1061 commits

Author	SHA1	Message	Date
FdaSilvaYY	0fe9123687	Constify a bit X509_NAME_get_entry ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-08-23 11:47:22 +02:00
FdaSilvaYY	9f5466b9b8	Constify some X509_NAME, ASN1 printing code ... ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-08-23 11:47:22 +02:00
FdaSilvaYY	a026fbf977	Constify some inputs buffers ... remove useless cast to call ASN1_STRING_set Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-08-23 11:47:22 +02:00
FdaSilvaYY	35da893f86	Constify ASN1_PCTX_* ... ... add a static keyword. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-08-23 11:47:22 +02:00
Matt Caswell	030648cea9	Ensure the mime_hdr_free function can handle NULLs ... Sometimes it is called with a NULL pointer Reviewed-by: Tim Hudson <tjh@openssl.org>	2016-08-23 00:19:15 +01:00
Dr. Stephen Henson	0b7347effe	Add X509_getm_notBefore, X509_getm_notAfter ... Add mutable versions of X509_get0_notBefore and X509_get0_notAfter. Rename X509_SIG_get0_mutable to X509_SIG_getm. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>	2016-08-21 18:25:23 +01:00
Kurt Roeckx	a73be798ce	Fix off by 1 in ASN1_STRING_set() ... Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #3176	2016-08-20 18:53:56 +02:00
Dr. Stephen Henson	095d2f0f8a	Constify i2a* ... Reviewed-by: Rich Salz <rsalz@openssl.org>	2016-08-18 17:20:36 +01:00
Matt Caswell	604f6eff31	Convert X509_REVOKED* functions to use const getters ... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>	2016-08-18 11:59:39 +01:00
Dr. Stephen Henson	59b4da05b4	Constify X509_SIG. ... Constify X509_SIG_get0() and order arguments to mactch new standard. Add X509_SIG_get0_mutable() to support modification or initialisation of an X509_SIG structure. Reviewed-by: Matt Caswell <matt@openssl.org>	2016-08-17 17:48:43 +01:00
Dr. Stephen Henson	8900f3e398	Convert X509* functions to use const getters ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-08-17 13:59:04 +01:00
Dr. Stephen Henson	245c6bc33b	Constify private key decode. ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-08-17 12:01:29 +01:00
Dr. Stephen Henson	ac4e257747	constify X509_ALGOR_get0() ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-08-17 12:01:29 +01:00
Dr. Stephen Henson	0c8006480f	Constify ASN1_item_unpack(). ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-08-17 12:01:29 +01:00
Matt Caswell	b2e57e094d	Convert PKCS8* functions to use const getters ... Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>	2016-08-16 23:36:27 +01:00
Dr. Stephen Henson	17ebf85abd	Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data(). ... Deprecate the function ASN1_STRING_data() and replace with a new function ASN1_STRING_get0_data() which returns a constant pointer. Update library to use new function. Reviewed-by: Rich Salz <rsalz@openssl.org>	2016-08-16 16:05:35 +01:00
Dr. Stephen Henson	8b9afbc0fc	Check for errors in a2d_ASN1_OBJECT() ... Check for error return in BN_div_word(). Reviewed-by: Tim Hudson <tjh@openssl.org>	2016-08-16 00:19:19 +01:00
Dr. Stephen Henson	262bd85fde	Add X25519 methods to internal tables ... Reviewed-by: Rich Salz <rsalz@openssl.org>	2016-08-13 14:11:04 +01:00
klemens	6025001707	spelling fixes, just comments and readme. ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1413)	2016-08-05 19:07:30 -04:00
Dr. Stephen Henson	3dc87806ce	Free buffer in a2i_ASN1_INTEGER() on error path. ... Thank to Shi Lei for reporting this bug. Reviewed-by: Rich Salz <rsalz@openssl.org>	2016-08-05 16:36:17 +01:00
FdaSilvaYY	f48ebf9f4c	Constify ASN1_INTEGER_get, ASN1_ENUMERATED_get ... Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-08-04 17:02:48 +02:00
Dr. Stephen Henson	56f9953c84	Check for overlows and error return from ASN1_object_size() ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-08-02 13:40:32 +01:00
Dr. Stephen Henson	e9f17097e9	Check for overflows in ASN1_object_size(). ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-08-02 13:40:32 +01:00
FdaSilvaYY	d3d5dc607a	Enforce and explicit some const casting ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)	2016-07-25 08:20:00 -04:00
FdaSilvaYY	e83f154f6c	Constify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT. ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)	2016-07-25 08:20:00 -04:00
FdaSilvaYY	dbf89a9b94	Constify ASN1_buf_print ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)	2016-07-25 08:20:00 -04:00
FdaSilvaYY	08275a29c1	Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ASN1_TYPE_get_octetstring & co... ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)	2016-07-25 08:20:00 -04:00
