| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
Now that it lives in a .c file, there's no need to point out that it is
non-public...
|
| |
|
|
|
|
|
|
| |
Unclear why this ever had to be made public since it's only used in a
single file. Anyway, nothing uses this, so remove it.
This went through a full bulk
pointed out by/ok schwarze
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
of the internal subroutine X509V3_add_value(), which could result
in silently losing part of the input data on memory exhaustion.
I independently rediscovered this bug while writing the documentation,
then noticed after fixing it that Zhou Qingyang <zhou1615 at umn dot edu>
fixed it in essentially the same way in OpenSSL 3 (commit bcd5645b
on Apr 11 02:05:19 2022 +0800), but it wasn't backported to the
OpenSSL 1.1.1 branch.
OK tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
This internalizes a particularly scary layer of conf used for X.509
extensions. Again unused public API...
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
imodules are called imodules because they contain Information about
modules that have been Initialized. Which one of these two I it is
is anyone's best guess. Why anything outside of libcrypto would ever
possibly care will also remain a mystery.
Remove the old way of adding a conf module, user data, stop allowing
to set a method (it's opaque now, remember?) and drop a couple bits
more from the public api interface.
ok beck jsing
|
| |
|
|
|
|
|
|
|
| |
Give example IPv6 addresses to clarify what is meant with 1, 2 or 3 zero
length elements.
tb made me look.
perverted, twisted, crippled
|
| |
|
|
|
|
|
|
| |
There's no reason for them not to be const. This is a piece of a larger
diff that I carry in several of my trees to move more things to rodata
or relro. The full diff requires a change to a public header and it's
very annoying to have to 'make includes' and recompile the entire lib
all the time when hopping from tree to tree.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
These helpers used to contain messy pointer bashing some with weird logic
for NUL termination. This can be written more safely and cleanly using
CBB/CBS, so do that. The result is nearly but not entirely identical to
code used elsewhere due to some strange semantics. Apart from errors pushed
on the stack due to out-of-memory conditions, care was taken to preserve
error codes.
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a bit of a strange one. When this function was moved and renamed,
somehow checks for NULL pointers and 0 length were lost. Whether that was
due to great review missing it or great review suggesting it, is unclear.
Now the function can actually legitimately be called with a length of 0
(as ASN.1 OCTET STRINGS can have length 0) and "" is the appropriate
representation for that, so the fix is to allocate a 0 octet. That much
was correct. What was completely missed is that a long can be negative
which will then still lead to an out-of-bounds access. So fix that as
well.
Finally, don't malloc 3 * len + 1 without overflow checking. Rather
use calloc's internal checks. The + 1 isn't really needed anyway.
All this is still really gross and can be done much more cleanly and
safely with CBB/CBS. This will done later once we have better regress
coverage.
ok jsing
|
| | |
|
| |
|
|
|
| |
These functions probably belong into asn1/ but they definitely don't
belong into separate files.
|
| |
|
|
|
| |
This function is no longer used directly by regress, so it can now be local
to this file.
|
| |
|
|
|
|
|
|
|
|
| |
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h
fix suggested by & ok jsing
|
| |
|
|
|
|
|
| |
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
Exposed by recent rewrite of ASN1_STRING_to_UTF8().
CID 352831
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new validator finds multiple validated chains to handle the modern
PKI cases which may frequently have multiple paths via different
intermediates to different roots. It is loosely based on golang's x509
validator
This includes integration so that the new validator can be used via
X509_verify_cert() as well as a new api x509_verify() which will
return multiple chains (similar to go).
The new validator is not enabled by default with this commit, this
will be changed in a follow on commit.
The new public API is not yet exposed, and will be finalized and
exposed with a man page and a library minor bump later.
ok tb@ inoguchi@ jsing@
|
|
|
This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.
Discussed with tb@ (who also tested the release build)
|
