summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove d2i_X509_PKEY and i2d_X509_PKEY from the SSLeay days.doug2015-04-121-41/+1
| | | | | | | | i2d_X509_PKEY is a "needs to implement" and d2i_X509_PKEY is broken. Removed upstream in commit b1f3442857c1fd76e91941141bf671d19e90a79d. ok deraadt@, jsing@
* Fix several crash causing defects from OpenSSL.tedu2015-03-198-25/+52
| | | | | | | | | | | | | These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt joint work with beck, doug, guenther, jsing, miod
* Remove IMPLEMENT_STACK_OF noops.jsing2015-02-221-2/+1
|
* Regenmiod2015-02-151-123/+124
|
* Remove asn1_ex_i2c() prototype, now that this function has been made static;miod2015-02-141-2/+1
| | | | reminded by bcook@
* Unchecked allocations in x509_name_canon().miod2015-02-141-1/+5
| | | | ok doug@ jsing@
* Memory leak upon error in X509_add1_{trust,reject}_object.miod2015-02-141-7/+23
| | | | ok doug@
* Manually expand IMPLEMENT_EXTERN_ASN1 macro (the only occurence in crypto).jsing2015-02-141-3/+10
| | | | Only change to generated assembly is due to line numbers.
* Remove IMPLEMENT_COMPAT_ASN1() and related support code. Nothing uses it inmiod2015-02-145-141/+7
| | | | | | libcrypto/libssl, and nothing seems to use it in the wild, apart from embedded copies of OpenSSL. ok jsing@
* Make asn1_ex_i2c() static. ok jsing@miod2015-02-141-2/+4
|
* Check i2d_name_canon() for failure (negative return). Coverity CID 78888.miod2015-02-141-6/+8
| | | | ok doug@ jsing@
* Possible NULL pointer dereferences. Coverity CID 21719, 21732.miod2015-02-142-3/+7
| | | | ok doug@ jsing@
* Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making thejsing2015-02-141-9/+53
| | | | | | | | | data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Spell NULL correctly, be explicit with NULL checks and it is also easier tojsing2015-02-142-10/+6
| | | | | | initialise during declaration and drop the else statement. ok doug@ miod@
* prevent a crash with openssl asn1parse -genstr FORMATjsg2015-02-121-1/+5
| | | | | | aka ASN1_generate_nconf("FORMAT", NULL) ok krw@ beck@ jsing@
* Remove initialisers with default values from the ASN1 data structures.jsing2015-02-1117-188/+23
| | | | | Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
* Expand most of the ASN1_SEQUENCE* and associated macros, making the datajsing2015-02-1117-146/+950
| | | | | | | | | | structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Enable building with -DOPENSSL_NO_DEPRECATED.doug2015-02-111-1/+2
| | | | | | | | | | | | | | | If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
* unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely tojsing2015-02-101-9/+1
| | | | | | be enabled, mostly since people use SANs instead. ok beck@ guenther@
* Remove more IMPLEMENT_STACK_OF noops that have been hiding for the lastjsing2015-02-103-9/+3
| | | | 15 years.
* Replace assert() and OPENSSL_assert() calls with proper error return paths.miod2015-02-101-5/+6
| | | | Careful review, feedback & ok doug@ jsing@
* Remove default value initialisers for ASN1_ITEM. Minor changes to generatedjsing2015-02-101-93/+11
| | | | assembly due to switches between .quad and .zero for structs.
* Expand IMPLEMENT_ASN1_TYPE macros - no change to generated assembly.jsing2015-02-101-23/+221
|
* The IMPLEMENT_STACK_OF and IMPLEMENT_ASN1_SET_OF macros were turned intojsing2015-02-106-26/+6
| | | | | noops around 15 years ago. Remove multiple occurances of both that still exist in the code today.
* Place the IMPLEMENT_ASN1_.*FUNCTION.* macros under an #ifndefjsing2015-02-101-1/+4
| | | | LIBRESSL_INTERNAL - we do not need them any more.
* Expand IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname macros that got missed.jsing2015-02-102-4/+28
|
* Manually expand ASN1_ITEM_rptr macros that should have been expanded withjsing2015-02-107-15/+15
| | | | the IMPLEMENT_ASN1_DUP_FUNCTION macro.
