aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/asn1
Commit message (Collapse)AuthorAgeFilesLines
...
* asn1/a_int.c: remove code duplicate and optimize branches,Andy Polyakov2017-04-141-84/+52
| | | | | | | | i.e. reduce amount of branches and favour likely ones. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3192)
* ASN.1: adapt our use of INTxx et al by making them explicitely embeddedRichard Levitte2017-04-132-2/+2
| | | | | | Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3199)
* ASN.1: change INTxx, UINTxx and Z variants to be embedableRichard Levitte2017-04-131-14/+38
| | | | | | Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3199)
* ASN.1: extend the possibilities to embed data instead of pointersRichard Levitte2017-04-132-2/+13
| | | | | | | | | | Also, when "allocating" or "deallocating" an embedded item, never call prim_new() or prim_free(). Call prim_clear() instead. Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3199)
* Fix x_int64.cRichard Levitte2017-04-111-8/+31
| | | | | | | | | | | | | Clearing a misunderstanding. The routines c2i_uint64_int() and i2c_uint64_int() expect to receive that internal values are absolute and with a separate sign flag, and the x_int64.c code handles values that aren't absolute and have the sign bit embedded. We therefore need to convert between absolute and non-absolute values for the encoding of negative values to be correct. [extended tests] Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3160)
* Reject decoding of an INT64 with a value >INT64_MAXMatt Caswell2017-04-111-0/+5
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3159)
* Act on deprecation of LONG and ZLONG, step 2Richard Levitte2017-04-102-4/+4
| | | | | | | Replace all remaining uses of LONG and ZLONG with INT32 / ZINT32. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
* Act on deprecation of LONG and ZLONG, step 1Richard Levitte2017-04-101-0/+4
| | | | | | | Don't compile code that still uses LONG when it's deprecated Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
* Discourage the use of LONG and ZLONG, and deprecate it in the futureRichard Levitte2017-04-101-0/+4
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
* Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variantsRichard Levitte2017-04-102-1/+9
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
* asn1/x_long.c: remove conditions in inner loops and dependency on BN.Andy Polyakov2017-04-101-26/+47
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3152)
* Fix faulty check of padding in x_long.cRichard Levitte2017-04-041-2/+5
| | | | | | | | Bug uncovered by test [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
* Fix a possible integer overflow in long_c2iMatt Caswell2017-04-041-0/+4
| | | | | | | Credit to OSS-Fuzz for finding this. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
* make updateRichard Levitte2017-04-041-1/+4
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
* Implement internal ASN.1 types INT32, UINT32, INT64, UINT64Richard Levitte2017-04-044-3/+249
| | | | | | Also Z varieties. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
* Fix 0 -> NULL, indentationFdaSilvaYY2017-03-282-3/+3
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3066)
* Fix decoding of ASN.1 LONG and ZLONG itemsRichard Levitte2017-03-201-6/+28
| | | | | | | | | | | | | | LONG and ZLONG items (which are OpenSSL private special cases of ASN1_INTEGER) are encoded into DER with padding if the leading octet has the high bit set, where the padding can be 0x00 (for positive numbers) or 0xff (for negative ones). When decoding DER to LONG or ZLONG, the padding wasn't taken in account at all, which means that if the encoded size with padding is one byte more than the size of long, decoding fails. This change fixes that issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3000)
* Exit the loop on failureJon Spillett2017-03-091-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2805)
* Remove some commented out code in libcryptoMatt Caswell2017-02-281-1/+0
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2774)
* Fix potential memory leak in ASN1_TIME_to_generalizedtime()Todd Short2017-02-231-9/+16
| | | | | | | If ret is allocated, it may be leaked on error. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2666)
* Fix a slightly confusing if condition in a2i_ASN1_INTEGER.Bernd Edlinger2017-02-171-1/+1
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2640)
* Combined patch against master branch for the following issues:Bernd Edlinger2017-02-032-7/+14
| | | | | | | | | | | | | | Fixed a memory leak in ASN1_digest and ASN1_item_digest. Reworked error handling in asn1_item_embed_new. Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup. Fixed a memory leak in CRYPTO_free_ex_data. Reworked error handing in x509_name_ex_d2i, x509_name_encode and x509_name_canon. Check for null pointer in tls_process_cert_verify. Fixes #2103 #2104 #2105 #2109 #2111 #2115 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2342)
* Add support for parameterized SipHashTodd Short2017-02-011-1/+4
| | | | | | | | | | | The core SipHash supports either 8 or 16-byte output and a configurable number of rounds. The default behavior, as added to EVP, is to use 16-byte output and 2,4 rounds, which matches the behavior of most implementations. There is an EVP_PKEY_CTRL that can control the output size. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2216)
