summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ocsp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix leak or double free with OCSP_request_add0_id()tb2020-10-091-8/+9
| | | | | | | | | | | | | | | | | On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed). The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function. Found while reviewing an upcoming diff by beck. ok jsing
* spelling; from miodjmc2018-11-251-2/+2
|
* Add const to two arguments of OCSP_cert_to_id()tb2018-08-242-6/+7
| | | | | tested in a bulk by sthen ok jsing
* wrap an overlong linetb2018-05-141-2/+3
|
* Add const qualifier to the path and url{,s} parameters oftb2018-05-134-15/+16
| | | | | | | | OCSP_crlID_new(3), OCSP_parse_url(3), OCSP_sendreq_bio(3), OCSP_sendreq_new(3), and OCSP_url_svcloc_new(3). tested in a bulk build by sthen ok jsing (as part of a larger diff)
* Add const qualifier to the X509_NAME *, ASN1_BIT_STRING *, andtb2018-05-132-6/+6
| | | | | | | ASN1_INTEGER * arguments of OCSP_cert_id_new(3). tested in a bulk build by sthen ok jsing (as part of a larger diff)
* Add const qualifier to the ASN1_OBJECT * argument of:tb2018-05-132-11/+12
| | | | | | | | OCSP_REQUEST_get_ext_by_OBJ(3), OCSP_ONEREQ_ext_by_OBJ(3) OCSP_BASICRESP_get_ext_by_OBJ(3), OCSP_SINGLERESP_get_ext_by_OBJ(3) tested in a bulk build by sthen ok jsing (as part of a larger diff)
* Provide OCSP_SINGLERESP_get0_id().jsing2018-03-172-2/+9
|
* Send the function codes from the error functions to the bit bucket,beck2017-01-296-87/+43
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Expand ASN1_ITEM_rptr macros - no change in preprocessor output.jsing2016-12-301-6/+6
|
* Expand ASN1_ITEM_rptr macros - no change in generated assembly.jsing2016-12-302-4/+4
|
* Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have beenjsing2016-12-271-3/+1
| | | | | nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
* Kill some #if 0 code that uses old-style ASN.1 encoding.jsing2016-12-271-45/+1
|
* rewrite OCSP_parse_url to be sligthly less nasty and not have one byte ↵beck2016-12-211-78/+34
| | | | | | buffer overreads helpful nitpicking and ok tb@ miod@
* Check BIO_new*() for failure.miod2016-11-051-2/+5
| | | | ok beck@ jsing@
* X509_STORE_CTX_set_*() may fail, so check for errors.miod2016-11-051-4/+14
| | | | ok beck@
* Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* withjsing2016-11-042-15/+30
| | | | | | ASN1_item_{d2i,i2d}_* equivalents. ok guenther@ miod@
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-041-10/+7
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-17/+81
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Clean up OCSP_check_validity() a bit more.beck2016-07-161-11/+10
| | | | | | - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
* remove unneeded duplicate call - spotted by jsing@beck2016-07-051-3/+1
|
* Add several fixes from OpenSSL to make OCSP work with intermediatebeck2016-07-051-10/+24
| | | | | | certificates provided in the response. - makes our newly added ocsp regress test pass too.. ok bcook@
* Fix from kinichiro.inoguchi@gmail.com to ensure that OCSP usesbeck2016-06-251-2/+2
| | | | Generalized Time on requests as per RFC6960
* Fix the ocsp code to actually check for errors when comparing time valuesbeck2016-06-251-7/+31
| | | | | | | | | which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960. Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
* Use ASN1_item_dup() instead of ASN1_dup().jsing2015-09-261-4/+3
| | | | ok bcook@
* Expand ASN.1 template macros - no change in generated assembly.jsing2015-07-251-76/+496
|
* Drop stupid (int) casts for the arguments of malloc() and friends. This ismiod2015-07-191-3/+3
| | | | | not 16-bit MS-DOS anymore. ok bcook@ tedu@
* Check return value of all used functions in OCSP_REQUEST_print(); coversmiod2015-07-161-5/+9
| | | | Coverity CID 78796; ok beck@
* Manually expand ASN1_ITEM_rptr macros that should have been expanded withjsing2015-02-101-2/+2
| | | | the IMPLEMENT_ASN1_DUP_FUNCTION macro.
* Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visiblejsing2015-02-101-2/+7
| | | | | | | | | and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-091-16/+376
| | | | | | | | functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Check the result of sk_*_push() operations for failure.miod2014-10-281-2/+5
| | | | ok doug@ jsing@
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-221-3/+3
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* None of these need to include <openssl/rand.h>jsing2014-10-183-6/+3
|
* Use string literals in printf style calls so gcc's -Wformat works.doug2014-10-031-8/+4
| | | | ok tedu@, miod@
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-251-3/+2
| | | | | | Remove unnecessary NULL check. ok miod@
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-131-6/+6
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Principle of least surprise: make CMAC_CTX_free(), OCSP_REQ_CTX_free() andmiod2014-07-121-1/+4
| | | | | X509_STORE_CTX_free() accept NULL pointers as input without dereferencing them, like all the other well-behaved *_CTX_free() functions do.
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-114-16/+17
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-102-2/+7
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-102-4/+8
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* reset host, port, path to null after freeing so the caller doesn'ttedu2014-07-091-1/+4
| | | | | accidentally free them again. actually a bug in the caller and (hey hey) apps/ocsp.c has exactly that bug, but it's easier/safer to fix here.
* ocsp_check_ids says "If algoritm mismatch let caller deal with it" beforetedu2014-07-091-6/+1
| | | | | | returning 2. The one and only caller doesn't check for that, so... Stop returning it. ok miod
* tags as requested by miod and teduderaadt2014-06-1210-10/+10
|
* no need for null check before free. from Brendan MacDonelltedu2014-05-301-2/+1
|
* Not OPENSSL_SYS_SUNOS.jsing2014-05-231-3/+0
|
* Plug memory leaks upon error in OCSP_url_svcloc_new().miod2014-05-181-6/+9
| | | | ok jsing@
* In OCSP_sendreq_bio(), cope with OCSP_sendreq_new() returning NULL.miod2014-05-181-4/+6
| | | | ok jsing@
* More KNF.jsing2014-05-1810-193/+208
|
* unchecked malloc() return value in OCSP_sendreq_new().miod2014-05-171-0/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-05 01:51:13 +0000