summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_addr.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use err_local.h rather than err.h in most placestb2025-05-101-2/+2
| | | | ok jsing
* Unify X.509v3 extension methodstb2024-07-131-2/+8
| | | | | | | | | | | | Use C99 initializers for all structs (some were forgotten). Make all the structs static, call them x509v3_ext_* matching NID_*. Add accessors called x509v3_ext_method_* and use these to implement X509V3_EXT_get_nid(). This adds consistency and avoids a few contortions like grouping a few extensions in arrays to save a couple externs. ok beck jsing
* Hide global _it variables in x509v3.hbeck2024-07-081-1/+5
| | | | ok tb@
* Fix an error exit in X509v3_addr_validate_path()tb2023-10-291-3/+6
| | | | | | | | If the topmost cert is invalid, this should result in a validation failure. Do the same dance as elsewhere permitting the verify callback to intercept the error but ensuring that we throw an error. ok jsing
* RFC 3779: stop pretending we support AFIs other than IPv4 and IPv6tb2023-09-271-19/+28
| | | | | | | This code is a complete bug fest and using it with any other AFI is downright dangerous. Such don't arise in this context in practice. ok claudio jsing
* Back out superfluous initializationjob2023-09-111-5/+4
| | | | requested by jsing@
* Initialize afi & safi to zerojob2023-09-061-4/+5
| | | | OK tb@
* Avoid use-of-uninitialized in i2r_IPAddrBlocks()tb2023-09-061-1/+8
| | | | | | | Reported by Viktor Szakats in https://github.com/libressl/portable/issues/910 ok job
* libressl *_namespace.h: adjust *_ALIAS() to require a semicolontb2023-02-161-28/+28
| | | | | | | | | | LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h fix suggested by & ok jsing
* Make internal header file names consistenttb2022-11-261-3/+3
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Hide public symbols in libcrypto/x509 .c filesbeck2022-11-141-1/+28
| | | | ok tb@
* Remove an unnecessary XXX comment. The suggested check is part oftb2022-05-251-5/+1
| | | | extract_min_max().
* Rewrite make_addressRange() using CBStb2022-05-171-37/+104
| | | | | | | | | | Factor the trimming of the end and the counting of unused bits into helper functions and reuse an ASN.1 bit string API to set the unused bits and the ASN1_STRING_FLAG_BITS_SET. With a couple of explanatory comments it becomes much clearer what the code is actually doing and why. ok jsing
* Simplify make_addressPrefix()tb2022-05-171-21/+23
| | | | | | | | | In order to set the BIT STRING containing an address prefix, use existing helper functions from the ASN.1 code instead of redoing everything by hand. Make the function single exit and rename a few variables to make it clearer what is being done. ok jsing
* Clarify comments at the start of {asid,addr}_validate_path_internal()tb2022-04-211-3/+3
| | | | Requested by jsing
* Avoid expensive RFC 3779 checks during cert verificationtb2022-04-211-10/+10
| | | | | | | | | | | | | | | X509v3_{addr,asid}_is_canonical() check that the ipAddrBlocks and autonomousSysIds extension conform to RFC 3779. These checks are not cheap. Certs containing non-conformant extensions should not be considered valid, so mark them with EXFLAG_INVALID while caching the extension information in x509v3_cache_extensions(). This way the expensive check while walking the chains during X509_verify_cert() is replaced with a cheap check of the extension flags. This avoids a lot of superfluous work when validating numerous certs with similar chains against the same roots as is done in rpki-client. Issue noticed and fix suggested by claudio ok claudio inoguchi jsing
* Make gcc 4 happier about x509_addr.ctb2022-03-161-6/+8
| | | | | | | | | | gcc 4 on sparc64 issues a few 'warning: value computed is not used'. There are two cases: sk_set_cmp_function() returns the old comparison function of the stack which we don't care about. The one warning about an sk_delete() is about a return value that we know already and which we will free a few lines down. ok inoguchi miod
* Remove a strange inheritance check from addr_validate_path_internal()tb2022-02-041-4/+1
| | | | | | | | The trust anchor can't inherit, but the code says that it can inherit just not if the leaf tries to inherit from that. This makes no sense and doesn't match what is done on the asid side. ok jsing
* minor tweaks, no code changetb2022-01-061-4/+3
| | | | | Adjust a comment to reality, zap a stray empty line and fix whitespace before comment after #endif
* Unindent a few lines of code and avoid shadowed variables.tb2022-01-051-12/+7
|
* Rename {c,p}_{min,max} into {child,parent}_{min,max}tb2022-01-051-7/+8
|
* Two minor KNF tweakstb2022-01-051-5/+5
|
* Use child_aor and parent_aor instead of aorc and aorptb2022-01-051-15/+15
| | | | suggested by jsing
* Rename fp and fc into parent_af and child_af for readability.tb2022-01-051-24/+29
| | | | suggested by jsing
* Globally rename all IPAddressFamily *f into af since this is slightlytb2022-01-051-64/+65
| | | | | | more readable. Repeated complaints by jsing
* Add a helper function to turn unchecked (but sound) use oftb2022-01-051-13/+18
| | | | | | sk_find + sk_value into something easier to follow and swallow. ok inoguchi jsing
* Hoist IPAddressFamily_cmp() to the other IPAddressFamily functions.tb2022-01-051-29/+29
| | | | ok inoguchi jsing
* Call x a cert for readability.tb2022-01-051-13/+13
|
* Now that i is free, rename j to i for use as loop variable intb2022-01-051-10/+10
| | | | various loops in addr_validate_path_internal().
