summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add const to functions in asn1/asn1.h as they did in OpenSSL.tb2018-04-2516-85/+89
| | | | | | | BIO_f_asn1() will be taken care of later. Tested in a bulk by sthen ok bcook jca jsing
* Make the NULL check a separate if statement for readability andtb2018-04-231-2/+4
| | | | | | grepability. Req. by jsing
* Make X509_CRL_METHOD_free() NULL-safe.tb2018-04-231-2/+2
| | | | ok bcook
* make ENGINE_finish() succeed on NULL and simplify callers as intb2018-04-141-5/+3
| | | | | | | | | | | OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
* Revert revision 1.12 commit. Although *pval looks like a C pointer,bluhm2018-04-061-2/+5
| | | | | | | | it may be something else. For primitive types it is possible that a boolean int has been casted to an ASN1_VALUE pointer. Then the 64 bit read access to *pval may crash due to alignent or 32 bit size. bug report Anton Borowka; OK tedu@ jsing@ miod@
* Avoid leaking str if EVP_Digest() fails.tb2018-04-061-3/+6
| | | | | | | Found and fixed by Bernd Edlinger as part of OpenSSL commit 83b4049ab75e9da1815e9c854a9297bca3d4af6b ok jsing, deraadt, bcook
* Limit ASN.1 constructed types recursive definition depthinoguchi2018-03-293-22/+45
| | | | | | | | Fixes for CVE-2018-0739. Copied from commit below, and modified for adaption to our code. https://github.com/openssl/openssl/commit/9310d45087ae546e27e61ddf8f6367f29848220d ok bcook@ beck@ jsing@
* Provide X509_PUBKEY_get0() by splitting X509_PUBKEY_get() and turning itjsing2018-03-171-6/+16
| | | | into a wrapper that calls X509_PUBKEY_get0() and up refs.
* Provide X509_REVOKED_dup().jsing2018-03-171-1/+7
|
* Provide X509_CRL_get0_extensions() and X509_CRL_get_signature_nid().jsing2018-02-221-1/+13
|
* Provide X509_REQ_get_signature_nid().jsing2018-02-221-1/+7
|
* Provide X509_NAME_get0_der().jsing2018-02-201-1/+14
| | | | From OpenSSL.
* Provide X509_REQ_get0_signature()jsing2018-02-201-1/+11
|
* Provide X509_CRL_get0_{last,next}Update() and X509_CRL_get0_signature().jsing2018-02-201-1/+23
|
* Provide X509_get0_extensions() and X509_get0_signature()jsing2018-02-171-1/+11
|
* Provide ASN1_STRING_get0_data().jsing2018-02-142-3/+10
|
* Provide X509_get_signature_nid().jsing2018-02-141-1/+7
|
* Rewrite ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.jsing2017-11-281-81/+78
| | | | | | | This removes the last remaining use of the old M_ASN1_* macros (asn1_mac.h) from API that needs to continue to exist. ok beck@ inoguchi@
* Put the opening curly brace in the right place.jsing2017-08-281-2/+3
|
* Make the symbol for ASN1_time_tm_clamp_notafter visible so libtlsbeck2017-08-271-3/+1
| | | | | can get at it, so libtls can also deal with notafter's past the realm of 32 bit time in portable
* Add ability to clamp a notafter to values representable in a 32 bit time_tbeck2017-08-132-2/+20
| | | | | | This will only be used in portable. As noted, necessary to make us conformant to RFC 5280 4.1.2.5. ok jsing@ bcook@
* Add ASN1_TIME_set_tm to set an asn1 from a struct tm *beck2017-05-062-2/+13
| | | | ok jsing@
* use freezero() instead of memset/explicit_bzero + free. Substantiallyderaadt2017-05-024-31/+14
| | | | | | | | | | reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
* Fix silly code that printfs NULL when there are no fractional secondsbeck2017-04-031-2/+2
| | | | | | on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
* Send the function codes from the error functions to the bit bucket,beck2017-01-2946-550/+324
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-212-8/+38
| | | | No change to generated assembly excluding line numbers.
* Place ASN_ITEM_{ptr,rptr,ref} and DECLARE_ASN1_ITEM under #ifndefjsing2016-12-301-2/+4
| | | | LIBRESSL_INTERNAL.
* Expand ASN1_ITEM_rptr and ASN1_ITEM_ptr macros - no change in generatedjsing2016-12-309-33/+33
| | | | assembly.
* Place the DECLARE_ASN1_* macros under #ifndef LIBRESSL_INTERNAL.jsing2016-12-271-4/+10
|
* Use correct version of previous macro expansion.jsing2016-12-271-5/+5
|
* Expand DECLARE_ASN1_FUNCTIONS_{fname,name} macros - no change tojsing2016-12-271-6/+22
| | | | preprocessor output, excluding line numbers and newlines.
* Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have beenjsing2016-12-271-4/+1
| | | | | nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
* Expand DECLARE_ASN1_ITEM macros - no change in preprocessor output.jsing2016-12-272-12/+12
|
* Expand DECLARE_ASN1_* macros. No change in preprocessor output, excludingjsing2016-12-271-20/+92
| | | | line numbering and new lines.
* Explicitly export a list of symbols from libcrypto.jsing2016-12-212-2/+10
| | | | | | | | | | | | | | | | Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
* don't dereference a if NULLbcook2016-11-061-2/+2
|
* simplify error handling in c2i_ASN1_OBJECTbcook2016-11-061-10/+12
| | | | ok beck@, miod@
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-042-13/+16
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* Fix a short-read bug in the previous version of asn1_d2i_read_biobcook2016-05-201-26/+28
| | | | The outer while() loop is missing, so we only read up to chunk_max bytes.
* internal only negative types should not be handled here.tedu2016-05-043-9/+3
| | | | CVE-2016-2108 from openssl.
* be careful about consuming excessive memory by reading in chunks.tedu2016-05-041-14/+37
| | | | CVE-2016-2109 from openssl.
* revert the big change from yesterday to prepare for smaller commits.tedu2016-05-044-40/+23
|
* patch from openssl for multiple issues:tedu2016-05-034-23/+40
| | | | | | | missing padding check in aesni functions overflow in evp encode functions use of invalid negative asn.1 types ok beck
* explicit_bzero for asn1 objects on free. Too often these contain sensitive ↵beck2016-03-171-24/+27
| | | | | | | information and they should not be a performance bottleneck ok miod@ krw@
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-111-3/+2
| | | | ok doug@
* explict_bzero for some asn1 free's - ok miod@beck2016-03-062-3/+9
|
* remove NULL-checks before free()mmcc2015-12-231-5/+3
|
* assign pointer NULL rather than 0mmcc2015-12-231-2/+2
|
* assign pointer to NULL rather than 0mmcc2015-12-231-2/+2
|
* initialize a pointer to NULL rather than 0mmcc2015-12-221-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 18:22:15 +0000