summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add a comment so I don't forget to think about input validationtb2021-12-281-1/+3
| | | | in make_IPAddressFamily()
* Convert make_IPAddressFamily to CBS/CBBtb2021-12-281-13/+26
| | | | | | | | | | | | | | | The IPAddrBlocks type, which represents the IPAddrBlocks extension, should have exactly one IPAddressFamily per AFI+SAFI combination to be delegated. make_IPAddressFamily() first builds up a search key from the afi and safi arguments and then looks for an existing IPAddressFamily with that key in the IPAddrBlocks that was passed in. It returns that if it finds it or allocates and adds a new one. This diff preserves the current behavior that the afi and *safi arguments are truncated to 2 and 1 bytes, respectively. This may change in the future. ok inoguchi jsing
* Remove two pointless NULL checks and allocationstb2021-12-281-7/+1
| | | | | | | The ASN.1 template for IPAddressFamily doesn't mark either of its two members as optional, so they are allocated by IPAddressFamily_new(). ok inoguchi jsing
* Check for trailing garbage in X509_addr_get_afi()tb2021-12-281-1/+5
| | | | | | | | | | | | Per RFC 3779 2.2.3.3, the addressFamily field contains the 2-byte AFI and an optional 1-byte SAFI. Nothing else. The optional SAFI is nowhere exposed in the API. It is used expliclty only for pretty printing. There are implicit uses in a few places, notably for sorting/comparing where trailing garbage would be erroneously taken into account. Erroring in this situation will let us avoid this in upcoming revisions. ok inoguchi jsing
* Convert X509v3_adr_get_afi() to CBStb2021-12-281-6/+21
| | | | | | | | | | | The manual byte bashing is performed more safely using this API which would have avoided the out-of-bounds read that this API had until a few years back. The API is somewhat strange in that it uses the reserved AFI 0 as an in-band error but it doesn't care about the reserved AFI 65535. ok inoguchi jsing
* Pull BN_{new,init,clear,clear_free,free} up to the top of bn_lib.cjsing2021-12-271-58/+58
| | | | Discussed with tb@
* Provide a set of RSA and ECDSA test certificates/keys.jsing2021-12-2730-0/+919
| | | | These are generated using the make-certs.sh script.
* Provide a script to generate test certificates/keys.jsing2021-12-271-0/+263
| | | | | | | This will allow us to generate a variety of client and server certificates, including expired and revoked certificates, using both RSA and ECDSA. Discussed with tb@
* zap doubled semicolontb2021-12-261-2/+2
|
* Check BIO_indent() return like all the others in this file.tb2021-12-261-2/+3
| | | | CID 345118
* Check error returns for HMAC_* to appease coverity.tb2021-12-261-4/+13
| | | | CID 345114
* One more leak similar to previous.tb2021-12-261-2/+2
|
* Plug leakstb2021-12-261-2/+2
| | | | CID 345111
* Plug memleaktb2021-12-261-2/+4
| | | | CID 345119
* Drop pointless cast in i2d_ASN1_BOOLEAN(). This may or may not fixtb2021-12-261-2/+2
| | | | | | | | a weird coverity warning. CID 345121 ok jsing
* Consistently call BN_init() before BN_with_flags()tb2021-12-263-15/+33
| | | | | | | | | | | | | | | | BN_with_flags() preserves the BN_FLG_MALLOCED flag of the destination which results in a potential use of an uninitialized bit. In practice this doesn't matter since we don't free the cloned BIGNUMs anyway. As jsing points out, these are mostly pointless noise and should be garbage collected. I'll leave that for another rainy day. Coverity flagged one instance BN_gcd_no_branch(), the rest was found by the ever so helpful grep(1). CID 345122 ok jsing
* Hoist memset of CBB above EVP_MD_CTX_new() and HMAC_CTX_new() to avoidtb2021-12-261-3/+3
| | | | | | | | | a use of uninitialized in the unlikely event that either of them fails. Problem introduced in r1.128. CID 345113 ok jsing
* Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack.jsing2021-12-261-3/+6
| | | | | | | | | Due to a wonderful API inconsistency, a client includes the peer's leaf certificate in the stored certificate chain, while a server does not. Found due to a haproxy test failure reported by Ilya Shipitsin. ok tb@
* Attempt to opportunistically use the host name for SNI in s_client.jsing2021-12-261-10/+34
| | | | ok beck@ inoguchi@ tb@
* add missing include path; ok tb@anton2021-12-261-1/+2
|
* Fix some weird line wrapping and a minor KNF nittb2021-12-251-10/+6
|
* No need for assert.h in here.tb2021-12-251-2/+1
|
* drop a meaningless XXXtb2021-12-251-2/+1
|
* Use C99 initializers for v3_addr, v3_asid and v3_ct_scts[]tb2021-12-253-45/+79
| | | | | | as is done for most other X.509 v3 extension methods. discussed with jsing
* Indent goto labels for diffability.jsing2021-12-2529-101/+101
| | | | Whitespace change only.
