summaryrefslogtreecommitdiffstats
path: root/crypto/x509/by_dir.c
AgeCommit message (Collapse)Author
2019-09-27Reorganize local header filesDr. Matthias St. Pierre
Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9681)
2019-09-27Reorganize private crypto header filesDr. Matthias St. Pierre
Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9681)
2019-09-10Update copyright yearMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9847)
2019-07-15Fix wrong lock claimed in x509 dir lookup.Krists Krilovs
x509 store's objects cache can get corrupted when using dir lookup method in multithreaded application. Claim x509 store's lock when accessing objects cache. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9326) (cherry picked from commit a161738a708b5e284a4714edc0c976606ea7cb26)
2018-09-24Use secure_getenv(3) when available.Pauli
Change all calls to getenv() inside libcrypto to use a new wrapper function that use secure_getenv() if available and an issetugid then getenv if not. CPU processor override flags are unchanged. Extra checks for OPENSSL_issetugid() have been removed in favour of the safe getenv. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7047) (cherry picked from commit 5c39a55d04ea6e6f734b627a050b9e702788d50d)
2018-08-07Harmonize use of sk_TYPE_find's return value.Andy Polyakov
In some cases it's about redundant check for return value, in some cases it's about replacing check for -1 with comparison to 0. Otherwise compiler might generate redundant check for <-1. [Even formatting and readability fixes.] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6860)
2018-05-30Add APIs for custom X509_LOOKUP_METHOD creationMingtao Yang
OpenSSL 1.1.0 made the X509_LOOKUP_METHOD structure opaque, so applications that were previously able to define a custom lookup method are not able to be ported. This commit adds getters and setters for each of the current fields of X509_LOOKUP_METHOD, along with getters and setters on several associated opaque types (such as X509_LOOKUP and X509_OBJECT). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6152)
2018-05-01Update copyright yearMatt Caswell
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6145)
2018-04-24x509/by_dir.c: Remove dead codeDr. Matthias St. Pierre
Noticed in #5837 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6064)
2018-04-24X509: add more error codes on malloc or sk_TYP_push failureFdaSilvaYY
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5837)
2017-10-18Remove parentheses of return.KaoruToda
Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
2017-09-29Remove unnecessary #include <openssl/lhash.h> directives.Pauli
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4431)
2017-09-15Avoid signed vs unsigned comparison error.Pauli
Introduced by #4372 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4374)
2017-09-15Remote unrequited castsPauli
Also use strndup instead of a malloc/memcpy pair. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4372)
2017-09-14Revert "Reuse strndup(), simplify code"Pauli
This reverts commit 1caaea133873d549fa52fbf265298d2d35442477. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4357)
2017-08-30Move e_os.h to be the very first include.Pauli
cryptilib.h is the second. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4188)
2017-08-30e_os.h removal from other headers and source files.Pauli
Removed e_os.h from all bar three headers (apps/apps.h crypto/bio/bio_lcl.h and ssl/ssl_locl.h). Added e_os.h into the files that need it now. Directly reference internal/nelem.h when required. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4188)
2017-08-25NO_SYS_TYPES_H isn't defined anywhere, stop using it as a guardRichard Levitte
This is a vestige from pre-1.1.0 OpenSSL Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4256)
2017-07-07Trivial bounds checking.Pauli
Bounds checking strpy, strcat and sprintf. These are the remaining easy ones to cover a recently removed commit. Some are trivial, some have been modified and a couple left as they are because the reverted change didn't bounds check properly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3871)
2017-07-05Undo commit d420ac2Rich Salz
[extended tests] Original text: Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3701)
2017-04-20Ignore dups in X509_STORE_add_*Rich Salz
X509_STORE_add_cert and X509_STORE_add_crl are changed to return success if the object to be added was already found in the store, rather than returning an error. Raise errors if empty or malformed files are read when loading certificates and CRLs. Remove NULL checks and allow a segv to occur. Add error handing for all calls to X509_STORE_add_c{ert|tl} Refactor these two routines into one. Bring the unit test for duplicate certificates up to date using the test framework. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2830)
