| #
f0d701e2 |
| 08-Jul-2024 |
beck <beck@openbsd.org> |
Hide global _it variables in x509.h
ok tb@
|
| #
e1608179 |
| 09-Apr-2024 |
beck <beck@openbsd.org> |
Hide public symbols in x509.h
This picks up most of the remaining public symbols in
x509.h
ok tb@
|
| #
4a5e4343 |
| 02-Mar-2024 |
tb <tb@openbsd.org> |
Remove X509_ALGOR_set_md()
One of those void APIs that are super hard to use safely since they can
fail but can't communicate failure. Nothing uses this. Internal uses have
been converted to error c
Remove X509_ALGOR_set_md()
One of those void APIs that are super hard to use safely since they can
fail but can't communicate failure. Nothing uses this. Internal uses have
been converted to error checked X509_ALGOR_set_evp_md().
ok jsing
show more ...
|
| #
d7818223 |
| 01-Nov-2023 |
tb <tb@openbsd.org> |
Use X509_ALGOR_set0_by_nid() in X509_ALGOR_set_evp_md()
ok jsing
|
| #
20811866 |
| 01-Nov-2023 |
tb <tb@openbsd.org> |
Add X509_ALGOR_set0_by_nid()
X509_ALGOR_set0() is annoyingly unergonomic since it takes an ASN1_OBJECT
rather than a nid. This means that almost all callers call OBJ_obj2nid()
and they often do thi
Add X509_ALGOR_set0_by_nid()
X509_ALGOR_set0() is annoyingly unergonomic since it takes an ASN1_OBJECT
rather than a nid. This means that almost all callers call OBJ_obj2nid()
and they often do this inline without error checking so that the resulting
X509_ALGOR object is corrupted and may lead to incorrect encodings.
Provide an internal alternative X509_ALGOR_set0_by_nid() that takes a nid
instead of an ASN1_OBJECT and performs proper error checking. This will be
used to convert callers of X509_ALGOR_set0() in the library.
ok jsing
show more ...
|
| #
4c3df036 |
| 01-Nov-2023 |
tb <tb@openbsd.org> |
Explain the weird order of doing things in X509_ALGOR_set0()
|
| #
a96e9671 |
| 01-Nov-2023 |
tb <tb@openbsd.org> |
Rename ptype and pval to parameter_type and parameter_value
ok jsing
|
| #
df222446 |
| 01-Nov-2023 |
tb <tb@openbsd.org> |
Unindent X509_ALGOR_set0_parameter()
ok jsing
|
| #
75f7ef76 |
| 01-Nov-2023 |
tb <tb@openbsd.org> |
Split X509_ALGOR_set0_parameter() out of X509_ALGOR_set0()
ok jsing
|
| #
b5ee39e5 |
| 01-Nov-2023 |
tb <tb@openbsd.org> |
Split X509_ALGOR_set0_obj() out of X509_ALGOR_set0()
ok jsing
|
| #
f6160bdb |
| 11-Oct-2023 |
tb <tb@openbsd.org> |
Some housekeeping in x_algor
Fix includes and zap an empty line.
ok jsing
|
| #
97fce2b4 |
| 11-Oct-2023 |
tb <tb@openbsd.org> |
Rewrite X509_ALGOR_set0()
The current implementation is a complete mess. There are three cases:
1) ptype == V_ASN1_UNDEF: parameter must be freed and set to NULL.
2) ptype == 0: existing non-NULL pa
Rewrite X509_ALGOR_set0()
The current implementation is a complete mess. There are three cases:
1) ptype == V_ASN1_UNDEF: parameter must be freed and set to NULL.
2) ptype == 0: existing non-NULL parameters are left untouched, NULL
parameters are replaced with ASN1_TYPE_new()'s wacky defaults.
3) otherwise allocate new parameters if needed and set them to ptype/pval.
In all three cases free the algorithm and set it to aobj.
The challenge now is to implement this using nine if statements and one
else clause... We can do better. This preserves existing behavior. There
would be cleaner implementations possible, but they would change behavior.
