| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
ok millert operator(7)
|
| |
|
|
|
|
|
|
|
|
| |
As explained in a comment, this needs to loop backwards and the last tt--
ends up pointing at &it->templates[-1], which isn't ok. Use a simple way
of looping, which is also ugly and involves some type confusion as pointed
out by claudio. However, type confusion is common in libcrypto's asn1 code
and won't be fixed anytime soon anyway.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
Nothing needs to reach into this structure, which is part of
certificates. So hide its innards.
ok beck jsing
|
| |
|
|
|
|
|
| |
This internalizes a particularly scary layer of conf used for X.509
extensions. Again unused public API...
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
imodules are called imodules because they contain Information about
modules that have been Initialized. Which one of these two I it is
is anyone's best guess. Why anything outside of libcrypto would ever
possibly care will also remain a mystery.
Remove the old way of adding a conf module, user data, stop allowing
to set a method (it's opaque now, remember?) and drop a couple bits
more from the public api interface.
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For a certificate serial number between LONG_MAX and ULONG_MAX, the call to
ASN1_INTEGER_get() fails and leaves an error on the stack because the check
bs->length <= sizeof(long) doesn't quite do what it's supposed to do (bs is
probably for bitstring, although the more common reading would be adequate,
too.)
Fix this by checking for non-negativity and using ASN1_INTEGER_get_uint64()
and add a lengthy comment to explain the nonsense per beck's request.
discussed with jsing
ok beck
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These constitute the bulk of the remaining global mutable state in
libcrypto. This commit moves most of them into data.rel.ro, leaving
out ERR_str_{functs,libraries,reasons} (which require a slightly
different approach) and SYS_str_reasons which is populated on startup.
The main observation is that if ERR_load_strings() is called with a 0 lib
argument, the ERR_STRING_DATA argument is not actually modified. We could
use this fact to cast away const on the caller side and be done with it.
We can make this cleaner by adding a helper ERR_load_const_strings() which
explicitly avoids the assignment to str->error overriding the error code
already set in the table.
In order for this to work, we need to sprinkle some const in err/err.c.
CMS called ERR_load_strings() with non-0 lib argument, but this didn't
actually modify the error data since it ored in the value already stored
in the table.
Annoyingly, we need to cast const away once, namely in the call to
lh_insert() in int_err_set_item(). Fixing this would require changing
the public API and is going to be tricky since it requires that the
LHASH_DOALL_FN_* types adjust.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
When called with a pointer to NULL as an output buffer, one would expect
an i2d API to allocate the buffer and return it. The implementation here
is special and the allocation dance was forgotten, resulting in a SIGSEGV.
Add said dance.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This is what the (not quite appropriately) referenced ASN1_item_i2d()
page documents for errors, matches what the RETURN VALUE section has
been documenting for ages, matches BoringSSL, it's the usal behavior
for i2d_*. It's also what OpenSSL (of course incorrectly) documents.
discussed with jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
The only caller that could potentially call these with NULL has been fixed.
This way an ugly hack that was needed to plug a memory leak can go away and
the functions again behave as intended without OpenSSL-style workarounds.
ok beck
|
| |
|
|
|
|
|
|
|
|
| |
If s is NULL, the only thing the tm_to_*() functions do is a check that
a GeneralizedTime has a four digit year (between 0000 and 9999) and a
UTCTime has a year between 1950 and 2050. These checks are already done
in ASN1_TIME_parse() itself: the century is 100 times a two-digit value
(or 19 in the UTCTime case) plus another two-digit value.
ok beck
|
| |
|
|
|
|
|
|
|
| |
ASN1_time_parse() takes a mode argument. If mode != 0, there is a check
that mode is the same as the time type returned by asn1_time_parse_cbs()
otherwise ASN1_time_parse() fails. Therefore the type == mode checks in
ASN1_set_string_internal() are redundant and can be removed.
ok beck
|
| |
|
|
|
|
|
| |
The CBS version asn1_time_parse_cbs() handles a NULL tm gracefully, so
there is no need to avoid it by passing a pointer to a tm on the stack.
ok beck
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Only print specified 0-based versions and print them with the 1-based
human interpretation. Use a colon and error check the BIO_printf()
calls. (There's a lot more to clean up in here, but that's for another
day).
