| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Bring a copy of the bytestring APIs (CBB/CBS) from libssl, for use in
libcrypto - these are not exposed publicly.
Discussed with beck@ and tb@
|
| |
|
|
|
|
| |
While here, also improve the description of ASN1_INTEGER_set(3)
and add a BUGS section explaining that several of these functions
do not provide type safety.
|
| |
|
|
|
|
| |
ASN1_OCTET_STRING_dup(3), and ASN1_OCTET_STRING_set(3).
Explicitly say that they do not provide any type safety
and explain what that means.
|
| |
|
|
| |
ok jsing@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For some strange historical reason ECDSA_sign() and ECDSA_verify}() have
a type argument that they ignore. For another strange historical reason,
the type passed to them from libssl is pkey->save_type, which is used to
avoid expensive engine lookups when setting the pkey type... Whatever the
aforementioned reasons were, we can't access pkey->save_type with the
OpenSSL 1.1 API, and this is thus in the way of making EVP_PKEY opaque.
Simply pass in 0 instead.
ok jsing
|
| |
|
|
|
|
| |
say: return_type *function_name(args);
not: return_type* function_name (args);
OK tb@
|
| |
|
|
| |
documenting the three functions using the BIT_STRING_BITNAME structure
|
| |
|
|
| |
markup bug found with regress/lib/libcrypto/man/check_complete.pl
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It contained two bugs:
1. If an input line ended in a backslash requesting line continuation,
there was duplicate code for removing that backslash, erroneously
removing another byte from the input and often causing the function
to return failure instead of correctly parsing valid input.
2. According to a comment in the source code, the former big "for"
loop was intended to "clear all the crap off the end of the line",
but actually, if there were multiple characters on the line that
were not hexadecimal digits, only the last of those and everything
following it was deleted, while all the earlier ones remained.
Besides, code further down clearly intends to error out when there
are invalid characters, which makes no sense if earlier code already
deletes such characters. Hence the comment did not only contradict
the code above it - but contradicted the code below it, too.
Resolve these contradiction in favour of stricter parsing:
No longer skip invalid characters but always error out
when any are found.
OK & "Unbelievable" tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make sure it fully re-initializes the object rather than leaving
behind a stale pointer and a stale type in the object.
The old behaviour was dangerous because X509_OBJECT_get_type(3)
would then return the stale type to the user and one of
X509_OBJECT_get0_X509(3) or X509_OBJECT_get0_X509_CRL(3) would
then return the stale pointer to the user, provoking a use-after-free
bug in the application program. Having these functions return
X509_LU_NONE and NULL is better because those are the documented
return values for these functions when the object is empty.
OK tb@
|
| |
|
|
| |
move from an awful macro to a proper function.
|
| | |
|
| |
|
|
|
|
| |
them inside #ifndef LIBRESSL_INTERNAL.
suggested by jsing
|
| |
|
|
|
|
|
| |
ASN1_const_CTX are now unused and will be garbage collected in the
next libcrypto bump.
ok jsing
|
| |
|
|
|
|
|
|
| |
X509_OBJECT_new(3) and X509_OBJECT_free(3); document them.
While here, stop talking about storing storing EVP_PKEY objects
and plain C strings in X509_OBJECT objects. LibreSSL never fully
supported that, and it certainly no longer supports that now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509_STORE_CTX_set_verify(3) and X509_STORE_CTX_get_verify(3).
Document them.
In the next bump, tb@ will also provide X509_STORE_CTX_verify_fn(3)
and X509_STORE_set_verify(3) and restore X509_STORE_set_verify_func(3)
to working order. For efficiency of documentation work, already
document those three, too, but keep the text temporariy .if'ed out
until they become available.
Delete X509_STORE_set_verify_func(3) from X509_STORE_set_verify_cb_func(3)
because it was misplaced in that page: it is not related to the
verification callback.
tb@ agrees with the general direction.
|
| |
|
|
| |
X509_STORE_CTX_get_verify_cb(3); document it.
|
| |
|
|
|
|
|
|
|
|
| |
X509_STORE_CTX_set_error_depth x509_vfy.h 1.37 x509_vfy.c 1.91
X509_STORE_CTX_set_current_cert x509_vfy.h 1.37 x509_vfy.c 1.91
X509_STORE_CTX_get_num_untrusted x509_vfy.h 1.36 x509_vfy.c 1.90
X509_STORE_CTX_set0_verified_chain x509_vfy.h 1.37 x509_vfy.c 1.91
Merge the documentation from the OpenSSL 1.1.1 branch,
which is still under a free license; tweaked by me.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The code assumes that the server certificate has an RSA key and bases
the calculation of the size of the ephemeral DH key on this assumption.
So instead of checking whether we have any key by inspecting the dh
part of the union, let's check that we actually have an RSA key.
While here, make sure that its length is non-negative.
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
In case of failure, it reported the failure
but corrupted the type of the destination string.
Instead, let's make sure that in case of failure,
existing objects remain in their original state.
OK tb@
|
| |
|
|
|
|
|
|
| |
X509_V_FLAG_NO_CHECK_TIME, X509_VERIFY_PARAM_set_time(3),
X509_VERIFY_PARAM_set_flags(3), and X509_VERIFY_PARAM_clear_flags(3)
in detail because the API design is both surprising and surprisingly
complicated in this respect, and the resulting nasty traps have
already caused bugs in the past.
|
| |
|
|
|
|
| |
With LibreSSL, they can only be used internally in the library itself,
and even with OpenSSL, no real-world application code uses them.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
verification, accepting CRLs that ought to be rejected, if an unusual
combination of verification flags was specified.
