#
1.25 |
|
24-Mar-2024 |
beck |
Convert libressl to use the BoringSSL style time conversions
This gets rid of our last uses of timegm and gmtime in the library and things that ship with it. It includes a bit of refactoring in ocsp_cl.c to remove some obvious ugly.
ok tb@
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.24 |
|
02-Mar-2024 |
tb |
Remove beck's ASN.1 time API from public visibility
This API was needed since OpenSSL didn't have one. We now have variants of OpenSSL's API and will also expose BoringSSL's complementary API. The users of this API were ported to the OpenSSL variants and some may switch to BoringSSL's in the future. Part of it is still used internally.
ASN1_time_tm_clamp_notafter() is still used by libtls (and only libtls). This will be fixed in a future bump.
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.23 |
|
08-Jul-2023 |
beck |
Hide symbols in cast, idea, and ocsp
ok tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.22 |
|
26-Dec-2022 |
jmc |
spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct
ok tb
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.21 |
|
07-Jan-2022 |
tb |
Add an essentially empty ocsp_local.h and include it in the files that will need it in the upcoming bump.
discussed with jsing
|
#
1.20 |
|
24-Nov-2021 |
tb |
Fix a whitespace error that has annoyed me for way too long
|
#
1.19 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.18 |
|
24-Oct-2021 |
tb |
Prepare to provide a bunch of OCSP_resp_* getters.
ok beck jsing
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.17 |
|
09-Oct-2020 |
tb |
Fix leak or double free with OCSP_request_add0_id()
On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed).
The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function.
Found while reviewing an upcoming diff by beck.
ok jsing
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.16 |
|
25-Nov-2018 |
jmc |
spelling; from miod
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.15 |
|
17-Mar-2018 |
jsing |
Provide OCSP_SINGLERESP_get0_id().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
30-Dec-2016 |
jsing |
Expand ASN1_ITEM_rptr macros - no change in generated assembly.
|
#
1.12 |
|
04-Nov-2016 |
beck |
make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
|
#
1.11 |
|
16-Jul-2016 |
beck |
Clean up OCSP_check_validity() a bit more. - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
|
#
1.10 |
|
05-Jul-2016 |
beck |
remove unneeded duplicate call - spotted by jsing@
|
#
1.9 |
|
25-Jun-2016 |
beck |
Fix the ocsp code to actually check for errors when comparing time values which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
|
#
1.8 |
|
18-Oct-2014 |
jsing |
branches: 1.8.2; 1.8.6; None of these need to include <openssl/rand.h>
|
#
1.7 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
18-May-2014 |
jsing |
More KNF.
|
#
1.4 |
|
17-May-2014 |
miod |
KNF
|
#
1.3 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.2 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.1 |
|
15-May-2002 |
beck |
branches: 1.1.1; OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.24 |
|
02-Mar-2024 |
tb |
Remove beck's ASN.1 time API from public visibility
This API was needed since OpenSSL didn't have one. We now have variants of OpenSSL's API and will also expose BoringSSL's complementary API. The users of this API were ported to the OpenSSL variants and some may switch to BoringSSL's in the future. Part of it is still used internally.
ASN1_time_tm_clamp_notafter() is still used by libtls (and only libtls). This will be fixed in a future bump.
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.23 |
|
08-Jul-2023 |
beck |
Hide symbols in cast, idea, and ocsp
ok tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.22 |
|
26-Dec-2022 |
jmc |
spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct
ok tb
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.21 |
|
07-Jan-2022 |
tb |
Add an essentially empty ocsp_local.h and include it in the files that will need it in the upcoming bump.
discussed with jsing
|
#
1.20 |
|
24-Nov-2021 |
tb |
Fix a whitespace error that has annoyed me for way too long
|
#
1.19 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.18 |
|
24-Oct-2021 |
tb |
Prepare to provide a bunch of OCSP_resp_* getters.
ok beck jsing
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.17 |
|
09-Oct-2020 |
tb |
Fix leak or double free with OCSP_request_add0_id()
On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed).
The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function.
