| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Factor out the ef->asn1_ex_d2i() callback handling - this allows us to pull
out all of the related variables into a self-contained function.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Also use array indexes for it->templates, rather than trying to be extra
clever in for loops (suggested by tb@ during a review).
No functional change.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
It no longer makes sense to have "extended" versions of functions
internally.
No functional change.
ok tb@
|
| |
|
|
|
|
|
| |
This got broken when system.c was converted from signal(3) to sigaction(2).
Also add SIGINT and SIGQUIT to the set of blocked signals and unblock
them in the parent after the signal handlers are installed.
Based on a diff from Leon Fischer. OK deraadt@
|
| |
|
|
|
|
|
|
|
| |
Unfortunately, several things in the ecosystem depend on the existing
API behavior of being able to pass in an uninitialized pointer on the
stack: haproxy, grpc, mongo-tools and others show up on the first two
pages of Debian codesearch.
ok jsing
|
| |
|
|
|
|
|
| |
Exposed by recent rewrite of ASN1_STRING_to_UTF8(). Found via grep
after fixing CID 352831.
ok jsing
|
| |
|
|
|
|
|
|
| |
Exposed by recent rewrite of ASN1_STRING_to_UTF8().
CID 352831
ok jsing
|
| |
|
|
|
|
|
|
| |
Order functions by use, moving public API to the bottom and utility
functions to the top. This makes the code more logical/readable, plus we
can remove all except one of the static function prototypes.
No functional change.
|
| |
|
|
|
|
|
|
|
|
| |
Rewrite the asn1_template_*() functions with CBS, readable variable names
and free then alloc.
This was the last caller of asn1_check_eoc() and asn1_check_tag(), hence
remove them and rename the _cbs suffixed versions in their place.
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Split the object content handling off into asn1_d2i_ex_primitive_content(),
move the handling ov V_ASN1_ANY into asn1_d2i_ex_any() and move the MSTRING
handling into asn1_d2i_ex_mstring(). This way we parse the header once
(rather than twice for ANY and MSTRING), then process the content, while
also avoiding complex special cases in a single code path.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
Change asn1_template_ex_d2i() so that we short circuit in the no explicit
tagging case.
Split out the SET OF/SEQUENCE OF handling from asn1_template_noexp_d2i()
into a asn1_template_stack_of_d2i() function and simplify the remaining
code.
ok tb@
|
| |
|
|
|
|
| |
Should have been part of a previous commit.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
Factor the trimming of the end and the counting of unused bits into
helper functions and reuse an ASN.1 bit string API to set the unused
bits and the ASN1_STRING_FLAG_BITS_SET. With a couple of explanatory
comments it becomes much clearer what the code is actually doing and
why.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
In order to set the BIT STRING containing an address prefix, use existing
helper functions from the ASN.1 code instead of redoing everything by
hand. Make the function single exit and rename a few variables to make
it clearer what is being done.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Instead of using a temporary variable on the stack, we can use the usual
Henson mechanism for allocating the struct. Make the function single exit
and throw an error instead of crashing or leaking if out is NULL or *out
is non-NULL.
tweaks/ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A long standing failure to initialize a struct on the stack fully was
exposed by a recent refactoring. Fortunately, the uninitialized 'flag'
member is only used to decide whether or not to call freezero(NULL, 0),
so it is completely harmless. This is a first trivial fix, a better
version will be landed separately with regress.
Reported by Steffen Jaeckel, GH #760
ok beck
|
| |
|
|
|
|
| |
Now that combine no longer exists, we can also free and reallocate.
ok tb@
|
| |
|
|
| |
echo server.
|
| |
|
|
|
|
| |
d2i_ASN1_OBJECT() fixed in a_object.c r1.48.
from jsing
|
| |
|
|
|
|
|
|
|
| |
Due to a confusion of two CBS, the API would incorrectly advance the
*der_in pointer, resulting in a DER parse failure.
Issue reported by Aram Sargsyan
ok jsing
|
| |
|
|
|
|
|
|
| |
In asn1_item_ex_d2i_choice(), only call the ASN1_OP_D2I_PRE callback after
allocation has occurred via ASN1_item_ex_new(). This matches the sequence
handling code and the documentation.
Discussed with tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
X509v3_asid_subset() assumes that both asnum and rdi are present while
they are both marked OPTIONAL in RFC 3779, 3.2.3. It will crash if
either one is missing. In RPKI land RDI is a MUST NOT use (e.g, RFC
6487, 4.8.11), so this API is currently useless (and seemingly unused).
