kind of customization would make sense here... def_crl_lookup() is renamed into crl_lookup() and its two callers, X509_CRL_lookup_by_{serial,cert}(), are moved below it so that we don't need a prototype. ok jsing
* Unbreak the namespace build after a broken mk.conf and tool misfire hadbeck2023-07-071-35/+1
| | | | | | | | me aliasing symbols not in the headers I was procesing. This unbreaks the namespace build so it will pass again ok tb@
* Hide symbols in asn1 and biobeck2023-07-051-1/+35
| | | | ok jsing@
* Prepare to provide X509_CRL_get0_sigalg()tb2022-12-261-1/+7
| | | | | | | | | This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which does not provide a way to access the tbs sigalg of a CRL. This is needed in security/pivy. From Alex Wilson ok jsing
* Make internal header file names consistenttb2022-11-261-3/+3
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Get rid of SHA1 for comparing CRL's - use SHA512 just like we do for certs.beck2022-02-241-4/+2
| | | | ok tb@
* Use calloc() for X509_CRL_METHOD_new() instead of malloc().jsing2021-12-031-3/+4
| | | | | | | This ensures that if any members are added to this struct, they will be initialised. ok schwarze@ tb@
* Move the now internal X.509-related structs into x509_lcl.h.tb2021-11-011-1/+2
| | | | | | | | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
* Fix a number of ASN1_INTEGER vs ASN1_STRING mixups coming from thetb2019-03-131-4/+2
| | | | | | | | | | | mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function takes signs into account while ASN1_STRING_cmp doesn't. The mixups mostly involve serialNumbers, which, in principle, should be positive. However, it is unclear whether that is checked or enforced anywhere in the code, so these are probably bugs. Patch from Holger Mikolon ok jsing
* Turn a number of #defines into proper functions with prototypes matchingtb2018-08-241-1/+31
| | | | | | those that OpenSSL has had for ages. ok jsing
* Make the NULL check a separate if statement for readability andtb2018-04-231-2/+4
| | | | | | grepability. Req. by jsing
* Make X509_CRL_METHOD_free() NULL-safe.tb2018-04-231-2/+2
| | | | ok bcook
* Provide X509_REVOKED_dup().jsing2018-03-171-1/+7
|
* Provide X509_CRL_get0_extensions() and X509_CRL_get_signature_nid().jsing2018-02-221-1/+13
|
* Provide X509_CRL_get0_{last,next}Update() and X509_CRL_get0_signature().jsing2018-02-201-1/+23
|
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-2/+2
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Expand ASN1_ITEM_rptr and ASN1_ITEM_ptr macros - no change in generatedjsing2016-12-301-2/+2
| | | | assembly.
* When freeing an X509_CRL, if freeing the user-maintained meth_data fails,miod2015-07-201-3/+4
| | | | | do not forgot to nevertheless keep freeing the other fields. ok doug@ guenther@
* Remove initialisers with default values from the ASN1 data structures.jsing2015-02-111-27/+1
| | | | | Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
* Expand most of the ASN1_SEQUENCE* and associated macros, making the datajsing2015-02-111-20/+144
| | | | | | | | | | structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* The IMPLEMENT_STACK_OF and IMPLEMENT_ASN1_SET_OF macros were turned intojsing2015-02-101-6/+1
| | | | | noops around 15 years ago. Remove multiple occurances of both that still exist in the code today.
* Manually expand ASN1_ITEM_rptr macros that should have been expanded withjsing2015-02-101-2/+2
| | | | the IMPLEMENT_ASN1_DUP_FUNCTION macro.
* Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visiblejsing2015-02-101-2/+7
| | | | | | | | | and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-091-4/+76
| | | | | | | | | functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Tolerate critical AKID in CRLs; OpenSSL PR #3014 via OpenSSL trunk, andmiod2014-07-111-7/+8
| | | | also update the comments to reflect what the code now does.
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-3/+4
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-101-1/+4
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Use C99 initializers for the various FOO_METHOD structs. More readable, andmiod2014-04-271-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | avoid unreadable/unmaintainable constructs like that: const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { EVP_PKEY_CMAC, EVP_PKEY_CMAC, 0, "CMAC", "OpenSSL CMAC method", 0,0,0,0, 0,0,0, cmac_size, 0, 0,0,0,0,0,0,0, cmac_key_free, 0, 0,0 }; ok matthew@ deraadt@
* More KNF.jsing2014-04-181-77/+87
|
* lob a few more knf grenades in here to soften things up.tedu2014-04-181-51/+28
|
* putting most of the braces in the right column is the very least we can do.tedu2014-04-181-75/+75
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-2/+2
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* resolve conflicts, fix local changesdjm2010-10-011-2/+389
|
* resolve conflictsdjm2008-09-061-1/+1
|
* resolve conflictsdjm2005-04-291-31/+9
|
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-258/+72
|
* openssl-engine-0.9.6a mergebeck2001-06-221-5/+5
|
* openssl-engine-0.9.6 mergebeck2000-12-151-8/+13
|
* OpenSSL 0.9.5 mergebeck2000-03-191-32/+25
| | | | | | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
* OpenSSL 0.9.4 mergebeck1999-09-291-89/+86
|
* Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD buildryker1998-10-051-0/+353
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-23 11:57:21 +0000