summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ts (follow)
Commit message (Collapse)AuthorAgeFilesLines
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-031-2/+2
|
* Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).tb2018-05-132-4/+5
| | | | | | | Should have been part of the previous commit. Omission noted by schwarze. tested in bulk build by sthen ok jsing
* Add const qualifier to the ASN1_OBJ * argument oftb2018-05-133-11/+11
| | | | | | | | | TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3) tested in a bulk by sthen ok jsing
* Make ENGINE_free() succeed on NULL. Matches OpenSSL's behavior andtb2018-04-141-3/+2
| | | | | | simplifies the caller side. tested by & ok inoguchi; discussed with schwarze
* Send the function codes from the error functions to the bit bucket,beck2017-01-298-139/+81
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have beenjsing2016-12-271-4/+1
| | | | | nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
* More X509_STORE_CTX_set_*() return value checks.miod2016-11-051-2/+4
| | | | ok beck@ jsing@
* Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* withjsing2016-11-041-21/+17
| | | | | | ASN1_item_{d2i,i2d}_* equivalents. ok guenther@ miod@
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-111-3/+2
| | | | ok doug@
* Replace M_ASN1_GENERALIZEDTIME_(new|free) withjsing2015-09-301-2/+2
| | | | ASN1_GENERALIZEDTIME_(new|free).
* Replace remaining M_ASN1_STRING_* macros with calls to ASN1_STRING_*.jsing2015-09-101-4/+4
| | | | | | | This is not the same as the macro expansion, however the ASN1_STRING_* functions do match the macro expansions. ok doug@ miod@
* Expand obsolete M_ASN1.*(cmp|dup|print|set) macros - no change in generatedjsing2015-07-292-4/+4
| | | | | | assembly. ok bcook@
* Expand ASN.1 template macros - the generated assembly only differs byjsing2015-07-241-51/+341
| | | | changes to line numbers.
* Verify ASN1 objects types before attempting to access them as a particularmiod2015-07-191-1/+3
| | | | | type. ok guenther@ doug@
* Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init()miod2015-07-191-5/+11
| | | | | fails, check its return value and correctly mop up after ourselves. ok beck@ doug@
* Put explicit braces around assignment used in a conditional.miod2015-07-191-2/+2
| | | | ok bcook@ doug@
* Do not allow TS_check_signer_name() with signer == NULL frommiod2015-07-151-1/+4
| | | | | | | | | | | | | | | | | int_TS_RESP_verify_token(). Coverity CID 21710. Looking further, int_TS_RESP_verify_token() will only initialize signer to something non-NULL if TS_VFY_SIGNATURE is set in ctx->flags. But guess what? TS_REQ_to_TS_VERIFY_CTX() in ts/ts_verify_ctx.c, which is the TS_VERIFY_CTX constructor, explicitely clears this bit, with: ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); followed by more conditional flag clears. Of course, nothing prevents the user to fiddle with ctx->flags afterwards. This is exactly what ts.c in usr.bin/openssl does. This is gross, mistakes will happen. ok beck@
* Enable building with -DOPENSSL_NO_DEPRECATED.doug2015-02-111-1/+2
| | | | | | | | | | | | | | | If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
* Remove assert() or OPENSSL_assert() of pointers being non-NULL. The policymiod2015-02-101-3/+1
| | | | | for libraries in OpenBSD is to deliberately let NULL pointers cause a SIGSEGV. ok doug@ jsing@
* Manually expand ASN1_ITEM_rptr macros that should have been expanded withjsing2015-02-101-10/+10
| | | | the IMPLEMENT_ASN1_DUP_FUNCTION macro.
* Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visiblejsing2015-02-101-10/+55
| | | | | | | | | and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS_{const,fname,name} macros so that thejsing2015-02-101-10/+226
| | | | | | | | | code is visible and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Check the result of sk_*_push() operations for failure.miod2014-10-281-3/+8
| | | | ok doug@ jsing@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-3/+2
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-119-30/+30
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-104-4/+12
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-104-6/+14
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* cast ASN1_STRING (unsigned char *) to match strlcat's argument (char *)bcook2014-07-091-2/+2
| | | | ok beck@
* tags as requested by miod and teduderaadt2014-06-1212-12/+12
|
* malloc() result does not need a cast.deraadt2014-06-071-1/+1
| | | | ok miod
* Get the public headers from the official place with <openssl/ >deraadt2014-05-312-2/+2
| | | | from Brent Cook
* Don't write out more than we have allocated in obj_txt, as the glorybeck2014-05-301-1/+2
| | | | | that is OBJ_obj2txt() can return a larger value.. ok tedu@
* Everything sane has stdio, and FILE *. we don't need ifdefs for this.beck2014-05-291-8/+0
| | | | ok to firebomb from tedu@
* Fix a Y2038 problem, by conversion of long to time_t.deraadt2014-05-272-18/+8
| | | | | | | | | The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible. ok miod guenther
* calloc instead of malloc/memset. from Benjamin Baiertedu2014-05-252-6/+4
|
* Hello? Yes, you're speaking with OPENSSL_SYS_UNIX.jsing2014-05-221-28/+0
| | | | ok beck@ miod@
* Remove WIN32, WIN64 and MINGW32 tentacles.miod2014-04-281-5/+0
| | | | | | | | Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms. Loosely based upon a diff from Martijn van Duren on tech@
* Put explicit (void) in function declarations and shuffle keywords in somemiod2014-04-271-1/+1
| | | | | declaration to pass -Wextra, should we want to add it to CFLAGS. No binary change.
* Replace all use of ERR_add_error_data with ERR_asprintf_error_data.beck2014-04-262-7/+7
| | | | | | | | This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
* KNF.jsing2014-04-2112-1467/+1618
|
* Restore tedu's rev 1.4: snprintf() was reviewed.guenther2014-04-201-1/+1
|
* reset imprint to NULL to avoid double free. from mancha1 at zohotedu2014-04-201-0/+1
|
* We'll interpret a (void) cast on snprintf() to mean it's been verified thatguenther2014-04-191-1/+1
| | | | | | truncation is either desirable, not an issue, or is detected and handled later ok deraadt@
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-174-15/+15
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* Clean up dangerous strncpy use. This included a use where the resultingbeck2014-04-161-9/+5
| | | | | | | string was potentially not nul terminated and a place where malloc return was unchecked. while we're at it remove dummytest.c ok miod@
* Zero-pad usec format to handle values less than 100,000 correctlyguenther2014-04-161-1/+1
| | | | ok matthew@ tedu@
* Mandatory Surgeon Guenther's Warning: This code could not possibly betedu2014-04-161-24/+24
| | | | | | | correct because it doesn't zerofill the front of usecs, but that's the way I found it. a more thorough emulation of the old code, but with fewer whacky snprintf pointer arithmetic antics. ok beck guenther
* revert. the full horror has only now revealed itself.tedu2014-04-161-26/+21
|
* replace some bio_snprintf crazy with regular snprintf.tedu2014-04-161-21/+26
| | | | | beck had a diff to convert to strftime, but it's easier to verify this is functionally the same. ok beck.
* we don't use these files for buildingtedu2014-04-151-86/+0
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 21:46:42 +0000