summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/by_dir.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove unnecessary stat() calls from by_dirbeck2024-03-251-14/+15
| | | | | | | | | | | | | | | | | | | | | When searching for a CA or CRL file in by_dir, this stat() was used to short circuit attempting to open the file with X509_load_cert_file(). This was a deliberate TOCTOU introduced to avoid setting an error on the error stack, when what you really want to say is "we couldn't find a CA" and continue merrily on your way. As it so happens you really do not care why the load_file failed in any of these cases, it all boils down to "I can't find the CA or CRL". Instead we just omit the stat call, and clear the error stack if the load_file fails. The fact that you don't have a CA or CRL is caught later in the callers and is what you want, mimicing the non by_dir behaviour instead of possibly some bizzaro file system error. Based on a similar change in Boring. ok tb@
* Use a void pointer rather than char for method_datatb2023-12-291-7/+5
| | | | | This way we don't need to cast from BY_DIR * to char * and back in its only consumer, the lovely by_dir.
* Remove unused X509_LOOKUP_METHODstb2023-12-251-6/+1
| | | | | | | | None of these function pointers were ever set. Now that the structure is opaque they won't ever be, so time for them to hit the bitbucket. Infinite extensibility of the toolkit results in complications, bugs, and dead code. ok jsing
* libressl *_namespace.h: adjust *_ALIAS() to require a semicolontb2023-02-161-2/+2
| | | | | | | | | | LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h fix suggested by & ok jsing
* Make internal header file names consistenttb2022-11-261-2/+2
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Hide public symbols in libcrypto/x509 .c filesbeck2022-11-141-1/+2
| | | | ok tb@
* Merge a few additional X509error(ERR_R_MALLOC_FAILURE) callsschwarze2021-11-101-39/+28
| | | | | | | | | | | | | | | | | | and various style improvements from the OpenSSL 1.1.1 branch, which is still under a free license. - No need to #include <openssl/lhash.h>. - BUF_MEM_free(3) and sk_pop_free(3) can handle NULL. - sk_value(3) can handle -1. - Test pointers with "== NULL" rather than with "!". - Use the safer "p = malloc(sizeof(*p))" idiom. - return is not a function. - Delete very wrong commented out code. Including parts of the these commits from the 2015 to 2018 time range: 25aaa98a b4faea50 90945fa3 f32b0abe 26a7d938 7fcdbd83 208056b2 5b37fef0 Requested by and OK tb@.
* Move the now internal X.509-related structs into x509_lcl.h.tb2021-11-011-2/+3
| | | | | | | | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
* Remove unnecessary NULL check from get_cert_by_subject sincelibressl-v2.8.0bcook2018-08-051-3/+3
| | | | | | sk_BY_DIR_HASH_find already does it, removing ambiguity later in the function. ok tb@
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-12/+12
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Remove all getenv() calls, especially those wrapped by issetugid().deraadt2015-04-111-9/+3
| | | | | | | | | getenv()'s wrapped by issetugid() are safe, but issetugid() is correct difficult to impliment on many operating systems. By accident, a grand experiment was run over the last year, where issetugid() returned 1 (the safe value) on a few operating systems. Noone noticed & complained that certain environment variables were not working....... ok doug beck jsing, discussion with others
* If you do not support POSIX I/O then you're not tall enough to ride...jsing2015-02-121-5/+1
| | | | ok tedu@
* Declare the x509_(mem|file|dir)_lookup symbols as static because theyreyk2015-02-051-2/+2
| | | | | | | | shouldn't be used directly. They aren't part of the API; each module (file, dir, mem) provides an actual function to export the now-static object. OK miod@
* Use field names in struct initialisers.jsing2015-01-221-11/+11
| | | | No change to generated assembly.
* Fix regression introduced in revision 1.15 by using strndup() instead ofmiod2014-09-231-6/+6
| | | | | | strdup() to allocated directory list components. ok jsing@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-5/+4
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-101-3/+5
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-101-2/+4
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* Unifdef -UNO_SYS_TYPES_Hmiod2014-06-241-4/+2
|
* Since this is a library, place issetugid() before every getenv()deraadt2014-06-231-2/+3
| | | | ok miod
* improve error checking. set error code on error, and check malloc return.tedu2014-06-191-2/+13
| | | | add missing unlock in one case. ok lteo miod
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* malloc() result does not need a cast.deraadt2014-06-071-1/+1
| | | | ok miod
* no need for null check before free. from Brendan MacDonelltedu2014-05-301-2/+1
|
* Restore beck's (void)snprintf(): they were reviewed.guenther2014-04-201-1/+1
|
* More KNF.jsing2014-04-191-13/+14
|
* We'll interpret a (void) cast on snprintf() to mean it's been verified thatguenther2014-04-191-1/+1
| | | | | | truncation is either desirable, not an issue, or is detected and handled later ok deraadt@
* no need for a variable which is hardcoded and only used in an snprintf,sthen2014-04-171-13/+9
| | | | ok giovanni@. tidy comments nearby while there.
* Some VMS and WIN32 cleanupgiovanni2014-04-171-28/+5
| | | | ok miod@ lteo@
* Mostly gut e_os.h:deraadt2014-04-171-1/+1
| | | | | | | | USE_SOCKETS is unrelated to using sockets, but just pulls in .h files. It makes every file buy a kitchen sink, because 11 files forgot to. EXIT() is really exit(), a gentle surprise but... OPENSSL_EXIT() is really just return(), because noone compiles the openssl command non-monolithic anymore
* some KNF cleanup following the scriptderaadt2014-04-171-2/+2
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-9/+9
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* Clean up dangerous strncpy use. This included a use where the resultingbeck2014-04-161-3/+1
| | | | | | | string was potentially not nul terminated and a place where malloc return was unchecked. while we're at it remove dummytest.c ok miod@
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-151-225/+193
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Part 1 of eliminating BIO_snprintf(). This fixes mechanical conversionsbeck2014-04-151-2/+2
| | | | | where the return value is ignored changing to (void) snprintf. ok deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-4/+2
|
* resolve conflicts, fix local changesdjm2010-10-011-65/+161
|
* resolve conflictsdjm2009-01-091-0/+4
|
* resolve conflictsdjm2008-09-061-4/+6
|
* resolve conflictsdjm2006-06-271-8/+7
|
* merge 0.9.7dmarkus2004-04-081-2/+32
|
* sprintf->snprintf. deraadt@ suggestions and okho2003-04-061-2/+2
|
* openssl-engine-0.9.6a mergebeck2001-06-221-1/+1
|
* openssl-engine-0.9.6 mergebeck2000-12-151-12/+14
|
* OpenSSL 0.9.5 mergebeck2000-03-191-6/+13
| | | | | | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
* OpenSSL 0.9.4 mergebeck1999-09-291-37/+20
|
* Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD buildryker1998-10-051-0/+359
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-26 07:28:55 +0000