Found while reviewing an upcoming diff by beck.
ok jsing
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.16 |
|
25-Nov-2018 |
jmc |
spelling; from miod
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.15 |
|
17-Mar-2018 |
jsing |
Provide OCSP_SINGLERESP_get0_id().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
30-Dec-2016 |
jsing |
Expand ASN1_ITEM_rptr macros - no change in generated assembly.
|
#
1.12 |
|
04-Nov-2016 |
beck |
make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
|
#
1.11 |
|
16-Jul-2016 |
beck |
Clean up OCSP_check_validity() a bit more. - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
|
#
1.10 |
|
05-Jul-2016 |
beck |
remove unneeded duplicate call - spotted by jsing@
|
#
1.9 |
|
25-Jun-2016 |
beck |
Fix the ocsp code to actually check for errors when comparing time values which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
|
#
1.8 |
|
18-Oct-2014 |
jsing |
branches: 1.8.2; 1.8.6; None of these need to include <openssl/rand.h>
|
#
1.7 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
18-May-2014 |
jsing |
More KNF.
|
#
1.4 |
|
17-May-2014 |
miod |
KNF
|
#
1.3 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.2 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.1 |
|
15-May-2002 |
beck |
branches: 1.1.1; OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.23 |
|
08-Jul-2023 |
beck |
Hide symbols in cast, idea, and ocsp
ok tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.22 |
|
26-Dec-2022 |
jmc |
spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct
ok tb
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.21 |
|
07-Jan-2022 |
tb |
Add an essentially empty ocsp_local.h and include it in the files that will need it in the upcoming bump.
discussed with jsing
|
#
1.20 |
|
24-Nov-2021 |
tb |
Fix a whitespace error that has annoyed me for way too long
|
#
1.19 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.18 |
|
24-Oct-2021 |
tb |
Prepare to provide a bunch of OCSP_resp_* getters.
ok beck jsing
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.17 |
|
09-Oct-2020 |
tb |
Fix leak or double free with OCSP_request_add0_id()
On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed).
The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function.
Found while reviewing an upcoming diff by beck.
ok jsing
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.16 |
|
25-Nov-2018 |
jmc |
spelling; from miod
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.15 |
|
17-Mar-2018 |
jsing |
Provide OCSP_SINGLERESP_get0_id().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
30-Dec-2016 |
jsing |
Expand ASN1_ITEM_rptr macros - no change in generated assembly.
|
#
1.12 |
|
04-Nov-2016 |
beck |
make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
|
#
1.11 |
|
16-Jul-2016 |
beck |
Clean up OCSP_check_validity() a bit more. - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
|
#
1.10 |
|
05-Jul-2016 |
beck |
remove unneeded duplicate call - spotted by jsing@
|
#
1.9 |
|
25-Jun-2016 |
beck |
Fix the ocsp code to actually check for errors when comparing time values which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
|
#
1.8 |
|
18-Oct-2014 |
jsing |
branches: 1.8.2; 1.8.6; None of these need to include <openssl/rand.h>
|
#
1.7 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
18-May-2014 |
jsing |
More KNF.
|
#
1.4 |
|
17-May-2014 |
miod |
KNF
|
#
1.3 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.2 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.1 |
|
15-May-2002 |
beck |
branches: 1.1.1; OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.22 |
|
26-Dec-2022 |
jmc |
spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct
ok tb
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.21 |
|
07-Jan-2022 |
tb |
Add an essentially empty ocsp_local.h and include it in the files that will need it in the upcoming bump.
discussed with jsing
|
#
1.20 |
|
24-Nov-2021 |
tb |
Fix a whitespace error that has annoyed me for way too long
|
#
1.19 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.18 |
|
24-Oct-2021 |
tb |
Prepare to provide a bunch of OCSP_resp_* getters.
ok beck jsing
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.17 |
|
09-Oct-2020 |
tb |
Fix leak or double free with OCSP_request_add0_id()
On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed).
The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function.