Kurt Roeckx	1618679ac4	Cast to an unsigned type before negating ... llvm's ubsan reported: runtime error: negation of -9223372036854775808 cannot be represented in type 'long'; cast to an unsigned type to negate this value to itself Found using afl Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1325	2016-07-20 19:25:16 +02:00
Kurt Roeckx	69588edbaa	Check for errors allocating the error strings. ... Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #1330	2016-07-20 19:20:53 +02:00
Dr. Stephen Henson	ad72d9fdf7	Check and print out boolean type properly. ... If underlying type is boolean don't check field is NULL. Reviewed-by: Rich Salz <rsalz@openssl.org>	2016-07-19 02:33:05 +01:00
Dr. Stephen Henson	3cea73a7fc	Fix print of ASN.1 BIGNUM type. ... The ASN.1 BIGNUM type needs to be handled in a custom way as it is not a generic ASN1_STRING type. Reviewed-by: Rich Salz <rsalz@openssl.org>	2016-07-18 17:53:05 +01:00
Kurt Roeckx	5e3553c2de	Return error when trying to print invalid ASN1 integer ... Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1322	2016-07-16 21:51:49 +02:00
Dr. Stephen Henson	5bd5dcd496	Add nameConstraints commonName checking. ... New hostname checking function asn1_valid_host() Check commonName entries against nameConstraints: any CN components in EE certificate which look like hostnames are checked against nameConstraints. Note that RFC5280 et al only require checking subject alt name against DNS name constraints. Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-07-11 23:30:04 +01:00
Dr. Stephen Henson	b385889640	Don't indicate errors during initial adb decode. ... Reviewed-by: Tim Hudson <tjh@openssl.org>	2016-07-06 02:41:14 +01:00
FdaSilvaYY	68efafc513	Add checks on sk_TYPE_push() returned value ... Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>	2016-07-05 17:45:50 +01:00
FdaSilvaYY	02e112a885	Whitespace cleanup in crypto ... Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1264)	2016-06-29 09:56:39 -04:00
Kurt Roeckx	5bea15ebb3	Avoid signed overflow ... Found by afl Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #3013	2016-06-24 18:17:10 +02:00
Matt Caswell	d6079a87db	Fix ASN1_STRING_to_UTF8 could not convert NumericString ... tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy supports NumericString. tag2nbyte is also used in do_print_ex which will not be broken by setting 1 at 18th position of tag2nbyte Reviewed-by: Stephen Henson <steve@openssl.org>	2016-06-23 20:49:43 +01:00
FdaSilvaYY	687b486859	Rework error handling from asn1_do_lock method. ... Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>	2016-06-23 14:00:47 +01:00
FdaSilvaYY	f430ba31ac	Spelling... and more spelling ... Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1245)	2016-06-22 00:26:10 +02:00
Kurt Roeckx	5388b8d4e8	Avoid creating an illegal pointer. ... Found by tis-interpreter Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1230	2016-06-21 20:55:54 +02:00
Rich Salz	7f96f15bcf	Fix build break. ... Aggregate local initializers are rarely portable (: Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-06-16 14:22:58 -04:00
FdaSilvaYY	bd227450d4	Constify asn1/asn_mime.c ... Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1215)	2016-06-15 13:22:38 -04:00
FdaSilvaYY	fa3a84422d	Constify some input buffers in asn1 ... Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1215)	2016-06-15 13:22:38 -04:00
Richard Levitte	fdcb499cc2	Change (!seqtt) to (seqtt == NULL) ... Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>	2016-06-15 01:36:11 +02:00
Richard Levitte	bace847eae	Always check that the value returned by asn1_do_adb() is non-NULL ... Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>	2016-06-15 01:36:11 +02:00
Dr. Stephen Henson	7c46746bf2	Fix omitted selector handling. ... The selector field could be omitted because it has a DEFAULT value. In this case *sfld == NULL (sfld can never be NULL). This was not noticed because this was never used in existing ASN.1 modules. Reviewed-by: Rich Salz <rsalz@openssl.org>	2016-06-14 19:15:51 +01:00
Matt Caswell	036e61b166	Free memory on an error path ... The function a2i_ASN1_STRING can encounter an error after already allocating a buffer. It wasn't always freeing that buffer on error. Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-06-14 11:45:34 +01:00
Kurt Roeckx	8c918b7b9c	Avoid creating an illegal pointer. ... Found by tis-interpreter Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1166	2016-06-11 16:43:48 +02:00
FdaSilvaYY	009951d24d	Constify ASN1_generate_nconf ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)	2016-06-04 21:30:41 -04:00