summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* ssl_err: fix whitespacetb2024-06-241-13/+13
|
* libcrypto: constify most error string tablestb2024-06-2426-139/+321
| | | | | | | | | | | | | | | | | | | | | | | | | | These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing
* x509_conf: rename the merr label into errtb2024-06-241-8/+8
|
* rust-openssl: switch from deprecated config to config.tomltb2024-06-232-2/+2
|
* openssl ca: avoid double free for spkac files without default sectiontb2024-06-231-2/+1
| | | | ok jsing
* strmode takes a mode_t, not an int; prompted by Collin Funk.otto2024-06-231-4/+2
| | | | ok kettenis@ deraadt@ tb@
* Remove the less-than-useful change log.jsing2024-06-221-39/+1
| | | | ok tb@
* Rewrite BN_bn2mpi() using CBB.jsing2024-06-221-24/+35
| | | | | | | | | | | | | | The content is effectively a u32 length prefixed field, so use CBB_add_u32_length_prefixed(). Use BN_bn2binpad() rather than manually padding if we need to extend and use sensible variable names so that the code becomes more readable. Note that since CBB can fail we now need to be able to indicate failure. This means that BN_bn2mpi() can now return -1 when it would not have previously (correct callers will check that BN_bn2mpi() returns a positive length). ok tb@
* Sync bytestring from libssl.jsing2024-06-222-2/+15
|
* Provide CBB_add_u32_length_prefixed().jsing2024-06-222-2/+15
| | | | | | This is needed for an upcoming change in libcrypto. ok tb@
* x_all.c: remove a bunch of unnecessary parenthesestb2024-06-191-23/+19
|
* v3_generic_extension() use ASN1_STRING_set0()tb2024-06-181-4/+4
| | | | This aligns it with do_ext_i2d()
* v3_generic_extension() rename the X509_EXTENSIONtb2024-06-181-4/+5
| | | | now that ext is free, we can use it like everywhere else
* Rename 'ext' to 'name' in v3_generic_extension()tb2024-06-181-4/+4
| | | | In this code 'ext' is usually used for an X509_EXTENSION object.
* Make local BIT_STRING_BITNAME variables consttb2024-06-182-5/+5
| | | | | | | | There's no reason for them not to be const. This is a piece of a larger diff that I carry in several of my trees to move more things to rodata or relro. The full diff requires a change to a public header and it's very annoying to have to 'make includes' and recompile the entire lib all the time when hopping from tree to tree.
* x509_conf: rename ext_struc into ext_structtb2024-06-181-16/+16
| | | | requested by jsing on review
* x509_conf: rename all ext_nid to nidtb2024-06-181-19/+19
| | | | There are no nid variables in this file, so no need to disambiguate.
* do_ext_i2d(): move empty line to the proper placetb2024-06-181-2/+2
|
* do_ext_i2d(): malloc -> calloctb2024-06-181-2/+2
| | | | requested by jsing on review
* do_ext_i2d(): populate ext_oct with ASN1_STRING_set0()tb2024-06-181-3/+2
| | | | ok jsing
* do_ext_i2d(): avoid leaks and add some missing error checkingtb2024-06-181-4/+10
| | | | | | | | | | If ASN1_OCTET_STRING_new() failed, ext_der would be leaked, fix this. If i2d(foo, NULL) succeeded, the same is not guaranteed for the second with appropriately sized buffer since i2d() may make further allocations internally. So use the proper error check. Also transfer the ownership of ext_der to the octet string to avoid a now possible double free. ok jsing
* Indent labels in x509_conf.ctb2024-06-181-3/+3
|
* do_ext_i2d(): make various NULL checks explicittb2024-06-181-5/+5
| | | | ok jsing
* do_ext_i2d(): unwrap a linetb2024-06-181-3/+2
|
* Replace x with x509_exts in X509V3_add1_i2d() and X509V3_get_d2i()tb2024-06-171-14/+16
| | | | requested by jsing on review
* Rewrite X509V3_get_d2i()tb2024-06-171-56/+47
| | | | | | | | | | | | | | | | | This API is wrapped by nine *_get{,1}_ext_d2i() functions and they all have the same defect: if an idx variable is passed in, multiple extensions are handled incorrectly. Clean up the mess that was the current implementation by replacing the reimplementation of X509v3_get_ext_by_NID() with extra twists by actual calls to the real thing. This way the madness is implemented explicitly and can be explained in comments. The code still gets shorter. In brief: always call this API with a known nid, pass crit, and a NULL idx. If NULL is returned, crit != -1 is an error (malformed cert or allocation failure). ok jsing
* Add regress coverage for X509V3_get_d2i()tb2024-06-171-1/+265
|
* zap a stray spacetb2024-06-161-2/+2
|
* openssl-ruby: prepare test for default ruby switchtb2024-06-151-1/+5