There are many callers in the ecosystem that do not error check
X509_ALGOR_set0() since OpenSSL failed to do so. So this was carefully
rewritten to leave alg in a consisten state so that unchecking callers
don't encounter corrupted algs.
ok jsing
show more ...
|
| #
324abc49 |
| 11-Oct-2023 |
tb <tb@openbsd.org> |
Ensure that out_value is initialized even if out_type is NULL
This fixes the printf in the x509_algor regress.
ok jsing
|
| #
449ce39a |
| 11-Oct-2023 |
tb <tb@openbsd.org> |
Rewrite X509_ALGOR_get0()
Make the logic slightly less convoluted. Preserve the behavior that
*ppval remains unset if pptype == NULL for now. However, ensure that
*ppval is set to NULL if pptype is
Rewrite X509_ALGOR_get0()
Make the logic slightly less convoluted. Preserve the behavior that
*ppval remains unset if pptype == NULL for now. However, ensure that
*ppval is set to NULL if pptype is V_ASN1_UNDER.
ok jsing
show more ...
|
| #
05dcc22a |
| 11-Oct-2023 |
tb <tb@openbsd.org> |
Add internal version of X509_ALGOR_set_md()
X509_ALGOR_set_md() is a void function that cannot easily be error checked.
The caller has to jump through hoops to make sure this function doesn't
fail.
Add internal version of X509_ALGOR_set_md()
X509_ALGOR_set_md() is a void function that cannot easily be error checked.
The caller has to jump through hoops to make sure this function doesn't
fail. Prepare replacing this internally with X509_ALGOR_set_evp_md(), which
allows error checking. There is one slight change of behavior: if the EVP_MD
object passed in does not have an OID known to the library, then this new
API fails.
It is unclear what the library should do with such an object and people
who use EVP_MD_meth_new() need to know what they are doing anyway and they
are better off teaching the lib about the OID if they're going to be
messing with certs.
Oh, and the prototype is in x509_local.h because the rest of this API is
in x509.h despite being implemented in asn1/.
ok jsing
show more ...
|
| #
5d8d1391 |
| 11-Oct-2023 |
tb <tb@openbsd.org> |
Clean up X509_ALGOR_cmp()
This is currently written in what is likely the most stupid way possible.
Rewrite this function in a more straightforward way.
ok jsing
|
| #
1ec3c770 |
| 07-Jul-2023 |
beck <beck@openbsd.org> |
Unbreak the namespace build after a broken mk.conf and tool misfire had
me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
| #
acf64401 |
| 05-Jul-2023 |
beck <beck@openbsd.org> |
Hide symbols in asn1 and bio
ok jsing@
|
| #
aac497e9 |
| 12-Dec-2021 |
tb <tb@openbsd.org> |
Rewrite X509_ALGOR_set_md() without reaching into EVP_MD.
ok inoguchi schwarze
|
| #
0267c206 |
| 01-May-2018 |
tb <tb@openbsd.org> |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen
ok jsing
|
| #
72327b6b |
| 24-Jul-2015 |
jsing <jsing@openbsd.org> |
Expand ASN1_ITEM_TEMPLATE/ASN1_EX_TEMPLATE_TYPE/ASN1_ITEM_TEMPLATE_END
macros - the generated assembly only differs by changes to line numbers.
|
| #
6bda5825 |
| 11-Feb-2015 |
jsing <jsing@openbsd.org> |
Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from
.quad 0/.long 0 to .zero, along with changes due to line
Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from
.quad 0/.long 0 to .zero, along with changes due to line numbering.
show more ...
|
| #
2c25b402 |
| 11-Feb-2015 |
jsing <jsing@openbsd.org> |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data
structures visible and easier to review, without having to wade through
layers and layers of asn1t.h macros.
Change has been
Expand most of the ASN1_SEQUENCE* and associated macros, making the data
structures visible and easier to review, without having to wade through
layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
show more ...
|
| #
c33941b7 |
| 10-Feb-2015 |
jsing <jsing@openbsd.org> |
The IMPLEMENT_STACK_OF and IMPLEMENT_ASN1_SET_OF macros were turned into
noops around 15 years ago. Remove multiple occurances of both that still
exist in the code today.
|
| #
28df18f0 |
| 10-Feb-2015 |
jsing <jsing@openbsd.org> |
Expand IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname macros that got missed.
|