summaryrefslogtreecommitdiff
path: root/lib/libcrypto/ts
AgeCommit message (Collapse)Author
2017-01-29Send the function codes from the error functions to the bit bucket,Bob Beck
as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
2016-12-27Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have beenJoel Sing
nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
2016-11-05More X509_STORE_CTX_set_*() return value checks.Miod Vallat
ok beck@ jsing@
2016-11-04Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* withJoel Sing
ASN1_item_{d2i,i2d}_* equivalents. ok guenther@ miod@
2016-03-11X509_free(3) is NULL-safe, so remove NULL checks before its calls.Michael McConville
ok doug@
2015-09-30Replace M_ASN1_GENERALIZEDTIME_(new|free) withJoel Sing
ASN1_GENERALIZEDTIME_(new|free).
2015-09-10Replace remaining M_ASN1_STRING_* macros with calls to ASN1_STRING_*.Joel Sing
This is not the same as the macro expansion, however the ASN1_STRING_* functions do match the macro expansions. ok doug@ miod@
2015-07-29Expand obsolete M_ASN1.*(cmp|dup|print|set) macros - no change in generatedJoel Sing
assembly. ok bcook@
2015-07-24Expand ASN.1 template macros - the generated assembly only differs byJoel Sing
changes to line numbers.
2015-07-19Verify ASN1 objects types before attempting to access them as a particularMiod Vallat
type. ok guenther@ doug@
2015-07-19Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init()Miod Vallat
fails, check its return value and correctly mop up after ourselves. ok beck@ doug@
2015-07-19Put explicit braces around assignment used in a conditional.Miod Vallat
ok bcook@ doug@
2015-07-15Do not allow TS_check_signer_name() with signer == NULL fromMiod Vallat
int_TS_RESP_verify_token(). Coverity CID 21710. Looking further, int_TS_RESP_verify_token() will only initialize signer to something non-NULL if TS_VFY_SIGNATURE is set in ctx->flags. But guess what? TS_REQ_to_TS_VERIFY_CTX() in ts/ts_verify_ctx.c, which is the TS_VERIFY_CTX constructor, explicitely clears this bit, with: ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); followed by more conditional flag clears. Of course, nothing prevents the user to fiddle with ctx->flags afterwards. This is exactly what ts.c in usr.bin/openssl does. This is gross, mistakes will happen. ok beck@
2015-02-11Enable building with -DOPENSSL_NO_DEPRECATED.Doug Hogan
If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
2015-02-10Remove assert() or OPENSSL_assert() of pointers being non-NULL. The policyMiod Vallat
for libraries in OpenBSD is to deliberately let NULL pointers cause a SIGSEGV. ok doug@ jsing@
2015-02-10Manually expand ASN1_ITEM_rptr macros that should have been expanded withJoel Sing
the IMPLEMENT_ASN1_DUP_FUNCTION macro.
2015-02-10Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visibleJoel Sing
and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
2015-02-10Expand the IMPLEMENT_ASN1_FUNCTIONS_{const,fname,name} macros so that theJoel Sing
code is visible and functions can be readily located. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
2014-10-28Check the result of sk_*_push() operations for failure.Miod Vallat
ok doug@ jsing@
2014-07-12if (x) FOO_free(x) -> FOO_free(x).Miod Vallat
Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
2014-07-11Only import cryptlib.h in the four source files that actually need it.Joel Sing
Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
2014-07-10Explicitly include <openssl/opensslconf.h> in every file that referencesJoel Sing
an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
2014-07-10Stop including standard headers via cryptlib.h - pull in the headers thatJoel Sing
are needed in the source files that actually require them. ok beck@ miod@
2014-07-09cast ASN1_STRING (unsigned char *) to match strlcat's argument (char *)Brent Cook
ok beck@
2014-06-12tags as requested by miod and teduTheo de Raadt
2014-06-07malloc() result does not need a cast.Theo de Raadt
ok miod
2014-05-31Get the public headers from the official place with <openssl/ >Theo de Raadt
from Brent Cook
2014-05-30Don't write out more than we have allocated in obj_txt, as the gloryBob Beck
that is OBJ_obj2txt() can return a larger value.. ok tedu@
2014-05-29Everything sane has stdio, and FILE *. we don't need ifdefs for this.Bob Beck
ok to firebomb from tedu@
2014-05-27Fix a Y2038 problem, by conversion of long to time_t.Theo de Raadt
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible. ok miod guenther
2014-05-25calloc instead of malloc/memset. from Benjamin BaierTed Unangst
2014-05-22Hello? Yes, you're speaking with OPENSSL_SYS_UNIX.Joel Sing
ok beck@ miod@
2014-04-28Remove WIN32, WIN64 and MINGW32 tentacles.Miod Vallat
Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms. Loosely based upon a diff from Martijn van Duren on tech@
2014-04-27Put explicit (void) in function declarations and shuffle keywords in someMiod Vallat
declaration to pass -Wextra, should we want to add it to CFLAGS. No binary change.
2014-04-26Replace all use of ERR_add_error_data with ERR_asprintf_error_data.Bob Beck
This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
2014-04-21KNF.Joel Sing
2014-04-20Restore tedu's rev 1.4: snprintf() was reviewed.Philip Guenther
2014-04-20reset imprint to NULL to avoid double free. from mancha1 at zohoTed Unangst
2014-04-19We'll interpret a (void) cast on snprintf() to mean it's been verified thatPhilip Guenther
truncation is either desirable, not an issue, or is detected and handled later ok deraadt@
2014-04-17Change library to use intrinsic memory allocation functions instead ofBob Beck
OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
2014-04-16Clean up dangerous strncpy use. This included a use where the resultingBob Beck
string was potentially not nul terminated and a place where malloc return was unchecked. while we're at it remove dummytest.c ok miod@
2014-04-16Zero-pad usec format to handle values less than 100,000 correctlyPhilip Guenther
ok matthew@ tedu@
2014-04-16Mandatory Surgeon Guenther's Warning: This code could not possibly beTed Unangst
correct because it doesn't zerofill the front of usecs, but that's the way I found it. a more thorough emulation of the old code, but with fewer whacky snprintf pointer arithmetic antics. ok beck guenther
2014-04-16revert. the full horror has only now revealed itself.Ted Unangst
2014-04-16replace some bio_snprintf crazy with regular snprintf.Ted Unangst
beck had a diff to convert to strftime, but it's easier to verify this is functionally the same. ok beck.
2014-04-15we don't use these files for buildingTed Unangst
2014-04-14remove auto-generated dependencies from the old unused build system, soTheo de Raadt
that it is easier to find code pieces. They are getting in the way. ok miod
2014-04-14Remove the nCipher CHIL engine. It is not standalone and depends onReyk Floeter
external libraries that aren't covered by the same license.
2014-04-13Cope with the removal of openssl/symhacks.hTheo de Raadt
2012-10-13resolve conflictsDamien Miller