Found while reviewing an upcoming diff by beck.
ok jsing
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.16 |
|
25-Nov-2018 |
jmc |
spelling; from miod
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.15 |
|
17-Mar-2018 |
jsing |
Provide OCSP_SINGLERESP_get0_id().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
30-Dec-2016 |
jsing |
Expand ASN1_ITEM_rptr macros - no change in generated assembly.
|
#
1.12 |
|
04-Nov-2016 |
beck |
make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
|
#
1.11 |
|
16-Jul-2016 |
beck |
Clean up OCSP_check_validity() a bit more. - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
|
#
1.10 |
|
05-Jul-2016 |
beck |
remove unneeded duplicate call - spotted by jsing@
|
#
1.9 |
|
25-Jun-2016 |
beck |
Fix the ocsp code to actually check for errors when comparing time values which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
|
#
1.8 |
|
18-Oct-2014 |
jsing |
branches: 1.8.2; 1.8.6; None of these need to include <openssl/rand.h>
|
#
1.7 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
18-May-2014 |
jsing |
More KNF.
|
#
1.4 |
|
17-May-2014 |
miod |
KNF
|
#
1.3 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.2 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.1 |
|
15-May-2002 |
beck |
branches: 1.1.1; OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.21 |
|
07-Jan-2022 |
tb |
Add an essentially empty ocsp_local.h and include it in the files that will need it in the upcoming bump.
discussed with jsing
|
#
1.20 |
|
24-Nov-2021 |
tb |
Fix a whitespace error that has annoyed me for way too long
|
#
1.19 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.18 |
|
24-Oct-2021 |
tb |
Prepare to provide a bunch of OCSP_resp_* getters.
ok beck jsing
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.17 |
|
09-Oct-2020 |
tb |
Fix leak or double free with OCSP_request_add0_id()
On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed).
The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function.
Found while reviewing an upcoming diff by beck.
ok jsing
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.16 |
|
25-Nov-2018 |
jmc |
spelling; from miod
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.15 |
|
17-Mar-2018 |
jsing |
Provide OCSP_SINGLERESP_get0_id().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
30-Dec-2016 |
jsing |
Expand ASN1_ITEM_rptr macros - no change in generated assembly.
|
#
1.12 |
|
04-Nov-2016 |
beck |
make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
|
#
1.11 |
|
16-Jul-2016 |
beck |
Clean up OCSP_check_validity() a bit more. - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
|
#
1.10 |
|
05-Jul-2016 |
beck |
remove unneeded duplicate call - spotted by jsing@
|
#
1.9 |
|
25-Jun-2016 |
beck |
Fix the ocsp code to actually check for errors when comparing time values which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
|
#
1.8 |
|
18-Oct-2014 |
jsing |
branches: 1.8.2; 1.8.6; None of these need to include <openssl/rand.h>
|
#
1.7 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
18-May-2014 |
jsing |
More KNF.
|
#
1.4 |
|
17-May-2014 |
miod |
KNF
|
#
1.3 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.2 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.1 |
|
15-May-2002 |
beck |
branches: 1.1.1; OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.20 |
|
24-Nov-2021 |
tb |
Fix a whitespace error that has annoyed me for way too long
|
#
1.19 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.18 |
|
24-Oct-2021 |
tb |
Prepare to provide a bunch of OCSP_resp_* getters.
ok beck jsing
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.17 |
|
09-Oct-2020 |
tb |
Fix leak or double free with OCSP_request_add0_id()
On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed).
The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function.
Found while reviewing an upcoming diff by beck.
ok jsing
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.16 |
|
25-Nov-2018 |
jmc |
spelling; from miod
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.15 |
|
17-Mar-2018 |
jsing |
Provide OCSP_SINGLERESP_get0_id().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
30-Dec-2016 |
jsing |
Expand ASN1_ITEM_rptr macros - no change in generated assembly.
|
#
1.12 |
|
04-Nov-2016 |
beck |
make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
|
#
1.11 |
|
16-Jul-2016 |
beck |
Clean up OCSP_check_validity() a bit more. - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
|
#
1.10 |
|
05-Jul-2016 |
beck |
remove unneeded duplicate call - spotted by jsing@
|
#
1.9 |
|
25-Jun-2016 |
beck |
Fix the ocsp code to actually check for errors when comparing time values which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
|
#
1.8 |
|
18-Oct-2014 |
jsing |
branches: 1.8.2; 1.8.6; None of these need to include <openssl/rand.h>
|
#
1.7 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
18-May-2014 |
jsing |
More KNF.
|
#
1.4 |
|
17-May-2014 |
miod |
KNF
|
#
1.3 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.2 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.1 |
|
15-May-2002 |
beck |
branches: 1.1.1; OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.19 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.18 |
|
24-Oct-2021 |
tb |
Prepare to provide a bunch of OCSP_resp_* getters.
ok beck jsing
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.17 |
|
09-Oct-2020 |
tb |
Fix leak or double free with OCSP_request_add0_id()
On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed).
