| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
All this code does is read one byte from memory with an unknown length,
potentially being a one byte overread... and then nothing is actually done
with the value.
ok tb@
|
|
ok tb@
|
|
|
|
|
|
|
|
input from jsing@
|
|
New option handling for openssl(1) ca.
This diff is just replacing with new option handling, no functional change.
I'm using the word DN or RDN in description as manual uses them, rather than
replacing with "Distinguished Name" or "Relative Distinguished Name".
I would like to add another fixes below by follow-up diffs.
- remove space between '*' and pointer variable
- wrap 80+ long lines
- explicitly check pointer variable if it is NULL or not
comments and ok from jsing@
|
|
As per the manual and lib/libtls/tls.c revision 1.79 from 2018
"Automatically handle library initialisation for libtls." initialisation
is handled automatically by other tls_*(3) functions.
Remove explicit tls_init() calls from base to not give the impression of
it being needed.
Feedback tb
OK Tests mestre
|
|
|
|
calling the OpenSSL legacy cache extensions goo.
Requested by tb@
ok tb@
|
|
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
|
|
|
|
|
is pure comedy gold, and now documented as such, sadly this bit of pure
Muppet genius can't really in good consience stay in the tree as is.
Change BIO_dump to always return the number of bytes printed on success
and to stop printing and return -1 on failure if a writing function
fails.
ok tb@, jsing@
|
|
|
|
|
|
which by implication also affects X509_print(3).
The ASN1_STRING_get0_data(3) manual explitely cautions the reader
that the data is not necessarily NUL-terminated, and the function
X509_alias_set1(3) does not sanitize the data passed into it in
any way either, so we must assume the alias->data field is merely
a byte array and not necessarily a string in the sense of the C
language.
I found this bug while writing manual pages for these functions.
OK tb@
As an aside, note that the function still produces incomplete and
misleading results when the data contains a NUL byte in the middle
and that error handling is consistently absent throughout, even
though the function provides an "int" return value obviously intended
to be 1 for success and 0 for failure, and even though this function
is called by another function that also wants to return 1 for success
and 0 for failure and even does so in many of its code paths, though
not in others. But let's stay focussed. Many things would be nice
to have in the wide wild world, but a buffer overflow must not be
allowed to remain in our backyard.
|
|
|
|
the saving of the first error case so that the "autochain" craziness from
openssl will work with the new verifier. This should allow the new verification
code to work with a bunch of the autochain using cases in some software.
(and should allow us to stop using the legacy verifier with autochain)
ok tb@
|
|
"please commit" schwarze
|
|
|
|
X509_alias_set1(3), X509_alias_get0(3)
|
|
|
|
|
|
|
|
suggested by millert@
|
|
If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3)
failed, the error return value of 0 was misinterpreted as an indicator
of success, causing X509_print_ex(3) to ignore the error, continue
printing, and potentially return successfully even though not all
the content of the certificate was printed.
The X509_NAME_print_ex(3) manual page explains that this function
indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT
and by returning -1 if nmflags != X509_FLAG_COMPAT.
That's definitely atrocious API design (witnessed by the
complexity of the code needed for correct error checking),
but changing the API contract and becoming incompatible
with OpenSSL would make matters even worse.
Note that just checking for <= 0 in all cases would not be correct
either because X509_NAME_print_ex(3) returns 0 to indicate that it
successfully printed zero bytes in some cases, for example when all
three of the following conditions hold:
1. nmflags != X509_FLAG_COMPAT
2. indent == 0 (which X509_print_ex(3) does use in some cases)
3. the name object is NULL or empty
I found the bug by code inspection and proposed an incomplete patch,
then jsing@ proposed this improved version of the patch.
OK jsing@.
|
|
|
|
|
|
even though it did not actually set the name.
Instead, indicate failure in this case.
This commit sneaks in a small, unrelated change in behaviour.
If the first argument of X509_NAME_set(3) was NULL, the function
used to return failure. Now it crashes the program by accessing
the NULL pointer, for compatibility with the same change in OpenSSL.
This merges the following two commits from the OpenSSL-1.1.1 branch,
which is still available under a free license:
1. 180794c5 Rich Salz Sep 3 11:33:34 2017 -0400
2. c1c1783d Richard Levitte May 17 09:53:14 2018 +0200
OK tb@
|
|
It is not particularly well-designed and sets a number of traps for the
unwary, but it is a public API function in both OpenSSL and LibreSSL
and used at various places.
|
|
The num_ciphers, get_cipher_by_char and put_cipher_by_char function
pointers use the same function for all methods - call ssl3_num_ciphers()
directly, absorb ssl3_get_cipher_by_char() into SSL_CIPHER_find() and
remove the unused ssl3_put_cipher_by_char() code.
ok inoguchi@ tb@
|
|
This code no longer compiles and the equivalent test coverage has been
added to regress/lib/libssl/ciphers (and is actually run).
|
|
|
|
The get_cipher_by_char() and put_cipher_by_char() pointers are no longer
accessible on the SSL_METHOD (and soon will not even exist). Rewrite the
test to use SSL_CIPHER_find() instead.
|
|
end statements with ';' because ',' isn't enough
|
|
While here, stress that X509_NAME objects cannot share X509_NAME_ENTRY
objects, and polish a few misleading wordings.
|
|
undocumented. It is archaic and practically unused and unusable.
tb@ and jsing@ agree with marking it as undocumented.
Put the comment here because EVP_PKEY_base_id(3) is a viable alternative.
|
|
undocumented macro alias X509_name_cmp(3);
no change to the assembler code generated by the compiler;
OK tb@
|
|
undocumented because it is almost unused in real-world code.
OK tb@
|
|
Now that SSL_METHOD is opaque and in internal headers, we can remove
SSL_METHOD_INTERNAL by merging it back into SSL_METHOD.
ok tb@
|
|
This should be moved to a dedicated regress test.
|
|
We'll either fix these or remove them in the near future.
|
|
|
|
This adds functionality for SSL_get_signature_nid(),
SSL_get_peer_signature_nid(), SSL_get_signature_type_nid() and
SSL_get_peer_signature_type_nid().
This is not currently publicly visible and will be exposed at a later
date.
ok inoguchi@ tb@
|
|
Move struct ssl_cipher_st, struct ssl_method_st, struct ssl_session_st and
struct ssl3_state_st from public to private headers. These are already
under #ifdef LIBRESSL_INTERNAL and are no longer publicly visible.
ok inoguchi@ tb@
|
|
and X509_REQ_extract_key(3), using feedback from tb@ and jsing@
|
|
This was inadvertently broken during sigalgs refactoring.
|
|
This means that we do sigalg selection for all cases, including those
where are are not sending sigalgs. This is needed in order to track our
signature type in legacy cases.
ok tb@
|
