summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Allow leading . in nameConstraints. from openssl via jabberwock. ok jsingtedu2017-07-201-2/+2
|
* Distinguish between self-issued certificates and self-signed certificates.jsing2017-06-222-30/+40
| | | | | | | | | | | | | | The certificate verification code has special cases for self-signed certificates and without this change, self-issued certificates (which it seems are common place with openvpn/easyrsa) were also being included in this category. Based on BoringSSL. Thanks to Dale Ghent <daleg at elemental dot org> for assisting in identifying the issue and testing this fix. ok inoguchi@
* the XXXfree functions being called accept NULL, so don't check first.deraadt2017-05-023-26/+14
| | | | ok beck
* Send the function codes from the error functions to the bit bucket,beck2017-01-2920-256/+167
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-212-8/+38
| | | | No change to generated assembly excluding line numbers.
* Expand ASN1_ITEM_rptr macros - no change in preprocessor output.jsing2016-12-301-3/+3
|
* Expand ASN1_ITEM_ref and ASN1_ITEM_ptr macros - no change in generatedjsing2016-12-3022-66/+66
| | | | | | | | assembly. Of particular interest is ASN1_ITEM_ptr which does nothing and resulted in code like: if (method->it) ASN1_ITEM_free(..., ASN1_ITEM_ptr(method->it));
* Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have beenjsing2016-12-271-7/+1
| | | | | nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
* Expand DECLARE_ASN1_ITEM macros - no change in preprocessor output.jsing2016-12-271-6/+6
|
* Explicitly export a list of symbols from libcrypto.jsing2016-12-212-2/+9
| | | | | | | | | | | | | | | | Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
* Stricter checks of ASN1_INTEGER to reject ASN1_NEG_INTEGER in places whenmiod2016-11-081-3/+9
| | | | | | they don't make sense. ok beck@
* Check BIO_new*() for failure.miod2016-11-051-2/+4
| | | | ok beck@ jsing@
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-32/+128
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Bring in functions used by stunnel and exim from BoringSSL - this bringsbeck2016-09-032-2/+452
| | | | | | in X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc, with some cleanup on the way in by myself and jsing@ ok bcook@
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-111-3/+2
| | | | ok doug@
* initialize ext_len to 0.beck2015-12-141-2/+6
| | | | ok guenther@
* Replace M_ASN1_OCTET_STRING_(free|new) with ASN1_OCTET_STRING_(free|new).jsing2015-09-304-16/+16
|
* Replace M_ASN1_IA5STRING_(new|free) with ASN1_IA5STRING_(new|free). Samejsing2015-09-303-9/+9
| | | | with one s/M_ASN1_VISIBLESTRING_new/ASN1_VISIBLESTRING_new/.
* Replace M_ASN1_INTEGER_(new|free) with ASN1_INTEGER_(new|free) - this isjsing2015-09-302-10/+10
| | | | | | | different from the macro expansion, but the result is the same. Also replace some ASN1_STRING_dup() with ASN1_INTEGER_dup(). ok beck@ doug@
* Replace remaining M_ASN1_BIT_STRING_(new|free) macros with calls tojsing2015-09-291-4/+4
| | | | | | ASN1_BIT_STRING_(new|free). ok beck@ doug@
* Use ASN1_item_dup() instead of ASN1_dup().jsing2015-09-261-3/+2
| | | | ok bcook@
* Use named initialisers for X509V3_EXT_METHOD structs (for the usualjsing2015-07-2919-228/+588
| | | | reasons) - only change in generated assembly is due to line numbering.
* Expand obsolete M_ASN1.*(cmp|dup|print|set) macros - no change in generatedjsing2015-07-295-12/+12
| | | | | | assembly. ok bcook@
* Expand ASN.1 template macros that got missed in the last pass - only changejsing2015-07-253-11/+31
| | | | to generated assembly is due to line numbers.
* Expand ASN.1 template macros - the generated assembly only differs byjsing2015-07-2513-141/+806
| | | | changes to line numbers.