* Merge asn_pack.c into asn1_item.c - these are two ASN1_item_* functions.jsing2021-12-253-112/+50
| | | | No functional change.
* Merge evp_asn1.c into a_type.c - these are all ASN1_TYPE_* functions.jsing2021-12-253-197/+134
| | | | No functional change.
* Move more ASN1_STRING_* functions to a_string.c.jsing2021-12-253-60/+62
| | | | No functional change.
* More consolidation of ASN.1 code.jsing2021-12-258-715/+438
| | | | | | | | | | | Consolidate various ASN1_item_* functions into asn1_item.c and the remaining NO_OLD_ASN1 code (not to be confused with the NO_ASN1_OLD code) into asn1_old.c. This is preferable to having many files, often with one or two functions per file. No functional change. Discussed with tb@
* Consolidate code/templates for ASN.1 types.jsing2021-12-257-168/+168
| | | | | | | Where an ASN.1 type has its own file, move the ASN.1 item template and template related functions into the file. Discussed with tb@
* Move ASN1_<type>_* functions to the top, encoding/decoding to the bottom.jsing2021-12-254-329/+329
| | | | No functional change.
* Rewrite ASN.1 identifier/length parsing in CBS.jsing2021-12-254-92/+220
| | | | | | | | | Provide internal asn1_get_identifier_cbs() and asn1_get_length_cbs() functions that are called from asn1_get_object_cbs(). Convert the existing ASN1_get_object() function so that it calls asn1_get_object_cbs(), before mapping the result into the API that it implements. ok tb@
* Update to reflect changes over the last six yearsguenther2021-12-251-34/+47
|
* Reorder some functions.jsing2021-12-241-46/+46
| | | | No functional change.
* The RFC 3779 test needs LIBRESSL_CRYPTO_INTERNAL as lon as the APItb2021-12-241-2/+2
| | | | isn't public.
