summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Someone (TM) thought it was smart to save memory by using malloc(1) andmiod2014-09-281-5/+4
| | | | | | | | | | | | | manual field fiddling to create an ASN1_INTEGER object, instead of using M_ASN1_INTEGER_new() which will allocate sizeof(long) bytes. That person had probably never looked into malloc(3) and never heard of allocation size rounding. Thus, replace the obfuscated code with M_ASN1_INTEGER_new() followed by ASN1_INTEGER_set(), to achieve a similar result, without the need for /* version == 0 */ comments. ok bcook@
* X509_STORE_new(): do not leak memory upon error.miod2014-09-261-14/+17
| | | | | | | X509_STORE_get1_certs(), X509_STORE_get1_crls(): check the result of allocations. ok tedu@
* X509_issuer_and_serial_hash(): do not leak memory if an error occurs duringmiod2014-09-261-1/+3
| | | | | | the first EVP block. ok tedu@
* X509at_add1_attr(): do not free stuff we did not allocate in the error path.miod2014-09-261-3/+3
| | | | ok tedu@
* Fix regression introduced in revision 1.15 by using strndup() instead ofmiod2014-09-231-6/+6
| | | | | | strdup() to allocated directory list components. ok jsing@
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-251-5/+3
| | | | | | Remove unnecessary NULL check. ok miod@
* Kill a bunch more BUF_strdup's - these are converted to have a check forbeck2014-07-221-2/+4
| | | | | NULL before an intrinsic strdup. ok miod@
* Free sktmp when it's no longer needed. By doing so, we fix a bunch of memory ↵logan2014-07-171-2/+4
| | | | | | | | leaks. From miod@ OK from miod@ and guenther@
* Check X509_NAME_oneline() return value when it will have to allocate memory.miod2014-07-131-1/+3
|
* jsing and I are investigating removal of all? most? 'getenv from library'deraadt2014-07-121-1/+3
| | | | | | | instances. This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first, especially since it had this special comment: /* A hack to keep people who don't want to modify their software happy */ ok beck jsing
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-3/+2
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Principle of least surprise: make CMAC_CTX_free(), OCSP_REQ_CTX_free() andmiod2014-07-121-1/+4
| | | | | X509_STORE_CTX_free() accept NULL pointers as input without dereferencing them, like all the other well-behaved *_CTX_free() functions do.
* When looking for the issuer of a certificate, if the current candidate ismiod2014-07-113-13/+97
| | | | | | | expired or not valid yet, continue looking; only return an expired certificate if no valid certificates have been found. OpenSSL PR #3359 via OpenSSL trunk.
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-1122-85/+85
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-107-9/+25
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-108-12/+26
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* delete some casts. ok miodtedu2014-07-101-2/+2
|
* remove unused, private version strings except SSL_version_strbcook2014-07-091-3/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* Memory-leak-in-error-path of the day in X509_ATTRIBUTE_set1_data().miod2014-07-031-2/+3
| | | | ok logan@ beck@
* Fix a memory leak and another one that occurs in the error paths.logan2014-06-281-2/+6
| | | | | | | (Thanks to Brent Cook) OK from tedu@
* Unifdef -UNO_SYS_TYPES_Hmiod2014-06-241-4/+2
|
* Since this is a library, place issetugid() before every getenv()deraadt2014-06-232-5/+7
| | | | ok miod
* wrap getenv OPENSSL_ALLOW_PROXY_CERTS in an issetugid check, to protectderaadt2014-06-201-2/+2
| | | | | setuid applications from being fooled. ok miod
* check stack push return and make some effort to clean up. ok beck miodtedu2014-06-191-2/+6
|
* improve error checking. set error code on error, and check malloc return.tedu2014-06-191-2/+13
| | | | add missing unlock in one case. ok lteo miod
* tags as requested by miod and teduderaadt2014-06-1226-26/+26
|
* Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored sincejsing2014-06-111-1/+0
| | | | | | OpenSSL 1.0.0. ok miod@ (a little while back)
* malloc() result does not need a cast.deraadt2014-06-073-6/+6
| | | | ok miod
* no need for null check before free. from Brendan MacDonelltedu2014-05-302-4/+2
|
* convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53deraadt2014-05-291-1/+1
| | | | | | | | | potential integer overflows easily changed into an allocation return of NULL, with errno nicely set if need be. checks for an allocations returning NULL are commonplace, or if the object is dereferenced (quite normal) will result in a nice fault which can be detected & repaired properly. ok tedu
* Everything sane has stdio, and FILE *. we don't need ifdefs for this.beck2014-05-292-22/+0
| | | | ok to firebomb from tedu@
* Any sane platform has stdio. Stop pretending we will ever use a platformbeck2014-05-293-8/+0
| | | | | that does not. "fire bomb" tedu@
* calloc instead of malloc/memset. from Benjamin Baiertedu2014-05-252-4/+2
|
* Almost nothing actually needs to include <openssl/e_os2.h>, however byjsing2014-05-241-1/+2
| | | | | | | including it they get <openssl/opensslconf.h>. So instead of pulling in <openssl/e_os2.h>, just pull in <openssl/opensslconf.h>. "go ahead" miod@
* Replace all use of ERR_add_error_data with ERR_asprintf_error_data.beck2014-04-262-2/+2
| | | | | | | | This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
* Restore beck's (void)snprintf(): they were reviewed.guenther2014-04-202-3/+3
|
* KNF.jsing2014-04-205-238/+305
|
* More KNF.jsing2014-04-202-3/+3
|
* KNF.jsing2014-04-206-714/+951
|
* KNF.jsing2014-04-206-470/+592
|
* KNF.jsing2014-04-204-264/+359
|
* More KNF.jsing2014-04-193-33/+34
|
* We'll interpret a (void) cast on snprintf() to mean it's been verified thatguenther2014-04-192-2/+2
| | | | | | truncation is either desirable, not an issue, or is detected and handled later ok deraadt@
* blunt force knftedu2014-04-1819-1245/+924
|
* no need for a variable which is hardcoded and only used in an snprintf,sthen2014-04-171-13/+9
| | | | ok giovanni@. tidy comments nearby while there.
* Some VMS and WIN32 cleanupgiovanni2014-04-171-28/+5
| | | | ok miod@ lteo@
* Mostly gut e_os.h:deraadt2014-04-171-1/+1
| | | | | | | | USE_SOCKETS is unrelated to using sockets, but just pulls in .h files. It makes every file buy a kitchen sink, because 11 files forgot to. EXIT() is really exit(), a gentle surprise but... OPENSSL_EXIT() is really just return(), because noone compiles the openssl command non-monolithic anymore
* Use of OPENSSL_SYS_xxx defines in public header files considered harmful.miod2014-04-171-7/+0
|
* fix some more leaks, mostly suggestions from miodjsg2014-04-172-0/+3
| | | | ok miod@
* some KNF cleanup following the scriptderaadt2014-04-173-64/+64
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-27 07:31:25 +0000