| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current implementation is a complete mess. There are three cases:
1) ptype == V_ASN1_UNDEF: parameter must be freed and set to NULL.
2) ptype == 0: existing non-NULL parameters are left untouched, NULL
parameters are replaced with ASN1_TYPE_new()'s wacky defaults.
3) otherwise allocate new parameters if needed and set them to ptype/pval.
In all three cases free the algorithm and set it to aobj.
The challenge now is to implement this using nine if statements and one
else clause... We can do better. This preserves existing behavior. There
would be cleaner implementations possible, but they would change behavior.
There are many callers in the ecosystem that do not error check
X509_ALGOR_set0() since OpenSSL failed to do so. So this was carefully
rewritten to leave alg in a consisten state so that unchecking callers
don't encounter corrupted algs.
ok jsing
|
| |
|
|
| |
fixed.
|
| |
|
|
|
|
| |
This fixes the printf in the x509_algor regress.
ok jsing
|
| |
|
|
|
|
|
|
| |
Make the logic slightly less convoluted. Preserve the behavior that
*ppval remains unset if pptype == NULL for now. However, ensure that
*ppval is set to NULL if pptype is V_ASN1_UNDER.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509_ALGOR_set_md() is a void function that cannot easily be error checked.
The caller has to jump through hoops to make sure this function doesn't
fail. Prepare replacing this internally with X509_ALGOR_set_evp_md(), which
allows error checking. There is one slight change of behavior: if the EVP_MD
object passed in does not have an OID known to the library, then this new
API fails.
It is unclear what the library should do with such an object and people
who use EVP_MD_meth_new() need to know what they are doing anyway and they
are better off teaching the lib about the OID if they're going to be
messing with certs.
Oh, and the prototype is in x509_local.h because the rest of this API is
in x509.h despite being implemented in asn1/.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
This is currently written in what is likely the most stupid way possible.
Rewrite this function in a more straightforward way.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This covers the setters and getters. Serialization and deserialization as
well as comparison is already well covered by the pieces of regress using
certs.
There is currently one printf indicating failure. This will be fixed
shortly.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous wording was misleading since the result of X509_ALGOR_new()
is not actually an empty X509_ALGOR object. Rather, it contains the
undefined ASN1_OBJECT returned by OBJ_nid2obj(NID_undef). Therefore using
X509_ALGOR_get0(3) for error checking X509_ALGOR_set_md() is not trivial.
So: change the initial paragraph into a general intro referring to the
OpenSSL API needed to interface with X509_ALGOR and write a new paragraph
documenting X509_ALGOR_new(3) and drop the incorrect suggestion of an error
check. Notably there's now a reference to the OBJ_nid2obj() family without
which one cannot really use X509_ALGOR_* for anything at all.
With and ok schwarze
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The X509_ALGOR_set0() and X509_ALGOR_set_md() documentation comes from
upstream, which means it is as sloppy as the code and as vague as your
average upstream manpage. Be precise on what X509_ALGOR_set0() does on
different inputs and document return values and failure modes.
X509_ALGOR_set_md() is a void function that calls X509_ALGOR_set0() in a
way that can fail, leaving alg in a corrupted state. Document when that
can occur and how to avoid or detect that, but do not go too far, because
EVP_MD_meth_new(), one potential source of failures, is a whole another
can of worms.
joint work with schwarze
|
| | |
|
| | |
|
| |
|
|
|
| |
ASN1_UTCTIME_cmp_tim_t() could be done similarly, but then I have to mess
with LIBRESSL_INTERNAL. Let's do this after unlock.
|
| | |
|
| |
|
|
| |
Sprinkle some (static) const and garbage collect an unused struct.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ASN1_TIME_compare() compares two times t1 and t2. Due to a copy-paste
error, we would do ASN1_time_parse(t1->data, t2->length, &tm2, t2->type)
Now if t1 is a UTCTime (length 13) and t2 is a GeneralizedTime (length 15),
the worst that could happen is a 2-byte out-of-bounds read. Fortunately, t1
will already have parsed as a UTCTime, so it will have a Z where there
should be the first digit of the seconds for a GeneralizedTime and we will
error out.
Now if both t1 and t2 have the same type, we will parse t1's data twice
and we will return an incorrect comparison. This could have some security
impact if anything relied on this function for security purposes. It is
unused in our tree and unused in our ports tree ports and the only consumer
I could find was some MongoDB things doing OCSP, so this won't be too bad.
Then of course there's also the language bindings.
Issue reported by Duncan Thomson at esri dot com via libressl-security
ok beck deraadt
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We aligned with upstream behavior. Let's document it properly.
Surprisingly, OpenSSL 1.1 half-assed the docs: two parts of the manual
contradict each other. The part getting EVP_CIPHER_CTX_iv_length() right,
incorrectly documents possible -1 return value to EVP_CIPHER_iv_length().
OpenSSL 3 documentation improvement efforts seem to have tried to address
this issue with the result that the manual is now entirely wrong when it
comes to the EVP_CIPHER_CTX_iv_length() replacement. Par for the course.
|
| |
|
|
| |
crypto(3)
|
| | |
|
| |
|
|
| |
Mention sections 2.1.1 and 2.1.2 in STANDARDS
|
| |
|
|
| |
since it should be a prefix.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Apparently I should have used 2023 despite sharing versions of these
files with several people under this license (and thus permitting them
to redistribute and share with the public). It makes no sense to me,
but shrug.
|
| | |
|
| |
|
|
|
| |
where that feels potentially confusing,
and add one missing .Pp macro; no change of meaning
|
| |
|
|
| |
and fix whitespace on one text line; no change of meaning
|
| |
|
|
| |
and polish one wording; no change of meaning
|
| |
|
|
|
| |
that was also followed by a bogus argument,
and fix one grammatical error; no change of meaning
|
| |
|
|
|
| |
and capitalize "AFI" where is does not refer to the function argument;
no change of meaning
|
| |
|
|
| |
and some missing escaping of HYPHEN-MINUS; no text change
|
| |
|
|
| |
plus some minor markup and punctuation fixes
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Our checking here was a bit too aggressive, and did not permit an
IP address in a URI. IP's in a URI are allowed for things like CRLdp's
AIA, SAN URI's etc.). The check for this was also slightly flawed as
we would permit an IP if memory allocation failed while checking for
an IP.
Correct both issues.
ok tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
These were the last four RFC 3779 things that check_complete.pl x509v3
complained about. I will surely tweak and try to improve a few things
in the coming days, but the pages should now be stable enough that
review efforts will likely not be wasted. Any feedback appreciated.
|
| |
|
|
| |
This is a static pointer, so it ain't ever NULL, but shrug
|
| | |
|
| | |
|
| |
|
|
|
|
| |
First RFC 3779 page without a BUG section. It could have one, but I'm
in a lenient mood right now. Maybe it's just that this is bad but not
quite as bad as EVP.
|
| |
|
|
|
|
| |
First RFC 3779 page without a BUG section. It could have one, but I'm
in a lenient mood right now. Maybe it's just that this is bad but not
quite as bad as EVP.
|
| |
|
|
|
|
|
| |
Awesome: the IV length for GCM is only bounded by INT_MAX or malloc limits.
In the absence of an overflowing issue tracker, I'm labeling this
"good first issue", "help wanted" here.
|
| |
|
|
|
|
| |
This really only covers AES-GCM.
From beck
|
