summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Expose X509_VERIFY_PARAM_* functions that appeared in the OpenSSL 1.0.2jsing2018-02-101-1/+16
| | | | API and are now in use by various libraries and applications.
* Please variable decl before code.deraadt2017-12-091-2/+2
|
* Make the symbol for ASN1_time_tm_clamp_notafter visible so libtlsbeck2017-08-271-1/+3
| | | | | can get at it, so libtls can also deal with notafter's past the realm of 32 bit time in portable
* Add ability to clamp a notafter to values representable in a 32 bit time_tbeck2017-08-131-5/+21
| | | | | | This will only be used in portable. As noted, necessary to make us conformant to RFC 5280 4.1.2.5. ok jsing@ bcook@
* Revert previous change that forced consistency between return value andbeck2017-04-281-10/+2
| | | | | | | error code, since this breaks the documented API. Under certain circumstances this will result in incorrect successful certiticate verification (where a user supplied callback always returns 1, and later code checks the error code to potentially abort post verification)
* revert previous accidental commitbeck2017-04-281-2/+10
|
* *** empty log message ***beck2017-04-281-10/+2
|
* Kill leak introduced with refactorbeck2017-02-051-3/+6
| | | | ok jsing@
* Send the function codes from the error functions to the bit bucket,beck2017-01-2915-178/+98
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* fix bogus commentbeck2017-01-211-2/+2
| | | | ok jsing@
* Make return value of X509_verify_cert be consistent with the error code,beck2017-01-211-2/+10
| | | | | | with the caveat that we force V_OK when a user provided callback has us returning success. ok inoguchi@ jsing@
* Rework internal_verify, mostly from OpenSSL. so we can progressbeck2017-01-201-102/+102
| | | | | towards cleaning up the V_OK stuff. ok kinichiro@
* Add and remove some blank lines, in order to make X509_verify_cert()jsing2017-01-071-6/+4
| | | | (slightly) more readable.
* Revert part of r1.54 as there are at least two situations where we are stilljsing2017-01-071-4/+2
| | | | | | | returning ok == 1, with ctx->error not being X509_V_OK. Hopefully we can restore this behaviour once these are ironed out. Discussed with beck@
* Add a small bit of belt and suspenders around ERR_V_OK with X509_STORE_ctxbeck2017-01-031-2/+20
| | | | | | | and X509_verify_cert - We at least make it so an an init'ed ctx is not "valid" until X509_verify_cert has actually been called, And we make it impossible to return success without having the error set to ERR_V_OK. ok jsing@
* bring in boring's internal check_trust function to fix a bug introducedbeck2017-01-031-24/+79
| | | | | | when we went to alternate cert chains. this correctly does not clobber the ctx->error when using an alt chain. ok jsing@
* Expand ASN1_ITEM_rptr macros - no change in generated assembly.jsing2016-12-302-55/+55
|
* Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have beenjsing2016-12-271-8/+1
| | | | | nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
* Explicitly export a list of symbols from libcrypto.jsing2016-12-212-1/+9
| | | | | | | | | | | | | | | | Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
* Remove prototypes from the public header for X509_VERIFY_PARAM functionsjsing2016-12-212-6/+7
| | | | | | that were recently added but not intended to be made public at this stage. Discussed with beck@
* Fix previous change to X509_STORE_add_{cert,crl} to not free the inputmiod2016-11-131-3/+7
| | | | object in the error path - we don't own it.
* Check for stack push failure, and correctly destroy the object we failedmiod2016-11-081-20/+47
| | | | | | | to push in that case. While there replace an inline version of X509_OBJECT_free_contents() by a call to said function. ok beck@
* Rework X509_verify_cert to support alt chains on certificate verification,beck2016-11-061-117/+265
| | | | | via boringssl. ok jsing@ miod@
* The upcoming x509 alt chains diff tightens the trust requirementsbeck2016-11-061-1/+17
| | | | | | | for certificates. This (from OpenSSL) ensures that the current "default" behaviour remains the same. We should revisit this later ok jsing@
* Commit a reminder that the default is not the default. This needs tobeck2016-11-061-1/+2
| | | | | be revisited. ok jsing@
* use the correct function for freebcook2016-11-061-2/+2
| | | | ok beck@
* Part one of the alt chains changes, bring in newer modifications tobeck2016-11-053-73/+411
| | | | | VERIFY_PARAMS - based on boringssl. ok jsing@ miod@
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-043-5/+3
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* Add X509_up_ref, from boringbeck2016-11-042-2/+11
| | | | ok jsing@
* In X509_cmp_time(), pass asn1_time_parse() the tag of the field beingguenther2016-10-021-2/+3
| | | | | | | | | parsed so that a malformed GeneralizedTime field is recognized as an error instead of potentially being interpreted as if it was a valid UTCTime. Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) ok beck@ tedu@ jsing@
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-33/+133
| | | | No change in preprocessed output, ignoring whitespace.
