summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add.doug2014-12-061-11/+13
| | | | | | | | | | | If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the object in an inconsistent state since the name is already freed. This commit avoids changing the original name unless the *_add() call will succeed. Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0 ok miod@
* further BUF_strdup conversion: these places should be safe to rely ontedu2014-11-181-2/+2
| | | | the function argument not being NULL
* Check the result of sk_*_push() operations for failure.miod2014-10-282-11/+26
| | | | ok doug@ jsing@
* The fixes to X509_PURPOSE_add() in r1.18 actually could cause a globalmiod2014-10-051-27/+29
| | | | | | | | | | | | | X509_PURPOSE object (obtained with X509_PURPOSE_get0() instead of being allocated in the function) to be freed if modifying that object would fail due to a low memory condition, while this object would still be referenced elsewhere. Fix this by only cleaning the object if we did not allocate it here. While there, fail early if either `name' or `sname' are NULL, rather than allocating an object and realizing we have nothing to strdup() into it. ok guenther@
* Be sure to check the stack push operation for success in v2i_POLICY_MAPPINGS();miod2014-10-051-17/+19
| | | | | | if it fails, free the object we were about to push. Factor error handling to avoid having four copies of about the same code. ok guenther@
* In v2i_AUTHORITY_INFO_ACCESS(), separate object allocation from object pushmiod2014-10-051-3/+8
| | | | | | on a stack; if the latter fails, we need to free the object before returning failure. ok guenther@
* Memory leak upon error in set_dist_point_name().miod2014-10-051-1/+2
| | | | ok guenther@
* Be sure to check object allocation for success before using them.miod2014-10-051-5/+10
| | | | Tweaks and ok guenther@
* Missing deallocation upon error.miod2014-10-051-2/+3
| | | | ok deraadt@ guenther@
* Fix memory leak in the error path of v2i_AUTHORITY_KEYID().miod2014-10-051-3/+6
| | | | ok deraadt@ guenther@
* level_add_node(): if a memory allocation failure causes us to attempt to cleanmiod2014-07-231-4/+7
| | | | | | | up and return failure, be sure the cleanup work does NOT free objects which are still being referenced by other objects. ok guenther@
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-135-17/+20
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-1133-79/+73
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-107-7/+24
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Upon realloc() failure, free() the original pointer and remove the stupidmiod2014-07-101-3/+3
| | | | | comments implying you don't have to. ok tedu@
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-1017-27/+54
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* {malloc,reallocarray} + memset(,0,) -> callocmiod2014-07-091-4/+2
| | | | ok tedu@
* Fix 9 memory leaks.logan2014-06-281-1/+10
| | | | | | | | (Thanks to Brent Cook) With help from tedu@ OK from tedu@
* tags as requested by miod and teduderaadt2014-06-1239-37/+39
|
* c-file-style hints, begone; ok beckderaadt2014-06-112-2/+2
|
* Remove various test stubs. The good ones have been moved by jsingderaadt2014-06-073-323/+0
| | | | | | and others to the regress framework. These remaining ones just muddle us up when re-reading code repeatedly. ok jsing
* There is no need for is{upper,lower}() tests before to{lower,uppper}(),deraadt2014-06-011-4/+2
| | | | | since all other characters are mapped through transparently. ok jsing
* EBCDIC support died a while ago, except in a comment.deraadt2014-06-011-2/+0
|
* more: no need for null check before freederaadt2014-05-302-14/+7
| | | | ok tedu guenther
* ok, next pass after review: when possible, put the reallocarray argumentsderaadt2014-05-291-1/+1
| | | | in the "size_t nmemb, size_t size"
* convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53deraadt2014-05-291-1/+1
| | | | | | | | | potential integer overflows easily changed into an allocation return of NULL, with errno nicely set if need be. checks for an allocations returning NULL are commonplace, or if the object is dereferenced (quite normal) will result in a nice fault which can be detected & repaired properly. ok tedu
* Everything sane has stdio, and FILE *. we don't need ifdefs for this.beck2014-05-291-2/+0
| | | | ok to firebomb from tedu@
* KNF.jsing2014-05-263-360/+479
|
* KNF.jsing2014-05-267-538/+656
|
* if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefullymiod2014-05-222-5/+3
| | | | eyeballed before applying. Contributed by Cyril Roelandt on tech@
* Put explicit (void) in function declarations and shuffle keywords in somemiod2014-04-271-1/+1
| | | | | declaration to pass -Wextra, should we want to add it to CFLAGS. No binary change.
* Fix leak last commit introduced. Spotted by Sebastian Kapfer.beck2014-04-271-0/+1
|
* Replace all use of ERR_add_error_data with ERR_asprintf_error_data.beck2014-04-265-16/+15
| | | | | | | | This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
* KNF.jsing2014-04-212-239/+249
|
* KNF.jsing2014-04-217-343/+409
|
* KNF.jsing2014-04-214-102/+119
|
* no need for malloc castsderaadt2014-04-212-2/+2
|
* KNF.jsing2014-04-215-659/+722
|
* KNF.jsing2014-04-215-1971/+2092
|
* KNF.jsing2014-04-218-548/+456
|
* Restore beck's (void)snprintf(): they were reviewed.guenther2014-04-201-2/+2
|
* We'll interpret a (void) cast on snprintf() to mean it's been verified thatguenther2014-04-191-2/+2
| | | | | | truncation is either desirable, not an issue, or is detected and handled later ok deraadt@
* use intrinsic strlcpy and strlcat everywhere so we only have one set ofbeck2014-04-191-3/+3
| | | | | | funcitons to check for incorrect use. keep BUF_strlcpy and BUF_strlcat for API comptibility only. ok tedu@
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-1718-73/+73
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* OpenSSL PR#3309: when looking for an extension, set the last found positionsthen2014-04-171-3/+3
| | | | | | to -1 to properly search all extensions. ok tedu@ From http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=300b9f0b70
* Clean up dangerous strncpy use. This included a use where the resultingbeck2014-04-162-6/+7
| | | | | | | string was potentially not nul terminated and a place where malloc return was unchecked. while we're at it remove dummytest.c ok miod@
* we don't use these files for buildingtedu2014-04-151-85/+0
|
* Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternitybeck2014-04-153-51/+0
| | | | | with the bearded ones... some API's that nobody should be using will dissapear with this commit.
* Part 1 of eliminating BIO_snprintf(). This fixes mechanical conversionsbeck2014-04-151-2/+2
| | | | | where the return value is ignored changing to (void) snprintf. ok deraadt@
* remove auto-generated dependencies from the old unused build system, soderaadt2014-04-141-506/+0
| | | | | that it is easier to find code pieces. They are getting in the way. ok miod
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-20 15:52:03 +0000