summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_vfy.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix a bug in check_crl_time() that could result in incompleteschwarze2021-11-131-8/+8
| | | | | | | | | | | | | | | | | | | | | | | verification, accepting CRLs that ought to be rejected, if an unusual combination of verification flags was specified. If time verification was explicitly requested with X509_V_FLAG_USE_CHECK_TIME, it was skipped on CRLs if X509_V_FLAG_NO_CHECK_TIME was also set, even though the former is documented to override the latter both in the OpenSSL and in the LibreSSL X509_VERIFY_PARAM_set_flags(3) manual page. The same bug in x509_check_cert_time() was already fixed by beck@ in rev. 1.57 on 2017/01/20. This syncs the beginning of the function check_crl_time() with the OpenSSL 1.1.1 branch, which is still under a free license. OK beck@ This teaches that having too many flags and options is bad because they breed bugs, and even more so if they are poorly designed to override each other in surprising ways.
* In X509_STORE_CTX, rename the X509_STORE store rather than ctx.tb2021-11-071-6/+6
| | | | ok gnezdo jsing
* In X509_STORE_CTX rename the misnamed last_untrusted to num_untrustedtb2021-11-071-13/+13
| | | | ok jsing
* Cache sha512 hash and parsed not_before and not_after with X509 cert.beck2021-11-041-21/+35
| | | | | | | | | | | Replace sha1 hash use with sha512 for certificate comparisons internal to the library. use the cached sha512 for the validator's verification cache. Reduces our recomputation of hashes, and heavy use of time1 time conversion functions noticed bu claudio@ in rpki client. ok jsing@ tb@
* Move the now internal X.509-related structs into x509_lcl.h.tb2021-11-011-3/+1
| | | | | | | | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
* Add RFC 3779 checks to both legacy and new verifierjob2021-10-261-1/+11
| | | | OK beck@
* Prepare to provide a number of X509_STORE_CTX_* setters.tb2021-10-241-1/+38
| | | | ok beck jsing
* Prepare to provide X509_STORE_CTX_get_num_untrusted()tb2021-10-241-1/+7
| | | | ok beck jsing
* Call the callback on success in new verifier in a compatible waybeck2021-09-031-5/+17
| | | | | | | | | | | | | when we succeed with a chain, and ensure we do not call the callback twice when the caller doesn't expect it. A refactor of the end of the legacy verify code in x509_vfy is probably overdue, but this should be done based on a piece that works. the important bit here is this allows the perl regression tests in tree to pass. Changes the previously committed regress tests to test the success case callbacks to be known to pass. ok bluhm@ tb@
* Get rid of historical code to extract the roots in the legacy case.beck2021-08-281-49/+2
| | | | | | | | Due to the need to support by_dir, we use the get_issuer stuff when running in x509_vfy compatibility mode amyway - so just use it any time we are doing that. Removes a bunch of yukky stuff and a "Don't Look Ethel" ok tb@ jsing@
* Pull roots out of the trust store in the legacy xsc when building chainsbeck2021-08-191-1/+10
| | | | | | | to handly by_dir and fun things correctly. - fixes dlg@'s case and by_dir regress in openssl-ruby ok jsing@
* Fix two bugs in the legacy verifiertb2021-02-251-6/+10
| | | | | | | | | | | | | | | To integrate the new X.509 verifier, X509_verify_cert() was refactored. The code building chains in the legacy verifier was split into a separate function. The first bug is that its return value was treated as a Boolean although it wasn't. Second, the return alone is not enough to decide whether to carry on the validation or not. Slightly rearrange things to restore the behavior of the legacy verifier prior to this refactoring. Issue found and test case provided by Anton Borowka and jan. ok jan jsing
* KNFtb2021-02-111-4/+7
|
* Plug a big memory leak in the new validatortb2020-11-181-1/+6
| | | | | | | | | | | | | | | | | | The legacy validator would only call x509_vfy_check_policy() once at the very end after cobbling together a chain. Therefore it didn't matter that X509_policy_check() always allocates a new tree on top of the one that might have been passed in. This is in stark contrast to other, similar APIs in this code base. The new validator calls this function several times over while building its chains. This adds up to a sizable leak in the new validator. Reported with a reproducer by Hanno Zysik on github, who also bisected this to the commit enabling the new validator. Narrowed down to x509_vfy_check_policy() by jsing. We simultaenously came up with a functionally identical fix. ok jsing
* Move freeing of the verify context to its natural place instead oftb2020-11-181-2/+2
| | | | | | a few lines after. stylistic nit from jsing
* KNF (whitespace)tb2020-11-181-2/+2
|
* jumping into the x509 fray with a bunch of whitespace repairderaadt2020-09-261-6/+6
|
* KNF/whitespace nitstb2020-09-201-4/+5
|
* Deduplicate the time validation code between the legacy and newbeck2020-09-151-24/+2
| | | | | | verification code. ok jsing@
* remove unneded variable "time1"beck2020-09-141-6/+6
| | | | | noticed by llvm static analyzer ok tb@
* Correctly fix double free introduced on review.beck2020-09-141-1/+2
| | | | | | | the roots for a ctx are only freed in the free function, not in the clear function, so that a ctx can be re-used with the same roots. ok tb@
* Fix double free - review moved the pop_free of roots to x509_verify_ctx_freebeck2020-09-141-2/+1
| | | | so we don't need to pop free the roots separately
