| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
| |
This matches the OpenSSL 1.1 API a bit better.
|
| |
|
|
|
| |
A few hooks remain in the legacy validator, which will soon be replaced
with something better. The rest of the tentacles are now largely contained.
|
| |
|
|
|
|
| |
From David Benjamin (BoringSSL)
ok beck
|
| | |
|
| |
|
|
|
|
|
| |
Note that it is important to invalidate the cache before returning,
as the return might bubble up an error.
OK tb@ jsing@
|
| |
|
|
|
|
|
| |
A small side-effect in X509_to_X509_REQ() is that 'x->req_info->enc.modified'
now earlier on is set to 1.
OK tb@ jsing@
|
| |
|
|
|
|
| |
support.
discussed with beck and jsing
|
| |
|
|
| |
discussed with beck and jsing
|
| |
|
|
|
|
| |
error message with internal error code name.
OK tb@ jsing@
|
| |
|
|
| |
Error introduced in 1.24
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
|
|
| |
While there, explicitly check for 0 - as X509_get_version() is a wrapper
around the less than beloved ASN1_INTEGER_get().
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check whether the X.509 version is in the range of valid version
values, and also checks whether the version is consistent with fields
new to those versions (such as X.509 v3 extensions).
X.690 section 11.5 states: "The encoding of a set value or a sequence
value shall not include an encoding for any component value which is
equal to its default value." However, enforcing version 1 (value 0) to
be absent reportedly caused some issues as recent as July 2020, so
accept version 1 even if it is explicitly encoded.
OK tb@ beck@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a bit of a strange one. When this function was moved and renamed,
somehow checks for NULL pointers and 0 length were lost. Whether that was
due to great review missing it or great review suggesting it, is unclear.
Now the function can actually legitimately be called with a length of 0
(as ASN.1 OCTET STRINGS can have length 0) and "" is the appropriate
representation for that, so the fix is to allocate a 0 octet. That much
was correct. What was completely missed is that a long can be negative
which will then still lead to an out-of-bounds access. So fix that as
well.
Finally, don't malloc 3 * len + 1 without overflow checking. Rather
use calloc's internal checks. The + 1 isn't really needed anyway.
All this is still really gross and can be done much more cleanly and
safely with CBB/CBS. This will done later once we have better regress
coverage.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The CRL extension handler is completely misplaced in x509_enum.c.
Move it to x509_bitst.c until we find a better home for it. This
way it is next to the other two extension methods that have the
extra usr_data contortion.
|
| |
|
|
|
| |
These functions probably belong into asn1/ but they definitely don't
belong into separate files.
|
| | |
|
| |
|
|
|
|
| |
This is a public alias for the also public BIT_STRING_BITNAME. The
ENUMERATED_NAMES type is used exactly twice, namely on two lines in this
file. This is silly.
|
| |
|
|
|
|
|
|
|
|
|
| |
While it may have been reasonable to use VisibleString back when this
code was written, it's an anachronism nowadays. In particular, configuring
BoringSSL reports that they have seen malformed certificates with exactly
the issue caused by this unfortuante default.
Reported by Alex Gaynor in OpenSSL issue 20772
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
Requested by jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.
Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.
ok jsing
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
sk_OPENSSL_STRING_pop_free() is much more explicit and isn't that much
more complicated. x509_util.c can also use it directly...
No binary change
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
In addition, ext_cmp() was already prototyped earlier...
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
There is no point in having this in a separate internal header.
discussed with jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509_STORE_get1_{certs,crls}(3) was added to the OpenSSL 1.1 API with the
usual care. At some point later it was noticed that they didn't deal with
an X509_STORE at all, but rather with an X509_STORE_CTX, so were misnamed.
The fact that X509_STORE_CTX and X509_STORE have their roles reversed when
compared to other FOO vs FOO_CTX in this API may or may not be related.
Anyway, the X509_STORE versions will be demoted to compat defines and the
X509_STORE_CTX will be added to match OpenSSL 1.1 API more closely. This
was pointed out by schwarze a long time ago and missed in a few bumps.
Hopefully we'll manage to do it this time around.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
This removes ProxyCertInfo from extension caching, issuer checking
and it also drops the special path validation for proxy certs from
the legacy verifier.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
The new verifier API is currently unused as we still operate the verifier
in legacy mode. Therefore ctx->xsc is always set and the EXFLAG_PROXY will
soon be dropped from the library, so this error on encountering proxy certs
is effectively doubly dead code.
ok jsing
|
| |
|
|
|
|
|
|
| |
This removes the ProxyCertInfo extension from RFC 3820 from the list of
supported extensions. Since it is a critical extension, this means that
certificates containing it will no longer be considered valid by default.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
No change according to diff -w
|
