summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Unify X.509v3 extension methodstb2024-07-1320-320/+620
| | | | | | | | | | | | Use C99 initializers for all structs (some were forgotten). Make all the structs static, call them x509v3_ext_* matching NID_*. Add accessors called x509v3_ext_method_* and use these to implement X509V3_EXT_get_nid(). This adds consistency and avoids a few contortions like grouping a few extensions in arrays to save a couple externs. ok beck jsing
* Fix the horrible and undocumented behaviour of X509_check_trustbeck2024-07-123-51/+70
| | | | | | | | | | | | | | | | | | | | Of allowing you to pass in a NID directly, instead of a trust_id, and have it work, as long as the trust_id's and the NID's did not overlap. This screwball behaviour was depended upon by the OCSP code that called X509_check_trust with the NID, instead of the trust id, so let's fix that. We also rename the confusingly named X509_TRUST_DEFAULT to X509_TRUST_ACCEPT_ALL which makes a lot more sense, and rototill this to remove the confusingly named static functions. This will shortly be follwed up by making this function private, so we have not bothered to fix the amazingly obtuse man page as it will be taken behind the barn at that time. ok tb@
* Clean up in X509_check_trust.beck2024-07-121-14/+8
| | | | | | | | | | | | | | | The XXX comment in here is now outdated. Our behaviour matches boringssl in that passing in a 0 trust gets the default behavior, which is to trust the certificate only if it has EKU any, or is self signed. Remove the goofy unused nid argument to "trust_compat" and rename it to what it really does, instead of some bizzare abstraction to something simple so the code need not change if we ever change our mind on what "compat" is for X.509, which will probably only happen when we are back to identifying things by something more sensible like recognizable grunts and smells. ok jsing@
* Drop the unused evp includetb2024-07-121-2/+1
|
* Rename the sk in this file to extstb2024-07-121-16/+16
|
* Avoid using ret for an X509_EXTENSIONtb2024-07-121-16/+16
| | | | | | | Instead rename the **ext in this file to **out_ext, freeing up ext in X509_EXTENSION_create_by_OBJ() Appeases some jsing grumbling on review
* Tweak variable names in X509v3_add_ext()tb2024-07-121-12/+12
| | | | | | x -> out_ext, sk -> exts requested by jsing on review
* Rename crit to critical in this filetb2024-07-121-10/+10
| | | | requested by jsing on review
* Simplify X509_EXTENSION_get_critical()tb2024-07-121-4/+3
| | | | | | This is a silly API, but there are worse. ok jsing
* Lose a few extra lines in X509_EXTENSION_set_object()tb2024-07-121-4/+2
| | | | ok jsing
* Streamline X509_EXTENSION_create_by_OBJ()tb2024-07-121-9/+10
| | | | ok jsing
* Clean up X509_EXTENSION_create_by_NID()tb2024-07-121-9/+5
| | | | | | | | Remove unnecessary ret parameter and freeing of obj (which looks like a double free or freeing of unallocated memory but actually isn't due to various magic flags). Also make this const correct. ok jsing
* Rewrite X509v3_add_ext()tb2024-07-121-24/+23
| | | | | | | | | | | | | This is another brilliancy straight out of muppet labs. Overeager and misguided sprinkling of NULL checks, going through the trademark poor code review, made this have semantics not matching what almost every other function with this signature would be doing in OpenSSL land. This is a long standing mistake we can't fix without introducing portability traps, but at least annotate it. Simplify the elaborate dance steps and make this resemble actual code. ok jsing
* Simplify X509v3_get_ext() and X509v3_delete_ext()tb2024-07-121-7/+1
| | | | | | Drop unnecessary checks that are part of the stack API. ok jsing
* Align X509v3_get_ext_by_critical() with X509v3_get_ext_by_OBJ()tb2024-07-121-12/+9
| | | | | | Plus, replace a manual check with a call to X509_EXTENSION_get_critical(). ok jsing
* Clean up X509v3_get_ext_by_OBJ()tb2024-07-121-11/+7
| | | | | | | | Like most of its siblings, this function can be simplified significantly by making proper use of the API that is being built. Drop unnecessary NULL checks and other weirdness and add some const correctness. ok jsing
* Hide global _it variables in x509v3.hbeck2024-07-0813-13/+45
| | | | ok tb@
* Pretend to clarify the way ipv6_asc() worksjca2024-07-081-4/+5
| | | | | | | | | Give example IPv6 addresses to clarify what is meant with 1, 2 or 3 zero length elements. tb made me look. perverted, twisted, crippled
* libcrypto: constify most error string tablestb2024-06-241-9/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing
* x509_conf: rename the merr label into errtb2024-06-241-8/+8
|
* x_all.c: remove a bunch of unnecessary parenthesestb2024-06-191-23/+19
|
* v3_generic_extension() use ASN1_STRING_set0()tb2024-06-181-4/+4
| | | | This aligns it with do_ext_i2d()
* v3_generic_extension() rename the X509_EXTENSIONtb2024-06-181-4/+5
| | | | now that ext is free, we can use it like everywhere else
* Rename 'ext' to 'name' in v3_generic_extension()tb2024-06-181-4/+4
| | | | In this code 'ext' is usually used for an X509_EXTENSION object.