* Add new x509 certificate chain validator in x509_verify.cbeck2020-09-131-48/+180
| | | | | | | | | | | | | | | | | | | The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@
* Change over to use the new x509 name constraints verification.beck2020-09-121-28/+7
| | | | ok jsing@
* When building a chain look for non-expired certificates first.jsing2020-05-311-8/+29
| | | | | | | | | | | | | | | | | | | | | Currently, when building a certificate chain we look up an issuer and if it is the only issuer certificate available we still use it even if it has expired. When X509_V_FLAG_TRUSTED_FIRST is not in use, untrusted certificates are processed first and if one of these happens to be expired it will be used to build the chain, even if there is another non-expired option in the trusted store. Rework this code so that we first look for a non-expired untrusted certificate. If one does not exist then we take a look in the trusted store to see if we would be able to build the chain and only if there is not, do we then look for an expired untrusted certificate. This makes certificate validation possible for various sites that are serving expired AddTrust certificates. Issue reported by Christian Heimes via GitHub. ok beck@ tb@
* Typo in comment.tb2019-03-061-2/+2
| | | | From Holger Mikolon
* Don't leak sktmp in X509_verify_cert().tb2018-08-191-5/+5
| | | | | | CID #118791 ok jsing mestre
* Fail early if an X509_VERIFY_PARAM is poisoned - don't allowbeck2018-04-081-8/+10
| | | | | this to be "overridden" by the user supplied callback. ok jsing@
* poison for X509_VERIFY_PARAM'sbeck2018-04-061-3/+10
| | | | | | | | | | | | Tighten up checks for various X509_VERIFY_PARAM functions, and allow for the verify param to be poisoned (preculding future successful cert validation) if the setting of host, ip, or email for certificate validation fails. (since many callers do not check the return code in the wild and blunder along anyway) Inspired by some discussions with Adam Langley. ok jsing@
* Provide X509_STORE_CTX_get0_chain() and X509_STORE_CTX_get0_store().jsing2018-02-221-3/+17
|
* Provide X509_STORE_CTX_get0_{cert,untrusted}() andjsing2018-02-141-1/+25
| | | | X509_STORE_CTX_set0_{trusted_stack,untrusted}().
* Make the symbol for ASN1_time_tm_clamp_notafter visible so libtlsbeck2017-08-271-1/+3
| | | | | can get at it, so libtls can also deal with notafter's past the realm of 32 bit time in portable
* Add ability to clamp a notafter to values representable in a 32 bit time_tbeck2017-08-131-5/+21
| | | | | | This will only be used in portable. As noted, necessary to make us conformant to RFC 5280 4.1.2.5. ok jsing@ bcook@
* Revert previous change that forced consistency between return value andbeck2017-04-281-10/+2
| | | | | | | error code, since this breaks the documented API. Under certain circumstances this will result in incorrect successful certiticate verification (where a user supplied callback always returns 1, and later code checks the error code to potentially abort post verification)
* revert previous accidental commitbeck2017-04-281-2/+10
|
* *** empty log message ***beck2017-04-281-10/+2
|
* Kill leak introduced with refactorbeck2017-02-051-3/+6
| | | | ok jsing@
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-29/+19
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* fix bogus commentbeck2017-01-211-2/+2
| | | | ok jsing@
* Make return value of X509_verify_cert be consistent with the error code,beck2017-01-211-2/+10
| | | | | | with the caveat that we force V_OK when a user provided callback has us returning success. ok inoguchi@ jsing@
* Rework internal_verify, mostly from OpenSSL. so we can progressbeck2017-01-201-102/+102
| | | | | towards cleaning up the V_OK stuff. ok kinichiro@
* Add and remove some blank lines, in order to make X509_verify_cert()jsing2017-01-071-6/+4
| | | | (slightly) more readable.
* Revert part of r1.54 as there are at least two situations where we are stilljsing2017-01-071-4/+2
| | | | | | | returning ok == 1, with ctx->error not being X509_V_OK. Hopefully we can restore this behaviour once these are ironed out. Discussed with beck@
* Add a small bit of belt and suspenders around ERR_V_OK with X509_STORE_ctxbeck2017-01-031-2/+20
| | | | | | | and X509_verify_cert - We at least make it so an an init'ed ctx is not "valid" until X509_verify_cert has actually been called, And we make it impossible to return success without having the error set to ERR_V_OK. ok jsing@
* bring in boring's internal check_trust function to fix a bug introducedbeck2017-01-031-24/+79
| | | | | | when we went to alternate cert chains. this correctly does not clobber the ctx->error when using an alt chain. ok jsing@
* Rework X509_verify_cert to support alt chains on certificate verification,beck2016-11-061-117/+265
| | | | | via boringssl. ok jsing@ miod@
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-041-3/+3
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* In X509_cmp_time(), pass asn1_time_parse() the tag of the field beingguenther2016-10-021-2/+3
| | | | | | | | | parsed so that a malformed GeneralizedTime field is recognized as an error instead of potentially being interpreted as if it was a valid UTCTime. Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) ok beck@ tedu@ jsing@
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-111-3/+2
| | | | ok doug@
* initialize ok to 0beck2015-12-141-2/+2
| | | | ok guenther@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 07:41:13 +0000