summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_trs.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove X509_check_trust() and some related definestb2024-08-311-6/+1
| | | | | | | | | Someone thought it would be a good idea to append non-standard trust information to the certs in the trust store. This API is used to inspect that depending on the intended purpose of the cert. Only M2Crypto thought it necessary to expose this. It was adjusted. ok beck jsing
* Fix the horrible and undocumented behaviour of X509_check_trustbeck2024-07-121-48/+59
| | | | | | | | | | | | | | | | | | | | Of allowing you to pass in a NID directly, instead of a trust_id, and have it work, as long as the trust_id's and the NID's did not overlap. This screwball behaviour was depended upon by the OCSP code that called X509_check_trust with the NID, instead of the trust id, so let's fix that. We also rename the confusingly named X509_TRUST_DEFAULT to X509_TRUST_ACCEPT_ALL which makes a lot more sense, and rototill this to remove the confusingly named static functions. This will shortly be follwed up by making this function private, so we have not bothered to fix the amazingly obtuse man page as it will be taken behind the barn at that time. ok tb@
* Clean up in X509_check_trust.beck2024-07-121-14/+8
| | | | | | | | | | | | | | | The XXX comment in here is now outdated. Our behaviour matches boringssl in that passing in a 0 trust gets the default behavior, which is to trust the certificate only if it has EKU any, or is self signed. Remove the goofy unused nid argument to "trust_compat" and rename it to what it really does, instead of some bizzare abstraction to something simple so the code need not change if we ever change our mind on what "compat" is for X.509, which will probably only happen when we are back to identifying things by something more sensible like recognizable grunts and smells. ok jsing@
* x509 trust: remove unneeded headerstb2024-03-261-3/+1
|
* Final tweaks in x509_trs.c for nowtb2024-03-251-10/+11
| | | | looked over by jsing
* Kill X509_TRUSTtb2024-03-251-79/+31
| | | | | | | | After peeling off enough layers, the entire wacky abstraction turns out to be nothing but dispatching from a trust_id to a trust handler and passing the appropriate nid and the cert. ok beck jsing
* Add back trust member of X509_TRUST that I accidentally deletedtb2024-03-251-1/+2
|
* Const correct the trust handlerstb2024-03-251-8/+7
| | | | | | | The certificates no longer need to be modified since we cache the extensions up front. ok beck
* Pass the nid instead of the entire trust structuretb2024-03-251-10/+10
| | | | | | | This code is so ridiculously overengineered that it is an achievement even by early OpenSSL standards. ok beck
* Pull extension caching into X509_check_trust()tb2024-03-251-2/+7
| | | | | | This way the trust handlers can stop modifying the certificates. ok beck
* Rename ax into auxtb2024-03-241-8/+7
|
* Drop redundant NULL checks around two for loopstb2024-03-241-15/+14
| | | | ok beck
* Rename arg1 to nid because that's what it istb2024-03-241-11/+11
| | | | | "Yeah, arg1 is always such an imaginative name" ian ok beck
* Drop the unused 'name' member from X509_TRUSTtb2024-03-241-10/+1
| | | | | | | This used to be exposed via an accessor, but this accessor is no longer part of the library, so nuke it. ok beck
* Remove unused flags and arg2 members from X509_TRUSTtb2024-03-231-3/+1
| | | | ok jsing
* Remove unused flags argument from the trust handlerstb2024-03-231-13/+13
| | | | | | | | The public X509_check_trust() takes a flag parameter which we must leave in place. However, we can stop passing the flag parameter around without ever looking at it. ok jsing
* Remove X509_TRUST from the public APItb2024-03-021-1/+10
| | | | | | With API and other users internal, this struct can now go. ok jsing
* Remove unused public X509_TRUST APItb2024-03-021-80/+1
| | | | | | | Another thing that should never have leaked out of the library. It will become internal entirely, where the code can be simplified greatly. ok jsing
* Prepare for removing most of the X509_TRUST APItb2024-01-131-41/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | X509_check_trust() is of course used by the verifier. Unfortunately M2Crypto exposes it. The only other part of the X509_TRUST API that are still needed are the X509_TRUST_* macros in x509.h, as they are used via *_set_trust and indirectly via the purpose stuff. The rest will be removed. X509_TRUST_add() was defanged recently, in particular it no longer hangs strdup()'ed strings off the global struct. Nothing ever cleaned these up. TRUST_cleanup() attempted to do so, but since it checked the dynamic/dynamic strings flags in the wrong order, that cleanup call ended up doing nothing, so that code was removed at some point. As a consequence, the struct can now be made const. Use a CTASSERT() to ensure size assumptions on X509_TRUST_COUNT, X509_TRUST_MAX, and X509_TRUST_MIN hold true. Remove the global variable underlying X509_TRUST_set_default()'s functionality and move its accessor down to all the other functions that will be deleted. Inline a few things in X509_check_trust(), so we can excise the internals of X509_TRUST_get0(), X509_TRUST_get_by_id(). Since the default trust function can no longer be changed, call obj_trust() directly. ok jsing
* X509_TRUST: tidy up includestb2024-01-101-2/+4
|
* X509_TRUST: group together all trust_*() functionstb2024-01-101-33/+30
| | | | | Now they are next to the trstandard[] table and listed in the order they appear in the table.