* Remove case that can never happen.doug2015-07-191-5/+1
| | | | | | | It's a little convoluted due to gotos, but at that point, pci is always NULL. Spotted by Coverity 21702. ok miod@ beck@ bcook@
* Fix leak found by coverity, issue 78897 - which also brough tobeck2015-07-183-25/+33
| | | | | | light that the child counting was broken in the original code. this is still fugly, but this preserves all the existing goo. ok doug@
* Memory leak; Coverity CID 78836miod2015-07-151-6/+8
| | | | ok beck@
* Unchecked allocations, and make sure we do not leak upon error. Fixesmiod2015-07-151-21/+36
| | | | | Coverity CID 21739 and more. ok bcook@
* Avoid leaking objects upon error; tweaks & ok doug@miod2015-07-151-18/+18
|
* Memory leak in error path. Coverity CID 78822.miod2015-02-171-8/+9
| | | | ok doug@
* Check ASN1_OCTET_STRING_new() for failure. Coverity CID 78904miod2015-02-151-6/+8
| | | | ok doug@
* Memory leak in `should not happen' condition; Coverity CID 78889.miod2015-02-141-4/+4
| | | | ok doug@ jsing@
* Memory leak upon error; Coverity CID 78857miod2015-02-141-1/+4
| | | | | ok doug@ jsing@ CVy: Committing in .
* Don't leak memory on errors - fixes coverity issues 105353 105253beck2015-02-131-4/+9
| | | | ok guenther@ jsg@
* unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely tojsing2015-02-105-2695/+3
| | | | | | be enabled, mostly since people use SANs instead. ok beck@ guenther@
* Remove more IMPLEMENT_STACK_OF noops that have been hiding for the lastjsing2015-02-103-10/+3
| | | | 15 years.
* The IMPLEMENT_STACK_OF and IMPLEMENT_ASN1_SET_OF macros were turned intojsing2015-02-102-8/+2
| | | | | noops around 15 years ago. Remove multiple occurances of both that still exist in the code today.
* Expand the IMPLEMENT_ASN1_ALLOC_FUNCTIONS macro so that the code is visiblejsing2015-02-103-7/+51
| | | | | | | | | and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-0912-43/+787
| | | | | | | | | functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Delete a lot of #if 0 code in libressl.doug2015-02-074-78/+4
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add.doug2014-12-061-11/+13
| | | | | | | | | | | If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the object in an inconsistent state since the name is already freed. This commit avoids changing the original name unless the *_add() call will succeed. Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0 ok miod@
* further BUF_strdup conversion: these places should be safe to rely ontedu2014-11-181-2/+2
| | | | the function argument not being NULL
* Check the result of sk_*_push() operations for failure.miod2014-10-282-11/+26
| | | | ok doug@ jsing@
* The fixes to X509_PURPOSE_add() in r1.18 actually could cause a globalmiod2014-10-051-27/+29
| | | | | | | | | | | | | X509_PURPOSE object (obtained with X509_PURPOSE_get0() instead of being allocated in the function) to be freed if modifying that object would fail due to a low memory condition, while this object would still be referenced elsewhere. Fix this by only cleaning the object if we did not allocate it here. While there, fail early if either `name' or `sname' are NULL, rather than allocating an object and realizing we have nothing to strdup() into it. ok guenther@
* Be sure to check the stack push operation for success in v2i_POLICY_MAPPINGS();miod2014-10-051-17/+19
| | | | | | if it fails, free the object we were about to push. Factor error handling to avoid having four copies of about the same code. ok guenther@
* In v2i_AUTHORITY_INFO_ACCESS(), separate object allocation from object pushmiod2014-10-051-3/+8
| | | | | | on a stack; if the latter fails, we need to free the object before returning failure. ok guenther@
* Memory leak upon error in set_dist_point_name().miod2014-10-051-1/+2
| | | | ok guenther@
* Be sure to check object allocation for success before using them.miod2014-10-051-5/+10
| | | | Tweaks and ok guenther@
* Missing deallocation upon error.miod2014-10-051-2/+3
| | | | ok deraadt@ guenther@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 14:43:50 +0000