summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove dead code.beck2023-06-081-13/+3
| | | | | | | | must_be_ca can no longer be 0 after the proxy cert code got nuked, so change this to an if. must_be_ca is now -1 for a leaf, or 1 for a non leaf. ok tb@
* Make X509_NAME_get_text_by[NID|OBJ] safer.beck2023-05-291-10/+28
| | | | | | | | | | | | | | | | This is an un-revert with nits of the previously landed change to do this which broke libtls. libtls has now been changed to not use this function. This change ensures that if something is returned it is "text" (UTF-8) and a C string not containing a NUL byte. Historically callers to this function assume the result is text and a C string however the OpenSSL version simply hands them the bytes from an ASN1_STRING and expects them to know bad things can happen which they almost universally do not check for. Partly inspired by goings on in boringssl. ok jsing@ tb@
* Merge X509_VERIFY_PARAM_ID into X509_VERIFY_PARAMtb2023-05-284-110/+73
| | | | | | | | | | Back in the day when essentially every struct was open to all applications, X509_VERIFY_PARAM_ID provided a modicum of opacity. This indirection is now no longer needed with X509_VERIFY_PARAM being opaque itself, so stop using X509_VERIFY_PARAM_ID and merge it into X509_VERIFY_PARAM. This is a first small step towards cleaning up the X509_VERIFY_PARAM mess. ok jsing
* Copy the verify param hostflags independently of the host listtb2023-05-241-3/+4
| | | | | | | | | | | | | | | | Without this, hostflags set on the SSL_CTX would not propagate to newly created SSL. This is surprising behavior that was changed in OpenSSL 1.1 by Christian Heimes after the issue was flagged by Quentin Pradet: https://bugs.python.org/issue43522 This is a version of the fix that landed in OpenSSL. There used to be a workaround in place in urllib3, but that was removed at some point. We haven't fixed this earlier since it wasn't reported. It only showed up after recent fallout of extraordinarily strict library checking in urllib3 coming from their own interpretation of the implications of PEP 644. ok jsing
* Provide X509_VERIFY_PARAM_set_hostflags()tb2023-05-241-1/+8
| | | | | | | | This is needed for an upcoming regress test that needs to access the hostflag. This is public API in OpenSSL but since nothing seems to be using this, this accessor will be kept internal-only for the time being. ok jsing
* Rename arguments of X509_STORE_CTX_init()tb2023-05-141-5/+5
| | | | | | | | | | It is higly confusing to call the list of untrusted certs chain, when you're later going to call X509_STORE_CTX_get0_chain() to get a completely unrelated chain by the verifier. Other X509_STORE_CTX APIs call this list of certs 'untrusted', so go with that. At the same time, rename the x509 into leaf, which is more explicit. suggested by/ok jsing
* Fix X509error() and X509V3error()tb2023-05-141-6/+11
| | | | | | | | | | | | | | | When v3err.c was merged into x509_err.c nearly three years ago, it was overlooked that the code needed two distinct pairs of ERR_FUNC/ERR_REASON, one for ERR_LIB_X509 and one for ERR_LIB_X509V3. The result is that the reason strings for the X509_R_* codes would be overwritten by the ones for X509V3_R_* with the same value while the reason strings for all X509V3_R_* would be left undefined. Fix this by an #undef/#define dance for ERR_LIB_X509V3 once we no longer the ERR_FUNC/ERR_REASON pair for ERR_LIB_X509. reported by job ok jsing
* Bob points out that one error should be an X509V3error()tb2023-05-121-2/+2
|
* x509_utl.c: fix some style nits.tb2023-05-121-4/+3
|
* Rewrite string_to_hex() and hex_to_string() using CBB/CBStb2023-05-121-70/+124
