aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/asn1
Commit message (Collapse)AuthorAgeFilesLines
* Use "" not <> for internal/ includesRich Salz2017-08-221-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4217)
* This has been added to avoid the situation where some host ctype.h functionsPauli2017-08-2212-156/+47
| | | | | | | | | | | | | | | | | | return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause problems. E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably. Likewise letters with diacritical marks can also cause problems. If a non-ASCII character set is being used (currently only EBCDIC), it is adjusted for. The implementation uses a single table with a bit for each of the defined classes. These functions accept an int argument and fail for values out of range or for characters outside of the ASCII set. They will work for both signed and unsigned character inputs. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4102)
* Remove OPENSSL_assert() from crypto/asn1/bio_asn1.cMatt Caswell2017-08-211-1/+3
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3740)
* Revert "Add some casts for %j"Rich Salz2017-08-151-2/+2
| | | | | | | This reverts commit c4d2e483a39176a476c56d35879423fe6e33c0cd. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4160)
* Add some casts for %jRich Salz2017-08-141-2/+2
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4160)
* Add missing include of cryptlib.hRich Salz2017-08-061-1/+1
| | | | | | | Also use "" not <> for all include cryptlib Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4082)
* Consolidate to a single asn1_time_from_tm() functionTodd Short2017-08-045-163/+154
| | | | | | | | | | | | | | | | Add missing ASN1_TIME functions Do some cleanup of the ASN1_TIME code. Add ASN1_TIME_normalize() to normalize ASN1_TIME structures. Add ASN1_TIME_compare() to compare two ASN1_TIME structures. Add ASN1_TIME_cmp_time_t() to compare an ASN1_TIME to time_t (generic version of ASN1_UTCTIME_cmp_time_t()). Replace '0' .. '9' compares with isdigit() Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2753)
* asn1/a_time.c: make handling of 'fractional point' formally correct.Andy Polyakov2017-08-011-17/+20
| | | | | | | | | | | | | Even though tm->length >= 15 && v[14] == '.' works in practice, [because "YYYYMMDDHHMMSS." would be rejected as invalid by asn1_time_to_tm,] formal correctness with respect to buffer overstep in few lines vicinity improves readability. [Also fold one if condition and improve expression readability.] Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4058)
* Refactor ASN1_TIME_print functionsPaul Yang2017-07-303-92/+47
| | | | | | | | | | | | | | Check time string format before parsing Reduce more duplicated code By involving asn1_time_to_tm, we can now get information we mostly need to print a time string. This follows what was discussed at https://github.com/openssl/openssl/pull/4001#discussion_r129092251 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4039)
* Fix coding style nits in crypto/asn1/a_strnid.cPaul Yang2017-07-281-10/+16
| | | | | | | | | | Since this file is modified in PR #3934, so should be cleaned up incidentially. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4035)
* Fix trivial coding style nits in a_time/a_tm filesPauli2017-07-274-25/+23
| | | | | | | | Clean up some true/false returns Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4001)
* make scrypt ASN.1 parameter functions publicHubert Kario2017-07-262-11/+5
| | | | | | | | | Since scrypt PBKDF can be used both in PKCS#5 and PKCS#12 files, do share the code between them. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1334)
* Fix nid assignment in ASN1_STRING_TABLE_addlolyonok2017-07-241-1/+2
| | | | | | | | CLA: trivial Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3934)
* Improve struct tm populationPauli2017-07-241-0/+33
| | | | | | | | | | Using Zeller's congruence to fill the day of week field, Also populate the day of year field. Add unit test to cover a number of cases. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3999)
* Add asn1_time_to_tm function and check days in monthPaul Yang2017-07-244-270/+202
| | | | | | | | | | | | | Based on discussion in PR #3566. Reduce duplicated code in original asn1_utctime_to_tm and asn1_generalizedtime_to_tm, and introduce a new internal function asn1_time_to_tm. This function also checks if the days in the input time string is valid or not for the corresponding month. Test cases are also added. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3905)