* Return zero from two functions on allocation failure instead of alwaysmmcc2016-03-212-4/+4
| | | | | | | | | | | returning one (indicating success). Each function has only a single usage, and both usages check the return value. Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c: https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0 ok beck@
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-112-6/+4
| | | | ok doug@
* initialize ok to 0beck2015-12-141-2/+2
| | | | ok guenther@
* Stop supporing "legcay" time formats that OpenSSL supports. Rewrite thebeck2015-10-192-22/+24
| | | | | | utctime and gentime wrappers accordingly. Along with some other cleanup. this also removes the need for timegm. ok bcook@ sthen@ jsing@
* Convert a number of the old ASN1_{d2i,i2d}_{bio,fp}_of() macros tojsing2015-10-131-19/+19
| | | | | | ASN1_item_{d2i,i2d}_{bio,fp}() function calls. ok beck@ doug@
* Flense the greasy black guts of unreadble string parsing code out of three areasbeck2015-10-022-92/+37
| | | | | | | | | in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing together in one function that converts into a struct tm. While we are at it this also brings us into conformance with RFC 5280 for times allowed in an X509 cert, as OpenSSL is very liberal with what it allows. input and fixes from deraadt@ jsing@ guethther@ and others. ok krw@, guenther@, jsing@
* s/M_ASN1_TIME_free/ASN1_TIME_free/jsing2015-09-302-7/+7
|
* Replace M_ASN1_INTEGER_(new|free) with ASN1_INTEGER_(new|free) - this isjsing2015-09-304-12/+12
| | | | | | | different from the macro expansion, but the result is the same. Also replace some ASN1_STRING_dup() with ASN1_INTEGER_dup(). ok beck@ doug@
* Add support for disabling certificate and CRL validity checking.jsing2015-09-142-11/+15
| | | | | | Loosely based on changes in OpenSSL. ok beck@
* Reorder functions for readability/consistency.jsing2015-09-131-235/+228
|
* Expand obsolete M_ASN1.*(cmp|dup|print|set) macros - no change in generatedjsing2015-07-294-13/+13
| | | | | | assembly. ok bcook@
* Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init()miod2015-07-191-3/+5
| | | | | fails, check its return value and correctly mop up after ourselves. ok beck@ doug@
* Simplify X509_STORE_CTX_init and make it safe with stack variables.doug2015-07-191-58/+55
| | | | | | | The current version is not safe with stack variables because it may return prematurely with a partially constructed object on error. ok miod@ a while back
* Fix bad indenting in LibreSSL.doug2015-06-131-4/+4
| | | | | | | | | jsg@ noticed that some of the lines in libssl and libcrypto are not indented properly. At a quick glance, it looks like it has a different control flow than it really does. I checked the history in our tree and in OpenSSL to make sure these were simple mistakes. ok miod@ jsing@
* Avoid a potential out-of-bounds read in X509_cmp_time(), due to missingjsing2015-06-111-4/+27
| | | | | | | | | | length checks. Diff based on changes in OpenSSL. Fixes CVE-2015-1789. ok doug@
* Don't ignore the reference count in X509_STORE_free.doug2015-04-251-1/+5
| | | | | | | | | Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7 which didn't make it into a release until 1.0.2. Thanks to william at 25thandclement dot com for reporting this! ok deraadt@ jsing@ beck@
* Remove d2i_X509_PKEY and i2d_X509_PKEY from the SSLeay days.doug2015-04-121-3/+1
| | | | | | | | i2d_X509_PKEY is a "needs to implement" and d2i_X509_PKEY is broken. Removed upstream in commit b1f3442857c1fd76e91941141bf671d19e90a79d. ok deraadt@, jsing@
* Remove all getenv() calls, especially those wrapped by issetugid().deraadt2015-04-113-28/+8
| | | | | | | | | getenv()'s wrapped by issetugid() are safe, but issetugid() is correct difficult to impliment on many operating systems. By accident, a grand experiment was run over the last year, where issetugid() returned 1 (the safe value) on a few operating systems. Noone noticed & complained that certain environment variables were not working....... ok doug beck jsing, discussion with others
* Avoid a NULL pointer deref when X509_get_pubkey() returns NULL.doug2015-03-151-2/+4
| | | | | | | | | | | | | | A NULL pointer could be dereferenced when X509_REQ_set_pubkey() calls X509_PUBKEY_set() with pktmp. OpenSSL says it's the fix for CVE-2015-0288, but there aren't any public details yet to confirm. Either way, we should fix this. Based on OpenSSL commit 28a00bcd8e318da18031b2ac8778c64147cd54f9 and BoringSSL commit 9d102ddbc0f6ed835ed12272a3d8a627d6a8e728. "looks sane" beck@ ok miod@, bcook@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-03 23:36:44 +0000