2016-07-26Use X509_LOOKUP_TYPE for lookup type consistently.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-17Copyright consolidation 09/10Rich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16Fold threads.h into crypto.h making API publicViktor Dukhovni
Document thread-safe lock creation Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09Remove use of the old CRYPTO_LOCK_X5O9_STOREMatt Caswell
The locking here is a bit strange and unclear. Rather than refactor anything and possibly break stuff I have just moved to using the new thread API following as closely as possible what was there previously. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-08Reuse strndup(), simplify codeDmitry-Me
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-26Remove /* foo.c */ commentsRich Salz
This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-07Only declare stacks in headersDr. Stephen Henson
Don't define stacks in C source files: it causes warnings about unused functions in some compilers. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07Rename DECLARE*STACK_OF to DEFINE*STACK_OFDr. Stephen Henson
Applications wishing to include their own stacks now just need to include DEFINE_STACK_OF(foo) in a header file. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-09Continue standardising malloc style for libcryptoMatt Caswell
Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-09-29Fix no-stdio buildDavid Woodhouse
Much related/similar work also done by Ivan Nestlerode <ivan.nestlerode@sonos.com> +Replace FILE BIO's with dummy ops that fail. +Include <stdio.h> for sscanf() even with no-stdio (since the declaration is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment variable, since it can be larger than a 'long'. And we don't rely on the availability of strtoull(). +Remove OPENSSL_stderr(); not used. +Make OPENSSL_showfatal() do nothing (currently without stdio there's nothing we can do). +Remove file-based functionality from ssl/. The function prototypes were already gone, but not the functions themselves. +Remove unviable conf functionality via SYS_UEFI +Add fallback definition of BUFSIZ. +Remove functions taking FILE * from header files. +Add missing DECLARE_PEM_write_fp_const +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out, so remove its prototype. +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid(). +Eliminate SRP_VBASE_init() and supporting functions. Users will need to build the verifier manually instead. +Eliminate compiler warning for unused do_pk8pkey_fp(). +Disable TEST_ENG_OPENSSL_PKEY. +Disable GOST engine as is uses [f]printf all over the place. +Eliminate compiler warning for unused send_fp_chars(). Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-16Embed X509_CINFDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-16X509_CRL_INFO embedDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11Enable -Wmissing-variable-declarations andBen Laurie
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require any code changes). Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-02make X509_CRL opaqueDr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-28Use enum for X509_LOOKUP_TYPERich Salz
Using an enum with -Wswitch means all lookup routines handle all cases. Remove X509_LU_PKEY which was never used. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-14Identify and move common internal libcrypto header filesRichard Levitte
There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-04Use safer sizeof variant in mallocRich Salz
For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01free NULL cleanup -- codaRich Salz
After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-01free null cleanup finaleRich Salz
Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28remove malloc castsRich Salz
Following ANSI C rules, remove the casts from calls to OPENSSL_malloc and OPENSSL_realloc. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-22More comment realignmentmaster-post-reformatMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Further comment changes for reformat (master)Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-17get_cert_by_subject: check for NULL when allocating hentJonas Maebe
Signed-off-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-02-24x509/by_dir.c: fix run-away pointer (and potential SEGV)Andy Polyakov
when adding duplicates in add_cert_dir. PR: 3261 Reported by: Marian Done
2010-02-19Fix X509_STORE lockingBodo Möller
2008-12-22This _WIN32-specific patch makes it possible to "wrap" OpenSSL in anotherAndy Polyakov
.DLL, in particular static build. The issue has been discussed in RT#1230 and later on openssl-dev, and mutually exclusive approaches were suggested. This completes compromise solution suggested in RT#1230. PR: 1230
2007-06-07Finish gcc 4.2 changes.Dr. Stephen Henson
2007-02-18Updates from 0.9.8-stable branch.Dr. Stephen Henson