summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ts/ts_rsp_sign.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Change ts to only support one second precision.beck2024-03-261-79/+3
| | | | | | | | | | | | | RFC 3631 allows for sub second ASN1 GENERALIZED times, if you choose to support sub second time precison. It does not indicate that an implementation must support them. Supporting sub second timestamps is just silly and unrealistic, so set our maximum to one second of precision. We then simplify this code by removing some nasty eye-bleed that made artisinally hand crafted strings and jammed them into an ASN1_GENERALIZEDTIME. ok tb@, jsing@, with one second precision tested by kn@
* Fix time conversion that broke regress.beck2024-03-251-5/+5
| | | | ok tb@
* Convert libressl to use the BoringSSL style time conversionsbeck2024-03-241-2/+2
| | | | | | | | This gets rid of our last uses of timegm and gmtime in the library and things that ship with it. It includes a bit of refactoring in ocsp_cl.c to remove some obvious ugly. ok tb@
* Plug a leak of ASN1_INTEGR in def_serial_cb()tb2023-08-221-4/+7
| | | | ok jsing
* Hide symbols in tsbeck2023-07-071-1/+21
| | | | ok jsing@
* Make internal header file names consistenttb2022-11-261-3/+3
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Prepare to resurrect TS_RESP_CTX_set_time_cb()tb2022-07-241-1/+8
| | | | | | | | | This was removed shortly after the fork since TS is not 2038-ready and since there were no consumers of this API. Now there are consumers and they add it themselves if it's missing from libcrypto. This will no longer be possible with opaque TS structs, so begrudgingly add it back. ok jsing kn
* Start making ts opaquetb2022-07-241-1/+2
| | | | | | | | | Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them. Include ts_local.h where necessary or where it will be needed soon. ok jsing
* Avoid direct X509 structure accesskn2022-07-161-4/+4
| | | | | | | Cherry-picked from OpenSSL commit a8d8e06b0ac06c421fd11cc1772126dcb98f79ae. This reduces upcoming TS changes. OK jsing tb
* Include evp_locl.h where it will be needed once most structs fromtb2021-12-121-1/+2
| | | | | | evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi
* Cache sha512 hash and parsed not_before and not_after with X509 cert.beck2021-11-041-3/+7
| | | | | | | | | | | Replace sha1 hash use with sha512 for certificate comparisons internal to the library. use the cached sha512 for the validator's verification cache. Reduces our recomputation of hashes, and heavy use of time1 time conversion functions noticed bu claudio@ in rpki client. ok jsing@ tb@
* Move the now internal X.509-related structs into x509_lcl.h.tb2021-11-011-1/+3
| | | | | | | | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-031-2/+2
|
* Add const qualifier to the ASN1_OBJ * argument oftb2018-05-131-3/+3
| | | | | | | | | TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3) tested in a bulk by sthen ok jsing
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-32/+30
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-111-3/+2
| | | | ok doug@
* Replace M_ASN1_GENERALIZEDTIME_(new|free) withjsing2015-09-301-2/+2
| | | | ASN1_GENERALIZEDTIME_(new|free).
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-3/+2
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-4/+3
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-101-3/+5
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* malloc() result does not need a cast.deraadt2014-06-071-1/+1
| | | | ok miod
* Fix a Y2038 problem, by conversion of long to time_t.deraadt2014-05-271-14/+7
| | | | | | | | | The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible. ok miod guenther
* calloc instead of malloc/memset. from Benjamin Baiertedu2014-05-251-2/+1
|
* Hello? Yes, you're speaking with OPENSSL_SYS_UNIX.jsing2014-05-221-28/+0
| | | | ok beck@ miod@
* Put explicit (void) in function declarations and shuffle keywords in somemiod2014-04-271-1/+1
| | | | | declaration to pass -Wextra, should we want to add it to CFLAGS. No binary change.
* KNF.jsing2014-04-211-375/+414
|
* Restore tedu's rev 1.4: snprintf() was reviewed.guenther2014-04-201-1/+1
|
* We'll interpret a (void) cast on snprintf() to mean it's been verified thatguenther2014-04-191-1/+1
| | | | | | truncation is either desirable, not an issue, or is detected and handled later ok deraadt@
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-5/+5
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* Zero-pad usec format to handle values less than 100,000 correctlyguenther2014-04-161-1/+1
| | | | ok matthew@ tedu@
* Mandatory Surgeon Guenther's Warning: This code could not possibly betedu2014-04-161-24/+24
| | | | | | | correct because it doesn't zerofill the front of usecs, but that's the way I found it. a more thorough emulation of the old code, but with fewer whacky snprintf pointer arithmetic antics. ok beck guenther
* revert. the full horror has only now revealed itself.tedu2014-04-161-26/+21
|
* replace some bio_snprintf crazy with regular snprintf.tedu2014-04-161-21/+26
| | | | | beck had a diff to convert to strftime, but it's easier to verify this is functionally the same. ok beck.
* import OpenSSL-1.0.0adjm2010-10-011-0/+1020
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 08:54:04 +0000