summaryrefslogtreecommitdiffstats
path: root/crypto/asn1 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* asn1_string_to_time_t: Use timegm on FreeBSD.John Baldwin2022-03-031-0/+11
| | | | | | | | | | | | | | | | | | | | | FreeBSD does not provide a global timezone variable containing the offset to UTC. Instead, FreeBSD's libc includes a legacy timezone function dating back to Version 7 AT&T UNIX. As a result, asn1_string_to_time_t currently fails to compile on FreeBSD as it subtracts a function from a time_t value: ../crypto/asn1/a_time.c:625:37: error: invalid operands to binary expression ('time_t' (aka 'long') and 'char *(int, int)') timestamp_utc = timestamp_local - timezone; ~~~~~~~~~~~~~~~ ^ ~~~~~~~~ 1 error generated. However, FreeBSD's libc does include a non-standard (but widely available) timegm function which converts a struct tm directly to a UTC time_t value. Use this on FreeBSD instead of mktime. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17765)
* Add tests for do_updatedbArmin Fuerst2022-02-141-1/+39
| | | | | | | | | | | | Fixes #13944 Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests. Added function "asn1_string_to_time_t" including tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17645)
* Move e_os.h to include/internalRichard Levitte2022-02-052-2/+2
| | | | | | | | | | | | Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
* Fix malloc failure handling of X509_ALGOR_set0()Dr. David von Oheimb2022-01-142-29/+20
| | | | | | | Also update and slightly extend the respective documentation and simplify some code. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16251)
* asn1/x_algor.c: add internal ossl_X509_ALGOR_from_nid() simplifying codeDr. David von Oheimb2022-01-072-8/+24
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17363)
* Fix copyright year issuesBernd Edlinger2022-01-061-1/+1
| | | | | | | Fixes: #13765 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17427)
* sm2: fix {i2d,d2i}_PublicKey EC_KEY is EVP_PKEY_SM2zhaozg2022-01-052-2/+2
| | | | | | | | CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17389)
* Update troublesome copyright years of auto-generated files to 2022Dr. David von Oheimb2022-01-031-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17398)
* asn1_item_embed_d2i: fix th return checkPeiwei Hu2021-11-221-2/+2
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17028)
* d2i_PublicKey: Make it work with EC parameters in a provided keyTomas Mraz2021-11-221-3/+20
| | | | | | | Fixes #16989 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17065)
* Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string ↵Dr. David von Oheimb2021-11-173-15/+10
| | | | | | | has literal prefix Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
* Update copyright yearRichard Levitte2021-09-072-2/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16534) (cherry picked from commit 54d987b92ce57c1cc38c6d9b6bf879b003f4cbd4)
* Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass testsTomas Mraz2021-08-312-6/+12
| | | | | | | | Fixes #16428 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/16433)
* Avoid invoking memcpy if size is zero or the supplied buffer is NULLPaul Dreik2021-08-251-2/+6
| | | | | | | | | | | | | | This allows for passing a NULL pointer with zero max_len. Invoking memcpy on NULL is undefined behaviour, even if the size is zero. https://en.cppreference.com/w/c/string/byte/memcpy The function can now be queried for the necessary buffer length. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10541)
* Allow fuzz builds to detect string overrunsMatt Caswell2021-08-241-1/+11
| | | | | | | | | | If FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined then we don't NUL terminate ASN1_STRING datatypes. This shouldn't be necessary but we add it any for safety in normal builds. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David Benjamin <davidben@google.com>
* Fix NETSCAPE_SPKI_print function to not assume NUL terminated stringsMatt Caswell2021-08-241-1/+1
| | | | | | | | | | ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David Benjamin <davidben@google.com>
* asn.1: fix Coverity 1487104 Logically dead codePauli2021-07-131-4/+5
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16042)
* ASN.1: Refuse to encode to DER if non-optional items are missingRichard Levitte2021-07-101-9/+20
| | | | | | | Fixes #16026 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16036)
* Fix memory leak in i2d_ASN1_bio_streamOliver Mihatsch2021-07-022-0/+8
