aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/asn1
Commit message (Collapse)AuthorAgeFilesLines
* Fix strange formatting by indentMatt Caswell2015-01-224-20/+40
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* indent has problems with comments that are on the right hand side of a line.Matt Caswell2015-01-221-8/+11
| | | | | | | Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Further comment changes for reformat (master)Matt Caswell2015-01-226-6/+10
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Cleanup OPENSSL_NO_xxx, part 1master-pre-reformatRich Salz2015-01-147-10/+10
| | | | | | | | | | OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO Two typo's on #endif comments fixed: OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE Reviewed-by: Richard Levitte <levitte@openssl.org>
* use correct function nameDr. Stephen Henson2015-01-061-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Constify ASN1_TYPE_cmp add X509_ALGOR_cmp.Dr. Stephen Henson2015-01-053-2/+13
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Fix various certificate fingerprint issues.Dr. Stephen Henson2015-01-051-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia Käsper <emilia@openssl.org>
* RT2914: NULL check missing in X509_name_canonRich Salz2015-01-041-0/+2
| | | | | | Check for NULL return from X509_NAME_ENTRY_new() Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* mark all block comments that need format preserving so thatTim Hudson2014-12-307-8/+16
| | | | | | | indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATEDMatt Caswell2014-12-181-1/+1
| | | | | | Introduce use of DECLARE_DEPRECATED Reviewed-by: Rich Salz <rsalz@openssl.org>
* Return error when a bit string indicates an invalid amount of bits leftKurt Roeckx2014-12-183-1/+8
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Reject invalid constructed encodings.Dr. Stephen Henson2014-12-173-2/+11
| | | | | | | According to X6.90 null, object identifier, boolean, integer and enumerated types can only have primitive encodings: return an error if any of these are received with a constructed encoding. Reviewed-by: Emilia Käsper <emilia@openssl.org>
* RT3543: Remove #ifdef LINTRich Salz2014-12-101-3/+0
| | | | | | | I also replaced some exit/return wrappers in various programs (from main) to standardize on return. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Implement internally opaque bn access from asn1Matt Caswell2014-12-082-4/+4
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Remove fipscanister build functionality from makefiles.Dr. Stephen Henson2014-12-081-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Remove all .cvsignore filesRich Salz2014-11-281-4/+0
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add i2d_re_X509_tbsEmilia Kasper2014-09-051-0/+6
| | | | | | | i2d_re_X509_tbs re-encodes the TBS portion of the certificate. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr Stephen Henson <steve@openssl.org>
* RT3508: Remove unused variable introduced by b09eb24Kurt Cancemi2014-08-311-1/+0
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* RT3246: req command prints version number wrongRich Salz2014-08-281-7/+3
| | | | | | | Make X509_REQ_print_ex do the same thing that X509_REQ_print does. Reviewed-by: Matt Caswell <matt@openssl.org>
* RT2400: ASN1_STRING_to_UTF8 missing initializerRaphael Spreitzer2014-08-271-0/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* RT1815: More const'ness improvementsJustin Blanchard2014-08-184-9/+9
| | | | | | | | Add a dozen more const declarations where appropriate. These are from Justin; while adding his patch, I noticed ASN1_BIT_STRING_check could be fixed, too. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* multi_split: check for NULL when allocating parts and bpart, and for failure ↵Jonas Maebe2014-08-151-2/+17
| | | | | | | of sk_BIO_push() Signed-off-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* mime_hdr_addparam: free tmpname, tmpval and mparam on error path, and check ↵Jonas Maebe2014-08-151-8/+17
| | | | | | | whether sk_MIME_PARAM_push succeeds Signed-off-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* mime_hdr_new: free mhdr, tmpname, tmpval on error pathJonas Maebe2014-08-151-7/+18
| | | | | Signed-off-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error pathJonas Maebe2014-08-151-10/+16
| | | | | Signed-off-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* SetBlob: free rgSetBlob on error pathJonas Maebe2014-08-151-0/+1
| | | | | Signed-off-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT783: Minor optimization to ASN1_INTEGER_setFrédéric Giudicelli2014-08-151-8/+7
| | | | | | Remove local variable and avoid extra assignment. Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>
* RT3023: Redundant logical expressionsHans Wennborg2014-08-151-1/+0
| | | | | | Remove some redundant logical expressions Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>
* Fix d4a4370050f7d72239b92a60ab9d4a2dd5e9fd84Dr Stephen Henson2014-08-112-6/+1
| | | | | Fully remove old error, per drH Reviewed-by: rsalz
* RT 2517: Various typo's.Scott Schaefer2014-08-112-1/+5
| | | | | | | Reviewed-by: Emilia Kasper Many of these were already fixed, this catches the last few that were missed.