The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function.
Found while reviewing an upcoming diff by beck.
ok jsing
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.16 |
|
25-Nov-2018 |
jmc |
spelling; from miod
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.15 |
|
17-Mar-2018 |
jsing |
Provide OCSP_SINGLERESP_get0_id().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
30-Dec-2016 |
jsing |
Expand ASN1_ITEM_rptr macros - no change in generated assembly.
|
#
1.12 |
|
04-Nov-2016 |
beck |
make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
|
#
1.11 |
|
16-Jul-2016 |
beck |
Clean up OCSP_check_validity() a bit more. - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
|
#
1.10 |
|
05-Jul-2016 |
beck |
remove unneeded duplicate call - spotted by jsing@
|
#
1.9 |
|
25-Jun-2016 |
beck |
Fix the ocsp code to actually check for errors when comparing time values which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
|
#
1.8 |
|
18-Oct-2014 |
jsing |
branches: 1.8.2; 1.8.6; None of these need to include <openssl/rand.h>
|
#
1.7 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
18-May-2014 |
jsing |
More KNF.
|
#
1.4 |
|
17-May-2014 |
miod |
KNF
|
#
1.3 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.2 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.1 |
|
15-May-2002 |
beck |
branches: 1.1.1; OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.18 |
|
24-Oct-2021 |
tb |
Prepare to provide a bunch of OCSP_resp_* getters.
ok beck jsing
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.17 |
|
09-Oct-2020 |
tb |
Fix leak or double free with OCSP_request_add0_id()
On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed).
The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function.
Found while reviewing an upcoming diff by beck.
ok jsing
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.16 |
|
25-Nov-2018 |
jmc |
spelling; from miod
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.15 |
|
17-Mar-2018 |
jsing |
Provide OCSP_SINGLERESP_get0_id().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
30-Dec-2016 |
jsing |
Expand ASN1_ITEM_rptr macros - no change in generated assembly.
|
#
1.12 |
|
04-Nov-2016 |
beck |
make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
|
#
1.11 |
|
16-Jul-2016 |
beck |
Clean up OCSP_check_validity() a bit more. - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
|
#
1.10 |
|
05-Jul-2016 |
beck |
remove unneeded duplicate call - spotted by jsing@
|
#
1.9 |
|
25-Jun-2016 |
beck |
Fix the ocsp code to actually check for errors when comparing time values which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
|
#
1.8 |
|
18-Oct-2014 |
jsing |
branches: 1.8.2; 1.8.6; None of these need to include <openssl/rand.h>
|
#
1.7 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
18-May-2014 |
jsing |
More KNF.
|
#
1.4 |
|
17-May-2014 |
miod |
KNF
|
#
1.3 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.2 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.1 |
|
15-May-2002 |
beck |
branches: 1.1.1; OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.17 |
|
09-Oct-2020 |
tb |
Fix leak or double free with OCSP_request_add0_id()
On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed).
The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function.
Found while reviewing an upcoming diff by beck.
ok jsing
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.16 |
|
25-Nov-2018 |
jmc |
spelling; from miod
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.15 |
|
17-Mar-2018 |
jsing |
Provide OCSP_SINGLERESP_get0_id().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
30-Dec-2016 |
jsing |
Expand ASN1_ITEM_rptr macros - no change in generated assembly.
