aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/x509/x509_lu.c
Commit message (Collapse)AuthorAgeFilesLines
* Ignore dups in X509_STORE_add_*Rich Salz2017-04-201-39/+24
| | | | | | | | | | | | | | | | | | | | | | X509_STORE_add_cert and X509_STORE_add_crl are changed to return success if the object to be added was already found in the store, rather than returning an error. Raise errors if empty or malformed files are read when loading certificates and CRLs. Remove NULL checks and allow a segv to occur. Add error handing for all calls to X509_STORE_add_c{ert|tl} Refactor these two routines into one. Bring the unit test for duplicate certificates up to date using the test framework. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2830)
* Remove duplicate X509_OBJECT free function.David Benjamin2017-03-211-16/+1
| | | | | | | These two functions do the same thing. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3001)
* Add support for reference counting using C11 atomicsKurt Roeckx2016-11-171-2/+2
| | | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1500
* Add -Wswitch-enumRich Salz2016-09-221-4/+4
| | | | | | | Change code so when switching on an enumeration, have case's for all enumeration values. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Constify inputs of two X509_LOOKUP_METHOD methodsFdaSilvaYY2016-08-041-2/+2
| | | | | | | ... get_by_fingerprint() and get_by_alias() Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate X509_LU_FAIL, X509_LU_RETRYDr. Stephen Henson2016-07-261-14/+6
| | | | | | | | Instead of X509_LU_FAIL, X509_LU_RETRY use 0/1 for return values. RT#4577 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Use X509_LOOKUP_TYPE for lookup type consistently.Dr. Stephen Henson2016-07-261-12/+15
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove current_method from X509_STORE_CTXDr. Stephen Henson2016-07-261-7/+2
| | | | | | | | Remove current_method: it was intended as a means of retrying lookups bit it was never used. Now that X509_verify_cert() is a "one shot" operation it can never work as intended. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add X509_STORE lock and unlock functionsRichard Levitte2016-07-251-0/+10
| | | | | | | | Since there are a number of function pointers in X509_STORE that might lead to user code, it makes sense for them to be able to lock the store while they do their work. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add setter and getter for X509_STORE's check_policyRichard Levitte2016-07-251-0/+11
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add getters / setters for the X509_STORE_CTX and X509_STORE functionsRichard Levitte2016-07-251-8/+109
| | | | | | | | | | | | We only add setters for X509_STORE function pointers except for the verify callback function. The thought is that the function pointers in X509_STORE_CTX are a cache for the X509_STORE functions. Therefore, it's preferable if the user makes the changes in X509_STORE before X509_STORE_CTX_init is called, and otherwise use the verify callback to override any results from OpenSSL's internal calculations. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add checks on sk_TYPE_push() returned valueFdaSilvaYY2016-07-051-12/+22
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Constify X509_OBJECT_get_type & X509_OBJECT_get0_X509FdaSilvaYY2016-06-041-2/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
* X509_STORE_CTX accessors.Rich Salz2016-05-171-59/+68
| | | | | | | Add some functions that were missing when a number of X509 objects became opaque (thanks, Roumen!) Reviewed-by: Richard Levitte <levitte@openssl.org>
* Copyright consolidation 09/10Rich Salz2016-05-171-54/+6
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Unify <TYPE>_up_ref methods signature and behaviour.FdaSilvaYY2016-05-161-5/+4
| | | | | | | | | Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix some X509_STORE macrosMatt Caswell2016-04-291-0/+5
| | | | | | Some X509_STORE macros do not work since the type was made opaque. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Add getters for X509_STORE and X509_OBJECT membersChristian Heimes2016-04-281-0/+15
| | | | | | | | | | | | | | | OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl module requires access to some of the struct members. Three new getters are added: int X509_OBJECT_get_type(X509_OBJECT *a); STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* GH975 Add ex_data functions for X509_STOREKazuki Yamaguchi2016-04-271-0/+10
| | | | | | | | | | | Add X509_STORE_{set,get}_ex_data() function and X509_STORE_get_ex_new_index() macro. X509_STORE has ex_data and the documentation also mentions them but they are not actually implemented. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Make many X509_xxx types opaque.Rich Salz2016-04-151-1/+32
| | | | | | | | | Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Tidy up x509_vfy callback handlingViktor Dukhovni2016-04-031-2/+2
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Convert CRYPTO_LOCK_X509_* to new multi-threading APIAlessandro Ghedini2016-03-081-19/+37
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Move to REF_DEBUG, for consistency.Rich Salz2016-02-111-9/+2
| | | | | | | Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT This is also RT 4181 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove /* foo.c */ commentsRich Salz2016-01-261-1/+0
| | | | | | | | | | | | This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Remove useless locking codeAlessandro Ghedini2015-11-241-2/+0
| | | | | | | | | Follow-up to 070c233. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@akamai.com> GH: #454
* Continue standardising malloc style for libcryptoMatt Caswell2015-11-091-8/+13
| | | | | | | Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Remove useless codeAlessandro Ghedini2015-10-231-2/+0
| | | | | | | RT#4081 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Embed X509_CINFDr. Stephen Henson2015-09-161-3/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* X509_CRL_INFO embedDr. Stephen Henson2015-09-161-3/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* remove 0 assignments.Rich Salz2015-09-031-18/+2
| | | | | | | After openssl_zalloc, cleanup more "set to 0/NULL" assignments. Many are from github feedback. Reviewed-by: Tim Hudson <tjh@openssl.org>
* make X509_CRL opaqueDr. Stephen Henson2015-09-021-0/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add X509_up_ref function.Dr. Stephen Henson2015-08-311-3/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add X509_CRL_up_ref functionDr. Stephen Henson2015-08-311-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Use enum for X509_LOOKUP_TYPERich Salz2015-05-281-2/+6
| | | | | | | Using an enum with -Wswitch means all lookup routines handle all cases. Remove X509_LU_PKEY which was never used. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Identify and move common internal libcrypto header filesRichard Levitte2015-05-141-1/+1
| | | | | | | | | | | | | There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
* Use safer sizeof variant in mallocRich Salz2015-05-041-4/+4
| | | | | | | | | | | | | For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org>
* free NULL cleanup 5aRich Salz2015-04-301-2/+5
| | | | | | | | | Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_free X509_STORE_CTX_free X509_PKEY_free X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free Reviewed-by: Richard Levitte <levitte@openssl.org>
* remove malloc castsRich Salz2015-04-281-4/+4
| | | | | | | Following ANSI C rules, remove the casts from calls to OPENSSL_malloc and OPENSSL_realloc. Reviewed-by: Richard Levitte <levitte@openssl.org>
* util/mkstack.pl now generates entire safestack.hRich Salz2015-02-061-4/+0
| | | | | | | | | The mkstack.pl script now generates the entire safestack.h file. It generates output that follows the coding style. Also, removed all instances of the obsolete IMPLEMENT_STACK_OF macro. Reviewed-by: Andy Polyakov <appro@openssl.org>
* More comment realignmentmaster-post-reformatMatt Caswell2015-01-221-2/+2
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-613/+581
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* More indent fixes for STACK_OFMatt Caswell2015-01-221-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix indent issue with functions using STACK_OFMatt Caswell2015-01-221-2/+2
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Further comment changes for reformat (master)Matt Caswell2015-01-221-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* mark all block comments that need format preserving so thatTim Hudson2014-12-301-1/+2
| | | | | | | indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Don't use expired certificates if possible.Dr. Stephen Henson2014-05-251-4/+18
| | | | | | | | When looking for the issuer of a certificate, if current candidate is expired, continue looking. Only return an expired certificate if no valid certificates are found. PR#3359
* New functions to set lookup_crls callback and to retrieve internal X509_STOREDr. Stephen Henson2012-11-271-0/+11
| | | | from X509_STORE_CTX.
* Don't ignore (\!) reference count in X509_STORE_freeDr. Stephen Henson2012-07-191-0/+13
|
* Minor compatibility fixes.Andy Polyakov2012-04-161-1/+1
| | | | | PR: 2790 Submitted by: Alexei Khlebnikov
* Fix X509_STORE lockingBodo Möller2010-02-191-39/+44
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-22 11:59:57 +0000