summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visiblejsing2015-02-107-15/+55
| | | | | | | | | and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS_{const,fname,name} macros so that thejsing2015-02-102-8/+152
| | | | | | | | | code is visible and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-0919-60/+1044
| | | | | | | | | functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Check memory allocation results, as well as stack pushes.miod2015-02-081-9/+34
| | | | | | Also fix a memory leak in one of the error paths of SMIME_read_ASN1(), spotted by doug@ tweaks&ok doug@ jsing@
* Don't leak addresses in error messages.miod2015-02-071-2/+2
|
* Delete a lot of #if 0 code in libressl.doug2015-02-077-98/+7
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* Fix a number of issues relating to algorithms in signatures, Mostlybeck2015-01-283-3/+25
| | | | | | from OpenSSL with a hint of boring and some things done here. Addresses CVE-2014-8275 for OpenSSL fully ok miod@ doug@
* GOST crypto algorithms (well, most of them), ported from the removed GOSTmiod2014-11-091-2/+12
| | | | | | | | | | | | engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov; libcrypto bits only for now. This is a verbatim import of Dmitry's work, and does not compile in this state; the forthcoming commits will address these issues. None of the GOST code is enabled in libcrypto yet, for it still gets compiled with OPENSSL_NO_GOST defined. However, the public header gost.h will be installed.
* Check the result of sk_*_push() operations for failure.miod2014-10-281-3/+9
| | | | ok doug@ jsing@
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-223-14/+13
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* Paranoia: in ASN1_mbstring_ncopy(), check for len < 0 instead of len == -1,miod2014-10-121-2/+2
| | | | in order to catch all negative sizes.
* Use string literals in printf style calls so gcc's -Wformat works.doug2014-10-031-3/+2
| | | | ok tedu@, miod@
* a_enum.c used to be a copy of a_int.c with s/INTEGER/ENUMERATED/g , butmiod2014-09-211-4/+9
| | | | | | | | some changes an a_int.c did not get applied to a_enum.c; despite style changes, make sure BN_to_ASN1_ENUMERATED() correctly handles a zero value the same way BN_to_ASN1_INTEGER() does. ok bcook@ beck@ jsing@
* Fix a memory leak in the error path in ASN1_mbstring_ncopy().miod2014-09-211-19/+29
| | | | | | | Replace an if() posse with a switch() statement in traverse_string(). Remove unnecessary casts in cpy_*(), with tweaks from guenther@; ok bcook@ jsing@ guenther@
* Fix CVE-2014-3508, pretty printing and OID validation:guenther2014-08-081-10/+21
| | | | | | | | | | | - make sure the output buffer is always NUL terminated if buf_len was initially greater than zero. - reject OIDs that are too long, too short, or not in proper base-127 Based on https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87 ok bcook@
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-251-3/+2
| | | | | | Remove unnecessary NULL check. ok miod@
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-132-8/+8
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Don't include asn1_mac.h if all you need is asn1.h.miod2014-07-131-2/+2
|
* No need to include asn1_mac.h here.miod2014-07-121-2/+1
|
* A few fixes/improvements:miod2014-07-121-20/+19
| | | | | | | | | | | | | | | | - first, BN_free == BN_clear_free in our libcrypto, so we do not need to treat CBIGNUM (crypto BN) separately from BIGNUM (regular BN). - then, in bn_i2c(), since BN_bn2bin returns BN_num_bytes(input), take advantage of this to avoid calling BN_num_bytes() a second time. BN_num_bytes() is cheap, but this not a reason to perform redundant work. - finally, in bn_c2i, if bn_new() fails, return early. Otherwise BN_bin2bn will try to create a BN too, and although this will probably fail since we were already out of memory, if we are on a threaded process and suddenly the allocation succeeds, we will leak it since it will never be stored in *pval. ok jsing@
* Make sure the return value of X509_NAME_oneline(, NULL,) is checked againstmiod2014-07-122-5/+13
| | | | | NULL. ok deraadt@ guenther@ jsing@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-125-25/+15
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* typosmiod2014-07-121-2/+2
|
* In ASN1_get_object(), reject primitive encodings using the indefinite lengthmiod2014-07-111-1/+4
| | | | constructed form. OpenSSL PR #2438 via OpenSSL trunk
* In asn1_get_length(), tolerate leading zeroes in BER encoding.miod2014-07-111-5/+8
| | | | OpenSSL PR #2746 via OpenSSL trunk
* Tolerate critical AKID in CRLs; OpenSSL PR #3014 via OpenSSL trunk, andmiod2014-07-111-7/+8
| | | | also update the comments to reflect what the code now does.
* More memory leaks and unchecked allocations; OpenSSL PR #3403 via OpenSSLmiod2014-07-114-7/+19
| | | | trunk. (note we had already fixed some of the issues in that PR independently)
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-1165-209/+234
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-1012-12/+46
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Use size_t as realloc() size argument whenever possible. ok tedu@miod2014-07-102-6/+8
|
* Inline the only use of the HEX_SIZE macro and nuke both DECIMAL_SIZE andjsing2014-07-101-2/+2
| | | | | | HEX_SIZE. ok beck@ miod@
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-1024-32/+80
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* make asn1 free safe to call with null pointers of any type.tedu2014-07-101-4/+3
| | | | ok jsing miod
* delete some casts. ok miodtedu2014-07-104-14/+14
|
* ASN1_STRING_free can handle NULL, so callers don't need to check. ok miodtedu2014-07-092-10/+7
|
* remove unused, private version strings except SSL_version_strbcook2014-07-091-2/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* Remove M_ASN1_New* macros which are only used in X509_PKEY_new() are obfuscatemiod2014-06-272-22/+16
| | | | | | it to hide memory leaks in the error paths, and fix aforementioned memory leaks. ok jsing@ logan@ deraadt@
* Unifdef -UNO_SYS_TYPES_Hmiod2014-06-243-12/+6
|
* Remove previously commented out wrong code, as well as the comment saying thismiod2014-06-241-3/+1
| | | | is incorrect code.
* nuke unused test programs; ok jsingderaadt2014-06-222-46/+2
|
* tags as requested by miod and teduderaadt2014-06-1282-80/+82
|
* do not include dso.h where it is not needed; ok miodderaadt2014-06-091-1/+0
|
* malloc() result does not need a cast.deraadt2014-06-071-1/+1
| | | | ok miod
* There is no need for is{upper,lower}() tests before to{lower,uppper}(),deraadt2014-06-011-23/+6
| | | | | since all other characters are mapped through transparently. ok jsing
* Change the actual default for returned asn1 strings to be utf8 in the code,beck2014-05-311-1/+1
| | | | | | | rather than only in the config file, to trip people up later. Found, and fix pleaded for by <spider@skuggor.se> who apparently spent hours chasing it down. ok miod@
* Add a comment documenting where libssl depends upon the current (objectionable)miod2014-05-311-0/+1
| | | | behaviour of this code, to prevent people from blindly changing it.
* more: no need for null check before freederaadt2014-05-3012-46/+23
| | | | ok tedu guenther
* remove CONST_STRICT. ok beck deraadttedu2014-05-301-2/+0
|
* no need for null check before free. from Brendan MacDonelltedu2014-05-309-28/+14
|
* convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53deraadt2014-05-292-2/+2
| | | | | | | | | potential integer overflows easily changed into an allocation return of NULL, with errno nicely set if need be. checks for an allocations returning NULL are commonplace, or if the object is dereferenced (quite normal) will result in a nice fault which can be detected & repaired properly. ok tedu
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-23 20:47:23 +0000