* Fix OID handling:Emilia Kasper2014-08-061-9/+21
| | | | | | | | | | | - Upon parsing, reject OIDs with invalid base-128 encoding. - Always NUL-terminate the destination buffer in OBJ_obj2txt printing function. CVE-2014-3508 Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add license info.Dr. Stephen Henson2014-07-041-0/+3
|
* ASN1 sanity check.Dr. Stephen Henson2014-07-021-0/+3
| | | | | | | Primitive encodings shouldn't use indefinite length constructed form. PR#2438 (partial).
* Handle BER length encoding.Dr. Stephen Henson2014-06-291-2/+8
| | | | | | Tolerate BER length encoding which may include leading zeroes. PR#2746
* Tolerate critical AKID in CRLs.Dr. Stephen Henson2014-06-271-0/+1
| | | | PR#3014
* Memory leak and NULL dereference fixes.Dr. Stephen Henson2014-06-278-10/+48
| | | | PR#3403
* Set default global mask to UTF8 only.Dr. Stephen Henson2014-06-011-1/+1
|
* Don't try and verify signatures if key is NULL (CVE-2013-0166)Dr. Stephen Henson2014-04-011-0/+6
| | | | | Add additional check to catch this in ASN1_item_verify too. (cherry picked from commit 66e8211c0b1347970096e04b18aa52567c325200)
* Add functions returning security bits.Dr. Stephen Henson2014-03-282-0/+8
| | | | | Add functions to return the "bits of security" for various public key algorithms. Based on SP800-57.
* make dependDr. Stephen Henson2014-02-191-4/+3
|
* Remove references to o_time.hDr. Stephen Henson2014-02-193-3/+0
|
* Fix various spelling errorsScott Schaefer2014-02-141-1/+1
|
* Add suppot for ASCII with CRLF canonicalisation.Dr. Stephen Henson2014-02-131-5/+23
|
* Support setting of "no purpose" for trust.Dr. Stephen Henson2013-11-111-8/+19
| | | | | | If the oid parameter is set to NULL in X509_add1_trust_object create an empty list of trusted purposes corresponding to "no purpose" if trust is checked.
* More diagnostics for invalid OIDs.Ben Laurie2013-09-201-1/+5
|
* misspellings fixes by https://github.com/vlajos/misspell_fixerVeres Lajos2013-09-051-1/+1
|
* Add KDF for DH.Dr. Stephen Henson2013-08-051-2/+2
| | | | | | | | Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the same structure is used by DH and ECDH. Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers without the need to use ASN1.
* Encode INTEGER correctly.Dr. Stephen Henson2013-03-181-1/+1
| | | | | | If an ASN1_INTEGER structure is allocated but not explicitly set encode it as zero: don't generate an invalid zero length INTEGER. (cherry picked from commit 1643edc63c3e15b6db5a15a728bc288f2cc2bbc7)
* make depend.Ben Laurie2013-02-211-23/+19
|
* Make "make depend" work on MacOS out of the box.Ben Laurie2013-01-191-19/+23
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-12 06:51:01 +0000