Pick apart an ugly logical pipeline and implement this check in a
readable fashion.
ok jsing
|
| |
|
|
|
|
|
| |
This function does not actually free an ASN1_ENCODING, which are embedded
in a struct.
Name suggested by tb@
|
| |
|
|
|
|
| |
Now that combine no longer exists, we can also free and reallocate.
ok tb@
|
| |
|
|
|
|
| |
Rework and clean up other asn1_enc_* related functions while here.
ok tb@
|
| |
|
|
|
|
|
|
| |
While ASN1_ENCODING is currently only used with types that should only
contain public information, we assume that ASN.1 may contain sensitive
information, hence use freezero() here instead of free().
ok deraadt@ tb@
|
| |
|
|
|
|
|
|
| |
This workaround was used by ASN1_BROKEN_SEQUENCE, which existed for
NETSCAPE_ENCRYPTED_PKEY. Remove the workaround since the only consumer
has already been removed.
ok tb@
|
| | |
|
| |
|
|
|
|
| |
indicating a workaround.
input/ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The values 0, 1, 3, 4, 5 all have some meaning, none of which is failure.
If caching of X509v3 extensions fails, returning X509_V_ERR_UNSPECIFIED,
i.e., 1 is a bad idea since that means the cert is a CA with appropriate
basic constraints. Revert to OpenSSL behavior which is to ignore failure
to cache extensions at the risk of reporting lies.
Since no return value can indicate failure, we can't fix this in
X509_check_ca() itself. Application code will have to call (and check)
the magic X509_check_purpose(x, -1, -1) to ensure extensions are cached,
then X509_check_ca() can't lie.
ok jsing
|
| |
|
|
|
| |
regress on bluhm's test machines have a chance to pass on slower
architectures while package builds catch up.
|
| |
|
|
|
|
|
|
| |
This requires a few wrappers to call into some non-CBS functions, however
we can now remove the asn1_d2i_ex_primitive() wrapper as there are no
longer any non-CBS callers.
ok tb@
|
| |
|
|
|
|
|
|
| |
This was an option used to combine ASN.1 into a single structure, which was
only ever used by DSAPublicKey and X509_ATTRIBUTE. Since they no longer use
it we can mop this up and simplify all of the related code.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
For some unknown historical reason, X509_ATTRIBUTE allows for a single
ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF.
Simplify encoding and remove support for single values - this is similar
to OpenSSL e20b57270dec.
This removes the last use of COMBINE in the ASN.1 decoder.
ok tb@
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
|
|
| |
Factor out the handling of CHOICE and SEQUENCE into their own functions.
This reduces complexity, reduces indentation and will allow for further
clean up.
ok beck@ tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The asn1_ex_c2i() function currently handles the V_ASN1_ANY case inline,
which means there multiple special cases, with pointer fudging and
restoring. Instead, split asn1_ex_c2i() into three functions - one that
only handles storage into a primitive type (asn1_ex_c2i_primitive()), one
that handles the V_ASN1_ANY case (asn1_ex_c2i_any()) and calls
asn1_ex_c2i_primitive() with the correct pointer and an asn1_ex_c2i()
that handles the custom functions case, before dispatching to
asn1_ex_c2i_any() or asn1_ex_c2i_primitive(), as appropriate.
This results in cleaner and simpler code.
With input from and ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The optimised code path switches from processing data via unsigned long to
processing data via unsigned int, which requires type punning. This is
currently attempted via a union (for one case), however this fails since
a pointer to a union member is passed to another function (these unions
were added to "fix strict-aliasing compiler warning" - it would seem the
warnings stopped but the undefined behaviour remained). The second case
does not use a union and simply casts from one type to another.
Undefined behaviour is currently triggered when compiling with clang 14
using -03 and -fstrict-aliasing, while disabling assembly (in order to use
this C code). The resulting binary produces incorrect results.
Avoid strict aliasing violations by copying from an unsigned long array to
an unsigned int array, then copying back the result. Any sensible compiler
will omit the copies, while avoiding undefined behaviour that would result
from unsafe type punning via pointer type casting.
Thanks to Guido Vranken for reporting the issue and testing the fix.
ok tb@
|
| |
|
|
| |
ok beck
|
| |
|
|
|
| |
be caught by the error check of EVP_PKEY_derive_init() is a dubious
pattern.
|
