summaryrefslogtreecommitdiff
path: root/crypto/x509/x509_req.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix regression in i2d_re_X509_REQ_tbs()Tomas Mraz2022-10-051-3/+1
| | | | | | | | | | | This fixes regression from commit 8e39049. There is also no point in setting the modified flag after just calling i2d. Fixes #19297 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19299)
* Stop raising ERR_R_MALLOC_FAILURE in most placesRichard Levitte2022-10-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
* crypto/x509/{x509_req,x_all}.c: add some NULL parameter checks, improve ↵Dr. David von Oheimb2022-09-101-4/+32
| | | | | | | | coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19090)
* X509 x509_req.c: Set 'modified' flag when X509_req_info_st member data updatedGibeom Gwon2022-09-101-16/+24
| | | | | | | | | We need to reencode X509_req_info_st if member data updated. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19090)
* X509: clean up doc and implementation of X509{,_REQ}_check_private_key()Dr. David von Oheimb2022-08-241-22/+3
| | | | | | | | | Also constify X509_REQ_get0_pubkey() and X509_REQ_check_private_key(). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18930)
* x509_att.c: improve error checking and reporting and coding styleDr. David von Oheimb2022-08-241-1/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18931)
* X509_REQ_get_extensions: add error queue entry on ill-formed extensions ↵Dr. David von Oheimb2022-08-241-1/+3
| | | | | | | | | attribute Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18931)
* Fix usages of const EVP_MD.Shane Lontis2021-03-221-1/+1
| | | | | | | | Partially fixes #13837 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14474)
* Update copyright yearRichard Levitte2021-01-281-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
* X509_REQ_get_extensions(): Return empty stack if no extensions foundDr. David von Oheimb2021-01-211-1/+3
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13841)
* constify X509_REQ_add_extensions() and X509_REQ_add_extensions_nid()Dr. David von Oheimb2021-01-201-5/+5
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13711)
* Drop unnecessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_ECRichard Levitte2020-12-161-13/+0
| | | | | | | The apps, the CMS library and the X.509 library are primarly affected. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13589)
* Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() callRichard Levitte2020-11-131-8/+6
| | | | | | | | | | This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
* Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to ↵Dr. David von Oheimb2020-05-271-1/+1
| | | | | | | EVP_PKEY_parameters_eq() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11953)
* Update copyright yearMatt Caswell2020-04-231-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
* Add setter equivalents to X509_REQ_get0_signatureDirk-Willem van Gulik2020-04-211-0/+12
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10563)
* Reorganize private crypto header filesDr. Matthias St. Pierre2019-09-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
* Following the license change, modify the boilerplates in crypto/x509/Richard Levitte2018-12-061-1/+1
| | | | | | | [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7824)
* Remove parentheses of return.KaoruToda2017-10-181-7/+7
| | | | | | | | | Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
* constify X509_REQ_get0_signature()Dr. Stephen Henson2016-08-191-2/+2
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Constify some ASN1_OBJECT *obj input parametersFdaSilvaYY2016-08-041-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify some X509_CRL, X509_REQ functions.Dr. Stephen Henson2016-08-011-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Copyright consolidation 09/10Rich Salz2016-05-171-54/+6
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add X509_REQ_get0_pubkey methodFdaSilvaYY2016-04-041-0/+7
| | | | | Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove /* foo.c */ commentsRich Salz2016-01-261-1/+0
| | | | | | | | | | | | This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* make EVP_PKEY opaqueDr. Stephen Henson2016-01-201-2/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Use X509_get0_pubkey where appropriateDr. Stephen Henson2015-12-311-2/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* New accessor X509_REQ_get_X509_PUBKEY()Dr. Stephen Henson2015-09-221-0/+5
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* typoDr. Stephen Henson2015-09-221-2/+2
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Add accessors for request and CRL signaturesDr. Stephen Henson2015-09-221-0/+20
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Embed X509_REQ_INFODr. Stephen Henson2015-09-161-15/+15
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* make X509_REQ opaqueDr. Stephen Henson2015-08-311-0/+11
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Identify and move common internal libcrypto header filesRichard Levitte2015-05-141-1/+1
| | | | | | | | | | | | | There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
* remove malloc castsRich Salz2015-04-281-1/+1
| | | | | | | Following ANSI C rules, remove the casts from calls to OPENSSL_malloc and OPENSSL_realloc. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Make X509_ATTRIBUTE opaque.Dr. Stephen Henson2015-03-161-34/+11
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Check public key is not NULL.Dr. Stephen Henson2015-03-021-0/+2
| | | | | | | CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell <matt@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-174/+184
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Support for certificate status TLS extension.Dr. Stephen Henson2007-09-261-4/+0
|
* Finish gcc 4.2 changes.Dr. Stephen Henson2007-06-071-16/+12
|
* allocate a new attributes entry in X509_REQ_add_extensions()Nils Larsch2006-12-041-0/+5
| | | | | | | if it's NULL (in case of a malformed pkcs10 request) PR: 1347 Submitted by: Remo Inverardi <invi@your.toilet.ch>
* When looking for request extensions in a certificate look firstDr. Stephen Henson2004-09-101-16/+16
| | | | for the PKCS#9 OID then the non standard MS OID.
* Constify d2i, s2i, c2i and r2i functions and other associatedRichard Levitte2004-03-151-1/+2
| | | | | | | | functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.
* Add functionality to help making self-signed certificate.Richard Levitte2003-04-031-0/+40
|
* Add support for MS CSP Name PKCS#12 attribute.Dr. Stephen Henson2001-06-111-5/+5
|
* Merge from the ASN1 branch of new ASN1 codeDr. Stephen Henson2000-12-081-3/+3
| | | | | | to main trunk. Lets see if the makes it to openssl-cvs :-)
* There have been a number of complaints from a number of sources that namesRichard Levitte2000-06-011-3/+3
| | | | | | | | | like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. This change includes all the name changes needed throughout all C files.
* Rename functions for new convention.Dr. Stephen Henson2000-02-261-8/+8
|
* ispell (and minor modifications)Ulf Möller2000-02-031-1/+1
|
* Rename X509_att*() stuff to X509at_*(), add X509_REQ wrappers.Dr. Stephen Henson2000-01-191-0/+62
|
* Initial trust code: allow setting of trust checking functionsDr. Stephen Henson1999-11-271-1/+1
| | | | | | | | | | | | | in a table. Doesn't do too much yet. Make the -<digestname> options in 'x509' affect all relevant options. Change the name of the 'notrust' options to 'reject' as this causes less confusion and is a better description of the effect. A few constification changes.
View Lorry Controller Status