* Undo commenting of OPENSSL_NO_RFC3779tb2021-12-242-5/+7
| | | | | | | | | | | The define implies that we have the RFC 3779 API and corresponding symbols publicly exposed. We don't do that since there are still concerns about its suitability and security. oss-fuzz has code depending on this define and this broke its build as tracked down by jsing. This commit gets us oss-fuzz builds back while keeping job happy since the extension pretty printing will continue to work. ok jsing
* Prepare to provide PEM_write_bio_PrivateKey_traditional()tb2021-12-242-5/+19
| | | | | | | This will be needed in openssl-ruby after the bump. Part of OpenSSL commit 05dba815. ok inoguchi jsing
* Prepare to provide EVP_CIPHER_CTX_{get,set}_cipher_datatb2021-12-242-3/+22
| | | | | | They will be needed by security/py-M2Crypto and telephony/sngrep. ok inoguchi jsing
* Prepare to provide EVP_CIPHER_CTX_buf_noconst()tb2021-12-242-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is just a dumb 'return ctx->buf' whose name was chosen to be consistent with EVP_CIPHER_CTX_iv{,_noconst}() though there is no EVP_CIPHER_CTX_buf() ok jsing The backstory is this: This wonderful API will be needed by MariaDB once EVP is opaque. To be able to use its own handrolled AES CTR variant, it needs to reach inside the cipher ctx's buffer and mess with it: uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx); /* Not much we can do, block ciphers cannot encrypt data that aren't a multiple of the block length. At least not without padding. Let's do something CTR-like for the last partial block. NOTE this assumes that there are only buf_len bytes in the buf. If OpenSSL will change that, we'll need to change the implementation of this class too. */ Being the dumb return ctx->buf that it is, the EVP_CIPHER_CTX_buf_noconst() API obviously doesn't provide a means of doing any length checks. If it is any consolation, it was committed with the vague hope of being a temporary measure as OpenSSL commit 83b06347 suggests: Note that the accessors / writers for iv, buf and num may go away, as those rather belong in the implementation's own structure (cipher_data) when the implementation would affect them [...] As is true for many temporary kludges and dumb accessors, these are here to stay a with us for a while. While I'm at it, MariaDB has other phantastic things it did to ease its pain with the OpenSSL 1.1 API transition. To avoid one of two allocations (we're talking about ~50 and ~170 bytes) per EVP_{MD,CIPHER}_CTX instantiation, it defines EVP_{MD,CIPHER}_CTX_SIZE and uses arrays of these sizes that it aligns, casts and passes as ctx to the EVP API. Of course, they need to safeguard themselves against the inevitable buffer overruns that this might cause since the type is opaque and could (and actually did) change its size between two OpenSSL releases. There is a runtime check in mysys_ssl/openssl.c that uses CRYPTO_set_mem_functions() to replace malloc() with "coc_malloc()" to determine the sizes that OpenSSL would allocate internally when doing EVP_{MD,CIPHER}_CTX_new() and match them to MariaDB's ideas of the ctx sizes. Go look, I'm not making this stuff up.
* Fix a typo in a comment and add some empty lines for readabilitytb2021-12-241-2/+6
|
* Print the name of the test before we run it.jsing2021-12-241-1/+2
|
* Style tweak in {d2i,i2d}_IPAddrBlocks()tb2021-12-241-5/+5
|
* Drop -g -O0 from CFLAGStb2021-12-241-2/+2
|
* link rfc3779 test to buildtb2021-12-241-2/+2
|
* Add initial test coverage for RFC 3779 code.tb2021-12-242-0/+1804
| | | | | | | | | | | | | | This exercises the code paths that are reached from the validator and also tests that the public API behaves as expected. There is a lot more that could be done here, but this test is already big enough. Missing are tests for X509v3_{addr,asid}_validate_{path,resource_set}() themselves. One test failure is ignored and will be fixed in the near future when a bad logic error in range_should_be_prefix() is fixed. A consequence of this bug is that we will currently accept and generate DER that doesn't conform to RFC 3779.
* Fix some KNF issues in the RFC 3779 section that have bothered me fortb2021-12-241-54/+55
| | | | way too long.
* KNF nittb2021-12-241-2/+2
|
* Remove asserts from asid_validate_path_internal()tb2021-12-241-11/+22
| | | | | | | | | | | The first asserts ensure that things checked in the callers hold true. Turn them into error checks and set the error on the X509_STORE_CTX if it's present. Checking sk_value(..., i) with i < sk_num(...) isn't useful, particularly if that check is done via an assert. Turn one remaining assert into a NULL check. Finally, simplify the sk_num() checks in the callers. ok jsing
* Turn asserts in ASIdentifierChoice_canonize() into error checkstb2021-12-241-3/+5
| | | | | | | | | The first assert ensures that a stack that was just sorted in a stronger sense is sorted in a weak sense and the second assert ensures that the result of the canonization procedure is canonical. All callers check for error, so these asserts don't do anything useful. ok jsing
* Remove assert from extract_min_max() (again)tb2021-12-241-3/+1
| | | | | | All callers ensure that aor != NULL, so this isn't necessary. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-05 03:06:37 +0000