| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ASN1_TIME_compare() compares two times t1 and t2. Due to a copy-paste
error, we would do ASN1_time_parse(t1->data, t2->length, &tm2, t2->type)
Now if t1 is a UTCTime (length 13) and t2 is a GeneralizedTime (length 15),
the worst that could happen is a 2-byte out-of-bounds read. Fortunately, t1
will already have parsed as a UTCTime, so it will have a Z where there
should be the first digit of the seconds for a GeneralizedTime and we will
error out.
Now if both t1 and t2 have the same type, we will parse t1's data twice
and we will return an incorrect comparison. This could have some security
impact if anything relied on this function for security purposes. It is
unused in our tree and unused in our ports tree ports and the only consumer
I could find was some MongoDB things doing OCSP, so this won't be too bad.
Then of course there's also the language bindings.
Issue reported by Duncan Thomson at esri dot com via libressl-security
ok beck deraadt
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We aligned with upstream behavior. Let's document it properly.
Surprisingly, OpenSSL 1.1 half-assed the docs: two parts of the manual
contradict each other. The part getting EVP_CIPHER_CTX_iv_length() right,
incorrectly documents possible -1 return value to EVP_CIPHER_iv_length().
OpenSSL 3 documentation improvement efforts seem to have tried to address
this issue with the result that the manual is now entirely wrong when it
comes to the EVP_CIPHER_CTX_iv_length() replacement. Par for the course.
|
| |
|
|
| |
crypto(3)
|
| | |
|
| |
|
|
| |
Mention sections 2.1.1 and 2.1.2 in STANDARDS
|
| |
|
|
| |
since it should be a prefix.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Apparently I should have used 2023 despite sharing versions of these
files with several people under this license (and thus permitting them
to redistribute and share with the public). It makes no sense to me,
but shrug.
|
| | |
|
| |
|
|
|
| |
where that feels potentially confusing,
and add one missing .Pp macro; no change of meaning
|
| |
|
|
| |
and fix whitespace on one text line; no change of meaning
|
| |
|
|
| |
and polish one wording; no change of meaning
|
| |
|
|
|
| |
that was also followed by a bogus argument,
and fix one grammatical error; no change of meaning
|
| |
|
|
|
| |
and capitalize "AFI" where is does not refer to the function argument;
no change of meaning
|
| |
|
|
| |
and some missing escaping of HYPHEN-MINUS; no text change
|
| |
|
|
| |
plus some minor markup and punctuation fixes
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Our checking here was a bit too aggressive, and did not permit an
IP address in a URI. IP's in a URI are allowed for things like CRLdp's
AIA, SAN URI's etc.). The check for this was also slightly flawed as
we would permit an IP if memory allocation failed while checking for
an IP.
Correct both issues.
ok tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
These were the last four RFC 3779 things that check_complete.pl x509v3
complained about. I will surely tweak and try to improve a few things
in the coming days, but the pages should now be stable enough that
review efforts will likely not be wasted. Any feedback appreciated.
|
| |
|
|
|
|
| |
First RFC 3779 page without a BUG section. It could have one, but I'm
in a lenient mood right now. Maybe it's just that this is bad but not
quite as bad as EVP.
|
| |
|
|
|
|
| |
First RFC 3779 page without a BUG section. It could have one, but I'm
in a lenient mood right now. Maybe it's just that this is bad but not
quite as bad as EVP.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In today's episode of "curly nonsense from EVP land" we deal with a quite
harmless oversight and a not too bad suboptimal fix, relatively speaking.
At some point EVP_CIPHER_{CCM,GCM}_SET_IVLEN was added. It modified some
object hanging off of EVP_CIPHER. However, EVP_CIPHER_CTX_iv_length() wasn't
taught about this and kept returning the hardcoded default value on the
EVP_CIPHER. Once it transpired that a doc fix isn't going to cut it, this
was fixed. And of course it's easy to fix: you only have to dive through
about three layers of EVP, test and set a flag and handle a control in a
couple methods.
The upstream fix was done poorly and we begrudgingly have to match the API:
the caller is expected to pass a raw pointer next to a 0 length along with
EVP_CIPHER_GET_IV_LENGTH and the control handler goes *(int *)ptr = length
in full YOLO mode. That's never going to be an issue because of course the
caller will always pass a properly aligned pointer backing a sufficient
amount of memory. Yes, unlikely to be a real issue, but it could have been
done with proper semantics and checks without complicating the code. But
why do I even bother to complain? We're used to this.
