summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ocsp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* spelling fixes; from paul tagliamontejmc2022-12-262-4/+4
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Make internal header file names consistenttb2022-11-262-4/+4
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Remove mkerr.pl remnants from LibreSSLkn2022-07-122-12/+2
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* X509_GET_PUBKEY(3) return value check in libcryptoinoguchi2022-01-221-3/+3
| | | | | | ok beck@ tb@ suggest using X509_get0_pubkey() and remove EVP_PKEY_free() from tb@
* X509_GET_PUBKEY(3) return value check in libcryptoinoguchi2022-01-221-2/+4
| | | | ok beck@ tb@
* Make structs in ocsp.h opaquetb2022-01-142-234/+260
| | | | | | This adds a little order to this pig sty. ok inoguchi jsing
* Add an essentially empty ocsp_local.h and include it in the filestb2022-01-078-7/+90
| | | | | | that will need it in the upcoming bump. discussed with jsing
* Fix OCSP_basic_verify() cert chain construction in case thetb2021-11-241-2/+5
| | | | | | | | OCSP_BASICRESP bs contains no certificates. From David von Oheimb (OpenSSL 121738d1) ok beck
* Simplify slightly by using X509_get0_pubkey() thus eliminating thetb2021-11-241-3/+2
| | | | | | need for EVP_PKEY_free(). ok beck
* Fix a whitespace error that has annoyed me for way too longtb2021-11-241-2/+2
|
* Move the now internal X.509-related structs into x509_lcl.h.tb2021-11-014-6/+10
| | | | | | | | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
* Unifdef LIBRESSL_NEW_API. Now that the library is bumped, this istb2021-11-011-5/+1
| | | | | | no longer needed. ok jsing
* Prepare to provide a bunch of OCSP_resp_* getters.tb2021-10-243-3/+74
| | | | ok beck jsing
* Fix leak or double free with OCSP_request_add0_id()tb2020-10-091-8/+9
| | | | | | | | | | | | | | | | | On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed). The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function. Found while reviewing an upcoming diff by beck. ok jsing
* spelling; from miodjmc2018-11-251-2/+2
|
* Add const to two arguments of OCSP_cert_to_id()tb2018-08-242-6/+7
| | | | | tested in a bulk by sthen ok jsing
* wrap an overlong linetb2018-05-141-2/+3
|
* Add const qualifier to the path and url{,s} parameters oftb2018-05-134-15/+16
| | | | | | | | OCSP_crlID_new(3), OCSP_parse_url(3), OCSP_sendreq_bio(3), OCSP_sendreq_new(3), and OCSP_url_svcloc_new(3). tested in a bulk build by sthen ok jsing (as part of a larger diff)
* Add const qualifier to the X509_NAME *, ASN1_BIT_STRING *, andtb2018-05-132-6/+6
| | | | | | | ASN1_INTEGER * arguments of OCSP_cert_id_new(3). tested in a bulk build by sthen ok jsing (as part of a larger diff)
* Add const qualifier to the ASN1_OBJECT * argument of:tb2018-05-132-11/+12
| | | | | | | | OCSP_REQUEST_get_ext_by_OBJ(3), OCSP_ONEREQ_ext_by_OBJ(3) OCSP_BASICRESP_get_ext_by_OBJ(3), OCSP_SINGLERESP_get_ext_by_OBJ(3) tested in a bulk build by sthen ok jsing (as part of a larger diff)
* Provide OCSP_SINGLERESP_get0_id().jsing2018-03-172-2/+9
|
* Send the function codes from the error functions to the bit bucket,beck2017-01-296-87/+43
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Expand ASN1_ITEM_rptr macros - no change in preprocessor output.jsing2016-12-301-6/+6
|
* Expand ASN1_ITEM_rptr macros - no change in generated assembly.jsing2016-12-302-4/+4
|
* Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have beenjsing2016-12-271-3/+1
| | | | | nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
* Kill some #if 0 code that uses old-style ASN.1 encoding.jsing2016-12-271-45/+1
|
* rewrite OCSP_parse_url to be sligthly less nasty and not have one byte ↵beck2016-12-211-78/+34
| | | | | | buffer overreads helpful nitpicking and ok tb@ miod@
* Check BIO_new*() for failure.miod2016-11-051-2/+5
| | | | ok beck@ jsing@
* X509_STORE_CTX_set_*() may fail, so check for errors.miod2016-11-051-4/+14
| | | | ok beck@
* Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* withjsing2016-11-042-15/+30
| | | | | | ASN1_item_{d2i,i2d}_* equivalents. ok guenther@ miod@
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-041-10/+7
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-17/+81
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Clean up OCSP_check_validity() a bit more.beck2016-07-161-11/+10
| | | | | | - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
* remove unneeded duplicate call - spotted by jsing@beck2016-07-051-3/+1
|
* Add several fixes from OpenSSL to make OCSP work with intermediatebeck2016-07-051-10/+24
| | | | | | certificates provided in the response. - makes our newly added ocsp regress test pass too.. ok bcook@
* Fix from kinichiro.inoguchi@gmail.com to ensure that OCSP usesbeck2016-06-251-2/+2
| | | | Generalized Time on requests as per RFC6960
* Fix the ocsp code to actually check for errors when comparing time valuesbeck2016-06-251-7/+31
| | | | | | | | | which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960. Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
* Use ASN1_item_dup() instead of ASN1_dup().jsing2015-09-261-4/+3
| | | | ok bcook@
* Expand ASN.1 template macros - no change in generated assembly.jsing2015-07-251-76/+496
|
* Drop stupid (int) casts for the arguments of malloc() and friends. This ismiod2015-07-191-3/+3
| | | | | not 16-bit MS-DOS anymore. ok bcook@ tedu@
* Check return value of all used functions in OCSP_REQUEST_print(); coversmiod2015-07-161-5/+9
| | | | Coverity CID 78796; ok beck@
* Manually expand ASN1_ITEM_rptr macros that should have been expanded withjsing2015-02-101-2/+2
| | | | the IMPLEMENT_ASN1_DUP_FUNCTION macro.
* Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visiblejsing2015-02-101-2/+7
| | | | | | | | | and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-091-16/+376
| | | | | | | | functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Check the result of sk_*_push() operations for failure.miod2014-10-281-2/+5
| | | | ok doug@ jsing@
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-221-3/+3
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* None of these need to include <openssl/rand.h>jsing2014-10-183-6/+3
|
* Use string literals in printf style calls so gcc's -Wformat works.doug2014-10-031-8/+4
| | | | ok tedu@, miod@
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-251-3/+2
| | | | | | Remove unnecessary NULL check. ok miod@
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-131-6/+6
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-29 05:51:49 +0000