| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.
Discussed with tb@ (who also tested the release build)
|
| |
|
|
| |
ok beck@, tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
an ugly strlen + malloc + strcat/strcpy dance by a simple asprintf().
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
and i2v_GENERAL_NAMES() by taking ownership of the extlist only if we
were passed NULL. Otherwise it remains the caller's responsibility to
free it. To do so, we allocate the extlist explicitly instead of using
X509V3_add_value()'s implicit allocation feature. Preserve behavior in
i2v_AUTHORITY_KEYID() by adding an explicit check that something was
pushed onto the stack.
The other i2v_* functions will receive a similar treatment in upcoming
commits.
ok jsing
|
| |
|
|
|
|
|
| |
and i2v_GENERAL_NAMES(). This fixes a couple of leaks and other
ugliness.
tweaks & ok jsing
|
| |
|
|
| |
imported OpenSSL 0.9.4 in 1999. It won't ever be used.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509V3_add_value() helpfully allocates a STACK_OF(CONF_VALUE) if it
receives a pointer to a NULL pointer. If anything fails along the way,
it is however the caller's responsibility to free it. This can easily
be fixed by freeing *extlist in the error path and zeroing it to avoid
a double free if there happens to be a caller out there that avoids
the leak.
Polish a few things so the function conforms a bit better to our usual
style.
tweak & ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The complexity of BN_bn2dec(bn) is quadratic in the length of bn. This
function is used for printing numbers in CRLs which are typically small.
If a BN is larger than 127 bits, dump it as hex because that's cheap and
for numbers this size not significantly harder for humans to parse.
OpenSSL commit 10a3195fcf7d04ba519651cf12e945a8fe470a3c by David Benjamin
(still under the old licence), but significantly simplified.
Ideally, we would catch excessively large numbers on deserialization, but
that is made trickier by the templated ASN1. Erroring out is also not an
option since the relevant part of the x509v3/ directory doesn't like to
do proper error checking (looking at you v2i and i2v).
Timeout found by oss-fuzz, should fix issues #13823 and #14130.
input & ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function
takes signs into account while ASN1_STRING_cmp doesn't. The mixups
mostly involve serialNumbers, which, in principle, should be positive.
However, it is unclear whether that is checked or enforced anywhere
in the code, so these are probably bugs.
Patch from Holger Mikolon
ok jsing
|
| |
|
|
|
| |
Tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
| |
X509V3_get_d2i() and X509V3_extensions_print(), and one to the 'title'
argument of the latter function.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
| |
one to the last argument of each one of i2s_ASN1_OCTET_STRING(),
s2i_ASN1_OCTET_STRING(), i2s_ASN1_INTEGER(), i2s_ASN1_ENUMERATED(),
and i2s_ASN1_ENUMERATED_TABLE().
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
X509V3_get_value_bool(), X509V3_add_value_bool_nf(),
X509V3_get_value_int(), X509V3_get_string(), X509V3_get_section()
are now const.
While there, remove a stupid cast and two redundant checks.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
| |
arguments of X509_PURPOSE_add(3), X509_PURPOSE_get0_name(3),
X509_PURPOSE_get0_sname(3), X509_PURPOSE_get_by_sname(3),
X509_PURPOSE_get_id(3), X509_PURPOSE_get_trust(3).
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
| |
X509V3_EXT_{,n}conf_nid(3), X509_EXT_{,n}conf(3)
X509V3{,_CRL,_REQ}_add_{,n}conf(3) as well as the get_string()
and get_section() members of X509_CONF_METHOD_st.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
SXNET_add_id_INTEGER(3), SXNET_add_id_asc(3), SXNET_add_id_ulong(3)
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
|
| |
BIO_f_asn1() will be taken care of later.
Tested in a bulk by sthen
ok bcook jca jsing
|
| |
|
|
|
|
|
|
|
| |
to determine the length. This is the documented behaviour and matches the
OpenSSL implementation.
Issue found by Michael Gmelin <freebsd at grem dot de>.
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The certificate verification code has special cases for self-signed
certificates and without this change, self-issued certificates (which it
seems are common place with openvpn/easyrsa) were also being included in
this category.
Based on BoringSSL.
Thanks to Dale Ghent <daleg at elemental dot org> for assisting in
identifying the issue and testing this fix.
ok inoguchi@
|
| |
|
|
| |
ok beck
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| |
|
|
| |
No change to generated assembly excluding line numbers.
|
| | |
|
| |
|
|
|
|
|
|
| |
assembly. Of particular interest is ASN1_ITEM_ptr which does nothing
and resulted in code like:
if (method->it)
ASN1_ITEM_free(..., ASN1_ITEM_ptr(method->it));
|
| |
|
|
|
| |
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting
the bn_* symbols. These are documented as only being intended for internal
use, so why they were placed in a public header is beyond me...
This hides 363 previously exported symbols, most of which exist in headers
that are not installed and were never intended to be public. This also
removes a few crusty old things that should have died long ago (like
_ossl_old_des_read_pw). But don't worry... there are still 3451 symbols
exported from the library.
With input and testing from inoguchi@.
ok beck@ inoguchi@
|
| |
|
|
|
|
| |
they don't make sense.
ok beck@
|
| |
|
|
| |
ok beck@ jsing@
|
| |
|
|
| |
No change in preprocessed output, ignoring whitespace and line numbers.
|
| |
|
|
|
|
| |
in X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc,
with some cleanup on the way in by myself and jsing@
ok bcook@
|
| |
|
|
| |
ok doug@
|
| |
|
|
| |
ok guenther@
|
| | |
|
| |
|
|
| |
with one s/M_ASN1_VISIBLESTRING_new/ASN1_VISIBLESTRING_new/.
|
| |
|
|
|
|
|
| |
different from the macro expansion, but the result is the same. Also
replace some ASN1_STRING_dup() with ASN1_INTEGER_dup().
ok beck@ doug@
|
| |
|
|
|
|
| |
ASN1_BIT_STRING_(new|free).
ok beck@ doug@
|
