summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3/v3_utl.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Rewrite & fix X509V3_add_value()tb2019-04-161-17/+24
| | | | | | | | | | | | | | X509V3_add_value() helpfully allocates a STACK_OF(CONF_VALUE) if it receives a pointer to a NULL pointer. If anything fails along the way, it is however the caller's responsibility to free it. This can easily be fixed by freeing *extlist in the error path and zeroing it to avoid a double free if there happens to be a caller out there that avoids the leak. Polish a few things so the function conforms a bit better to our usual style. tweak & ok jsing
* indent err: labelstb2019-04-161-7/+7
|
* wrap an overlong line and kill a space before a tabtb2019-04-161-3/+4
|
* Move function types to their own lines; rewrap.tb2019-04-161-30/+40
|
* Fix previous: I forgot to rename the bn_to_string() prototype.tb2019-04-141-2/+2
|
* Avoid quadratic behavior of decimal BIGNUM conversiontb2019-04-131-9/+36
| | | | | | | | | | | | | | | | | | | The complexity of BN_bn2dec(bn) is quadratic in the length of bn. This function is used for printing numbers in CRLs which are typically small. If a BN is larger than 127 bits, dump it as hex because that's cheap and for numbers this size not significantly harder for humans to parse. OpenSSL commit 10a3195fcf7d04ba519651cf12e945a8fe470a3c by David Benjamin (still under the old licence), but significantly simplified. Ideally, we would catch excessively large numbers on deserialization, but that is made trickier by the templated ASN1. Erroring out is also not an option since the relevant part of the x509v3/ directory doesn't like to do proper error checking (looking at you v2i and i2v). Timeout found by oss-fuzz, should fix issues #13823 and #14130. input & ok jsing
* Add a const qualifier to the aint argument of X509V3_add_value_int()tb2018-05-191-2/+2
| | | | | Tested in a bulk build by sthen ok jsing
* Add a const qualifier to the 'key' argument of i2o_ECPublicKey() andtb2018-05-191-3/+3
| | | | | | | | | one to the last argument of each one of i2s_ASN1_OCTET_STRING(), s2i_ASN1_OCTET_STRING(), i2s_ASN1_INTEGER(), i2s_ASN1_ENUMERATED(), and i2s_ASN1_ENUMERATED_TABLE(). tested in a bulk build by sthen ok jsing
* The 'name', 'value' and 'section' arguments for a2i_GENERAL_NAME(),tb2018-05-181-4/+4
| | | | | | | | | | | X509V3_get_value_bool(), X509V3_add_value_bool_nf(), X509V3_get_value_int(), X509V3_get_string(), X509V3_get_section() are now const. While there, remove a stupid cast and two redundant checks. tested in a bulk build by sthen ok jsing
* Add const to functions in asn1/asn1.h as they did in OpenSSL.tb2018-04-251-2/+2
| | | | | | | BIO_f_asn1() will be taken care of later. Tested in a bulk by sthen ok bcook jca jsing
* If X509_check_{host,email}() are called with a length of zero, use strlen()jsing2018-03-201-3/+7
| | | | | | | | | to determine the length. This is the documented behaviour and matches the OpenSSL implementation. Issue found by Michael Gmelin <freebsd at grem dot de>. ok tb@
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-29/+19
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Bring in functions used by stunnel and exim from BoringSSL - this bringsbeck2016-09-031-1/+424
| | | | | | in X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc, with some cleanup on the way in by myself and jsing@ ok bcook@
* Delete a lot of #if 0 code in libressl.doug2015-02-071-13/+1
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-131-6/+9
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-3/+3
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-101-3/+4
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* There is no need for is{upper,lower}() tests before to{lower,uppper}(),deraadt2014-06-011-4/+2
| | | | | since all other characters are mapped through transparently. ok jsing
* EBCDIC support died a while ago, except in a comment.deraadt2014-06-011-2/+0
|
* more: no need for null check before freederaadt2014-05-301-12/+6
| | | | ok tedu guenther
* KNF.jsing2014-05-261-263/+351
|
* if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefullymiod2014-05-221-3/+2
| | | | eyeballed before applying. Contributed by Cyril Roelandt on tech@
* Put explicit (void) in function declarations and shuffle keywords in somemiod2014-04-271-1/+1
| | | | | declaration to pass -Wextra, should we want to add it to CFLAGS. No binary change.
* no need for malloc castsderaadt2014-04-211-1/+1
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-20/+20
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternitybeck2014-04-151-18/+0
| | | | | with the bearded ones... some API's that nobody should be using will dissapear with this commit.
* resolve conflicts, fix local changesdjm2010-10-011-22/+25
|
* resolve conflictsdjm2009-01-091-10/+13
|
* resolve conflictsdjm2008-09-061-5/+338
|
* remove some bogus *p tests from charles longeautedu2007-03-201-1/+1
| | | | ok deraadt millert
* Remove some double semicolons (hmm, do two semis equal a maxi?).millert2003-08-061-1/+1
| | | | I've skipped the GNU stuff for now. From Patrick Latifi.
* merge 0.9.7b with local changes; crank majors for libssl/libcryptomarkus2003-05-121-1/+1
|
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-13/+32
|
* openssl-engine-0.9.6 mergebeck2000-12-151-18/+116
|
* OpenSSL 0.9.5 mergebeck2000-03-191-1/+1
| | | | | | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
* OpenSSL 0.9.4 mergebeck1999-09-291-0/+418