Of note here is that there was some pushback painting other corners of a
bikeshed until the reviewer gave up with a resigned
That kind of changes the semantics and is one extra complexity level,
but [shrug] ok...
Anyway, the reason this matters now after so many years is that rust-openssl
has an assert, notably added in a +758 -84 commit with the awesome message
"Docs" that gets triggered by recent tests added to py-cryptography.
Thanks to Alex Gaynor for reporting this. Let me take the opportunity to
point out that pyca contributed to improve rust-openssl, in particular its
libressl support, quite a bit. That's much appreciated and very noticeable.
Regress coverage to follow in subsequent commits.
Based on OpenSSL PR #9499 and issue #8330.
ok beck jsing
PS: A few macros were kept internal for now to avoid impact on the release
cycle that is about to finish. They will be exposed after release.
|
| |
|
|
|
|
|
| |
This code is a complete bug fest and using it with any other AFI is
downright dangerous. Such don't arise in this context in practice.
ok claudio jsing
|
| |
|
|
| |
Mention a few more bugs and unify manpage descriptions
|
| |
|
|
| |
Also note another bug in X509v3_asid_{canonize,is_canonical}(3).
|
| | |
|
| |
|
|
| |
Let's just say there's room for improvement...
|
| | |
|
| | |
|
| |
|
|
|
| |
Someone clearly didn't actually use much of the code they wrote and exposed
and therefore didn't think it through properly.
|
| | |
|
| |
|
|
| |
ASRange and ASIdOrRange
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This documents the part of the API that allows building the two
extensions. It is all very complicated and the bug density is
quite high. Surely there's lots of room for improvement, but
I've been sitting way too long on versions of these. I'll never
finish. Let's fix and improve in tree.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
EC key parameters can be determined by an OID or they can be explicitly
encoded. The confusingly named eckey_{param2type,type2param}() decode a
new EC key from either form of parameters, or they encode a given key's
parameters in the proper way. Signature and semantics are all over the
place. It also features an inlined version of EC_KEY_new_by_curve_name().
This commit brings some order into this mess.
Parameters are given by a pair (ptype, pval), where the ptype is either
V_ASN1_OBJECT for OID encoding or V_ASN1_SEQUENCE for explicit encoding.
Accordingly, the void pointer pval is an ASN1_OBJECT or an ASN1_STRING.
These pairs are abstracted away in the X509_ALGOR object.
The library decides whether a given EC key uses OID or explicit parameter
encoding using the asn1_flag on the EC key's internal EC_GROUP, i.e., the
object representing its curve. If this flag is set, the OID is determined
by the nid returned by EC_GROUP_get_curve_name().
Add 'mutually inverse' pairs of functions eckey_{to,from}_params() which
wrap eckey_{to,from}_object() and eckey_{to,from}_explicit_params(). This
way the EC ameth pub and priv key de/encoding functions can transparently
translate from/to an X509_ALGOR object.
Of course, this is just an intermediate step and if you look closely you
notice const weirdness (due to the fact that the carefully planned and
executed const rampage missed the ECParameters API) and all sorts of other
things that need to be fixed. Who would bat an eye lid? It wouldn't be
visible amid all the twitching anyway.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
It's relevant not only for the example, but also because the functions
documented here use PEM_def_callback(3) by default, and that exhibits
surprising and potentially dangerous behaviour by not NUL-terminating.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While here, also:
* Avoid the misleading term "default password callback" because none of
the functions in SSL_CTX_use_certificate(3) support overriding it.
* Do not talk about "storing", "writing", and "encryption" since the cb
passed to SSL_CTX_set_default_passwd_cb(3) is never used for any of that.
* List the functions using cb.
* Document what happens by default.
* Remove the misleading words "which must be provided by the application"
because all this is actually optional.
* Make several wordings more precise.
* Below EXAMPLES, fix argument naming to agree with pem_password_cb(3),
clarify the description of what the example does, and, as suggested by tb@,
use strlcpy(3).
OK tb@
|
| | |
|
| | |
|
| |
|
|
|
| |
needs endbr64
ok kettenis tb
|
| |
|
|
| |
because it is documented in the separate tls_client(3) manual page
|