* Change return (x) to return xPauli2017-07-141-14/+14
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3912)
* Avoid having an unsigned integer decrement below zero.Pauli2017-07-141-11/+18
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3912)
* Memory bounds checking in asn1 code.Pauli2017-07-066-48/+55
| | | | | | | | | | | | Check that sprint, strcpy don't overflow. Avoid some strlen operations when the previous sprintf return value can be used. Also fix the undefined behaviour `*(long *)x = y` when x isn't a long or character pointer. ISO/IEC 9899:1999 6.5/7 for the details. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3869)
* Undo commit d420ac2Rich Salz2017-07-056-25/+17
| | | | | | | | | | | | | | | [extended tests] Original text: Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3701)
* Cleanup some copyright stuffRich Salz2017-06-301-5/+0
| | | | | | | | | | | | | | Remove some incorrect copyright references. Move copyright to standard place Add OpenSSL copyright where missing. Remove copyrighted file that we don't use any more Remove Itanium assembler for RC4 and MD5 (assembler versions of old and weak algorithms for an old chip) Standardize apps/rehash copyright comment; approved by Timo Put dual-copyright notice on mkcert Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3691)
* Make asn1_d2i_read_bio accessible from STORERichard Levitte2017-06-291-3/+2
| | | | | | | This is needed for the upcoming "file" scheme STORE loader. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
* Introduce ASN1_TIME_set_string_X509 APIRich Salz2017-06-113-19/+141
| | | | | | | | | | | | | | | | | | | | Make funcs to deal with non-null-term'd string in both asn1_generalizedtime_to_tm() and asn1_utctime_to_tm(). Fixes issue #3444. This one is used to enforce strict format (RFC 5280) check and to convert GeneralizedTime to UTCTime. apps/ca has been changed to use the new API. Test cases and documentation are updated/added Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3566)
* Fix #340: Parse ASN1_TIME to struct tmTodd Short2017-06-081-8/+15
| | | | | | | This works with ASN1_UTCTIME and ASN1_GENERALIZED_TIME Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3378)
* make error tables const and separate header fileRich Salz2017-06-071-239/+300
| | | | | | | | | | | | | | | | | | | Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-internal ones. Add "state" file for mkerr Renerate error tables and headers Rationalize declaration of ERR_load_XXX_strings Fix out-of-tree build Add -static; sort flags/vars for options. Also tweak code output Moved engines/afalg to engines (from master) Use -static flag Standard engine #include's of errors Don't linewrap err string tables unless necessary Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3392)
* Add some OID's from X.520Erwann Abalea2017-05-311-1/+4
| | | | | | | CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3590)
* add methodDr. Stephen Henson2017-05-301-0/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
* Allow NULL md for custom signing methodsDr. Stephen Henson2017-05-301-2/+7
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
* Fix ASN1_TIME_to_generalizedtime to take a const ASN1_TIMEMatt Caswell2017-05-191-1/+1
| | | | | | Fixes #1526 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3360)
* Add EVP_DigestSign and EVP_DigesVerifyDr. Stephen Henson2017-05-112-17/+7
| | | | | | | | | Add "single part" digest sign and verify functions. These sign and verify a message in one function. This simplifies some operations and it will later be used as the API for algorithms which do not support the update/final mechanism (e.g. PureEdDSA). Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3409)
* Fix time offset calculation.Todd Short2017-05-022-2/+2
| | | | | | | | | | | ASN1_GENERALIZEDTIME and ASN1_UTCTIME may be specified using offsets, even though that's not supported within certificates. To convert the offset time back to GMT, the offsets are supposed to be subtracted, not added. e.g. 1759-0500 == 2359+0100 == 2259Z. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2654)
* asn1/a_int.c: fix "next negative minimum" corner case in c2i_ibuf.Andy Polyakov2017-04-301-3/+14