| | | | | | | | | | | These helpers used to contain messy pointer bashing some with weird logic for NUL termination. This can be written more safely and cleanly using CBB/CBS, so do that. The result is nearly but not entirely identical to code used elsewhere due to some strange semantics. Apart from errors pushed on the stack due to out-of-memory conditions, care was taken to preserve error codes. ok jsing
* Rename the other_ctx in X509_STORE_CTX into trustedtb2023-05-082-12/+12
| | | | | | | | | | | | | | | | The other_ctx is a strong contender for the worst name of a struct member in OpenSSL. It's a void * member whose only purpose ever was to be set to a STACK_OF(X509) * via X509_STORE_CTX_trusted_stack() (yes, this is obviously a setter, why do you ask?) and then to be used by the get_issuer() callback (which of course isn't there to find any old issuer, but only to look for issuers among the 'trusted' certs). Anyway, we may want to rename untrusted into intermediates and trusted into roots later on, but for now let's match the lovely public API. While there rename get_issuer_sk() into get_trusted_issuer() which is a more accurate and slightly less silly name. ok jsing
* X509_verify_cert(): Garbage collect the unused roots variabletb2023-05-081-4/+1
| | | | | | | | | roots was used to store the trusted stack or pull the roots out of the X509_STORE before beck unmooned Ethel in x509_vfy.c r1.88. Since then this variable is effectively unused. It seems the STACK_OF(3) madness is too complicated for -Wunused-but-set-variable to notice. ok miod
* Avoid trailing whitespace in extension printingtb2023-05-081-2/+2
| | | | | | | If an extension is non-critical, X509V3_extensions_print() would leave trailing whitespace. This can be trivially avoided. ok miod
* Remove a misplaced empty linetb2023-05-071-2/+1
|
* Revert utf-8 fix for X509_NAME_get_index_by_NID to avoid libtlsbeck2023-05-031-27/+10
| | | | | | | regress for the moment. this will come back after we rethink the failure versus not there case. ok tb@ jsing@
* Bring back length check tb ok'ed and I managed to remove whilebeck2023-05-031-2/+2
| | | | | | changing tests. ok tb@
* Change X509_NAME_get_index_by[NID|OBJ] to be safer.beck2023-05-021-10/+27
| | | | | | | | | | | | | | | | | | | | | | Currently these functions return raw ASN1_STRING bytes as a C string and ignore the encoding in a "hold my beer I am a toolkit not a functioning API surely it's just for testing and you'd never send nasty bytes" kind of way. Sadly some callers seem to use them to fetch things liks subject name components for comparisons, and often just use the result as a C string. Instead, encode the resulting bytes as UTF-8 so it is something like "text", Add a failure case if the length provided is inadequate or if the resulting text would contain an nul byte. based on boringssl. nits by dlg@ ok tb@
* Send x509_subject_cmp() to the attictb2023-04-301-9/+1
| | | | | | This helper has been inside #if 0 for nearly 25 years. Let it go. If we should ever need it, I'm quite confident that we will be able to come up with its one line body on our own.
* Zap extra blank linetb2023-04-301-2/+1
|
* Enable policy checking by default now that we are DAG implementation based.beck2023-04-284-12/+11
| | | | | | | This ensures that we will no longer silently ignore a certificate with a critical policy extention by default. ok tb@
* Unifdef LIBRESSL_HAS_POLICY_DAG and remove it from the Makefiletb2023-04-283-88/+3
| | | | with beck
* Take the old policy code behind the barntb2023-04-287-1900/+0
| | | | | | | | It can go play in the fields with all the other exponential time policy "code". discussed with jsing ok & commit message beck
* Silence gcc-4 warnings about sk_sort()tb2023-04-281-5/+6
| | | | | Tell it we deliberately ignore the return value, (we really don't care what the old comparison function was).