Notably, X509_CRL_print_ex() is missing... I guess that's better than
having one with signature and semantics differing from X509_print_ex()
und X509_REQ_print_ex().
ok beck
|
| |
|
|
| |
ok beck (as part of a larger diff)
|
| |
|
|
|
|
| |
It's always good to see something called internal in the public API.
ok jsing
|
| |
|
|
|
| |
This file was very undecided what style to choose and often changed its
mind in the middle of a function. No change in the generated assembly.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Make them static. Don't make them allocate if passed a NULL ASN1_TIME to
avoid leaks. This currently means that we accept a NULL and succeed. That's
very ugly but better than what we have now.
Simplify ASN1_TIME_set_string_internal() accordingly and allocate an
ASN1_TIME at the API boundary of ASN1_TIME_adj_internal() and of
ASN1_TIME_to_generalized_time().
ok beck (after a lot of squealing and distress)
|
| |
|
|
|
|
| |
and remove the LIBRESSL_INTERNAL guards around them
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
This API can be called with s == NULL, in which case the tm_to_*()
functions helpfully allocate a new s and then leak. This is a rather
ugly fix to make portable ASAN regress happy again, the better fix
will be to rewrite the tm_to_*() functions and adjust their callers.
That is more intrusive and will be done in a later pass.
ok bcook jsing
|
| |
|
|
|
|
|
| |
This picks up most of the remaining public symbols in
x509.h
ok tb@
|
| |
|
|
|
|
| |
largely mechanically done by the guentherizer 9000
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
This makes it where people can't put dumb values in certs without
trying harder, and changes the regress to test this.
GENERALIZED times outside of the RFC5280 spec are required for OCSP
but these should be constructed with the GENERALIZED time string
setters.
ok tb@
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
|
|
|
|
| |
The streaming BIO API is full of missing error checks. This diff reverts
the logic so that the single call to ASN1_item_i2d_bio() is error checked
(it has the usual 1/0 return values), unindents the bulk of the code and
propagates the SMIME_crlf_copy() return value (alos 1/0) to be the actual
error.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This used to be a generalization of PKCS5_pbe2_set(). Its only caller was
the latter, which always passes aiv == NULL and pbe_prf == -1. Thus, the
iv would always be random and regarding the pbe_prf, it would always end
up being NID_hmacWithSHA1 since the only ctrl grokking EVP_CTRL_PBE_PRF_NID
was RC2's control, but only if PBE_PRF_TEST was defined, which it wasn't.
ok jsing
|
| | |
|
| |
|
|
| |
quoth the muppet "yes I know this is horrible!"
|
| |
|
|
|
|
| |
I would keep repeating myself... In the bit bucket you go.
ok jsing
|
| |
|
|
|
|
|
|
| |
One of those void APIs that are super hard to use safely since they can
fail but can't communicate failure. Nothing uses this. Internal uses have
been converted to error checked X509_ALGOR_set_evp_md().
ok jsing
|
| |
|
|
|
|
| |
The struct itself needs to remain public, unfortunately.
ok jsing
|
| |
|
|
|
|
|
|
| |
This is accessor API for ASN.1 methods needed for custom PKEYs.
Nothing has ever used this. This has been neutered for months.
The EVP_PKEY_asn1_* API that needs to stay was moved elsewhere.
ok jsing
|
| |
|
|
|
|
| |
This was a public helper that is no longer used internally either.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This API was needed since OpenSSL didn't have one. We now have variants
of OpenSSL's API and will also expose BoringSSL's complementary API. The
users of this API were ported to the OpenSSL variants and some may switch
to BoringSSL's in the future. Part of it is still used internally.
ASN1_time_tm_clamp_notafter() is still used by libtls (and only libtls).
This will be fixed in a future bump.
ok jsing
|
| |
|
|
|
|
|
|
| |
This is only used by the fuzzing code. Another bit of poorly thought
out extensibility that makes people pass NULL pointers to a bunch
of APIs.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
The last comsumer, telephony/asterisk, was adjusted a few months back.
pointed out by brad
ok jsing
|
| |
|
|
|
|
|
| |
The only consumer, a_strnid.c, has its own, slightly more complete, up
to date, and less incorrect, version of these.
ok jsing
|
| |
|
|
|
|
| |
Another remnant of the unused ASN1_STRING_TABLE extensibility goes away.
ok jsing
|
| |
|
|
|
|
|
| |
This was API for the ASN1_STRING_TABLE extensibility which has been
neutered for months and was completely unused in the ecosystem.
ok jsing
|
