summaryrefslogtreecommitdiffstats
path: root/crypto/x509
AgeCommit message (Collapse)Author
2017-02-03Combined patch against master branch for the following issues:Bernd Edlinger
Fixed a memory leak in ASN1_digest and ASN1_item_digest. Reworked error handling in asn1_item_embed_new. Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup. Fixed a memory leak in CRYPTO_free_ex_data. Reworked error handing in x509_name_ex_d2i, x509_name_encode and x509_name_canon. Check for null pointer in tls_process_cert_verify. Fixes #2103 #2104 #2105 #2109 #2111 #2115 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2342)
2017-01-28X509_CRL_digest() - ensure precomputed sha1 hash before returning itRichard Levitte
X509_CRL_digest() didn't check if the precomputed sha1 hash was actually present. This also makes sure there's an appropriate flag to check. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2314)
2017-01-25Few nit'sFdaSilvaYY
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
2017-01-16Add missing braces.Kurt Roeckx
Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #2234
2017-01-15Fix undefined behaviour when printing the X509 and CRL versionKurt Roeckx
Found by oss-fuzz Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #2231
2017-01-15Fix undefined behaviour when printing the X509 serialKurt Roeckx
Found by afl Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #2230
2017-01-13Fix no-ocspRichard Levitte
The use of EXFLAG_SET requires the inclusion of openssl/x509v3.h. openssl/ocsp.h does that, except when OCSP is disabled. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2227)
2017-01-12Make X509_Digest,others publicRich Salz
Also, if want SHA1 then use the pre-computed value if there. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2223)
2017-01-12GH2176: Add X509_VERIFY_PARAM_get_timeRich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2208)
2017-01-10Print the X509 version signed, and convert to unsigned for the hex version.Kurt Roeckx
Found by tis-interpreter Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1754
2016-12-14CRL critical extension bugfixRich Salz
More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1775)
2016-12-13Add X509_VERIFY_PARAM inheritance flag set/getRich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2079)
2016-12-02Restore last-resort expired untrusted intermediate issuersViktor Dukhovni
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-17Add support for reference counting using C11 atomicsKurt Roeckx
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1500
2016-11-09Simplify and clean X509_VERIFY_PARAM new/free code.FdaSilvaYY
Split x509_verify_param_zero code to the right place Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-07Allow null in X509_CRL_METHOD_freeFdaSilvaYY
and fix documentation. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1634)
2016-10-11Fix X509_NAME decode for malloc failures.Dr. Stephen Henson
The original X509_NAME decode free code was buggy: this could result in double free or leaks if a malloc failure occurred. Simplify and fix the logic. Thanks to Guido Vranken for reporting this issue. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1691)
2016-09-22Add -Wswitch-enumRich Salz
Change code so when switching on an enumeration, have case's for all enumeration values. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-21Revert "Constify code about X509_VERIFY_PARAM"Rich Salz
This reverts commit 81f9ce1e1965e0e33db6d2391285c4c1b6af0434. Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-18Constify code about X509_VERIFY_PARAMFdaSilvaYY
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1594)
2016-08-24Un-delete still documented X509_STORE_CTX_set_verifyViktor Dukhovni
It should not have been removed. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-23Constify a bit X509_NAME_get_entryFdaSilvaYY
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23Constify some X509_NAME, ASN1 printing codeFdaSilvaYY
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23Constify some inputs buffersFdaSilvaYY
remove useless cast to call ASN1_STRING_set Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23Add some sanity checks when checking CRL scoresMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-21Add X509_getm_notBefore, X509_getm_notAfterDr. Stephen Henson
Add mutable versions of X509_get0_notBefore and X509_get0_notAfter. Rename X509_SIG_get0_mutable to X509_SIG_getm. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-19Constify certificate and CRL time routines.Dr. Stephen Henson
Update certificate and CRL time routines to match new standard. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19Avoid duplicated code.Dr. Stephen Henson
The certificate and CRL time setting functions used similar code, combine into a single utility function. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19Add X509_get0_serialNumber() and constify OCSP_cert_to_id()Dr. Stephen Henson
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19constify X509_REQ_get0_signature()Dr. Stephen Henson
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-18Convert X509_REVOKED* functions to use const gettersMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17Constify X509_certificate_type()Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Constify X509_get0_signature()Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Convert X509* functions to use const gettersDr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Convert X509_CRL* functions to use const gettersMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17Make X509_NAME_get0_der() conform to OpenSSL styleMatt Caswell
Put the main object first in the params list. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().Dr. Stephen Henson
Deprecate the function ASN1_STRING_data() and replace with a new function ASN1_STRING_get0_data() which returns a constant pointer. Update library to use new function. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05spelling fixes, just comments and readme.klemens
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1413)
2016-08-04Constify some ASN1_OBJECT *obj input parametersFdaSilvaYY
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04Constify inputs of two X509_LOOKUP_METHOD methodsFdaSilvaYY
... get_by_fingerprint() and get_by_alias() Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04Constify input bufferFdaSilvaYY
of X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_ENTRY_create_by_NID Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-03Don't check any revocation info on proxy certificatesRichard Levitte
Because proxy certificates typically come without any CRL information, trying to check revocation on them will fail. Better not to try checking such information for them at all. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01Constify some X509_CRL, X509_REQ functions.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01Constify some X509_CRL functions.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-30Ignore the serial number for now and just do the rest.Richard J. Moore
Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1367)
2016-07-30Make some more X509 functions const.Richard J. Moore
Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1367)
2016-07-29Fix CRL time comparison.Dr. Stephen Henson
Thanks to David Benjamin <davidben@google.com> for reporting this bug. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26Deprecate X509_LU_FAIL, X509_LU_RETRYDr. Stephen Henson
Instead of X509_LU_FAIL, X509_LU_RETRY use 0/1 for return values. RT#4577 Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26Use X509_LOOKUP_TYPE for lookup type consistently.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26Remove current_method from X509_STORE_CTXDr. Stephen Henson
Remove current_method: it was intended as a means of retrying lookups bit it was never used. Now that X509_verify_cert() is a "one shot" operation it can never work as intended. Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-13 20:14:08 +0000