| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
This is currently written in what is likely the most stupid way possible.
Rewrite this function in a more straightforward way.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ASN1_TIME_compare() compares two times t1 and t2. Due to a copy-paste
error, we would do ASN1_time_parse(t1->data, t2->length, &tm2, t2->type)
Now if t1 is a UTCTime (length 13) and t2 is a GeneralizedTime (length 15),
the worst that could happen is a 2-byte out-of-bounds read. Fortunately, t1
will already have parsed as a UTCTime, so it will have a Z where there
should be the first digit of the seconds for a GeneralizedTime and we will
error out.
Now if both t1 and t2 have the same type, we will parse t1's data twice
and we will return an incorrect comparison. This could have some security
impact if anything relied on this function for security purposes. It is
unused in our tree and unused in our ports tree ports and the only consumer
I could find was some MongoDB things doing OCSP, so this won't be too bad.
Then of course there's also the language bindings.
Issue reported by Duncan Thomson at esri dot com via libressl-security
ok beck deraadt
|
| |
|
|
| |
OK tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing miod
|
| |
|
|
|
| |
public symbol removed in April
ok tb@
|
| |
|
|
|
|
|
|
|
| |
This removes ASN1_BIT_STRING_name_print(), ASN1_BIT_STRING_{num,set}_asc().
Before trust was properly handled using OIDs, there was a period where it
used bit strings. The actual interfaces used in openssl x509 were removed,
but the functions they wrapped remained unused for the next 24 years.
ok jsing
|
| |
|
|
|
|
|
|
| |
This was added with the TS code for no discernible reason. I could not
find a single consumer. In the unlikely event that you need this, it is
easy enough to write a better version of it yourself.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
ASN1_bn_print() is a hilariously bad API that was replaced with a saner
interface internally. ASN1_buf_print() isn't terrible, but it is too
specialized to be of real use. It was only exposed because ASN1_bn_print()
was already there. Its only use had been in the EdDSA printing code before
it was replaced with an internal helper.
ok jsing
|
| |
|
|
|
|
|
| |
These were long removed from the public OpenSSL API, so we can do the
same. Remove ASN1_template_{d2i,i2d}() - those are unused internally.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With every bump we can remove a bit more of the ASN.1 BIO and the
streaming interface. At some point enough will be internal so that
we can rewrite it and bring it in a shape where mere mortals can
follow all the twists and turns. This is the next step: BIO_f_asn1(3)
goes away and takes BIO_asn1_{get,set}_{prefix,suffix}() with it,
a bunch of functions helping along in a write-after-free recently.
The getters go away, the setters stay for now.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Oh, joy! The muppets had a feast: they could combine the horrors of EVP
with X.509... Return values between -1 and 3 indicating how much work
needs to be done, depending on whether methods are present or absent.
Needless to say that RSA and EdDSA had inconsistent return values until
recently.
Instead of interleaving if/else branches, split out two helper functions
that do essentially independent things, which results in something that
isn't entirely bad. Well, at least not compared to the surrounding code.
asn1_item_set_algorithm_identifiers() extracts the signature algorithm
from the digest and pkey if known, and sets it on the two X509_ALGOR that
may or may not have been passed in.
asn1_item_sign() converts data into der and signs.
Of course there were also a few leaks and missing error checks.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
These functions inline a poor version of asn1_item_flags_i2d() without
error checks. This can be replaced with a single correct call to
ASN1_item_ndef_i2d(). Mechanically adding malloc checks and checks for
negative did not really improve things all that much in a related project.
ok beck jsing
|
| |
|
|
|
|
|
|
| |
me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok & "happy pirate day" beck
|
| |
|
|
|
|
|
|
| |
Switch to using EVP_DigestVerify(). Move the freeing of in where it
belongs (previously it would leak on EVP_DigestVerifyUpdate() failure),
and use the proper idiom for ASN1_item_i2d() error checking.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
Rename buf_in into in, buf_out into out, use in_len and out_len for their
lengths, drop a couple of silly casts and remove some empty lines.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This makes this function work with Ed25519 and cleans up a handful of
ugly contortions: use EVP_DigestSign() to determine the signature length
instead of using the strange EVP_PKEY_size() and garbage collect the now
useless out_len. Also use calloc().
