| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Nothing uses this anymore. M2Crypto has been patched and a fix for
opensc has been upstreamed.
ok jsing
This is the start of a major bump. Don't build the tree until I have
synced sets in about 20 commits.
|
| |
|
|
|
| |
There's no need to cast away const from a const char * if you're going to
pass it to a const char * argument of a function.
|
| |
|
|
|
|
|
|
| |
This makes it clear for those fluent in OpenSSL API gibberish that nothing
needs to be freed here. This is because it returns something hanging off a
hash entry owned by cnf.
ok jsing
|
| |
|
|
|
|
|
|
| |
Historically, X509V3_section_free() could be customized by the conf db
method to release memory allocated by X509V3_get_section(). This is no
longer supported, so it is always a noop and can be removed.
ok jsing
|
| | |
|
| |
|
|
|
| |
This way we don't need a prototype and things that belong together
are together. Slight KNF tweak while there
|
| | |
|
| |
|
|
|
|
|
| |
As far as I can tell this has never been used since the beginning of git
history with SSLeay 0.8.1b, so we can simplify the x509_cb() a little.
ok jsing miod
|
| |
|
|
|
|
| |
internal_verify() (now x509_vfy_internal_verify()) used to cache the
validity of the signature of a cert in this field. This is no longer
the case since x509_vfy.c 1.57 (2017).
|
| |
|
|
| |
Fix includes while there
|
| |
|
|
|
| |
This was needed to avoid truncation on BIO_write(). With the switch to
BIO_printf() in the previous commit this is no longer needed.
|
| |
|
|
|
|
| |
This handles the empty string, which ruby-openssl checks.
Pointed out by anton
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is legacy API that we can unexport since nothing uses it directly.
Unfortunately we need to keep the functions because there are plenty of
things that use it indirectly by passing XN_FLAG_COMPAT to X509_print_ex().
The old implementation parsed the X509_NAME_oneline() output in order to
remove the / preceding the (one or two-uppercase letters) name and to
insert ", " afterward. This is just stupid in so many ways, not least
because there's basically no limit to the garbage that you can stuff into
an X.500 name.
So rework this and only include the name entries whose short names are
one or two letters long. This way, this becomes slightly saner and less
fragile.
ok jsing
|
| | |
|
| |
|
|
| |
ok millert operator(7)
|
| |
|
|
|
|
|
|
|
|
| |
As explained in a comment, this needs to loop backwards and the last tt--
ends up pointing at &it->templates[-1], which isn't ok. Use a simple way
of looping, which is also ugly and involves some type confusion as pointed
out by claudio. However, type confusion is common in libcrypto's asn1 code
and won't be fixed anytime soon anyway.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
Nothing needs to reach into this structure, which is part of
certificates. So hide its innards.
ok beck jsing
|
| |
|
|
|
|
|
| |
This internalizes a particularly scary layer of conf used for X.509
extensions. Again unused public API...
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
imodules are called imodules because they contain Information about
modules that have been Initialized. Which one of these two I it is
is anyone's best guess. Why anything outside of libcrypto would ever
possibly care will also remain a mystery.
Remove the old way of adding a conf module, user data, stop allowing
to set a method (it's opaque now, remember?) and drop a couple bits
more from the public api interface.
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For a certificate serial number between LONG_MAX and ULONG_MAX, the call to
ASN1_INTEGER_get() fails and leaves an error on the stack because the check
bs->length <= sizeof(long) doesn't quite do what it's supposed to do (bs is
probably for bitstring, although the more common reading would be adequate,
too.)
Fix this by checking for non-negativity and using ASN1_INTEGER_get_uint64()
and add a lengthy comment to explain the nonsense per beck's request.
discussed with jsing
ok beck
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These constitute the bulk of the remaining global mutable state in
libcrypto. This commit moves most of them into data.rel.ro, leaving
out ERR_str_{functs,libraries,reasons} (which require a slightly
different approach) and SYS_str_reasons which is populated on startup.
The main observation is that if ERR_load_strings() is called with a 0 lib
argument, the ERR_STRING_DATA argument is not actually modified. We could
use this fact to cast away const on the caller side and be done with it.
We can make this cleaner by adding a helper ERR_load_const_strings() which
explicitly avoids the assignment to str->error overriding the error code
already set in the table.
In order for this to work, we need to sprinkle some const in err/err.c.
CMS called ERR_load_strings() with non-0 lib argument, but this didn't
actually modify the error data since it ored in the value already stored
in the table.
