mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,222 Commits 34 Branches 385 Tags 513 MiB
4032cd9a14
Commit Graph

8 Commits

Author SHA1 Message Date
Pauli
efe0222f5c x509: sort stacks before finds 
x509_trust.c, x509_vpm.c and v3_lib.c don't have a lock for their sorts.
This is no worse than the existing code which sorted silently without locks.

Addition is quadratic time in by_dir.c and v3_purp.c.  However, this
is an improvement over the older O(n^2 log n) code where each find also
sorted the stack.  Also note that v3_purp.c is limited to a maximum of
10 items, so quadratic behaviour isn't terrible.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20842)
 2023-05-01 17:14:42 +10:00
Richard Levitte
e077455e9e Stop raising ERR_R_MALLOC_FAILURE in most places 
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called.  Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
 2022-10-05 14:02:03 +02:00
Dr. David von Oheimb
0ce8271c20 X509{,_LOOKUP}: Improve distinction between not found and fatal/internal error 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14417)
 2022-05-04 16:25:44 +02:00
Matt Caswell
fecb3aae22 Update copyright year 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
 2022-05-03 13:34:51 +01:00
Pauli
7b3041eba1 x509: handle returns from X509_TRUST_get_by_id() more consistently 
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17709)
 2022-02-21 11:42:34 +11:00
Pauli
b84c6e86dd Change condition to avoid spurious compiler complaints. 
X509_TRUST_get0() is checking < 0, the code here was checking == -1.  Both are
equivalent in this situation but gcc-12 has conniptions about a subsequent
possible NULL dereference (which isn't possible).

Fixes #17665

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17668)
 2022-02-11 13:44:08 +11:00
Pauli
d715dbd8e5 replace ;; with ; as statement separator 
Fixes #17525

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)
 2022-01-18 15:10:38 +11:00
Dr. David von Oheimb
62d2386bf8 x509_trs.c: rename to x509_trust.c and correct comment in trust_compat() 
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13735)
 2021-06-08 07:47:18 +02:00