* In addr_validate_path_internal() rename i to depth because that'stb2022-01-051-17/+15
| | | | what it is.
* Turn the validation_err() macro into a functiontb2022-01-051-31/+44
| | | | | | | | | | | | validation_err() is an ugly macro with side effects and a goto in it. At the cost of a few lines of code we can turn this into a function where the side effects are explicit and ret is now explicitly set in the main body of addr_validate_path_internal(). We get to a point where it is halfway possible to reason about the convoluted control flow in this function. ok inoguchi jsing
* Move variable declarations in X509v3_addr_canonize() to the top oftb2022-01-051-17/+19
| | | | | | the function and unindent some code. ok inoguchi jsing
* Remove a bogus memcmp in range_should_be_prefix()tb2022-01-051-3/+6
| | | | | | | | | | | | | | | | | | range_should_be_prefix() currently always fails. The reason for this is that OpenSSL commit 42d7d7dd incorrectly moved a memcmp() out of an assertion. As a consequence, the library emits and accepts incorrectly encoded ipAddrBlock extensions since it will never detect ranges that MUST be encoded as a prefix according to RFC 3779, 2.2.3.7. The return -1 from this memcmp() indicates to the callers that the range should be expressed as a range, so callers must check beforehand that min <= max to be able to fail. Thus, remove this memcmp() and add a check to make_addressRange(), the only caller that didn't already ensure that min <= max. This fixes the noisy output in regress/lib/libcrypto/x509/rfc3779. ok inoguchi jsing
* Polish X509v3_addr_subset() a bittb2022-01-051-15/+28
| | | | | | | | | Use child and parent instead of a and b. Split unrelated checks. Use accessors and assign to local variables to avoid ugly line wrapping. Declare vriables up front instead of mixing declarations with assignments from function returns. ok inoguchi jsing
* Readability tweaks in addr_contains()tb2022-01-051-5/+13
| | | | | | Assign to local variables to avoid ugly line wrapping. ok inoguchi jsing
* Fix a bug in addr_contains() introduced in OpenSSL commit be71c372tb2022-01-051-2/+2
| | | | | | | by returning 0 instead of -1 on extract_min_max() failure. Callers would interpret -1 as success of addr_contains(). ok inoguchi jsing
* Readability tweaks in the print helper i2r_IPAddressOrRanges.tb2022-01-041-9/+17
| | | | | Assign repeated nested expressions to local variables and avoid some awkward line wrapping.
* Consistently name variables with a _len suffix instead of mixingtb2022-01-041-35/+35
| | | | | | things like prefixlen, afi_length, etc. suggested by jsing
* Only check the parent to be canonical once we know it is non-NULL.tb2022-01-041-6/+5
| | | | suggested by jsing during review
* Refactor extract_min_max()tb2022-01-041-11/+28
| | | | | | | | | | extract_min_max() crammed all the work in two return statements inside a switch. Make this more readable by splitting out the extraction of the min and max as BIT STRINGs from an addressPrefix or an addressRange and once that's done expanding them to raw addresses. ok inoguchi jsing
* Remove checks that are duplicated in extract_min_max()tb2022-01-041-8/+1
| | | | | | | | The NULL checks and the checks that aor->type is reasonable are already performed in extract_min_max(), so it is unnecessary to repeat them in X509v3_addr_get_range() ok inoguchi jsing
* Make X509v3_addr_get_range() readable.tb2022-01-041-7/+17
| | | | | | | Instead of checking everything in a single if statement, group the checks according to their purposes. ok inoguchi jsing
* Add a length check to make_addressPrefix()tb2022-01-041-12/+25
| | | | | | | | | | Make the callers pass in the afi so that make_addressPrefix() can check prefixlen to be reasonable. If the afi is anything else than IPv4 or IPv6, cap its length at the length needed for IPv6. This way we avoid arbitrary out-of-bounds reads if the caller decides to pass in something stupid. ok inoguchi jsing
* Remove some dead codetb2022-01-041-7/+1
| | | | | | | IPAddressRange_new() populates both its min and max members, so they won't ever be NULL and will never need to be allocated. ok inoguchi jsing
* Drop a pointless NULL checktb2022-01-041-3/+2
| | | | | | | | IPAddressOrRange_new() instantiates a choice type, so we need to allocate one member of the union ourselves, so aor->u.addressPrefix will always be NULL. ok inoguchi jsing
* First pass over x509_addr_validate_path()tb2022-01-041-37/+79
| | | | | | | Replace reaching into the structs with IPAddressFamily accessors and add a few comments that explain what the code is actually doing. ok inoguchi jsing
* Refactor IPAddressFamily accessorstb2022-01-041-37/+90
| | | | | | | | | | | Introduce a helper function that allows fetching the AFI and the optional SAFI out of an IPAddressFamily. Also add two wrappers that only fetch and validate the AFI, where validation currently only means that the length is between 2 and 3. Use these accessors throughout to simplify and streamline the code. ok inoguchi jsing
* Fix typo in commenttb2021-12-281-2/+2
|
* Use lowercase letters for hexadecimal constants, as both jsing and Itb2021-12-281-15/+15
| | | | prefer this.
* Rewrite X509v3_addr_canonize() with new accessorstb2021-12-281-7/+9
| | | | | | | This is again a straightforward conversion and leads to something which matches our usual style more. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-25 00:36:06 +0000