| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
This will allow us to generate a variety of client and server certificates,
including expired and revoked certificates, using both RSA and ECDSA.
Discussed with tb@
|
| | |
|
| |
|
|
| |
CID 345118
|
| |
|
|
| |
CID 345114
|
| | |
|
| |
|
|
| |
CID 345111
|
| |
|
|
| |
CID 345119
|
| |
|
|
|
|
|
|
| |
a weird coverity warning.
CID 345121
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BN_with_flags() preserves the BN_FLG_MALLOCED flag of the destination
which results in a potential use of an uninitialized bit. In practice
this doesn't matter since we don't free the cloned BIGNUMs anyway.
As jsing points out, these are mostly pointless noise and should be
garbage collected. I'll leave that for another rainy day.
Coverity flagged one instance BN_gcd_no_branch(), the rest was found by
the ever so helpful grep(1).
CID 345122
ok jsing
|
| |
|
|
|
|
|
|
|
| |
a use of uninitialized in the unlikely event that either of them fails.
Problem introduced in r1.128.
CID 345113
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Due to a wonderful API inconsistency, a client includes the peer's leaf
certificate in the stored certificate chain, while a server does not.
Found due to a haproxy test failure reported by Ilya Shipitsin.
ok tb@
|
| |
|
|
| |
ok beck@ inoguchi@ tb@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
as is done for most other X.509 v3 extension methods.
discussed with jsing
|
| |
|
|
| |
Whitespace change only.
|
| |
|
|
| |
No functional change.
|
| |
|
|
| |
No functional change.
|
| |
|
|
| |
No functional change.
|
| |
|
|
|
|
|
|
|
|
|
| |
Consolidate various ASN1_item_* functions into asn1_item.c and the
remaining NO_OLD_ASN1 code (not to be confused with the NO_ASN1_OLD code)
into asn1_old.c. This is preferable to having many files, often with one
or two functions per file.
No functional change.
Discussed with tb@
|
| |
|
|
|
|
|
| |
Where an ASN.1 type has its own file, move the ASN.1 item template and
template related functions into the file.
Discussed with tb@
|
| |
|
|
| |
No functional change.
|
| |
|
|
|
|
|
|
|
| |
Provide internal asn1_get_identifier_cbs() and asn1_get_length_cbs()
functions that are called from asn1_get_object_cbs(). Convert the existing
ASN1_get_object() function so that it calls asn1_get_object_cbs(), before
mapping the result into the API that it implements.
ok tb@
|
| | |
|
| |
|
|
| |
No functional change.
|
| |
|
|
| |
isn't public.
|
| |
|
|
|
|
|
|
|
|
|
| |
The define implies that we have the RFC 3779 API and corresponding
symbols publicly exposed. We don't do that since there are still
concerns about its suitability and security. oss-fuzz has code
depending on this define and this broke its build as tracked down
by jsing. This commit gets us oss-fuzz builds back while keeping
job happy since the extension pretty printing will continue to work.
ok jsing
|
| |
|
|
|
|
|
| |
This will be needed in openssl-ruby after the bump.
Part of OpenSSL commit 05dba815.
ok inoguchi jsing
|
| |
|
|
|
|
| |
They will be needed by security/py-M2Crypto and telephony/sngrep.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is just a dumb 'return ctx->buf' whose name was chosen to be consistent
with EVP_CIPHER_CTX_iv{,_noconst}() though there is no EVP_CIPHER_CTX_buf()
ok jsing
The backstory is this:
This wonderful API will be needed by MariaDB once EVP is opaque. To be able
to use its own handrolled AES CTR variant, it needs to reach inside the cipher
ctx's buffer and mess with it:
uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
/*
Not much we can do, block ciphers cannot encrypt data that aren't
a multiple of the block length. At least not without padding.
Let's do something CTR-like for the last partial block.
NOTE this assumes that there are only buf_len bytes in the buf.
If OpenSSL will change that, we'll need to change the implementation
of this class too.
*/
Being the dumb return ctx->buf that it is, the EVP_CIPHER_CTX_buf_noconst() API
obviously doesn't provide a means of doing any length checks.
If it is any consolation, it was committed with the vague hope of being a
temporary measure as OpenSSL commit 83b06347 suggests:
Note that the accessors / writers for iv, buf and num may go away, as
those rather belong in the implementation's own structure (cipher_data)
when the implementation would affect them [...]
As is true for many temporary kludges and dumb accessors, these are here
to stay a with us for a while.
While I'm at it, MariaDB has other phantastic things it did to ease its
pain with the OpenSSL 1.1 API transition.
To avoid one of two allocations (we're talking about ~50 and ~170 bytes) per
EVP_{MD,CIPHER}_CTX instantiation, it defines EVP_{MD,CIPHER}_CTX_SIZE and
uses arrays of these sizes that it aligns, casts and passes as ctx to the
EVP API.
Of course, they need to safeguard themselves against the inevitable buffer
overruns that this might cause since the type is opaque and could (and actually
did) change its size between two OpenSSL releases. There is a runtime check in
mysys_ssl/openssl.c that uses CRYPTO_set_mem_functions() to replace malloc()
with "coc_malloc()" to determine the sizes that OpenSSL would allocate
internally when doing EVP_{MD,CIPHER}_CTX_new() and match them to MariaDB's
ideas of the ctx sizes.
Go look, I'm not making this stuff up.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This exercises the code paths that are reached from the validator
and also tests that the public API behaves as expected. There is a
lot more that could be done here, but this test is already big enough.
Missing are tests for X509v3_{addr,asid}_validate_{path,resource_set}()
themselves.
One test failure is ignored and will be fixed in the near future
when a bad logic error in range_should_be_prefix() is fixed.
A consequence of this bug is that we will currently accept and generate
DER that doesn't conform to RFC 3779.
|
| |
|
|
| |
way too long.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The first asserts ensure that things checked in the callers hold true.
Turn them into error checks and set the error on the X509_STORE_CTX
if it's present. Checking sk_value(..., i) with i < sk_num(...) isn't
useful, particularly if that check is done via an assert. Turn one
remaining assert into a NULL check. Finally, simplify the sk_num()
checks in the callers.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
The first assert ensures that a stack that was just sorted in a stronger
sense is sorted in a weak sense and the second assert ensures that
the result of the canonization procedure is canonical. All callers check
for error, so these asserts don't do anything useful.
ok jsing
|
| |
|
|
|
|
| |
All callers ensure that aor != NULL, so this isn't necessary.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The first assert ensure that a stack that was just sorted in a stronger
sense is sorted in a weak sense and the second assert ensures that
the result of the canonization procedure is canonical. All callers check
for error, so these asserts don't do anything useful.
ok jsing
|
| |
|
|
|
|
| |
All callers ensure that aor != NULL, so this isn't necessary.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This is reachable from x509_verify(), but all asserts are previously
checked in the caller. Turn them into error checks and make sure
the error is set on the X509_STORE_CTX if present. Change some
stack == NULL || sk_num(stack) == 0 checks into sk_num(stack) <= 0
which is equivalent but simpler.
ok jsing
|
| |
|
|
|
|
|
| |
All internal callers check the return value and future external
callers will be happy not to hit an assert from the library.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This can read a value in an arbitrary base from a string that is
supposed to be followed by whitespace or a colon, so it cannot be
switched to strtonum(). The current checks don't allow a read past
the end, but let's use the standard idiom instead.
ok jsing
|