|
#
1.12 |
|
04-Nov-2016 |
beck |
make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
|
#
1.11 |
|
16-Jul-2016 |
beck |
Clean up OCSP_check_validity() a bit more. - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
|
#
1.10 |
|
05-Jul-2016 |
beck |
remove unneeded duplicate call - spotted by jsing@
|
#
1.9 |
|
25-Jun-2016 |
beck |
Fix the ocsp code to actually check for errors when comparing time values which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
|
#
1.8 |
|
18-Oct-2014 |
jsing |
branches: 1.8.2; 1.8.6; None of these need to include <openssl/rand.h>
|
#
1.7 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
18-May-2014 |
jsing |
More KNF.
|
#
1.4 |
|
17-May-2014 |
miod |
KNF
|
#
1.3 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.2 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.1 |
|
15-May-2002 |
beck |
branches: 1.1.1; OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.16 |
|
25-Nov-2018 |
jmc |
spelling; from miod
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.15 |
|
17-Mar-2018 |
jsing |
Provide OCSP_SINGLERESP_get0_id().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
30-Dec-2016 |
jsing |
Expand ASN1_ITEM_rptr macros - no change in generated assembly.
|
#
1.12 |
|
04-Nov-2016 |
beck |
make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
|
#
1.11 |
|
16-Jul-2016 |
beck |
Clean up OCSP_check_validity() a bit more. - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
|
#
1.10 |
|
05-Jul-2016 |
beck |
remove unneeded duplicate call - spotted by jsing@
|
#
1.9 |
|
25-Jun-2016 |
beck |
Fix the ocsp code to actually check for errors when comparing time values which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
|
#
1.8 |
|
18-Oct-2014 |
jsing |
branches: 1.8.2; 1.8.6; None of these need to include <openssl/rand.h>
|
#
1.7 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
18-May-2014 |
jsing |
More KNF.
|
#
1.4 |
|
17-May-2014 |
miod |
KNF
|
#
1.3 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.2 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.1 |
|
15-May-2002 |
beck |
branches: 1.1.1; OpenSSL 0.9.7 stable 2002 05 08 merge
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
17-Mar-2018 |
jsing |
Provide OCSP_SINGLERESP_get0_id().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
30-Dec-2016 |
jsing |
Expand ASN1_ITEM_rptr macros - no change in generated assembly.
|
#
1.12 |
|
04-Nov-2016 |
beck |
make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
|
#
1.11 |
|
16-Jul-2016 |
beck |
Clean up OCSP_check_validity() a bit more. - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
|
#
1.10 |
|
05-Jul-2016 |
beck |
remove unneeded duplicate call - spotted by jsing@
|
#
1.9 |
|
25-Jun-2016 |
beck |
Fix the ocsp code to actually check for errors when comparing time values which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
|
#
1.8 |
|
18-Oct-2014 |
jsing |
branches: 1.8.2; 1.8.6; None of these need to include <openssl/rand.h>
|
#
1.7 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
18-May-2014 |
jsing |
More KNF.
|
#
1.4 |
|
17-May-2014 |
miod |
KNF
|
#
1.3 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.2 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.1 |
|
15-May-2002 |
beck |
branches: 1.1.1; OpenSSL 0.9.7 stable 2002 05 08 merge
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
30-Dec-2016 |
jsing |
Expand ASN1_ITEM_rptr macros - no change in generated assembly.
|
#
1.12 |
|
04-Nov-2016 |
beck |
make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
|
#
1.11 |
|
16-Jul-2016 |
beck |
Clean up OCSP_check_validity() a bit more. - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
|
#
1.10 |
|
05-Jul-2016 |
beck |
remove unneeded duplicate call - spotted by jsing@
|
#
1.9 |
|
25-Jun-2016 |
beck |
Fix the ocsp code to actually check for errors when comparing time values which was not being done due to a lack of checking of the return code for X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because this is what is specified by RFC6960.
Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp> ok bcook@
|
#
1.8 |
|
18-Oct-2014 |
jsing |
branches: 1.8.2; 1.8.6; None of these need to include <openssl/rand.h>
|
#
1.7 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
18-May-2014 |
jsing |
More KNF.
|
#
1.4 |
|
17-May-2014 |
miod |
KNF
|
#
1.3 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.2 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.1 |
|
15-May-2002 |
beck |
branches: 1.1.1; OpenSSL 0.9.7 stable 2002 05 08 merge
|