summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-33/+133
| | | | No change in preprocessed output, ignoring whitespace.
* Return zero from two functions on allocation failure instead of alwaysmmcc2016-03-212-4/+4
| | | | | | | | | | | returning one (indicating success). Each function has only a single usage, and both usages check the return value. Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c: https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0 ok beck@
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-112-6/+4
| | | | ok doug@
* initialize ok to 0beck2015-12-141-2/+2
| | | | ok guenther@
* Stop supporing "legcay" time formats that OpenSSL supports. Rewrite thebeck2015-10-192-22/+24
| | | | | | utctime and gentime wrappers accordingly. Along with some other cleanup. this also removes the need for timegm. ok bcook@ sthen@ jsing@
* Convert a number of the old ASN1_{d2i,i2d}_{bio,fp}_of() macros tojsing2015-10-131-19/+19
| | | | | | ASN1_item_{d2i,i2d}_{bio,fp}() function calls. ok beck@ doug@
* Flense the greasy black guts of unreadble string parsing code out of three areasbeck2015-10-022-92/+37
| | | | | | | | | in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing together in one function that converts into a struct tm. While we are at it this also brings us into conformance with RFC 5280 for times allowed in an X509 cert, as OpenSSL is very liberal with what it allows. input and fixes from deraadt@ jsing@ guethther@ and others. ok krw@, guenther@, jsing@
* s/M_ASN1_TIME_free/ASN1_TIME_free/jsing2015-09-302-7/+7
|
* Replace M_ASN1_INTEGER_(new|free) with ASN1_INTEGER_(new|free) - this isjsing2015-09-304-12/+12
| | | | | | | different from the macro expansion, but the result is the same. Also replace some ASN1_STRING_dup() with ASN1_INTEGER_dup(). ok beck@ doug@
* Add support for disabling certificate and CRL validity checking.jsing2015-09-142-11/+15
| | | | | | Loosely based on changes in OpenSSL. ok beck@
* Reorder functions for readability/consistency.jsing2015-09-131-235/+228
|
* Expand obsolete M_ASN1.*(cmp|dup|print|set) macros - no change in generatedjsing2015-07-294-13/+13
| | | | | | assembly. ok bcook@
* Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init()miod2015-07-191-3/+5
| | | | | fails, check its return value and correctly mop up after ourselves. ok beck@ doug@
* Simplify X509_STORE_CTX_init and make it safe with stack variables.doug2015-07-191-58/+55
| | | | | | | The current version is not safe with stack variables because it may return prematurely with a partially constructed object on error. ok miod@ a while back
* Fix bad indenting in LibreSSL.doug2015-06-131-4/+4
| | | | | | | | | jsg@ noticed that some of the lines in libssl and libcrypto are not indented properly. At a quick glance, it looks like it has a different control flow than it really does. I checked the history in our tree and in OpenSSL to make sure these were simple mistakes. ok miod@ jsing@
* Avoid a potential out-of-bounds read in X509_cmp_time(), due to missingjsing2015-06-111-4/+27
| | | | | | | | | | length checks. Diff based on changes in OpenSSL. Fixes CVE-2015-1789. ok doug@
* Don't ignore the reference count in X509_STORE_free.doug2015-04-251-1/+5
| | | | | | | | | Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7 which didn't make it into a release until 1.0.2. Thanks to william at 25thandclement dot com for reporting this! ok deraadt@ jsing@ beck@
* Remove d2i_X509_PKEY and i2d_X509_PKEY from the SSLeay days.doug2015-04-121-3/+1
| | | | | | | | i2d_X509_PKEY is a "needs to implement" and d2i_X509_PKEY is broken. Removed upstream in commit b1f3442857c1fd76e91941141bf671d19e90a79d. ok deraadt@, jsing@
* Remove all getenv() calls, especially those wrapped by issetugid().deraadt2015-04-113-28/+8
| | | | | | | | | getenv()'s wrapped by issetugid() are safe, but issetugid() is correct difficult to impliment on many operating systems. By accident, a grand experiment was run over the last year, where issetugid() returned 1 (the safe value) on a few operating systems. Noone noticed & complained that certain environment variables were not working....... ok doug beck jsing, discussion with others
* Avoid a NULL pointer deref when X509_get_pubkey() returns NULL.doug2015-03-151-2/+4
| | | | | | | | | | | | | | A NULL pointer could be dereferenced when X509_REQ_set_pubkey() calls X509_PUBKEY_set() with pktmp. OpenSSL says it's the fix for CVE-2015-0288, but there aren't any public details yet to confirm. Either way, we should fix this. Based on OpenSSL commit 28a00bcd8e318da18031b2ac8778c64147cd54f9 and BoringSSL commit 9d102ddbc0f6ed835ed12272a3d8a627d6a8e728. "looks sane" beck@ ok miod@, bcook@
* If you do not support POSIX I/O then you're not tall enough to ride...jsing2015-02-121-5/+1
| | | | ok tedu@
* More unifdef OPENSSL_NO_RFC3779 that got missed last time around.jsing2015-02-112-16/+2
| | | | Spotted by beck@
* Remove more IMPLEMENT_STACK_OF noops that have been hiding for the lastjsing2015-02-102-7/+2
| | | | 15 years.
* The IMPLEMENT_STACK_OF and IMPLEMENT_ASN1_SET_OF macros were turned intojsing2015-02-102-13/+2
| | | | | noops around 15 years ago. Remove multiple occurances of both that still exist in the code today.