* Make local BIT_STRING_BITNAME variables consttb2024-06-182-5/+5
| | | | | | | | There's no reason for them not to be const. This is a piece of a larger diff that I carry in several of my trees to move more things to rodata or relro. The full diff requires a change to a public header and it's very annoying to have to 'make includes' and recompile the entire lib all the time when hopping from tree to tree.
* x509_conf: rename ext_struc into ext_structtb2024-06-181-16/+16
| | | | requested by jsing on review
* x509_conf: rename all ext_nid to nidtb2024-06-181-19/+19
| | | | There are no nid variables in this file, so no need to disambiguate.
* do_ext_i2d(): move empty line to the proper placetb2024-06-181-2/+2
|
* do_ext_i2d(): malloc -> calloctb2024-06-181-2/+2
| | | | requested by jsing on review
* do_ext_i2d(): populate ext_oct with ASN1_STRING_set0()tb2024-06-181-3/+2
| | | | ok jsing
* do_ext_i2d(): avoid leaks and add some missing error checkingtb2024-06-181-4/+10
| | | | | | | | | | If ASN1_OCTET_STRING_new() failed, ext_der would be leaked, fix this. If i2d(foo, NULL) succeeded, the same is not guaranteed for the second with appropriately sized buffer since i2d() may make further allocations internally. So use the proper error check. Also transfer the ownership of ext_der to the octet string to avoid a now possible double free. ok jsing
* Indent labels in x509_conf.ctb2024-06-181-3/+3
|
* do_ext_i2d(): make various NULL checks explicittb2024-06-181-5/+5
| | | | ok jsing
* do_ext_i2d(): unwrap a linetb2024-06-181-3/+2
|
* Replace x with x509_exts in X509V3_add1_i2d() and X509V3_get_d2i()tb2024-06-171-14/+16
| | | | requested by jsing on review
* Rewrite X509V3_get_d2i()tb2024-06-171-56/+47
| | | | | | | | | | | | | | | | | This API is wrapped by nine *_get{,1}_ext_d2i() functions and they all have the same defect: if an idx variable is passed in, multiple extensions are handled incorrectly. Clean up the mess that was the current implementation by replacing the reimplementation of X509v3_get_ext_by_NID() with extra twists by actual calls to the real thing. This way the madness is implemented explicitly and can be explained in comments. The code still gets shorter. In brief: always call this API with a known nid, pass crit, and a NULL idx. If NULL is returned, crit != -1 is an error (malformed cert or allocation failure). ok jsing
* piuid, psuid -> issuerUID, subjectUIDtb2024-06-121-3/+3
|
* Fix non-xsc path in x509_verify_potential_parent()tb2024-06-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | The combination of two bugs made this unexpectedly work as intended. To appreciate this, let's first note that a) check_issued(..., child, parent) checks if child was issued by parent. b) X509_check_issued(child, parent) checks if parent was issued by child. Now like in the real world, b) will only be true in unusual circumstances (child is known not to be self-issued at this point). X509_check_issued() fails by returning something different from X509_V_OK, so return X509_check_issued(child, parent) != X509_V_OK; will return true if child was issued by parent since then parent was indeed not issued by child. On the other hand, if child was not issued by parent, the verifier will notice elsewhere, e.g., in a signature check. Fix this by reversing the order of child and parent in the above return line and check for equality instead. This is nearly impossible to detect in regress. ok beck
* Clean up and fix X509V3_EXT_add1_i2d()tb2024-05-281-57/+89
| | | | | | | | | | | | | | | | | | | | When looking at this code I noticed a few leaks. Fixing those leaks was straightforward, but following the code was really hard. This attempts to make the logic a bit clearer. In short, there are 6 mutually exclusive modes for this function (passed in the variable aptly called flags). The default mode is to append the extension of type nid and to error if such an extension already exists. Then there are other modes with varying degree of madness. The existing code didn't make X509V3_ADD_REPLACE explicit, which is confusing. Operations 6-15 would all be treated like X509V3_ADD_REPLACE due to the way the function was written. Handle the supported operations via a switch and error for operations 6-15. This and the elimination of leaks are the only changes of behavior, as validated by relatively extensive test coverage. ok jsing
* x509_v3.c: indent labelstb2024-05-231-4/+4
|
* x509_v3.c: remove an unnecessary elsetb2024-05-231-3/+3
|
* x509_v3.c: consistently call STACK_OF(X509_EXTENSIONS) arguments sktb2024-05-231-12/+12
| | | | (where it doesn't conflict with a local variable)
* x509_v3.c: zap another pointless local variabletb2024-05-231-7/+2
|
* x509_v3.c: add a few empty linestb2024-05-231-1/+9
|
* X509v3_get_ext_by_NID: make obj const, test & assigntb2024-05-231-4/+4
|
* x509_v3.c: remove a pointless local variabletb2024-05-231-5/+3
|
* x509_v3.c: mechanically replace ex with ext and new_ex with new_exttb2024-05-231-42/+42
|
* remove prototypes with no matching functionjsg2024-05-191-2/+1
| | | | feedback and ok tb@
* x509_v3.c: remove superfluous parenthesestb2024-05-161-39/+39
| | | | No change in the generated assembly
* X509_check_akid: zap stray spacetb2024-05-151-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-26 23:48:24 +0000