| | | | | | | | | | | | | | | | | | When creating a signed S/MIME message using SMIME_write_CMS() if the reading from the bio fails, the state is therefore still ASN1_STATE_START when BIO_flush() is called by i2d_ASN1_bio_stream(). This results in calling asn1_bio_flush_ex cleanup but will only reset retry flags as the state is not ASN1_STATE_POST_COPY. Therefore 48 bytes (Linux x86_64) leaked since the ndef_prefix_free / ndef_suffix_free callbacks are not executed and the ndef_aux structure is not freed. By always calling free function callback in asn1_bio_free() the memory leak is fixed. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14844)
* ossl_sk_ASN1_UTF8STRING2text(): Minor generalization and refactoring for ↵Dr. David von Oheimb2021-06-251-8/+9
| | | | | | | readability Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15879)
* asn1: properly clean up on failed BIO creationPauli2021-06-221-4/+5
| | | | | | | | Fixes coverity 1486070 through 1486077 and 1486079 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15841)
* asn1: fix indentationPauli2021-06-191-2/+2
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15824)
* crypto: repalce tabs with spacesPauli2021-06-191-3/+3
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15824)
* Update copyright yearMatt Caswell2021-06-174-4/+4
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15801)
* ASN1_parse_dump(): allow NULL BIO input, to simplify applications not ↵Dr. David von Oheimb2021-06-151-7/+8
| | | | | | | needing output Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15722)
* ASN1: rename asn1_par.c to asn1_parse.c for clarity; simplify asn1_parse2()Dr. David von Oheimb2021-06-152-11/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15722)
* Add support for ISO 8601 datetime formatWilliam Edmisten2021-06-111-5/+31
| | | | | | | | | | | | | | Fixes #5430 Added the configuration file option "date_opt" to the openssl applications ca, crl and x509. Added ASN1_TIME_print_ex which supports the new datetime format using the flag ASN1_DTFLGS_ISO8601 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14384)
* Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8Richard Levitte2021-06-092-2/+2
| | | | | | | | | | | | | | | | | | | This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo", which is sensible considering we already have "SubjectPublicKeyInfo". We also add "EncryptedPrivateKeyInfo", and use it for a special decoder that detects and decrypts an EncryptedPrivateKeyInfo structured DER blob into a PrivateKeyInfo structured DER blob and passes that on to the next decoder implementation. The result of this change is that PKCS#8 decryption should only happen once per decoding instead of once for every expected key type. Furthermore, this new decoder implementation sets the data type to the OID of the algorithmIdentifier field, thus reducing how many decoder implementations are tentativaly run further down the call chain. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15498)
* Actually use a legacy route in pem_read_bio_key_legacy()Matt Caswell2021-06-081-5/+5
| | | | | | | | | | The function pem_read_bio_key_legacy() is a fallback route if we failed to load a key via a provider. We should be using the legacy specific d2i functions to force legacy otherwise we end up using a provider anyway Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15504)
* Give ASN.1 objects the ability to report their libctx/propqMatt Caswell2021-06-051-4/+9
| | | | | | | | | | Some ASN.1 objects have an embedded libctx/propq. If they have one we give the ASN.1 code the ability to find these values and use them where needed. This is used for OSSL_CMP_MSG_dup() and X509_dup(). Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15591)
* Teach more of the ASN.1 code about libctx/propqMatt Caswell2021-06-055-45/+101
| | | | | | | | | | Make sure we pass libctx/propq down to all the layers so that objects that are created during parsing have the right values. Then use this new capability for PKCS7. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15591)
* Teach the ASN.1 code how to create embedded objects with libctx/propqMatt Caswell2021-06-051-11/+29
| | | | | | | | | | An ASN.1 object such as an X509 may have embedded objects in it such as an X509_PUBKEY. If there is a libctx/propq in use then we need to make sure we pass these down to the constructors of these embedded objects. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15591)
* Teach ASN1_item_verify_ctx() how to handle provided keysMatt Caswell2021-06-031-17/+44