ok jsing
|
| |
|
|
|
|
|
| |
Also move the NULL check for the EVP_MD into the rv == 2 path, which
is the only branch where it is used.
ok jsing
|
| |
|
|
|
|
| |
Pull a NULL check for pkey->ameth up to before ameth is first accessed. An
EVP_PKEY created with EVP_PKEY_new() has ameth == NULL, so this check makes
sense, but it does not make sense to do it where it was.
|
| |
|
|
|
|
|
|
|
|
|
| |
If the item_sign() ASN.1 method returns 1, it supposedly handles everything
and the goto err prior to r1.5 was actually a success path. Go figure.
This is fortunately inconsequential since there are only two item_sign()
methods, one for RSA and one for Ed25519, neither of which can return 1.
They only return 0, 2, and 3.
Pointed out by and ok jsing
|
| |
|
|
|
| |
Reword it in such a way that it stands on its own and doesn't refer
to a non-existent model above. Also tweak grammar and fix typos.
|
| |
|
|
|
|
|
|
|
|
| |
Instead of adding a NUL termination to OBJ_obj2txt(), move the aobj == NULL
or aobj->data == NULL checks to i2t_ASN1_OBJECT_internal(). The only other
caller, i2t_ASN1_OBJECT(), fails on aobj == NULL and aobj->length == 0, and
the latter condition is implied by aobj->data.
Cleaner solution for obj_dat.c r1.52
suggested by/ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Without the cache, we verify CRL signatures on bytes that have been
pulled through d2i_ -> i2d_, this can cause reordering, which in turn
invalidates the signature. for example if in the original CRL revocation
entries were sorted by date instead of ascending serial number order.
There are probably multiple things we can do here, but they will need
careful consideration and planning.
OK jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A long time ago a workflow was envisioned for X509, X509_CRL, and X509_REQ
structures in which only fields modified after deserialization would need to
be re-encoded upon serialization.
Unfortunately, over the years, authors would sometimes forget to add code in
setter functions to trigger invalidation of previously cached DER encodings.
The presence of stale versions of structures can lead to very hard-to-debug
issues and cause immense sorrow.
Fully removing the concept of caching DER encodings ensures stale versions
of structures can never rear their ugly heads again.
OK tb@ jsing@
|
| |
|
|
| |
with beck
|
| |
|
|
|
|
|
| |
The old policy codes remains the default, with the new policy code
selectable by defining LIBRESSL_HAS_POLICY_DAG.
ok tb@ jsing@
|
| | |
|
| | |
|
| |
|
|
| |
Discussed with jsing and beck
|
| |
|
|
|
|
|
| |
jsing@ noted that ASN1_OP_D2I_POST might not be the best place to
introduce this check (as could lead to pushing errors
(ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching
validation on the encoding side brittleness is introduced.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check whether the X.509 version is in the range of valid version
values, and also checks whether the version is consistent with fields
new to those versions (such as X.509 v3 extensions).
X.690 section 11.5 states: "The encoding of a set value or a sequence
value shall not include an encoding for any component value which is
equal to its default value." However, enforcing version 1 (value 0) to
be absent reportedly caused some issues as recent as July 2020, so
accept version 1 even if it is explicitly encoded.
OK tb@ beck@
|
| | |
|
| |
|
|
| |
Requested by jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.
Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
There's some method to this madness.
ok jsing
|
| |
|
|
|
|
|
| |
pull the setting of the ex_arg up, so we can do error
checking.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
BIO_new_NDEF() sets up an ASN.1 BIO to the output chain and then adds even
more BIOs. Since BIO_push(bio, new_tail) returns bio on success, after the
if ((out = BIO_push(asn_bio, out)) != NULL) the 'out' BIO and the 'asn_bio'
are the same. The code then goes on and uses one or the other. This is very
confusing. Simply stop using out once it's appended to asn_bio.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
In case the input is not NUL terminated, the reversed check for length
and terminating NUL results in a one-byte overread. The documentation
says that the input should be a string, but in ASN.1 land you never
know...
Reported by Guido Vranken a while back
ok beck
|
| | |
|
| |
|
|
|
| |
Turn a malloc() into calloc() and check two function calls directly
forever instead of a combined check afterward.
|
