summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Move X509_VERIFY_PARAM_st from vpm_int.h to x509_local.htb2023-04-162-13/+13
|
* Shuffle ext_cmp() and ext_list_free() up a bittb2023-04-161-18/+14
|
* Remove unnecessary prototypes in the middle of the codetb2023-04-161-5/+1
| | | | In addition, ext_cmp() was already prototyped earlier...
* Use more usual version of inlined nitems(). No binary change.tb2023-04-161-2/+2
|
* Fix comment formatting and grammar, drop usless and outdated commenttb2023-04-161-7/+3
|
* Remove now empty/unused ext_dat.htb2023-04-161-67/+0
|
* Merge ext_dat.h back into x509_lib.ctb2023-04-162-78/+78
| | | | | | There is no point in having this in a separate internal header. discussed with jsing
* Prepare addition of X509_STORE_CTX_get1_{certs,crls}(3)tb2023-04-162-2/+27
| | | | | | | | | | | | | | | X509_STORE_get1_{certs,crls}(3) was added to the OpenSSL 1.1 API with the usual care. At some point later it was noticed that they didn't deal with an X509_STORE at all, but rather with an X509_STORE_CTX, so were misnamed. The fact that X509_STORE_CTX and X509_STORE have their roles reversed when compared to other FOO vs FOO_CTX in this API may or may not be related. Anyway, the X509_STORE versions will be demoted to compat defines and the X509_STORE_CTX will be added to match OpenSSL 1.1 API more closely. This was pointed out by schwarze a long time ago and missed in a few bumps. Hopefully we'll manage to do it this time around. ok jsing
* Mark remaining policy tree public API for removaltb2023-04-162-3/+19
| | | | ok jsing
* Mark proxy policy API for removal in upcoming bumptb2023-04-161-1/+5
| | | | ok jsing
* Remove the now unused ex_pcpathlen from the X509 structtb2023-04-161-2/+1
| | | | ok jsing
* More ProxyCertInfo tentacles go to the attictb2023-04-162-65/+6
| | | | | | | | This removes ProxyCertInfo from extension caching, issuer checking and it also drops the special path validation for proxy certs from the legacy verifier. ok jsing
* Remove some dead code from the new verifiertb2023-04-161-7/+1
| | | | | | | | | The new verifier API is currently unused as we still operate the verifier in legacy mode. Therefore ctx->xsc is always set and the EXFLAG_PROXY will soon be dropped from the library, so this error on encountering proxy certs is effectively doubly dead code. ok jsing
* Drop support for the ProxyCertInfo extensiontb2023-04-161-3/+2
| | | | | | | | This removes the ProxyCertInfo extension from RFC 3820 from the list of supported extensions. Since it is a critical extension, this means that certificates containing it will no longer be considered valid by default. ok jsing
* Make pcy_int.h pull in x509_local.h it will need it soontb2023-04-161-1/+4
| | | | ok jsing
* Fix indentation of structs and unions in x509v3.htb2023-04-101-87/+87
| | | | No change according to diff -w
* Make bn_to_string() statictb2023-04-101-3/+3
| | | | | This function is no longer used directly by regress, so it can now be local to this file.
* Expose various X509_STORE_*check_issued()tb2023-03-101-3/+1
|
* Expose X509_CRL_get0_sigalg() and X509_get0_uidstb2023-03-101-5/+1
|
* Introduce X509_get0_uids() accessor functionjob2023-02-232-2/+17
| | | | | | | By introducing X509_get0_uids(), one can add RPKI profile compliance checks to conform the absence of the issuerUID and subjectUID. OK tb@ jsing@
* zap stray empty linetb2023-02-161-2/+1
|
* libressl *_namespace.h: adjust *_ALIAS() to require a semicolontb2023-02-1651-703/+703
| | | | | | | | | | LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h fix suggested by & ok jsing
* Fix arbitrary memory read in GENERAL_NAME_cmp()tb2023-02-071-2/+3
| | | | | | | | | | | | | | | | | | The ASN.1 template for GENERAL_NAME and its corresponding C structure disagree on the type of the x400Address member. This results in an ASN.1 string to be considered as an ASN.1 type, which allows an attacker to read (essentially) arbitrary memory. Fix this by forcing comparison as strings. While the underlying type confusion has been present since time immemorial, this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig). Reported by David Benjamin, fix suggested by jsing. Release date for this was set to be January 31. Unilaterally pushed back to February 7 by OpenSSL by way of announcement of many completely unrelated embargoed issues, some of which they had been sitting on since July 2020. ok beck jsing
* Stop relying on x509_verify.h being publictb2023-01-281-3/+2
| | | | | | | | | | | | Use x509_verify.h from the libcrypto sources instead of the public copy. The x509_verify.h header was installed as a public header since early on we had ideas of using a public API in libtls, but we eventually decided against that. It makes no sense to install a public header that hides everything behind LIBRESSL_INTERNAL. The public API will not be exposed anytime soon if at all. ok jsing
* Refactor x509v3_cache_extensionsjob2023-01-203-41/+26
| | | | | | | Simplify x509v3_cache_extensions() by using a wrapper to avoid duplication of code for locking and checking the EXFLAG_INVALID flag. OK tb@
* Don't do policy checking unless we were asked to do so.beck2023-01-171-2/+3
| | | | ok tb@
* Prepare to provide X509_CRL_get0_sigalg()tb2022-12-261-1/+5
| | | | | | | | | This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which does not provide a way to access the tbs sigalg of a CRL. This is needed in security/pivy. From Alex Wilson ok jsing
* spelling fixes; from paul tagliamontejmc2022-12-269-24/+24
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Annotate X509_V_FLAG_CB_ISSUER_CHECK as deprecated and unusedtb2022-12-011-3/+3
|
* Retire X509_V_FLAG_CB_ISSUER_CHECKtb2022-12-011-16/+8
| | | | | | | | | This flag has been deprecated in OpenSSL 1.1 and has not had an effect since. This way we can simplify the default check_issued() callback, which helpfully has its arguments reversed compared to the public API X509_check_issued(). ok jsing
* Getters and setters for the check_issued() callbacktb2022-12-012-2/+35
| | | | | | | | | | | | | | | Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along with X509_STORE_{get,set}_check_issued(). As you would expect, they all return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const in OpenSSL 1.1, but they now are in OpenSSL 3... These will be made available in the next minor bump and will ship in the stable release of LibreSSL 3.7 Part of OpenSSL commit 1060a50b See also https://github.com/libressl-portable/portable/issues/748 ok beck jsing
* Remove a few doubled spaces and wrap an overlong linetb2022-11-291-8/+9
|
* Sort a few outliers by increasing error number to match x509_vfy.htb2022-11-291-13/+13
|
* Fix includestb2022-11-291-11/+2
| | | | | No need for errno, stdio, time, asn1, buffer, evp, lhash, objects, x509 for a switch containing string constants. We do need x509_vfy instead.