Annoyingly, we need to cast const away once, namely in the call to
lh_insert() in int_err_set_item(). Fixing this would require changing
the public API and is going to be tricky since it requires that the
LHASH_DOALL_FN_* types adjust.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
When called with a pointer to NULL as an output buffer, one would expect
an i2d API to allocate the buffer and return it. The implementation here
is special and the allocation dance was forgotten, resulting in a SIGSEGV.
Add said dance.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This is what the (not quite appropriately) referenced ASN1_item_i2d()
page documents for errors, matches what the RETURN VALUE section has
been documenting for ages, matches BoringSSL, it's the usal behavior
for i2d_*. It's also what OpenSSL (of course incorrectly) documents.
discussed with jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
The only caller that could potentially call these with NULL has been fixed.
This way an ugly hack that was needed to plug a memory leak can go away and
the functions again behave as intended without OpenSSL-style workarounds.
ok beck
|
| |
|
|
|
|
|
|
|
|
| |
If s is NULL, the only thing the tm_to_*() functions do is a check that
a GeneralizedTime has a four digit year (between 0000 and 9999) and a
UTCTime has a year between 1950 and 2050. These checks are already done
in ASN1_TIME_parse() itself: the century is 100 times a two-digit value
(or 19 in the UTCTime case) plus another two-digit value.
ok beck
|
| |
|
|
|
|
|
|
|
| |
ASN1_time_parse() takes a mode argument. If mode != 0, there is a check
that mode is the same as the time type returned by asn1_time_parse_cbs()
otherwise ASN1_time_parse() fails. Therefore the type == mode checks in
ASN1_set_string_internal() are redundant and can be removed.
ok beck
|
| |
|
|
|
|
|
| |
The CBS version asn1_time_parse_cbs() handles a NULL tm gracefully, so
there is no need to avoid it by passing a pointer to a tm on the stack.
ok beck
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Only print specified 0-based versions and print them with the 1-based
human interpretation. Use a colon and error check the BIO_printf()
calls. (There's a lot more to clean up in here, but that's for another
day).
Notably, X509_CRL_print_ex() is missing... I guess that's better than
having one with signature and semantics differing from X509_print_ex()
und X509_REQ_print_ex().
ok beck
|
| |
|
|
| |
ok beck (as part of a larger diff)
|
| |
|
|
|
|
| |
It's always good to see something called internal in the public API.
ok jsing
|
| |
|
|
|
| |
This file was very undecided what style to choose and often changed its
mind in the middle of a function. No change in the generated assembly.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Make them static. Don't make them allocate if passed a NULL ASN1_TIME to
avoid leaks. This currently means that we accept a NULL and succeed. That's
very ugly but better than what we have now.
Simplify ASN1_TIME_set_string_internal() accordingly and allocate an
ASN1_TIME at the API boundary of ASN1_TIME_adj_internal() and of
ASN1_TIME_to_generalized_time().
ok beck (after a lot of squealing and distress)
|
| |
|
|
|
|
| |
and remove the LIBRESSL_INTERNAL guards around them
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
This API can be called with s == NULL, in which case the tm_to_*()
functions helpfully allocate a new s and then leak. This is a rather
ugly fix to make portable ASAN regress happy again, the better fix
will be to rewrite the tm_to_*() functions and adjust their callers.
That is more intrusive and will be done in a later pass.
ok bcook jsing
|
| |
|
|
|
|
|
| |
This picks up most of the remaining public symbols in
x509.h
ok tb@
|
| |
|
|
|
|
| |
largely mechanically done by the guentherizer 9000
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
This makes it where people can't put dumb values in certs without
trying harder, and changes the regress to test this.
GENERALIZED times outside of the RFC5280 spec are required for OCSP
but these should be constructed with the GENERALIZED time string
setters.
ok tb@
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
|
|
|
|
| |
The streaming BIO API is full of missing error checks. This diff reverts
the logic so that the single call to ASN1_item_i2d_bio() is error checked
(it has the usual 1/0 return values), unindents the bulk of the code and
propagates the SMIME_crlf_copy() return value (alos 1/0) to be the actual
error.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This used to be a generalization of PKCS5_pbe2_set(). Its only caller was
the latter, which always passes aiv == NULL and pbe_prf == -1. Thus, the
iv would always be random and regarding the pbe_prf, it would always end
up being NID_hmacWithSHA1 since the only ctrl grokking EVP_CTRL_PBE_PRF_NID
was RC2's control, but only if PBE_PRF_TEST was defined, which it wasn't.
ok jsing
|
| | |
|
