| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
This doesn't do much right now, but is part of the tangle that is adding
RSA-PSS support.
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
timegm(3) is not available on some operating systems we support in
portable. We currently use musl's implementation, for which gcc-13
decided to emit warnings (which seem incorrect in general and are
irrelevant in this case anyway). Instead of patching this up and
diverge from upstream, we can avoid reports about compiler warnings
by simply not depending on this function.
Rework the caching of notBefore and notAfter by replacing timegm(3)
with asn1_time_tm_to_time_t(3). Also make this API properly error
checkable since at the time x509v3_cache_extensions(3) is called,
nothing is known about the cert, in particular not whether it isn't
malformed one way or the other.
suggested by and ok beck
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These 'builder' functions, usually used together, can result in corrupt
ASIdentifiers on failure. In general, no caller should ever try to recover
from OpenSSL API failure. There are simply too many traps. We can still
make an effort to leave the objects in unmodified state on failure. This
is tricky because ownership transfer happens. Unfortunately a really
clean version of this seems impossible, maybe a future iteration will
bring improvements...
The nasty bit here is that the caller of X509v3_asid_add_id_or_range()
can't know from the return value whether ownership of min and max was
transferred or not. An inspection of (*choice)->u.range is required.
If a caller frees min and max after sk_ASIdOrRange_push() failed, there
is a double free.
All these complications could have been avoided if the API interface
had simply used uint32_t instead of ASN1_INTEGERs. The entire RFC 3779
API was clearly written without proper review. I don't know if there
ever was an actual consumer before rpki-client. If it existed, nobody
with the requisite skill set looked at it in depth.
ok beck for the general direction
with a lot of input and ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
X509_ALGOR_set0() is annoyingly unergonomic since it takes an ASN1_OBJECT
rather than a nid. This means that almost all callers call OBJ_obj2nid()
and they often do this inline without error checking so that the resulting
X509_ALGOR object is corrupted and may lead to incorrect encodings.
Provide an internal alternative X509_ALGOR_set0_by_nid() that takes a nid
instead of an ASN1_OBJECT and performs proper error checking. This will be
used to convert callers of X509_ALGOR_set0() in the library.
ok jsing
|
| |
|
|
|
|
|
|
| |
If the topmost cert is invalid, this should result in a validation failure.
Do the same dance as elsewhere permitting the verify callback to intercept
the error but ensuring that we throw an error.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509_ALGOR_set_md() is a void function that cannot easily be error checked.
The caller has to jump through hoops to make sure this function doesn't
fail. Prepare replacing this internally with X509_ALGOR_set_evp_md(), which
allows error checking. There is one slight change of behavior: if the EVP_MD
object passed in does not have an OID known to the library, then this new
API fails.
It is unclear what the library should do with such an object and people
who use EVP_MD_meth_new() need to know what they are doing anyway and they
are better off teaching the lib about the OID if they're going to be
messing with certs.
Oh, and the prototype is in x509_local.h because the rest of this API is
in x509.h despite being implemented in asn1/.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Our checking here was a bit too aggressive, and did not permit an
IP address in a URI. IP's in a URI are allowed for things like CRLdp's
AIA, SAN URI's etc.). The check for this was also slightly flawed as
we would permit an IP if memory allocation failed while checking for
an IP.
Correct both issues.
ok tb@
|
| |
|
|
|
|
|
| |
This code is a complete bug fest and using it with any other AFI is
downright dangerous. Such don't arise in this context in practice.
ok claudio jsing
|
| |
|
|
| |
requested by jsing@
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
|
|
| |
Reported by Viktor Szakats in
https://github.com/libressl/portable/issues/910
ok job
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The stack of subject alternative names from the issuer is parsed using
X509V3_EXT_d2i(), so it must be freed with sk_GENERAL_NAME_pop_free().
It's not worth doing complicated ownership handling when the individual
alternative names can be copied with GENERAL_NAME_dup().
Previously, ialt and its remaining members would be leaked when the call
to sk_GENERAL_NAME_push() failed halfway through.
This is only reachable via the issuer:copy x509v3.cnf(5) directive.
ok jsing
|
| |
|
|
|
|
|
|
| |
On failure invalidate the cert with EXFLAG_INVALID. It's unlikely that
a cert would make it through to the end of this function without setting
the flag, but it's bad style anyway.
ok jsing
|
| |
|
|
|
|
|
|
| |
These headers are now reduced to #include <openssl/ec.h> and are provided
for compatiblity only. There's no point in using them. At the same time
garbage collect the last uses of OPENSSL_NO_{ECDSA,ECDH} in our tree.
ok jsing
|
| |
|
|
| |
ok & "happy pirate day" beck
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Per RFC 5280, 4.2: A certificate MUST NOT include more than one instance
of a particular extension.
This implements such a check in x509v3_cache_extensions() by sorting the
list of extensions and looking for duplicate neighbors. This sidesteps
complications from extensions we do not know about and keeps algorithmic
complexity reasonable. If the check fails, EXFLAG_INVALID is set on the
certificate, which means that the verifier will not validate it.
ok jsing
|
| |
|
|
| |
This file is already enough of an eyesore without them.
|
| |
|
|
|
|
|
|
|
| |
Only allow version v1-v3, disallow issuerUID and subjectUID in v1 certs
and require that if X509v3 extensions are present that the cert be v3.
Initial diff from job
ok job jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
must_be_ca can no longer be 0 after the proxy cert code got nuked,
so change this to an if. must_be_ca is now -1 for a leaf, or 1 for
a non leaf.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an un-revert with nits of the previously landed change
to do this which broke libtls. libtls has now been changed to
not use this function.
