| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
certificte chain. This would happen when the verification callback was
in use, instructing the verifier to continue unconditionally. This could
lead to incorrect decisions being made in software.
|
| |
|
|
|
|
| |
Do not expose it yet, this will wait for an upcoming bump
ok tb@
|
| | |
|
| |
|
|
|
|
| |
not yet available.
ok schwarze
|
| | |
|
| |
|
|
| |
i2a_ASN1_ENUMERATED(3), and a2i_ASN1_ENUMERATED(3)
|
| |
|
|
|
|
| |
to fix the same double-counting of the backslash
and to make the parsing stricter in the same way;
OK tb@
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
| |
thanks Matthias Schmidt
|
| | |
|
| |
|
|
| |
while here, add a few STANDARDS references
|
| | |
|
| |
|
|
|
| |
provided ASN1_TIME_diff(3). Merge the documentation from
the OpenSSL 1.1.1 branch, which is still under a free license.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Bring a copy of the bytestring APIs (CBB/CBS) from libssl, for use in
libcrypto - these are not exposed publicly.
Discussed with beck@ and tb@
|
| |
|
|
|
|
| |
While here, also improve the description of ASN1_INTEGER_set(3)
and add a BUGS section explaining that several of these functions
do not provide type safety.
|
| |
|
|
|
|
| |
ASN1_OCTET_STRING_dup(3), and ASN1_OCTET_STRING_set(3).
Explicitly say that they do not provide any type safety
and explain what that means.
|
| |
|
|
| |
ok jsing@ tb@
|
| |
|
|
|
|
| |
say: return_type *function_name(args);
not: return_type* function_name (args);
OK tb@
|
| |
|
|
| |
documenting the three functions using the BIT_STRING_BITNAME structure
|
| |
|
|
| |
markup bug found with regress/lib/libcrypto/man/check_complete.pl
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It contained two bugs:
1. If an input line ended in a backslash requesting line continuation,
there was duplicate code for removing that backslash, erroneously
removing another byte from the input and often causing the function
to return failure instead of correctly parsing valid input.
2. According to a comment in the source code, the former big "for"
loop was intended to "clear all the crap off the end of the line",
but actually, if there were multiple characters on the line that
were not hexadecimal digits, only the last of those and everything
following it was deleted, while all the earlier ones remained.
Besides, code further down clearly intends to error out when there
are invalid characters, which makes no sense if earlier code already
deletes such characters. Hence the comment did not only contradict
the code above it - but contradicted the code below it, too.
Resolve these contradiction in favour of stricter parsing:
No longer skip invalid characters but always error out
when any are found.
OK & "Unbelievable" tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make sure it fully re-initializes the object rather than leaving
behind a stale pointer and a stale type in the object.
The old behaviour was dangerous because X509_OBJECT_get_type(3)
would then return the stale type to the user and one of
X509_OBJECT_get0_X509(3) or X509_OBJECT_get0_X509_CRL(3) would
then return the stale pointer to the user, provoking a use-after-free
bug in the application program. Having these functions return
X509_LU_NONE and NULL is better because those are the documented
return values for these functions when the object is empty.
OK tb@
|
| |
|
|
| |
move from an awful macro to a proper function.
|
| | |
|
| |
|
|
|
|
| |
them inside #ifndef LIBRESSL_INTERNAL.
suggested by jsing
|
| |
|
|
|
|
|
| |
ASN1_const_CTX are now unused and will be garbage collected in the
next libcrypto bump.
ok jsing
|
| |
|
|
|
|
|
|
| |
X509_OBJECT_new(3) and X509_OBJECT_free(3); document them.
While here, stop talking about storing storing EVP_PKEY objects
and plain C strings in X509_OBJECT objects. LibreSSL never fully
supported that, and it certainly no longer supports that now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509_STORE_CTX_set_verify(3) and X509_STORE_CTX_get_verify(3).
Document them.
In the next bump, tb@ will also provide X509_STORE_CTX_verify_fn(3)
and X509_STORE_set_verify(3) and restore X509_STORE_set_verify_func(3)
to working order. For efficiency of documentation work, already
document those three, too, but keep the text temporariy .if'ed out
until they become available.
Delete X509_STORE_set_verify_func(3) from X509_STORE_set_verify_cb_func(3)
because it was misplaced in that page: it is not related to the
verification callback.
tb@ agrees with the general direction.
|
| |
|
|
| |
X509_STORE_CTX_get_verify_cb(3); document it.
|
| |
|
|
|
|
|
|
|
|
| |
X509_STORE_CTX_set_error_depth x509_vfy.h 1.37 x509_vfy.c 1.91
X509_STORE_CTX_set_current_cert x509_vfy.h 1.37 x509_vfy.c 1.91
X509_STORE_CTX_get_num_untrusted x509_vfy.h 1.36 x509_vfy.c 1.90
X509_STORE_CTX_set0_verified_chain x509_vfy.h 1.37 x509_vfy.c 1.91
Merge the documentation from the OpenSSL 1.1.1 branch,
which is still under a free license; tweaked by me.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
In case of failure, it reported the failure
but corrupted the type of the destination string.
Instead, let's make sure that in case of failure,
existing objects remain in their original state.
OK tb@
|
| |
|
|
|
|
|
|
| |
X509_V_FLAG_NO_CHECK_TIME, X509_VERIFY_PARAM_set_time(3),
X509_VERIFY_PARAM_set_flags(3), and X509_VERIFY_PARAM_clear_flags(3)
in detail because the API design is both surprising and surprisingly
complicated in this respect, and the resulting nasty traps have
already caused bugs in the past.
|
| |
|
|
|
|
| |
With LibreSSL, they can only be used internally in the library itself,
and even with OpenSSL, no real-world application code uses them.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
verification, accepting CRLs that ought to be rejected, if an unusual
combination of verification flags was specified.
If time verification was explicitly requested with
X509_V_FLAG_USE_CHECK_TIME, it was skipped on CRLs if
X509_V_FLAG_NO_CHECK_TIME was also set, even though the former is
documented to override the latter both in the OpenSSL and in the
LibreSSL X509_VERIFY_PARAM_set_flags(3) manual page.
The same bug in x509_check_cert_time() was already fixed by beck@
in rev. 1.57 on 2017/01/20.
This syncs the beginning of the function check_crl_time() with the
OpenSSL 1.1.1 branch, which is still under a free license.
OK beck@
This teaches that having too many flags and options is bad because they
breed bugs, and even more so if they are poorly designed to override
each other in surprising ways.
|
| | |
|
| |
|
|
|
|
|
| |
and X509_V_FLAG_USE_CHECK_TIME.
While here, fix a typo and improve the wording
for X509_V_FLAG_NOTIFY_POLICY.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
X509_LOOKUP_METHODs because these objects are now opaque.
Simplify the documentation accordingly, shortening it by
about 35 input lines in total, but continue providing the
information which RETURN VALUES functions might return with
other implementations of the library.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
changed the return type of X509_OBJECT_get_type(3) and argument
types of X509_LOOKUP_by_subject(3), X509_LOOKUP_by_issuer_serial(3),
X509_LOOKUP_by_fingerprint(3), X509_LOOKUP_by_alias(3),
X509_OBJECT_idx_by_subject(3), X509_OBJECT_retrieve_by_subject(3),
and X509_STORE_get_by_subject(3) from int to X509_LOOKUP_TYPE, and
in rev. 1.42, he provided X509_STORE_CTX_get_obj_by_subject(3).
Adjust the documentation.
Joint work with and OK tb@.
|
| | |
|