* Add support for Poly1305 in EVP_PKEYTodd Short2017-01-241-1/+4
| | | | | | | Add Poly1305 as a "signed" digest. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2128)
* Clean one unused variable, plus an useless one.FdaSilvaYY2017-01-182-14/+6
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1906)
* Fix VC warnings about unary minus to an unsigned type.Kurt Roeckx2017-01-152-2/+2
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #2230
* clarify commentDr. Stephen Henson2017-01-081-1/+5
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2177)
* PSS ASN.1 methodDr. Stephen Henson2017-01-081-0/+3
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2177)
* Cast to an unsigned type before negatingKurt Roeckx2016-11-121-1/+1
| | | | | | | | | | | | | llvm's ubsan reported: runtime error: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Found using libfuzzer Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1908
* Don't set choice selector on parse failure.Dr. Stephen Henson2016-11-101-7/+7
| | | | | | | | | | | | Don't set choice selector on parse failure: this can pass unexpected values to the choice callback. Instead free up partial structure directly. CVE-2016-7053 Thanks to Tyler Nighswander of ForAllSecure for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Convert asn1 selftests (a_strnid and ameth_lib) into internal testRichard Levitte2016-11-034-117/+99
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1789)
* Create BIO_write_ex() which handles size_t argumentsMatt Caswell2016-10-281-0/+2
| | | | | | | Also extend BIO_METHOD to be able to supply an implementation for the new BIO_write_ex function. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Create BIO_read_ex() which handles size_t argumentsMatt Caswell2016-10-281-0/+2
| | | | | | | Also extend BIO_METHOD to be able to supply an implementation for the new BIO_read function. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix config option 'no-deprecated'Richard Levitte2016-10-191-0/+2
| | | | | | | | crypto/asn1/asn1_item_list.c needed including dh.h and rsa.h directly. The reason is that they are not included by x509.h when configured 'no-deprecated' Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1741)
* Fix strict-warnings buildPatrick Steuer2016-10-181-1/+1
| | | | | | | | | | | | | crypto/asn1/a_strex.c: Type of width variable in asn1_valid_host function needs to be changed from char to signed char to avoid build error due to '-Werror=type-limits'. Signed-off-by: Patrick Steuer <psteuer@mail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> CLA: trivial
* Fix embedded string handling.Dr. Stephen Henson2016-10-174-9/+19
| | | | | | | | | Don't rely on embedded flag to free strings correctly: it wont be set if there is a malloc failure during initialisation. Thanks to Guido Vranken for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1725)
* Print <ABSENT> if a STACK is NULL.Dr. Stephen Henson2016-09-291-1/+2
| | | | | | | If a STACK (corresponding to SEQUENCE OF or SET OF) is NULL then the field is absent as opposed to empty (present but has zero elements). Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add ASN1_ITEM lookup and enumerate functions.Dr. Stephen Henson2016-09-293-1/+204
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add -Wswitch-enumRich Salz2016-09-221-2/+2
| | | | | | | Change code so when switching on an enumeration, have case's for all enumeration values. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Constify a bit X509_NAME_get_entryFdaSilvaYY2016-08-231-2/+2
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify some X509_NAME, ASN1 printing codeFdaSilvaYY2016-08-232-13/+13
| | | | | | | ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify some inputs buffersFdaSilvaYY2016-08-232-4/+2
| | | | | | | remove useless cast to call ASN1_STRING_set Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify ASN1_PCTX_*FdaSilvaYY2016-08-231-7/+7
| | | | | | | ... add a static keyword. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Ensure the mime_hdr_free function can handle NULLsMatt Caswell2016-08-231-0/+2
| | | | | | Sometimes it is called with a NULL pointer Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add X509_getm_notBefore, X509_getm_notAfterDr. Stephen Henson2016-08-211-2/+2
| | | | | | | | Add mutable versions of X509_get0_notBefore and X509_get0_notAfter. Rename X509_SIG_get0_mutable to X509_SIG_getm. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Fix off by 1 in ASN1_STRING_set()Kurt Roeckx2016-08-201-1/+1
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #3176
* Constify i2a*Dr. Stephen Henson2016-08-182-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Convert X509_REVOKED* functions to use const gettersMatt Caswell2016-08-181-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Constify X509_SIG.Dr. Stephen Henson2016-08-171-2/+11
| | | | | | | | | Constify X509_SIG_get0() and order arguments to mactch new standard. Add X509_SIG_get0_mutable() to support modification or initialisation of an X509_SIG structure. Reviewed-by: Matt Caswell <matt@openssl.org>
* Convert X509* functions to use const gettersDr. Stephen Henson2016-08-171-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-02 00:31:12 +0000