summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ocsp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Convert libressl to use the BoringSSL style time conversionsbeck2024-03-241-41/+34
| | | | | | | | This gets rid of our last uses of timegm and gmtime in the library and things that ship with it. It includes a bit of refactoring in ocsp_cl.c to remove some obvious ugly. ok tb@
* Remove beck's ASN.1 time API from public visibilitytb2024-03-021-1/+2
| | | | | | | | | | | | This API was needed since OpenSSL didn't have one. We now have variants of OpenSSL's API and will also expose BoringSSL's complementary API. The users of this API were ported to the OpenSSL variants and some may switch to BoringSSL's in the future. Part of it is still used internally. ASN1_time_tm_clamp_notafter() is still used by libtls (and only libtls). This will be fixed in a future bump. ok jsing
* correct spelling of FALLTHROUGHjsg2023-11-281-2/+2
|
* Hide symbols in cast, idea, and ocspbeck2023-07-089-9/+166
| | | | ok tb@
* spelling fixes; from paul tagliamontejmc2022-12-262-4/+4
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Make internal header file names consistenttb2022-11-262-4/+4
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Remove mkerr.pl remnants from LibreSSLkn2022-07-122-12/+2
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* X509_GET_PUBKEY(3) return value check in libcryptoinoguchi2022-01-221-3/+3
| | | | | | ok beck@ tb@ suggest using X509_get0_pubkey() and remove EVP_PKEY_free() from tb@
* X509_GET_PUBKEY(3) return value check in libcryptoinoguchi2022-01-221-2/+4
| | | | ok beck@ tb@
* Make structs in ocsp.h opaquetb2022-01-142-234/+260
| | | | | | This adds a little order to this pig sty. ok inoguchi jsing
* Add an essentially empty ocsp_local.h and include it in the filestb2022-01-078-7/+90
| | | | | | that will need it in the upcoming bump. discussed with jsing
* Fix OCSP_basic_verify() cert chain construction in case thetb2021-11-241-2/+5
| | | | | | | | OCSP_BASICRESP bs contains no certificates. From David von Oheimb (OpenSSL 121738d1) ok beck
* Simplify slightly by using X509_get0_pubkey() thus eliminating thetb2021-11-241-3/+2
| | | | | | need for EVP_PKEY_free(). ok beck
* Fix a whitespace error that has annoyed me for way too longtb2021-11-241-2/+2
|
* Move the now internal X.509-related structs into x509_lcl.h.tb2021-11-014-6/+10
| | | | | | | | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
* Unifdef LIBRESSL_NEW_API. Now that the library is bumped, this istb2021-11-011-5/+1
| | | | | | no longer needed. ok jsing
* Prepare to provide a bunch of OCSP_resp_* getters.tb2021-10-243-3/+74
| | | | ok beck jsing
* Fix leak or double free with OCSP_request_add0_id()tb2020-10-091-8/+9
| | | | | | | | | | | | | | | | | On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed). The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function. Found while reviewing an upcoming diff by beck. ok jsing
* spelling; from miodjmc2018-11-251-2/+2
|
* Add const to two arguments of OCSP_cert_to_id()tb2018-08-242-6/+7
| | | | | tested in a bulk by sthen ok jsing
* wrap an overlong linetb2018-05-141-2/+3
|
* Add const qualifier to the path and url{,s} parameters oftb2018-05-134-15/+16
| | | | | | | | OCSP_crlID_new(3), OCSP_parse_url(3), OCSP_sendreq_bio(3), OCSP_sendreq_new(3), and OCSP_url_svcloc_new(3). tested in a bulk build by sthen ok jsing (as part of a larger diff)
* Add const qualifier to the X509_NAME *, ASN1_BIT_STRING *, andtb2018-05-132-6/+6
| | | | | | | ASN1_INTEGER * arguments of OCSP_cert_id_new(3). tested in a bulk build by sthen ok jsing (as part of a larger diff)
* Add const qualifier to the ASN1_OBJECT * argument of:tb2018-05-132-11/+12
| | | | | | | | OCSP_REQUEST_get_ext_by_OBJ(3), OCSP_ONEREQ_ext_by_OBJ(3) OCSP_BASICRESP_get_ext_by_OBJ(3), OCSP_SINGLERESP_get_ext_by_OBJ(3) tested in a bulk build by sthen ok jsing (as part of a larger diff)
* Provide OCSP_SINGLERESP_get0_id().jsing2018-03-172-2/+9
|
* Send the function codes from the error functions to the bit bucket,beck2017-01-296-87/+43
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Expand ASN1_ITEM_rptr macros - no change in preprocessor output.jsing2016-12-301-6/+6
|
* Expand ASN1_ITEM_rptr macros - no change in generated assembly.jsing2016-12-302-4/+4
|
* Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have beenjsing2016-12-271-3/+1
| | | | | nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
* Kill some #if 0 code that uses old-style ASN.1 encoding.jsing2016-12-271-45/+1
|
* rewrite OCSP_parse_url to be sligthly less nasty and not have one byte ↵beck2016-12-211-78/+34
| | | | | | buffer overreads helpful nitpicking and ok tb@ miod@
* Check BIO_new*() for failure.miod2016-11-051-2/+5
| | | | ok beck@ jsing@
* X509_STORE_CTX_set_*() may fail, so check for errors.miod2016-11-051-4/+14
| | | | ok beck@
* Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* withjsing2016-11-042-15/+30
| | | | | | ASN1_item_{d2i,i2d}_* equivalents. ok guenther@ miod@
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-041-10/+7
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-17/+81
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Clean up OCSP_check_validity() a bit more.beck2016-07-161-11/+10
| | | | | | - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
* remove unneeded duplicate call - spotted by jsing@beck2016-07-051-3/+1
|
* Add several fixes from OpenSSL to make OCSP work with intermediatebeck2016-07-051-10/+24
| | | | | | certificates provided in the response. - makes our newly added ocsp regress test pass too.. ok bcook@
* Fix from kinichiro.inoguchi@gmail.com to ensure that OCSP usesbeck2016-06-251-2/+2
| | | | Generalized Time on requests as per RFC6960
* Fix the ocsp code to actually check for errors when comparing time valuesbeck2016-06-251-7/+31
| | | | | | | | | which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960. Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
* Use ASN1_item_dup() instead of ASN1_dup().jsing2015-09-261-4/+3
| | | | ok bcook@
* Expand ASN.1 template macros - no change in generated assembly.jsing2015-07-251-76/+496
|
* Drop stupid (int) casts for the arguments of malloc() and friends. This ismiod2015-07-191-3/+3
| | | | | not 16-bit MS-DOS anymore. ok bcook@ tedu@
* Check return value of all used functions in OCSP_REQUEST_print(); coversmiod2015-07-161-5/+9
| | | | Coverity CID 78796; ok beck@
* Manually expand ASN1_ITEM_rptr macros that should have been expanded withjsing2015-02-101-2/+2
| | | | the IMPLEMENT_ASN1_DUP_FUNCTION macro.
* Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visiblejsing2015-02-101-2/+7
| | | | | | | | | and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-091-16/+376
| | | | | | | | functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Check the result of sk_*_push() operations for failure.miod2014-10-281-2/+5
| | | | ok doug@ jsing@
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-221-3/+3
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-26 10:06:53 +0000