* Remove now no longer needed <assert.h>; sort headerstb2023-04-281-4/+2
| | | | ok jsing
* Deassert has_explicit_policy()tb2023-04-281-3/+4
| | | | | | | The only caller is X509_policy_check() which goes straight to error. with beck ok jsing
* Deassert delete_if() callbackstb2023-04-281-5/+7
| | | | | | | | Add sk_is_sorted() checks to the callers of sk_X509_POLICY_NODE_delete_if() and add a comment that this is necessary. with beck ok jsing
* Deassert x509_policy_level_find()tb2023-04-281-18/+27
| | | | | | | | Move the check that level->nodes is sorted to the call site and make sure that the logic is preserved and erroring does the right thing. with beck ok jsing
* Deassert X509_policy_check()tb2023-04-281-2/+3
| | | | | | | | Instead of asserting that i == num_certs - 2, simply make that an error check. with beck ok jsing
* Deassert x509_policy_level_add_nodes()tb2023-04-281-10/+1
| | | | | | | | | This assert is in debugging code that ensures that there are no duplicate nodes on this level. This is an expensive and unnecessary check. Duplicates already cause failures as ensured by regress. with beck ok jsing
* Deassert x509_policy_new()tb2023-04-281-3/+4
| | | | | | | Turn the check into an error which will make all callers error. with beck ok jsing
* Cleanup pass over x509_check_policy.ctb2023-04-281-73/+72
| | | | | | This hoists variable declarations to the top and compiles with -Wshadow. ok beck
* Convert size_t's used in conjuction with sk_X509_num back to int.beck2023-04-271-12/+12
| | | | | | | | | | | The lets the regress in x509/policy pass instead of infinite looping. The changes are necessry because our sk_num() returns an int with 0 for empty and -1 for NULL, wheras BoringSSL's returns a size_t with 0 for both an empty stack and a NULL stack. pair work with tb@ ok tb@ jsing@
* Remove braces around single lines statements using knfmt -stb2023-04-271-84/+49
| | | | Pointed out by anton
* Rework simple allocation and free functions in x509_policy.ctb2023-04-271-32/+36
| | | | | | | Use calloc() instead of malloc/memset and make free functions look the same as elsewhere in the tree. ok beck jsing
* Make x509_policy.c compile with gcc 4.tb2023-04-261-17/+26
| | | | ok beck
* Turn C++ comments into C comments and minor KNF fixupstb2023-04-261-170/+264
|
* KNF according to knfmt(1)tb2023-04-261-515/+600
|
* Zap trailing whitespacetb2023-04-261-3/+1
|
* Add RCS tagtb2023-04-261-0/+1
|
* Take X509_POLICY_NODE_print() behind the barntb2023-04-262-97/+2
| | | | | | | | This used to be public API but is now only used for debug code that has certainly never been used since it was released to the public. It drags that debug nonsense with it. ok beck
* Make the new policy code in x509_policy.c to be selectable at compile time.beck2023-04-2611-14/+101
| | | | | | | The old policy codes remains the default, with the new policy code selectable by defining LIBRESSL_HAS_POLICY_DAG. ok tb@ jsing@
* Add a shim to mimic the BoringSSL sk_delete_if function.beck2023-04-261-0/+23
| | | | | | | We add this locally as a function to avoid delving into the unholy macro madness of STACK_OF(3). ok tb@ jsing@
* Adapt the sk_find calls from BoringSSL's api to ours.beck2023-04-261-6/+5
| | | | ok tb@ jsing@
* Add the STACK_OF declarations we require.beck2023-04-261-2/+46
| | | | ok tb@ jsing@
* Change OPENSSL_malloc|free|memset and friends to the normal versions.beck2023-04-261-6/+6
| | | | ok tb@ jsing@
* Fix error code goopbeck2023-04-261-5/+8
| | | | ok tb@ jsing@
* Use the correct headers to compile with libresslbeck2023-04-261-5/+4
|
* Import policy.c from BoringSSL as x509_policy.cbeck2023-04-261-0/+790
| | | | | | | | | | | This is an implementation of the X509 policy processing using a DAG instead of a tree to avoid the problem of exponential expansion of the policy tree as specified in RFC 5280 For details see: https://boringssl-review.googlesource.com/c/boringssl/+/55762 ok tb@ jsing@
* Remove proxy cert remnantstb2023-04-253-489/+1
|
* Remove NETSCAPE_CERT_SEQUENCEtb2023-04-251-17/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-05 23:50:35 +0000