| | | | | | | | | | | "Next" refers to negative minimum "next" to one presentable by given number of bytes. For example, -128 is negative minimum presentable by one byte, and -256 is "next" one. Thanks to Kazuki Yamaguchi for report, GH#3339 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Annotate ASN.1 attributes of the jurisdictionCountryName NIDAlex Gaynor2017-04-241-0/+1
| | | | | | | | EV Guidelines section 9.2.5 says jurisdictionCountryName follows the same ASN.1 encoding rules as countryName. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3284)
* asn1/a_int.c: clean up asn1_get_int64.Andy Polyakov2017-04-171-9/+20
| | | | | | | | | | | | | Trouble was that integer negation wasn't producing *formally* correct result in platform-neutral sense. Formally correct thing to do is -(int64_t)u, but this triggers undefined behaviour for one value that would still be representable in ASN.1. The trigger was masked with (int64_t)(0-u), but this is formally inappropriate for values other than the problematic one. [Also reorder branches to favour most-likely paths and harmonize asn1_string_set_int64 with asn1_get_int64].] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3231)
* asn1/a_int.c: don't write result if returning error.Andy Polyakov2017-04-141-1/+0
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3192)
* asn1/a_int.c: simplify asn1_put_uint64.Andy Polyakov2017-04-141-41/+29
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3192)
* asn1/a_int.c: remove code duplicate and optimize branches,Andy Polyakov2017-04-141-84/+52
| | | | | | | | i.e. reduce amount of branches and favour likely ones. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3192)
* ASN.1: adapt our use of INTxx et al by making them explicitely embeddedRichard Levitte2017-04-132-2/+2
| | | | | | Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3199)
* ASN.1: change INTxx, UINTxx and Z variants to be embedableRichard Levitte2017-04-131-14/+38
| | | | | | Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3199)
* ASN.1: extend the possibilities to embed data instead of pointersRichard Levitte2017-04-132-2/+13
| | | | | | | | | | Also, when "allocating" or "deallocating" an embedded item, never call prim_new() or prim_free(). Call prim_clear() instead. Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3199)
* Fix x_int64.cRichard Levitte2017-04-111-8/+31
| | | | | | | | | | | | | Clearing a misunderstanding. The routines c2i_uint64_int() and i2c_uint64_int() expect to receive that internal values are absolute and with a separate sign flag, and the x_int64.c code handles values that aren't absolute and have the sign bit embedded. We therefore need to convert between absolute and non-absolute values for the encoding of negative values to be correct. [extended tests] Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3160)
* Reject decoding of an INT64 with a value >INT64_MAXMatt Caswell2017-04-111-0/+5
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3159)
* Act on deprecation of LONG and ZLONG, step 2Richard Levitte2017-04-102-4/+4
| | | | | | | Replace all remaining uses of LONG and ZLONG with INT32 / ZINT32. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
* Act on deprecation of LONG and ZLONG, step 1Richard Levitte2017-04-101-0/+4
| | | | | | | Don't compile code that still uses LONG when it's deprecated Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
* Discourage the use of LONG and ZLONG, and deprecate it in the futureRichard Levitte2017-04-101-0/+4
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
* Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variantsRichard Levitte2017-04-102-1/+9
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
* asn1/x_long.c: remove conditions in inner loops and dependency on BN.Andy Polyakov2017-04-101-26/+47
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3152)
* Fix faulty check of padding in x_long.cRichard Levitte2017-04-041-2/+5
| | | | | | | | Bug uncovered by test [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
* Fix a possible integer overflow in long_c2iMatt Caswell2017-04-041-0/+4
| | | | | | | Credit to OSS-Fuzz for finding this. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
* make updateRichard Levitte2017-04-041-1/+4
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
* Implement internal ASN.1 types INT32, UINT32, INT64, UINT64Richard Levitte2017-04-044-3/+249
| | | | | | Also Z varieties. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-27 04:34:40 +0000