|
* piuid, psuid -> issuerUID, subjectUIDtb2024-06-121-3/+3
|
* sync includes in tls_signer.cop2024-06-111-3/+12
| | | | | | | | | | | | | | | | | | pthread -> mutex stdint -> uint8_t stdio.h -> asprintf stdlib.h -> calloc string.h -> memcpy ecdsa -> ECDSA_METHOD leftover, remove ec -> EC_KEY evp -> EVP_PKEY pem -> PEM_read_bio_X509 x509 -> X509 90% of the diff is from tb@, I only spotted the missing string.h :) ok tb@
* Align documentation with realityjob2024-06-071-4/+8
| | | | OK tb@
* Fix non-xsc path in x509_verify_potential_parent()tb2024-06-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | The combination of two bugs made this unexpectedly work as intended. To appreciate this, let's first note that a) check_issued(..., child, parent) checks if child was issued by parent. b) X509_check_issued(child, parent) checks if parent was issued by child. Now like in the real world, b) will only be true in unusual circumstances (child is known not to be self-issued at this point). X509_check_issued() fails by returning something different from X509_V_OK, so return X509_check_issued(child, parent) != X509_V_OK; will return true if child was issued by parent since then parent was indeed not issued by child. On the other hand, if child was not issued by parent, the verifier will notice elsewhere, e.g., in a signature check. Fix this by reversing the order of child and parent in the above return line and check for equality instead. This is nearly impossible to detect in regress. ok beck
* Call out argument reversal between check_issued() and X509_check_issued()tb2024-06-071-2/+35
| | | | It's a trap!
* ssl_tlsext: fix uninitialized variable warning with gcctb2024-06-061-2/+3
| | | | | | | | This is a false positive but as is well-known, gcc is terrible at understanding conditionally initialized variables and it is tedious to explain this to downstream maintainers who look at warnings. ok miod
* Revert __bounded__ hack in chacha-merged.ctb2024-06-051-5/+1
| | | | | Thanks to Viktor Szakats for figuring out that stdint.h was missing in the portable tarballs.
* make test struct consttb2024-06-051-3/+3
|
* enable -fret-clean on amd64, for libc libcrypto ld.so kernel, and all thederaadt2024-06-041-1/+3
| | | | | ssh tools. The dynamic objects are entirely ret-clean, static binaries will contain a blend of cleaning and non-cleaning callers.
* md4/ripemd: remove misplaced semicolonstb2024-06-012-5/+5
|
* Neuter the bounded attribute as was done elsewhere for portabletb2024-06-014-4/+20
|
* Remove mention of SHA-0, update STANDARDS sectiontb2024-06-011-8/+9
|
* Missed SHA224() in previous: reverse order of attributestb2024-06-011-3/+3
|
* Reverse order of attributestb2024-06-015-21/+21
| | | | requested by jsing on review
* Remove support for static buffers in HMAC/digeststb2024-06-0114-55/+35
| | | | | | | | | | | | | | | | | | HMAC() and the one-step digests used to support passing a NULL buffer and would return the digest in a static buffer. This design is firmly from the nineties, not thread safe and it saves callers a single line. The few ports that used to rely this were fixed with patches sent to non-hostile (and non-dead) upstreams. It's early enough in the release cycle that remaining uses hidden from the compiler should be caught, at least the ones that matter. There won't be that many since BoringSSL removed this feature in 2017. https://boringssl-review.googlesource.com/14528 Add non-null attributes to the headers and add a few missing bounded attributes. ok beck jsing
* Adjust hmac test for removal of static buffer from HMAC()tb2024-05-301-2/+2
|
* asn1object: zap trailing whitespacetb2024-05-291-3/+3
|
* Make it possible for the large OID test to failtb2024-05-291-3/+3
| | | | | | failed was set to 0 at the top of the function, so failure and success were indistinguishable. Move failed = 0 to the end so it can actually fail.
* Add regress coverage for some corner cases of i2d_ASN1_OBJECT()tb2024-05-291-1/+40
|
* Add regress coverage for i2d_ASN1_OBJECT() fixestb2024-05-291-3/+27
|
* Fix i2d_ASN1_OBJECT()tb2024-05-291-3/+12
| | | | | | | | | When called with a pointer to NULL as an output buffer, one would expect an i2d API to allocate the buffer and return it. The implementation here is special and the allocation dance was forgotten, resulting in a SIGSEGV. Add said dance. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 21:41:06 +0000