| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function
takes signs into account while ASN1_STRING_cmp doesn't. The mixups
mostly involve serialNumbers, which, in principle, should be positive.
However, it is unclear whether that is checked or enforced anywhere
in the code, so these are probably bugs.
Patch from Holger Mikolon
ok jsing
|
| |
|
|
|
| |
Tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
| |
X509V3_get_d2i() and X509V3_extensions_print(), and one to the 'title'
argument of the latter function.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
| |
one to the last argument of each one of i2s_ASN1_OCTET_STRING(),
s2i_ASN1_OCTET_STRING(), i2s_ASN1_INTEGER(), i2s_ASN1_ENUMERATED(),
and i2s_ASN1_ENUMERATED_TABLE().
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
X509V3_get_value_bool(), X509V3_add_value_bool_nf(),
X509V3_get_value_int(), X509V3_get_string(), X509V3_get_section()
are now const.
While there, remove a stupid cast and two redundant checks.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
| |
arguments of X509_PURPOSE_add(3), X509_PURPOSE_get0_name(3),
X509_PURPOSE_get0_sname(3), X509_PURPOSE_get_by_sname(3),
X509_PURPOSE_get_id(3), X509_PURPOSE_get_trust(3).
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
| |
X509V3_EXT_{,n}conf_nid(3), X509_EXT_{,n}conf(3)
X509V3{,_CRL,_REQ}_add_{,n}conf(3) as well as the get_string()
and get_section() members of X509_CONF_METHOD_st.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
SXNET_add_id_INTEGER(3), SXNET_add_id_asc(3), SXNET_add_id_ulong(3)
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
|
| |
BIO_f_asn1() will be taken care of later.
Tested in a bulk by sthen
ok bcook jca jsing
|
| |
|
|
|
|
|
|
|
| |
to determine the length. This is the documented behaviour and matches the
OpenSSL implementation.
Issue found by Michael Gmelin <freebsd at grem dot de>.
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The certificate verification code has special cases for self-signed
certificates and without this change, self-issued certificates (which it
seems are common place with openvpn/easyrsa) were also being included in
this category.
Based on BoringSSL.
Thanks to Dale Ghent <daleg at elemental dot org> for assisting in
identifying the issue and testing this fix.
ok inoguchi@
|
| |
|
|
| |
ok beck
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| |
|
|
| |
No change to generated assembly excluding line numbers.
|
| | |
|
| |
|
|
|
|
|
|
| |
assembly. Of particular interest is ASN1_ITEM_ptr which does nothing
and resulted in code like:
if (method->it)
ASN1_ITEM_free(..., ASN1_ITEM_ptr(method->it));
|
| |
|
|
|
| |
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting
the bn_* symbols. These are documented as only being intended for internal
use, so why they were placed in a public header is beyond me...
This hides 363 previously exported symbols, most of which exist in headers
that are not installed and were never intended to be public. This also
removes a few crusty old things that should have died long ago (like
_ossl_old_des_read_pw). But don't worry... there are still 3451 symbols
exported from the library.
With input and testing from inoguchi@.
ok beck@ inoguchi@
|
| |
|
|
|
|
| |
they don't make sense.
ok beck@
|
| |
|
|
| |
ok beck@ jsing@
|
| |
|
|
| |
No change in preprocessed output, ignoring whitespace and line numbers.
|
| |
|
|
|
|
| |
in X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc,
with some cleanup on the way in by myself and jsing@
ok bcook@
|
| |
|
|
| |
ok doug@
|
| |
|
|
| |
ok guenther@
|
| | |
|
| |
|
|
| |
with one s/M_ASN1_VISIBLESTRING_new/ASN1_VISIBLESTRING_new/.
|
| |
|
|
|
|
|
| |
different from the macro expansion, but the result is the same. Also
replace some ASN1_STRING_dup() with ASN1_INTEGER_dup().
ok beck@ doug@
|
| |
|
|
|
|
| |
ASN1_BIT_STRING_(new|free).
ok beck@ doug@
|
| |
|
|
| |
ok bcook@
|
| |
|
|
| |
reasons) - only change in generated assembly is due to line numbering.
|
| |
|
|
|
|
| |
assembly.
ok bcook@
|
| |
|
|
| |
to generated assembly is due to line numbers.
|
| |
|
|
| |
changes to line numbers.
|
| |
|
|
|
|
|
| |
It's a little convoluted due to gotos, but at that point, pci is always
NULL. Spotted by Coverity 21702.
ok miod@ beck@ bcook@
|
| |
|
|
|
|
| |
light that the child counting was broken in the original code.
this is still fugly, but this preserves all the existing goo.
ok doug@
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
| |
Coverity CID 21739 and more.
ok bcook@
|
| | |
|
| |
|
|
| |
ok doug@
|
| |
|
|
| |
ok doug@
|
| |
|
|
| |
ok doug@ jsing@
|
| |
|
|
|
| |
ok doug@ jsing@
CVy: Committing in .
|
| |
|
|
| |
ok guenther@ jsg@
|
| |
|
|
|
|
| |
be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
| |
|
|
| |
15 years.
|
| |
|
|
|
| |
noops around 15 years ago. Remove multiple occurances of both that still
exist in the code today.
|
| |
|
|
|
|
|
|
|
| |
and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
|
| |
|
|
|
|
|
|
|
| |
functions can be readily located.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
|