* Delete a lot of #if 0 code in libressl.doug2015-02-071-12/+1
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* Declare the x509_(mem|file|dir)_lookup symbols as static because theyreyk2015-02-053-6/+6
| | | | | | | | shouldn't be used directly. They aren't part of the API; each module (file, dir, mem) provides an actual function to export the now-static object. OK miod@
* Fix a number of issues relating to algorithms in signatures, Mostlybeck2015-01-282-2/+5
| | | | | | from OpenSSL with a hint of boring and some things done here. Addresses CVE-2014-8275 for OpenSSL fully ok miod@ doug@
* Use field names in struct initialisers.jsing2015-01-223-33/+33
| | | | No change to generated assembly.
* Add X509_STORE_load_mem() to load certificates from a memory bufferreyk2015-01-223-2/+167
| | | | | | | | | | | instead of disk. OpenSSL didn't provide a built-in API from loading certificates in a chroot'ed process that doesn't have direct access to the files. X509_STORE_load_mem() provides a new backend that will be used by libssl and libtls to implement such privsep-friendly functionality. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@
* Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add.doug2014-12-061-6/+8
| | | | | | | | | | | If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the object in an inconsistent state since the name is already freed. This commit avoids changing the original name unless the *_add() call will succeed. Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0 ok miod@
* further BUF_strdup conversion: these places should be safe to rely ontedu2014-11-181-2/+2
| | | | the function argument not being NULL
* Get rid of the last remaining BUF_strdup and BUF_strlcpy and friends, usebeck2014-10-161-2/+3
| | | | | intrinsic functions everywhere, and wrap these functions in an #ifndef LIBRESSL_INTERNAL to make sure we don't bring their use back.
* Previous fix (1.12) would cause a NULL pointer dereference in the error pathmiod2014-09-291-4/+3
| | | | | if a NULL stack was passed as argument. Fix this by returning NULL early in that case.
* check_cert(): be sure to reset ctx->current_crl to NULL before freeing it.miod2014-09-291-10/+5
| | | | | | | | | X509_STORE_CTX_init(): do not free the X509_STORE_CTX * parameter upon failure, for we did not allocate it and it might not come from the heap, such as in check_crl_path() in this very same file where X509_STORE_CTX_init() gets invoked with a stack address. ok bcook@
* X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size tomiod2014-09-291-3/+5
| | | | | memcpy(). ok bcook@
* X509_VERIFY_PARAM_set1_name(): if invoked with NULL as the secondmiod2014-09-291-1/+2
| | | | | parameter, correctly set param->name to NULL after having freed it. ok bcook@
* X509v3_add_ext(): do not free stuff we did not allocate in the error path.miod2014-09-281-2/+2
| | | | ok bcook@
* X509_TRUST_add(): check X509_TRUST_get0() return value before dereferencing it,miod2014-09-281-15/+23
| | | | | | for it may be NULL. Do not leak memory upon error. ok bcook@
* Someone (TM) thought it was smart to save memory by using malloc(1) andmiod2014-09-281-5/+4
| | | | | | | | | | | | | manual field fiddling to create an ASN1_INTEGER object, instead of using M_ASN1_INTEGER_new() which will allocate sizeof(long) bytes. That person had probably never looked into malloc(3) and never heard of allocation size rounding. Thus, replace the obfuscated code with M_ASN1_INTEGER_new() followed by ASN1_INTEGER_set(), to achieve a similar result, without the need for /* version == 0 */ comments. ok bcook@
* X509_STORE_new(): do not leak memory upon error.miod2014-09-261-14/+17
| | | | | | | X509_STORE_get1_certs(), X509_STORE_get1_crls(): check the result of allocations. ok tedu@
* X509_issuer_and_serial_hash(): do not leak memory if an error occurs duringmiod2014-09-261-1/+3
| | | | | | the first EVP block. ok tedu@
* X509at_add1_attr(): do not free stuff we did not allocate in the error path.miod2014-09-261-3/+3
| | | | ok tedu@
* Fix regression introduced in revision 1.15 by using strndup() instead ofmiod2014-09-231-6/+6
| | | | | | strdup() to allocated directory list components. ok jsing@
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-251-5/+3
| | | | | | Remove unnecessary NULL check. ok miod@
* Kill a bunch more BUF_strdup's - these are converted to have a check forbeck2014-07-221-2/+4
| | | | | NULL before an intrinsic strdup. ok miod@
* Free sktmp when it's no longer needed. By doing so, we fix a bunch of memory ↵logan2014-07-171-2/+4
| | | | | | | | leaks. From miod@ OK from miod@ and guenther@
* Check X509_NAME_oneline() return value when it will have to allocate memory.miod2014-07-131-1/+3
|
* jsing and I are investigating removal of all? most? 'getenv from library'deraadt2014-07-121-1/+3
| | | | | | | instances. This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first, especially since it had this special comment: /* A hack to keep people who don't want to modify their software happy */ ok beck jsing
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-3/+2
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Principle of least surprise: make CMAC_CTX_free(), OCSP_REQ_CTX_free() andmiod2014-07-121-1/+4
| | | | | X509_STORE_CTX_free() accept NULL pointers as input without dereferencing them, like all the other well-behaved *_CTX_free() functions do.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-24 12:35:14 +0000