A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6 2024-08-31T10:14:17+00:00 2024-08-31T10:14:17+00:00 tb 2024-08-31T10:14:17+00:00 urn:sha1:1c4f8dcbf981963a1c4cfd7ded382d18aaa8fa8a Nothing needs to reach into this structure, which is part of certificates. So hide its innards. ok beck jsing 2024-08-31T10:03:03+00:00 tb 2024-08-31T10:03:03+00:00 urn:sha1:d3edcca660d1c5d3db97be3355caca4afe8ef67a This internalizes a particularly scary layer of conf used for X.509 extensions. Again unused public API... ok beck jsing 2024-08-31T09:26:18+00:00 tb 2024-08-31T09:26:18+00:00 urn:sha1:465ca291ecb667ff9b02fa56937b3f5ee1ae84cd imodules are called imodules because they contain Information about modules that have been Initialized. Which one of these two I it is is anyone's best guess. Why anything outside of libcrypto would ever possibly care will also remain a mystery. Remove the old way of adding a conf module, user data, stop allowing to set a method (it's opaque now, remember?) and drop a couple bits more from the public api interface. ok beck jsing 2024-08-28T06:17:06+00:00 tb 2024-08-28T06:17:06+00:00 urn:sha1:512532d0afc1a2962da6e0c566bb90967a493479 For a certificate serial number between LONG_MAX and ULONG_MAX, the call to ASN1_INTEGER_get() fails and leaves an error on the stack because the check bs->length <= sizeof(long) doesn't quite do what it's supposed to do (bs is probably for bitstring, although the more common reading would be adequate, too.) Fix this by checking for non-negativity and using ASN1_INTEGER_get_uint64() and add a lengthy comment to explain the nonsense per beck's request. discussed with jsing ok beck 2024-07-08T16:24:22+00:00 beck 2024-07-08T16:24:22+00:00 urn:sha1:b6aa0df06e66342ca51ad74557ea2fe3ba5fc2ec ok tb@ 2024-07-08T14:52:31+00:00 beck 2024-07-08T14:52:31+00:00 urn:sha1:3e4afb686e802ed188471899b25a031f4c4164af ok tb@ 2024-07-08T14:48:49+00:00 beck 2024-07-08T14:48:49+00:00 urn:sha1:9a732a41e0808c62eeb1a6e3c25ac9e2d2ea50c6 ok tb@ 2024-06-24T06:43:23+00:00 tb 2024-06-24T06:43:23+00:00 urn:sha1:c9802a5afe29675d69b605ce906d34fd89c024ac These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing 2024-05-29T16:14:38+00:00 tb 2024-05-29T16:14:38+00:00 urn:sha1:85f6ff70f87dd81b08a5fb98304f9691cb09a136 When called with a pointer to NULL as an output buffer, one would expect an i2d API to allocate the buffer and return it. The implementation here is special and the allocation dance was forgotten, resulting in a SIGSEGV. Add said dance. ok jsing 2024-05-29T16:10:41+00:00 tb 2024-05-29T16:10:41+00:00 urn:sha1:6e60fa7a3fdcdc4d76c110acc3f8ff22588375c5 This is what the (not quite appropriately) referenced ASN1_item_i2d() page documents for errors, matches what the RETURN VALUE section has been documenting for ages, matches BoringSSL, it's the usal behavior for i2d_*. It's also what OpenSSL (of course incorrectly) documents. discussed with jsing