* Expand the -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_(const_)?fname macros so thatjsing2015-02-101-3/+27
| | | | | | | | the code is visible and functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visiblejsing2015-02-107-15/+55
| | | | | | | | | and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS_{const,fname,name} macros so that thejsing2015-02-102-8/+152
| | | | | | | | | code is visible and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-0919-60/+1044
| | | | | | | | | functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Check memory allocation results, as well as stack pushes.miod2015-02-081-9/+34
| | | | | | Also fix a memory leak in one of the error paths of SMIME_read_ASN1(), spotted by doug@ tweaks&ok doug@ jsing@
* Don't leak addresses in error messages.miod2015-02-071-2/+2
|
* Delete a lot of #if 0 code in libressl.doug2015-02-077-98/+7
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* Fix a number of issues relating to algorithms in signatures, Mostlybeck2015-01-283-3/+25
| | | | | | from OpenSSL with a hint of boring and some things done here. Addresses CVE-2014-8275 for OpenSSL fully ok miod@ doug@
* GOST crypto algorithms (well, most of them), ported from the removed GOSTmiod2014-11-091-2/+12
| | | | | | | | | | | | engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov; libcrypto bits only for now. This is a verbatim import of Dmitry's work, and does not compile in this state; the forthcoming commits will address these issues. None of the GOST code is enabled in libcrypto yet, for it still gets compiled with OPENSSL_NO_GOST defined. However, the public header gost.h will be installed.
* Check the result of sk_*_push() operations for failure.miod2014-10-281-3/+9
| | | | ok doug@ jsing@
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-223-14/+13
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* Paranoia: in ASN1_mbstring_ncopy(), check for len < 0 instead of len == -1,miod2014-10-121-2/+2
| | | | in order to catch all negative sizes.
* Use string literals in printf style calls so gcc's -Wformat works.doug2014-10-031-3/+2
| | | | ok tedu@, miod@
* a_enum.c used to be a copy of a_int.c with s/INTEGER/ENUMERATED/g , butmiod2014-09-211-4/+9
| | | | | | | | some changes an a_int.c did not get applied to a_enum.c; despite style changes, make sure BN_to_ASN1_ENUMERATED() correctly handles a zero value the same way BN_to_ASN1_INTEGER() does. ok bcook@ beck@ jsing@
* Fix a memory leak in the error path in ASN1_mbstring_ncopy().miod2014-09-211-19/+29
| | | | | | | Replace an if() posse with a switch() statement in traverse_string(). Remove unnecessary casts in cpy_*(), with tweaks from guenther@; ok bcook@ jsing@ guenther@
* Fix CVE-2014-3508, pretty printing and OID validation:guenther2014-08-081-10/+21
| | | | | | | | | | | - make sure the output buffer is always NUL terminated if buf_len was initially greater than zero. - reject OIDs that are too long, too short, or not in proper base-127 Based on https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87 ok bcook@
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-251-3/+2
| | | | | | Remove unnecessary NULL check. ok miod@
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-132-8/+8
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Don't include asn1_mac.h if all you need is asn1.h.miod2014-07-131-2/+2
|
* No need to include asn1_mac.h here.miod2014-07-121-2/+1
|
* A few fixes/improvements:miod2014-07-121-20/+19
| | | | | | | | | | | | | | | | - first, BN_free == BN_clear_free in our libcrypto, so we do not need to treat CBIGNUM (crypto BN) separately from BIGNUM (regular BN). - then, in bn_i2c(), since BN_bn2bin returns BN_num_bytes(input), take advantage of this to avoid calling BN_num_bytes() a second time. BN_num_bytes() is cheap, but this not a reason to perform redundant work. - finally, in bn_c2i, if bn_new() fails, return early. Otherwise BN_bin2bn will try to create a BN too, and although this will probably fail since we were already out of memory, if we are on a threaded process and suddenly the allocation succeeds, we will leak it since it will never be stored in *pval. ok jsing@
* Make sure the return value of X509_NAME_oneline(, NULL,) is checked againstmiod2014-07-122-5/+13
| | | | | NULL. ok deraadt@ guenther@ jsing@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-125-25/+15
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 21:25:29 +0000