| | | | | | | | | | We need to special case RSA-PSS because that uses X509_ALGOR style parameters and we have no support for this on the provider side at this stage. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15527)
* asn.1: remove TODOsPauli2021-06-021-2/+0
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15539)
* Rename all getters to use get/get0 in nameTomas Mraz2021-06-0110-25/+25
| | | | | | | | | | | | | | For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
* crypto: updates to pass size_t to RAND_bytes_ex()Pauli2021-06-011-5/+5
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15540)
* add zero strenght arguments to BN and RAND RNG callsPauli2021-05-293-4/+5
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15513)
* Rework and make DEBUG macros consistent.Rich Salz2021-05-281-3/+1
| | | | | | | | | | | | | | | | | | | | Remove unused -DCONF_DEBUG and -DBN_CTX_DEBUG. Rename REF_PRINT to REF_DEBUG for consistency, and add a new tracing category and use it for printing reference counts. Rename -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG Fix BN_DEBUG_RAND so it compiles and, when set, force DEBUG_RAND to be set also. Rename engine_debug_ref to be ENGINE_REF_PRINT also for consistency. Fixes #15357 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15353)
* Use <> for #include openssl/xxxRich Salz2021-05-271-2/+1
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15468)
* err: rename err_load_xxx_strings_int functionsPauli2021-05-261-1/+1
| | | | | | | | The new names are ossl_err_load_xxx_strings. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15446)
* Update copyright yearMatt Caswell2021-05-203-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15381)
* Make SMIME_read_CMS_ex() and SMIME_read_ASN1_ex() support binary inputDr. David von Oheimb2021-05-191-27/+55
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12959)
* ASN1: Fix i2d_provided() return valueRichard Levitte2021-05-151-1/+2
| | | | | | | | | | | | | i2d_provided() - which is the internal provider data function for i2d_KeyParams(), i2d_PrivateKey(), i2d_PublicKey() - didn't treat the returned length from OSSL_ENCODER_to_data() quite as well as it should have. A simple added flag that records the state of |*pp| before calling OSSL_ENCODER_to_data() fixes the problem. Fixes #14655 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/15277)
* check i2d_ASN1_TYPE return valuebonniegong2021-05-141-0/+2
| | | | | | | | | | add a length check to the return value of function i2d_ASN1_TYPE. Return an error instead of trying to malloc a negative number. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14828)
* Replace some of the ERR_clear_error() calls with mark callsTomas Mraz2021-05-132-4/+6
| | | | | | | | | Fixes #15219 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15253)
* Add ASN1_item_i2d_mem_bio(); document and improve also ASN1_item_d2i_bio()Dr. David von Oheimb2021-05-122-0/+20
| | | | | | | ASN1_item_d2i_bio(): Do not report errors in queue on BIO input being NULL Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15147)
* reduce surprise in choice of CASE/String/STRING by allowing all inputs to be ↵Michael Richardson2021-05-111-1/+2
| | | | | | | | | in any case Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14877)
* tasn_dec: use do/while around statement macrosBenjamin Kaduk2021-05-081-2/+2
| | | | | | | | | | Use the do {} while (0) construct around macros whose bodies are complete statements (including one that has internal control flow!). This is safer and avoids any risk of misinterpretation if the macro is used in an unexpected context. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15143)
* Add library context and property query support into the PKCS12 APIJon Spillett2021-04-303-21/+70
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
* asn1_lib.c: ASN1_put_object: Remove comment about "class 0".Scott McPeak2021-04-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | ASN1_put_object() was preceded by the nonsensical comment: /* * class 0 is constructed constructed == 2 for indefinite length constructed */ This is the result of concatenating two sentences in 0f113f3ee4d by automated reformatting. The first sentence, "class 0 is constructed", goes back to d02b48c63a, the import of SSLeay 0.8.1b. Even in that context, it made little sense; class 0 means "universal", not constructed, and there is no special significance to class 0 in this function in any case. Therefore I have simply removed that first sentence. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14998)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 23:51:56 +0100