| Commit message (Collapse) | Author | Files | Lines |
|---|
|
This exercises the code paths that are reached from the validator
and also tests that the public API behaves as expected. There is a
lot more that could be done here, but this test is already big enough.
Missing are tests for X509v3_{addr,asid}_validate_{path,resource_set}()
themselves.
One test failure is ignored and will be fixed in the near future
when a bad logic error in range_should_be_prefix() is fixed.
A consequence of this bug is that we will currently accept and generate
DER that doesn't conform to RFC 3779.
|
|
way too long.
|
|
|
|
The first asserts ensure that things checked in the callers hold true.
Turn them into error checks and set the error on the X509_STORE_CTX
if it's present. Checking sk_value(..., i) with i < sk_num(...) isn't
useful, particularly if that check is done via an assert. Turn one
remaining assert into a NULL check. Finally, simplify the sk_num()
checks in the callers.
ok jsing
|
|
The first assert ensures that a stack that was just sorted in a stronger
sense is sorted in a weak sense and the second assert ensures that
the result of the canonization procedure is canonical. All callers check
for error, so these asserts don't do anything useful.
ok jsing
|
|
All callers ensure that aor != NULL, so this isn't necessary.
ok jsing
|
|
|
|
The first assert ensure that a stack that was just sorted in a stronger
sense is sorted in a weak sense and the second assert ensures that
the result of the canonization procedure is canonical. All callers check
for error, so these asserts don't do anything useful.
ok jsing
|
|
All callers ensure that aor != NULL, so this isn't necessary.
ok jsing
|
|
|
|
This is reachable from x509_verify(), but all asserts are previously
checked in the caller. Turn them into error checks and make sure
the error is set on the X509_STORE_CTX if present. Change some
stack == NULL || sk_num(stack) == 0 checks into sk_num(stack) <= 0
which is equivalent but simpler.
ok jsing
|
|
All internal callers check the return value and future external
callers will be happy not to hit an assert from the library.
ok jsing
|
|
This can read a value in an arbitrary base from a string that is
supposed to be followed by whitespace or a colon, so it cannot be
switched to strtonum(). The current checks don't allow a read past
the end, but let's use the standard idiom instead.
ok jsing
|
|
Switch an insufficiently checked strtoul() to strtonum(). This can
be used to trigger a read of a user-controlled size from the stack.
$ openssl req -new -addext 'sbgp-ipAddrBlock = IPv4:192.0.2.0/12341234'
Segmentation fault (core dumped)
The bogus prefix length 12341234 is fed into X509v3_addr_add_prefix() and
used to read (prefixlen + 7) / 8 bytes from the stack variable 'min[16]'
that ends up as 'data' in the memmove in ASN1_STRING_set().
The full fix will add length checks to X509v3_addr_add_prefix() and
make_addressPrefix() and will be dealt with later. The entire
X509v3_{addr,asid}_* API will need a thorough review before it can be
exposed.
This code is only enabled in -current and can only be reached from
openssl.cnf files that contain sbgp-ipAddrBlock or from the openssl(1)
command line.
ok jsing
|
|
|
|
ASN1_item_ex_{d2i,i2d}() instead of ASN1_item_{d2i,i2d}(). Fixes test
failure on sparc64, and hopefully all other architectures.
reported by tobhe
with/ok jsing
|
|
|
|
If we're given a pointer to an existing stack, free it and allocate a new
one rather than poping and freeing all of the existing entries so we can
reuse it. While here rename some arguments and variables.
ok inoguchi@ tb@
|
|
Remove the existing o2i_SCT_signature() function and rename
o2i_SCT_signature_internal() to replace it.
ok inoguchi@ tb@
|
|
|
|
BN_mod_lshift_quick(3), BN_mod_lshift1(3), and BN_mod_lshift1_quick(3)
|
|
but what i have so far is already better than nothing
|
|
|
|
|
|
No functional change.
|
|
While here, add the missing "const" qualifier to the second parameter
of BN_is_word(3) - even though i doubt that marking an integral type
parameter as "const" serves any significant purpose...
Note that the OpenSSL documentation for this function that Billy
Brumley committed on August 4, 2021 is actually wrong. Essentially,
it says "BN_abs_is_word() test[s] if a equals ... |w|." Now pray
tell me, what exactly is the point of taking the absolute value of
an unsigned integer number? To compensate for the obvious absurdity
of his patch, Billy made a point of getting *three* OKs from rather
notable people: Pauli Dale, Nicola Tuveri, and Dmitry Belyavskiy.
I believe this is a striking example of the cavalier attitude some
projects put on display when it comes to documentation, and also a
striking example of how bad documentation can occasionally be worse
than no documentation at all, because the OpenSSL manual page will
now thoroughly confuse anyone reading it.
SCNR pointing out this (hopefully unintentional) hilarity - or is
this an attempt at trolling the readers of their documentation?
If it is, they certainly got me.
|
|
|
|
fixing a minibug found with check_complete.pl
|
|
|
|
|
|
in OpenSSL commit d2e9e320.
|
|
|
|
files in libcrypto/ct. This reverts OpenSSL commit d2e9e320
discussed with jsing
|
|
This provides cleaner and safer code.
ok inoguchi@ tb@
|
|
|
|
|
|
while here, repair a typo in the lh_retrieve(3) synopsis
|
|
|
|
|
|
|
|
symbols according to the reason (internal, obsolete, postponed)
and according to the header file (asn1, objects, x509, ...).
Also, add some minor tweaks needed for <openssl/objects.h>.
|
|
Before the TLSv1.3 stack grew client certificate support, it fell back
to the legacy stack. Proper client certificate support was added in a2k20
with a TLS13_USE_LEGACY_CLIENT_AUTH knob to provide an easy fallback in
case the new code should have a problem. This was never needed.
As ifdefed code is wont to do, this bitrotted a few months later when
the client and server methods were merged.
discussed with jsing
|
|
mark OBJ_create_and_add_object() as intentionally undocumented
|
|
because OBJ_nid2obj(3) is already long and
more functions related to OBJ_create(3) have to be documented.
|
|
This will allow us to add a new asn1_lib.c while replacing the code that is
in currently in asn1_old_lib.c.
Discussed with tb@
|
|
|
|
Rather than having multiple files per type (with minimal code per file),
use one file per type (a_<type>.c).
No functional change.
Discussed with tb@
|
|
ok tb@
|
|
|
|
|
