summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ocsp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Provide OCSP_SINGLERESP_get0_id().jsing2018-03-172-2/+9
|
* Send the function codes from the error functions to the bit bucket,beck2017-01-296-87/+43
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Expand ASN1_ITEM_rptr macros - no change in preprocessor output.jsing2016-12-301-6/+6
|
* Expand ASN1_ITEM_rptr macros - no change in generated assembly.jsing2016-12-302-4/+4
|
* Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have beenjsing2016-12-271-3/+1
| | | | | nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
* Kill some #if 0 code that uses old-style ASN.1 encoding.jsing2016-12-271-45/+1
|
* rewrite OCSP_parse_url to be sligthly less nasty and not have one byte ↵beck2016-12-211-78/+34
| | | | | | buffer overreads helpful nitpicking and ok tb@ miod@
* Check BIO_new*() for failure.miod2016-11-051-2/+5
| | | | ok beck@ jsing@
* X509_STORE_CTX_set_*() may fail, so check for errors.miod2016-11-051-4/+14
| | | | ok beck@
* Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* withjsing2016-11-042-15/+30
| | | | | | ASN1_item_{d2i,i2d}_* equivalents. ok guenther@ miod@
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-041-10/+7
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-17/+81
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Clean up OCSP_check_validity() a bit more.beck2016-07-161-11/+10
| | | | | | - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
* remove unneeded duplicate call - spotted by jsing@beck2016-07-051-3/+1
|
* Add several fixes from OpenSSL to make OCSP work with intermediatebeck2016-07-051-10/+24
| | | | | | certificates provided in the response. - makes our newly added ocsp regress test pass too.. ok bcook@
* Fix from kinichiro.inoguchi@gmail.com to ensure that OCSP usesbeck2016-06-251-2/+2
| | | | Generalized Time on requests as per RFC6960
* Fix the ocsp code to actually check for errors when comparing time valuesbeck2016-06-251-7/+31
| | | | | | | | | which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960. Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
* Use ASN1_item_dup() instead of ASN1_dup().jsing2015-09-261-4/+3
| | | | ok bcook@
* Expand ASN.1 template macros - no change in generated assembly.jsing2015-07-251-76/+496
|
* Drop stupid (int) casts for the arguments of malloc() and friends. This ismiod2015-07-191-3/+3
| | | | | not 16-bit MS-DOS anymore. ok bcook@ tedu@
* Check return value of all used functions in OCSP_REQUEST_print(); coversmiod2015-07-161-5/+9
| | | | Coverity CID 78796; ok beck@
* Manually expand ASN1_ITEM_rptr macros that should have been expanded withjsing2015-02-101-2/+2
| | | | the IMPLEMENT_ASN1_DUP_FUNCTION macro.
* Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visiblejsing2015-02-101-2/+7
| | | | | | | | | and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-091-16/+376
| | | | | | | | functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Check the result of sk_*_push() operations for failure.miod2014-10-281-2/+5
| | | | ok doug@ jsing@
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-221-3/+3
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* None of these need to include <openssl/rand.h>jsing2014-10-183-6/+3
|
* Use string literals in printf style calls so gcc's -Wformat works.doug2014-10-031-8/+4
| | | | ok tedu@, miod@
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-251-3/+2
| | | | | | Remove unnecessary NULL check. ok miod@
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-131-6/+6
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Principle of least surprise: make CMAC_CTX_free(), OCSP_REQ_CTX_free() andmiod2014-07-121-1/+4
| | | | | X509_STORE_CTX_free() accept NULL pointers as input without dereferencing them, like all the other well-behaved *_CTX_free() functions do.
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-114-16/+17
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-102-2/+7
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-102-4/+8
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* reset host, port, path to null after freeing so the caller doesn'ttedu2014-07-091-1/+4
| | | | | accidentally free them again. actually a bug in the caller and (hey hey) apps/ocsp.c has exactly that bug, but it's easier/safer to fix here.
* ocsp_check_ids says "If algoritm mismatch let caller deal with it" beforetedu2014-07-091-6/+1
| | | | | | returning 2. The one and only caller doesn't check for that, so... Stop returning it. ok miod
* tags as requested by miod and teduderaadt2014-06-1210-10/+10
|
* no need for null check before free. from Brendan MacDonelltedu2014-05-301-2/+1
|
* Not OPENSSL_SYS_SUNOS.jsing2014-05-231-3/+0
|
* Plug memory leaks upon error in OCSP_url_svcloc_new().miod2014-05-181-6/+9
| | | | ok jsing@
* In OCSP_sendreq_bio(), cope with OCSP_sendreq_new() returning NULL.miod2014-05-181-4/+6
| | | | ok jsing@
* More KNF.jsing2014-05-1810-193/+208
|
* unchecked malloc() return value in OCSP_sendreq_new().miod2014-05-171-0/+2
|
* KNFmiod2014-05-178-1274/+1332
|
* Replace all use of ERR_add_error_data with ERR_asprintf_error_data.beck2014-04-262-5/+5
| | | | | | | | This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
* Put the final pieces from e_os.h in the required places, and remove it.deraadt2014-04-181-1/+0
| | | | | "dance on it's grave" says beck ok guenther beck
* fix some more leaks, mostly suggestions from miodjsg2014-04-171-0/+3
| | | | ok miod@
* fix some of the leaksjsg2014-04-171-3/+11
| | | | ok miod@ looks good deraadt@
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-173-15/+15
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* we don't use these files for buildingtedu2014-04-151-78/+0
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 17:41:48 +0000