If time verification was explicitly requested with
X509_V_FLAG_USE_CHECK_TIME, it was skipped on CRLs if
X509_V_FLAG_NO_CHECK_TIME was also set, even though the former is
documented to override the latter both in the OpenSSL and in the
LibreSSL X509_VERIFY_PARAM_set_flags(3) manual page.
The same bug in x509_check_cert_time() was already fixed by beck@
in rev. 1.57 on 2017/01/20.
This syncs the beginning of the function check_crl_time() with the
OpenSSL 1.1.1 branch, which is still under a free license.
OK beck@
This teaches that having too many flags and options is bad because they
breed bugs, and even more so if they are poorly designed to override
each other in surprising ways.
|
| | |
|
| |
|
|
|
|
|
| |
and X509_V_FLAG_USE_CHECK_TIME.
While here, fix a typo and improve the wording
for X509_V_FLAG_NOTIFY_POLICY.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
X509_LOOKUP_METHODs because these objects are now opaque.
Simplify the documentation accordingly, shortening it by
about 35 input lines in total, but continue providing the
information which RETURN VALUES functions might return with
other implementations of the library.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
changed the return type of X509_OBJECT_get_type(3) and argument
types of X509_LOOKUP_by_subject(3), X509_LOOKUP_by_issuer_serial(3),
X509_LOOKUP_by_fingerprint(3), X509_LOOKUP_by_alias(3),
X509_OBJECT_idx_by_subject(3), X509_OBJECT_retrieve_by_subject(3),
and X509_STORE_get_by_subject(3) from int to X509_LOOKUP_TYPE, and
in rev. 1.42, he provided X509_STORE_CTX_get_obj_by_subject(3).
Adjust the documentation.
Joint work with and OK tb@.
|
| | |
|
| |
|
|
|
|
| |
because some third party application code uses them.
List the full names (even though they are long)
such that they can be found with "man -k Dv=...".
|
| |
|
|
|
| |
that are related to this page but intentionally undocumented,
to better support grepping the source directory for function names.
|
| |
|
|
| |
also documenting X509_policy_tree_get0_user_policies(3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and various style improvements from the OpenSSL 1.1.1 branch,
which is still under a free license.
- No need to #include <openssl/lhash.h>.
- BUF_MEM_free(3) and sk_pop_free(3) can handle NULL.
- sk_value(3) can handle -1.
- Test pointers with "== NULL" rather than with "!".
- Use the safer "p = malloc(sizeof(*p))" idiom.
- return is not a function.
- Delete very wrong commented out code.
Including parts of the these commits from the 2015 to 2018 time range:
25aaa98a b4faea50 90945fa3 f32b0abe 26a7d938 7fcdbd83 208056b2 5b37fef0
Requested by and OK tb@.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and/or CRLs in the PEM input file (for example, if the file
is empty), provide an error message in addition to returning 0.
This merges another part of this OpenSSL commit,
which is still under a free license:
commit c0452248ea1a59a41023a4765ef7d9825e80a62b
Author: Rich Salz <rsalz@openssl.org>
Date: Thu Apr 20 15:33:42 2017 -0400
I did *not* add the similar message types X509_R_NO_CERTIFICATE_FOUND
and X509_R_NO_CRL_FOUND because both code inspection and testing
have shown that the code generating them is unreachable.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
which is still under a free license. No functional change.
- No need to #include <openssl/lhash.h> here.
- return is not a function.
- Do not use the pointless macro BIO_s_file_internal().
- No need to check for NULL before X509_CRL_free(3).
This includes parts of the following OpenSSL commits from
the 2015 to 2017 timeframe: 222561fe, 9982cbbb, f32b0abe, 26a7d938
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
under a free license:
1. If the three X509_load_*(3) functions are called with a NULL
file argument, do not return 1 to the caller because the return
value 1 means "i loaded one certificate or CRL into the store".
2. When calling PEM load functions, do not ask the user for a
password in an interactive manner.
This includes parts of the following commits:
commit c0452248ea1a59a41023a4765ef7d9825e80a62b
Author: Rich Salz <rsalz@openssl.org>
Date: Thu Apr 20 15:33:42 2017 -0400
Message: [...] Remove NULL checks and allow a segv to occur. [...]
commit db854bb14a7010712cfc02861731399b1b587474
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon Aug 7 18:02:53 2017 +0200
Message: Avoid surpising password dialog in X509 file lookup.
OK tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
out of X509_LOOKUP_hash_dir(3) because both groups of functions
differ substantially in purpose and structure.
Rewrite the complete text of X509_load_cert_file(3) from scratch
for correctness and clarity.
This fixes several documentation errors:
1. The names of the constants were wrong, lacking the "X509_" prefix.
2. None of these functions support X509_FILETYPE_DEFAULT,
neither in OpenSSL nor in LibreSSL.
3. The memory cache does not contain X509_STORE objects;
instead, the X509_STORE object *is* the memory cache.
|
| |
|
|
|
|
| |
draft-ietf-sidrops-aspa-profile
OK tb@
|
| |
|
|
| |
ok tb@
|