* X509_TRUST: hoist trust_compat() to the other end of the filetb2024-01-101-12/+11
|
* X509_TRUST: start shuffling some code aroundtb2024-01-101-32/+31
| | | | | Hoist obj_trust() to the top and move the static default_trust() next to its setter.
* Fix logic error (&& -> ||)tb2024-01-081-2/+2
| | | | CID 477172
* purpose/trust: Improve comments about COUNT/MAX confusiontb2024-01-071-2/+5
|
* Remove X509_TRUST extensibilitytb2024-01-071-102/+10
| | | | | | | | This is pretty much identical to the X509_PURPOSE case: remove the stack used for extending and overriding the trust table and make X509_TRUST_add() always fail. Simplify some other bits accordingly. ok jsing
* Convert some tables to C99 initializerstb2023-07-021-10/+49
| | | | ok & "happy pirate day" beck
* libressl *_namespace.h: adjust *_ALIAS() to require a semicolontb2023-02-161-12/+12
| | | | | | | | | | LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h fix suggested by & ok jsing
* Make internal header file names consistenttb2022-11-261-2/+2
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Revert "Check certificate extensions in trusted certificates"beck2022-11-171-16/+4
| | | | | | | | There are some possible strange side effects noticed by the openssl cms regress tests that I missed. Backing this out until I untangle it ok tb@
* Hide public symbols in libcrypto/x509 .c filesbeck2022-11-141-1/+12
| | | | ok tb@
* Check certificate extensions in trusted certificates.beck2022-11-131-4/+16
| | | | | | | | | | | | | | | | | | Historically the standards let the implementation decide to either check or ignore the certificate properties of trust anchors. You could either use them simply as a source of a public key which was trusted for everything, or you were also permitted to check the certificate properties and fully enforce them. Hooray for freedumb. OpenSSL changed to checking these with : commit 0daccd4dc1f1ac62181738a91714f35472e50f3c Author: Viktor Dukhovni <openssl-users@dukhovni.org> Date: Thu Jan 28 03:01:45 2016 -0500 BoringSSL currently does not check them, as it also inherited the previous OpenSSL behaviour. It will change to check them in the future. (https://bugs.chromium.org/p/boringssl/issues/detail?id=533)
* Allow explicit cert trusts or distrusts for EKU anybeck2022-11-101-4/+6
| | | | | | | | | This matches the current OpenSSL behaviour introduced in their commit: commit 0daccd4dc1f1ac62181738a91714f35472e50f3c Date: Thu Jan 28 03:01:45 2016 -0500 ok jsing@ tb@
* Move the now internal X.509-related structs into x509_lcl.h.tb2021-11-011-1/+3
| | | | | | | | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
* Similar to x509/x509_purp.c rev. 1.5:schwarze2021-07-231-5/+1
| | | | | | | | | | | | | Delete some code from X509_TRUST_cleanup(3) that had no effect: it called a function on static objects that returns right away unless the argument is dynamically allocated. Pointed out by tb@. This commit is identical to: OpenSSL commit 5e6e650d62af09f47d63bfdd6c92e3b16e9da644 Author: Kurt Cancemi <kurt at x64architecture dot com> Date: Thu Jun 9 21:57:36 2016 -0400
* Add const qualifiers to the name and xp arguments of X509_TRUST_add(3),tb2018-05-181-5/+5
| | | | | | | X509_TRUST_get0_name(3), X509_TRUST_get_flags(3), and X509_TRUST_get_trust(3). tested in a bulk build by sthen ok jsing
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-5/+5
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* The upcoming x509 alt chains diff tightens the trust requirementsbeck2016-11-061-1/+17
| | | | | | | for certificates. This (from OpenSSL) ensures that the current "default" behaviour remains the same. We should revisit this later ok jsing@
* Remove more IMPLEMENT_STACK_OF noops that have been hiding for the lastjsing2015-02-101-3/+1
| | | | 15 years.
* Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add.doug2014-12-061-6/+8
| | | | | | | | | | | If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the object in an inconsistent state since the name is already freed. This commit avoids changing the original name unless the *_add() call will succeed. Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0 ok miod@
* further BUF_strdup conversion: these places should be safe to rely ontedu2014-11-181-2/+2
| | | | the function argument not being NULL
* Get rid of the last remaining BUF_strdup and BUF_strlcpy and friends, usebeck2014-10-161-2/+3
| | | | | intrinsic functions everywhere, and wrap these functions in an #ifndef LIBRESSL_INTERNAL to make sure we don't bring their use back.
* X509_TRUST_add(): check X509_TRUST_get0() return value before dereferencing it,miod2014-09-281-15/+23
| | | | | | for it may be NULL. Do not leak memory upon error. ok bcook@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-3/+3
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* More KNF.jsing2014-04-201-2/+2
|
* KNF.jsing2014-04-201-66/+101
|
* blunt force knftedu2014-04-181-5/+5
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-5/+5
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* resolve conflicts, fix local changesdjm2010-10-011-1/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:02:46 +0000