| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
This function is no longer used directly by regress, so it can now be local
to this file.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
By introducing X509_get0_uids(), one can add RPKI profile compliance
checks to conform the absence of the issuerUID and subjectUID.
OK tb@ jsing@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h
fix suggested by & ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ASN.1 template for GENERAL_NAME and its corresponding C structure
disagree on the type of the x400Address member. This results in an ASN.1
string to be considered as an ASN.1 type, which allows an attacker to read
(essentially) arbitrary memory. Fix this by forcing comparison as strings.
While the underlying type confusion has been present since time immemorial,
this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig).
Reported by David Benjamin, fix suggested by jsing.
Release date for this was set to be January 31. Unilaterally pushed back to
February 7 by OpenSSL by way of announcement of many completely unrelated
embargoed issues, some of which they had been sitting on since July 2020.
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use x509_verify.h from the libcrypto sources instead of the public copy.
The x509_verify.h header was installed as a public header since early on
we had ideas of using a public API in libtls, but we eventually decided
against that. It makes no sense to install a public header that hides
everything behind LIBRESSL_INTERNAL. The public API will not be exposed
anytime soon if at all.
ok jsing
|
| |
|
|
|
|
|
| |
Simplify x509v3_cache_extensions() by using a wrapper to avoid
duplication of code for locking and checking the EXFLAG_INVALID flag.
OK tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
| |
This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which
does not provide a way to access the tbs sigalg of a CRL. This is needed
in security/pivy.
From Alex Wilson
ok jsing
|
| |
|
|
|
|
|
| |
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This flag has been deprecated in OpenSSL 1.1 and has not had an effect
since. This way we can simplify the default check_issued() callback,
which helpfully has its arguments reversed compared to the public API
X509_check_issued().
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along
with X509_STORE_{get,set}_check_issued(). As you would expect, they all
return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const
in OpenSSL 1.1, but they now are in OpenSSL 3...
These will be made available in the next minor bump and will ship in the
stable release of LibreSSL 3.7
Part of OpenSSL commit 1060a50b
See also https://github.com/libressl-portable/portable/issues/748
ok beck jsing
|
| | |
|
| | |
|
| |
|
|
|
| |
No need for errno, stdio, time, asn1, buffer, evp, lhash, objects, x509
for a switch containing string constants. We do need x509_vfy instead.
|
| | |
|
| |
|
|
| |
Requested by claudio
|
| |
|
|
|
|
|
| |
Stop returning a pointer to a static buffer containing the error code on
unknown error. While this might be helpful, it's not going to end well.
ok beck claudio jsing
|
| |
|
|
|
|
|
|
|
| |
When called from v2i, hostpart in x509_constraints_uri_host() is NULL, so
add a NULL check before storing the strdup result in it.
From Anton Borowka
ok jsing miod
|
| |
|
|
|
| |
Not all of them, only those that didn't leak into a public header...
Yes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
|
|
|
|
| |
There are some possible strange side effects noticed by the
openssl cms regress tests that I missed. Backing this out
until I untangle it
ok tb@
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Historically the standards let the implementation decide to
either check or ignore the certificate properties of trust anchors.
You could either use them simply as a source of a public key which
was trusted for everything, or you were also permitted to check the
certificate properties and fully enforce them. Hooray for freedumb.
OpenSSL changed to checking these with :
commit 0daccd4dc1f1ac62181738a91714f35472e50f3c
Author: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Thu Jan 28 03:01:45 2016 -0500
BoringSSL currently does not check them, as it also inherited
the previous OpenSSL behaviour. It will change to check them in
the future.
(https://bugs.chromium.org/p/boringssl/issues/detail?id=533)
|
| |
|
|
|
|
|
|
| |
This applies the guentherizer 9000(tm) to pkcs7, after moving
several pkcs7 funcitions back to pkcs7 that were in x509/x_all.c
for reasons known only to the miasma.
ok jsing@
|
| |
|
|
| |
ok jsing@ tb@
|
| |
|
|
|
|
|
|
|
| |
This matches the current OpenSSL behaviour introduced
in their commit:
commit 0daccd4dc1f1ac62181738a91714f35472e50f3c
Date: Thu Jan 28 03:01:45 2016 -0500
ok jsing@ tb@
|
| |
|
|
|
|
|
| |
- line breaking and indentation in three struct declarations
- removal of trailing whitespace
Found while working on /usr/src/regress/lib/libcrypto/man/check_complete.pl .
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the case that a verification callback is installed that tells the
verifier to continue when a certificate is invalid (e.g. expired),
any error resulting from the leaf certificate verification is not stored
and made available post verification, resulting in an incorrect error being
returned.
Also perform leaf certificate verification prior to adding the chain, which
avoids a potential memory leak (as noted by tb@).
Issue reported by Ilya Shipitsin, who encountered haproxy regress failures.
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
OPENSSL_cleanup() cleans up and deallocates memory in use by the library.
There are a couple of use cases for this, primarily related to memory
leak testing. This will not be called automatically in LibreSSL, which
means that OpenSSL's OPENSSL_NO_INIT_ATEXIT is implied. If code wants to
clean up then they need to explicitly call this themselves.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
sk_num() can return a negative value, in which case the upper bound is
SIZE_MAX, which results in a very long for loop.
CID 153997
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
While each attribute must contain at least one extension, it is not
required that a CSR have attributes at all. Instead of signalling an
error by returning NULL if no extensions are found, return an empty
stack of extensions.
Via OpenSSL 1f02ca2d
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
p5-IO-Socket-SSL regress and regress/sbin/iked/live
Still passes the mutt regress that this was intended to fix.
ok tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
Do not leak the extension that was deleted from the stack.
via OpenSSL c3efe5c9.
ok jsing
|
| |
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
| |
|
|
|
|
|
| |
These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.
ok jsing
|
| |
|
|
|
|
|
| |
The well-known masters of consistency of course use strings that don't
match the names of the errors.
ok jsing
|
| |
|
|
| |
ok jsing sthen
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Keep the depth which was needed.
This went an error too far, and broke openssl-ruby's callback
and error code sensitivity in it's tests.
With this removed, both my newly committed regress to verify
the same error codes and depths in the callback, and
openssl-ruby's tests pass again.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The verifier callback is used by mutt to do a form of certificate
pinning where the callback gets fired and depending on a
cert saved to a file will decide to accept an untrusted cert.
This corrects two problems that affected this. The callback was not
getting the correct depth and chain for the error where mutt would
save the certificate in the first place, and then the callback was not
getting fired to allow it to override the failing certificate
validation.
thanks to Avon Robertson <avon.r@xtra.co.nz> for the report and
sthen@ for analysis.
"The callback is not an API, it's a gordian knot - tb@"
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
| |
The tentacles are everywhere. This checks that all certs in a chain
have keys and signature algorithms matching the requirements of the
security_level configured in the verify parameters.
ok beck jsing
|
| |
|
|
|
|
|
|
| |
For some unknown reason this needed a different name than security_level,
both internally and in the public API. Obviously it is exactly the same
garbage.
ok beck jsing
|