This change ensures that if something is returned it is "text"
(UTF-8) and a C string not containing a NUL byte. Historically
callers to this function assume the result is text and a C string
however the OpenSSL version simply hands them the bytes from an
ASN1_STRING and expects them to know bad things can happen which
they almost universally do not check for. Partly inspired by
goings on in boringssl.
ok jsing@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
Back in the day when essentially every struct was open to all applications,
X509_VERIFY_PARAM_ID provided a modicum of opacity. This indirection is now
no longer needed with X509_VERIFY_PARAM being opaque itself, so stop using
X509_VERIFY_PARAM_ID and merge it into X509_VERIFY_PARAM. This is a first
small step towards cleaning up the X509_VERIFY_PARAM mess.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this, hostflags set on the SSL_CTX would not propagate to newly
created SSL. This is surprising behavior that was changed in OpenSSL 1.1
by Christian Heimes after the issue was flagged by Quentin Pradet:
https://bugs.python.org/issue43522
This is a version of the fix that landed in OpenSSL.
There used to be a workaround in place in urllib3, but that was removed at
some point. We haven't fixed this earlier since it wasn't reported. It only
showed up after recent fallout of extraordinarily strict library checking
in urllib3 coming from their own interpretation of the implications of
PEP 644.
ok jsing
|
| |
|
|
|
|
|
|
| |
This is needed for an upcoming regress test that needs to access the
hostflag. This is public API in OpenSSL but since nothing seems to be
using this, this accessor will be kept internal-only for the time being.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
It is higly confusing to call the list of untrusted certs chain, when
you're later going to call X509_STORE_CTX_get0_chain() to get a completely
unrelated chain by the verifier. Other X509_STORE_CTX APIs call this list
of certs 'untrusted', so go with that. At the same time, rename the x509
into leaf, which is more explicit.
suggested by/ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When v3err.c was merged into x509_err.c nearly three years ago, it was
overlooked that the code needed two distinct pairs of ERR_FUNC/ERR_REASON,
one for ERR_LIB_X509 and one for ERR_LIB_X509V3. The result is that the
reason strings for the X509_R_* codes would be overwritten by the ones for
X509V3_R_* with the same value while the reason strings for all X509V3_R_*
would be left undefined.
Fix this by an #undef/#define dance for ERR_LIB_X509V3 once we no longer
the ERR_FUNC/ERR_REASON pair for ERR_LIB_X509.
reported by job
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
These helpers used to contain messy pointer bashing some with weird logic
for NUL termination. This can be written more safely and cleanly using
CBB/CBS, so do that. The result is nearly but not entirely identical to
code used elsewhere due to some strange semantics. Apart from errors pushed
on the stack due to out-of-memory conditions, care was taken to preserve
error codes.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The other_ctx is a strong contender for the worst name of a struct member
in OpenSSL. It's a void * member whose only purpose ever was to be set to a
STACK_OF(X509) * via X509_STORE_CTX_trusted_stack() (yes, this is obviously
a setter, why do you ask?) and then to be used by the get_issuer() callback
(which of course isn't there to find any old issuer, but only to look for
issuers among the 'trusted' certs).
Anyway, we may want to rename untrusted into intermediates and trusted into
roots later on, but for now let's match the lovely public API. While there
rename get_issuer_sk() into get_trusted_issuer() which is a more accurate
and slightly less silly name.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
roots was used to store the trusted stack or pull the roots out of the
X509_STORE before beck unmooned Ethel in x509_vfy.c r1.88. Since then
this variable is effectively unused. It seems the STACK_OF(3) madness
is too complicated for -Wunused-but-set-variable to notice.
ok miod
|
| |
|
|
|
|
|
| |
If an extension is non-critical, X509V3_extensions_print() would leave
trailing whitespace. This can be trivially avoided.
ok miod
|
| | |
|
| |
|
|
|
|
|
| |
regress for the moment. this will come back after we rethink
the failure versus not there case.
ok tb@ jsing@
|
| |
|
|
|
|
| |
changing tests.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently these functions return raw ASN1_STRING bytes as
a C string and ignore the encoding in a "hold my beer I am
a toolkit not a functioning API surely it's just for testing
and you'd never send nasty bytes" kind of way.
Sadly some callers seem to use them to fetch things liks
subject name components for comparisons, and often just
use the result as a C string.
Instead, encode the resulting bytes as UTF-8 so it is
something like "text",
Add a failure case if the length provided is inadequate
or if the resulting text would contain an nul byte.
based on boringssl.
nits by dlg@
ok tb@
|
| |
|
|
|
|
| |
This helper has been inside #if 0 for nearly 25 years. Let it go. If we
should ever need it, I'm quite confident that we will be able to come up
with its one line body on our own.
|
| | |
|
| |
|
|
|
|
|
| |
This ensures that we will no longer silently ignore a certificate with
a critical policy extention by default.
ok tb@
|
| |
|
|
| |
with beck
|
| |
|
|
|
|
|
|
| |
It can go play in the fields with all the other exponential time policy
"code".
discussed with jsing
ok & commit message beck
|
| |
|
|
|
| |
Tell it we deliberately ignore the return value, (we really don't
care what the old comparison function was).
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
The only caller is X509_policy_check() which goes straight to error.
with beck
ok jsing
|
| |
|
|
|
|
|
|
| |
Add sk_is_sorted() checks to the callers of sk_X509_POLICY_NODE_delete_if()
and add a comment that this is necessary.
with beck
ok jsing
|