* Add missing X509_V_ERR_UNSPECIFIED casetb2022-11-291-1/+3
|
* Fix some KNF issuestb2022-11-291-65/+64
| | | | Requested by claudio
* Make X509_verify_cert_error_string() thread safetb2022-11-291-5/+2
| | | | | | | Stop returning a pointer to a static buffer containing the error code on unknown error. While this might be helpful, it's not going to end well. ok beck claudio jsing
* Fix NULL dereference in x509_constraints_uri_host()tb2022-11-281-2/+3
| | | | | | | | | When called from v2i, hostpart in x509_constraints_uri_host() is NULL, so add a NULL check before storing the strdup result in it. From Anton Borowka ok jsing miod
* Make header guards of internal headers consistenttb2022-11-261-4/+4
| | | | | Not all of them, only those that didn't leak into a public header... Yes.
* Make internal header file names consistenttb2022-11-2635-73/+73
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Revert "Check certificate extensions in trusted certificates"beck2022-11-173-64/+8
| | | | | | | | There are some possible strange side effects noticed by the openssl cms regress tests that I missed. Backing this out until I untangle it ok tb@
* Hide public symbols in libcrypto/x509 .c filesbeck2022-11-1451-52/+700
| | | | ok tb@
* Fix comment styletb2022-11-131-3/+3
|
* Check certificate extensions in trusted certificates.beck2022-11-133-8/+64
| | | | | | | | | | | | | | | | | | Historically the standards let the implementation decide to either check or ignore the certificate properties of trust anchors. You could either use them simply as a source of a public key which was trusted for everything, or you were also permitted to check the certificate properties and fully enforce them. Hooray for freedumb. OpenSSL changed to checking these with : commit 0daccd4dc1f1ac62181738a91714f35472e50f3c Author: Viktor Dukhovni <openssl-users@dukhovni.org> Date: Thu Jan 28 03:01:45 2016 -0500 BoringSSL currently does not check them, as it also inherited the previous OpenSSL behaviour. It will change to check them in the future. (https://bugs.chromium.org/p/boringssl/issues/detail?id=533)
* Hide symbols in libcrypto/pkcs7beck2022-11-121-33/+1
| | | | | | | | This applies the guentherizer 9000(tm) to pkcs7, after moving several pkcs7 funcitions back to pkcs7 that were in x509/x_all.c for reasons known only to the miasma. ok jsing@
* Start CBS-ifying the name constraints code.beck2022-11-113-104/+146
| | | | ok jsing@ tb@
* Allow explicit cert trusts or distrusts for EKU anybeck2022-11-101-4/+6
| | | | | | | | | This matches the current OpenSSL behaviour introduced in their commit: commit 0daccd4dc1f1ac62181738a91714f35472e50f3c Date: Thu Jan 28 03:01:45 2016 -0500 ok jsing@ tb@
* White space KNF, no code change:schwarze2022-11-071-15/+12
| | | | | | | - line breaking and indentation in three struct declarations - removal of trailing whitespace Found while working on /usr/src/regress/lib/libcrypto/man/check_complete.pl . OK tb@
* Store errors that result from leaf certificate verification.jsing2022-10-171-8/+12
| | | | | | | | | | | | | | | In the case that a verification callback is installed that tells the verifier to continue when a certificate is invalid (e.g. expired), any error resulting from the leaf certificate verification is not stored and made available post verification, resulting in an incorrect error being returned. Also perform leaf certificate verification prior to adding the chain, which avoids a potential memory leak (as noted by tb@). Issue reported by Ilya Shipitsin, who encountered haproxy regress failures. ok tb@
* Prepare to provide OPENSSL_cleanup.jsing2022-09-031-1/+2
| | | | | | | | | | OPENSSL_cleanup() cleans up and deallocates memory in use by the library. There are a couple of use cases for this, primarily related to memory leak testing. This will not be called automatically in LibreSSL, which means that OpenSSL's OPENSSL_NO_INIT_ATEXIT is implied. If code wants to clean up then they need to explicitly call this themselves. ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-26 20:57:02 +0000