summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* When looking for the issuer of a certificate, if the current candidate ismiod2014-07-113-13/+97
| | | | | | | expired or not valid yet, continue looking; only return an expired certificate if no valid certificates have been found. OpenSSL PR #3359 via OpenSSL trunk.
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-1122-85/+85
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-107-9/+25
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-108-12/+26
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* delete some casts. ok miodtedu2014-07-101-2/+2
|
* remove unused, private version strings except SSL_version_strbcook2014-07-091-3/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* Memory-leak-in-error-path of the day in X509_ATTRIBUTE_set1_data().miod2014-07-031-2/+3
| | | | ok logan@ beck@
* Fix a memory leak and another one that occurs in the error paths.logan2014-06-281-2/+6
| | | | | | | (Thanks to Brent Cook) OK from tedu@
* Unifdef -UNO_SYS_TYPES_Hmiod2014-06-241-4/+2
|
* Since this is a library, place issetugid() before every getenv()deraadt2014-06-232-5/+7
| | | | ok miod
* wrap getenv OPENSSL_ALLOW_PROXY_CERTS in an issetugid check, to protectderaadt2014-06-201-2/+2
| | | | | setuid applications from being fooled. ok miod
* check stack push return and make some effort to clean up. ok beck miodtedu2014-06-191-2/+6
|
* improve error checking. set error code on error, and check malloc return.tedu2014-06-191-2/+13
| | | | add missing unlock in one case. ok lteo miod
* tags as requested by miod and teduderaadt2014-06-1226-26/+26
|
* Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored sincejsing2014-06-111-1/+0
| | | | | | OpenSSL 1.0.0. ok miod@ (a little while back)
* malloc() result does not need a cast.deraadt2014-06-073-6/+6
| | | | ok miod
* no need for null check before free. from Brendan MacDonelltedu2014-05-302-4/+2
|
* convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53deraadt2014-05-291-1/+1
| | | | | | | | | potential integer overflows easily changed into an allocation return of NULL, with errno nicely set if need be. checks for an allocations returning NULL are commonplace, or if the object is dereferenced (quite normal) will result in a nice fault which can be detected & repaired properly. ok tedu
* Everything sane has stdio, and FILE *. we don't need ifdefs for this.beck2014-05-292-22/+0
| | | | ok to firebomb from tedu@
* Any sane platform has stdio. Stop pretending we will ever use a platformbeck2014-05-293-8/+0
| | | | | that does not. "fire bomb" tedu@
* calloc instead of malloc/memset. from Benjamin Baiertedu2014-05-252-4/+2
|
* Almost nothing actually needs to include <openssl/e_os2.h>, however byjsing2014-05-241-1/+2
| | | | | | | including it they get <openssl/opensslconf.h>. So instead of pulling in <openssl/e_os2.h>, just pull in <openssl/opensslconf.h>. "go ahead" miod@
* Replace all use of ERR_add_error_data with ERR_asprintf_error_data.beck2014-04-262-2/+2
| | | | | | | | This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
* Restore beck's (void)snprintf(): they were reviewed.guenther2014-04-202-3/+3
|
* KNF.jsing2014-04-205-238/+305
|
* More KNF.jsing2014-04-202-3/+3
|
* KNF.jsing2014-04-206-714/+951
|
* KNF.jsing2014-04-206-470/+592
|
* KNF.jsing2014-04-204-264/+359
|
* More KNF.jsing2014-04-193-33/+34
|
* We'll interpret a (void) cast on snprintf() to mean it's been verified thatguenther2014-04-192-2/+2
| | | | | | truncation is either desirable, not an issue, or is detected and handled later ok deraadt@
* blunt force knftedu2014-04-1819-1245/+924
|
* no need for a variable which is hardcoded and only used in an snprintf,sthen2014-04-171-13/+9
| | | | ok giovanni@. tidy comments nearby while there.
* Some VMS and WIN32 cleanupgiovanni2014-04-171-28/+5
| | | | ok miod@ lteo@
* Mostly gut e_os.h:deraadt2014-04-171-1/+1
| | | | | | | | USE_SOCKETS is unrelated to using sockets, but just pulls in .h files. It makes every file buy a kitchen sink, because 11 files forgot to. EXIT() is really exit(), a gentle surprise but... OPENSSL_EXIT() is really just return(), because noone compiles the openssl command non-monolithic anymore
* Use of OPENSSL_SYS_xxx defines in public header files considered harmful.miod2014-04-171-7/+0
|
* fix some more leaks, mostly suggestions from miodjsg2014-04-172-0/+3
| | | | ok miod@
* some KNF cleanup following the scriptderaadt2014-04-173-64/+64
|
* fix some of the leaksjsg2014-04-171-1/+3
| | | | ok miod@ looks good deraadt@
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-179-41/+41
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* Clean up dangerous strncpy use. This included a use where the resultingbeck2014-04-162-5/+2
| | | | | | | string was potentially not nul terminated and a place where malloc return was unchecked. while we're at it remove dummytest.c ok miod@
* we don't use these files for buildingtedu2014-04-151-85/+0
|
* The NO_ASN1_OLD define was introduced in 0.9.7, 8 years ago, to allow formiod2014-04-151-11/+0
| | | | | | | | | | obsolete (and mostly internal) routines to be compiled out. We don't expect any reasonable software to stick to these interfaces, so better clean up the view and unifdef -DNO_ASN1_OLD. The astute reader will notice the existence of NO_OLD_ASN1 which serves a similar purpose, but is more entangled. Its time will come, soon.
* Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternitybeck2014-04-151-40/+0
| | | | | with the bearded ones... some API's that nobody should be using will dissapear with this commit.
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-153-700/+739
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Part 1 of eliminating BIO_snprintf(). This fixes mechanical conversionsbeck2014-04-152-3/+3
| | | | | where the return value is ignored changing to (void) snprintf. ok deraadt@
* correct cases of code occuring directly after goto/break/returnjsg2014-04-151-1/+0
| | | | ok miod@ guenther@
* remove auto-generated dependencies from the old unused build system, soderaadt2014-04-141-322/+0
| | | | | that it is easier to find code pieces. They are getting in the way. ok miod
* Cope with the removal of openssl/symhacks.hderaadt2014-04-132-2/+0
|
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-134-17/+26
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:26:05 +0000