| Age | Commit message (Collapse) | Author |
|---|
|
make sure it fully re-initializes the object rather than leaving
behind a stale pointer and a stale type in the object.
The old behaviour was dangerous because X509_OBJECT_get_type(3)
would then return the stale type to the user and one of
X509_OBJECT_get0_X509(3) or X509_OBJECT_get0_X509_CRL(3) would
then return the stale pointer to the user, provoking a use-after-free
bug in the application program. Having these functions return
X509_LU_NONE and NULL is better because those are the documented
return values for these functions when the object is empty.
OK tb@
|
|
ok gnezdo jsing
|
|
Get rid of the last X509_OBJECT_free_contents() call by moving the object
from the stack to the heap. I deliberately kept the obj variable to keep
obj and pobj separate. Rename the out parameter from issuer to out_issuer
to ensure that we only assign it when we have acquired a reference that we
can return. Add a new X509 *issuer. In the first part of the function,
acquire an extra reference before check_issuer/check_time.
In the second part of the function, acquire a reference inside the lock to
avoid a race. Deal with ret only in one place.
ok jsing
|
|
x509_check_cert_time(). Matches a change made in OpenSSL 70dd3c65.
ok jsing
|
|
Split the retrieval of the certs in the store's cache that match the
desired subject into a separate function. This greatly simplifies
locking, error handling and the flow of the function.
with/ok jsing
|
|
These functions are quite messy. On top of the tricky logic querying the
cache, then refreshing the cache (unconditionally or not), then querying
again, then extracting a list of certs/crls and bumping their refcounts,
things are intermixed with locking and needlessly early allocations that
then need to be cleaned up again.
Use X509_STORE_CTX_get_obj_by_subject() to avoid using an object on the
stack and defer allocation of the returned stack of certs to later.
Flatten the logic a bit and prepare for further refactoring.
ok jsing
|
|
|
|
Add a X509_STORE_add_object() function that adds an X509 object to the
store and takes care of locking and cleaning up. This way we can set up
an X509_OBJECT for both the cert and CRL case and hand over to the new
function.
There is one intentional change of behavior: if there is an attempt to
add an object which is already present in the store, succeed instead of
throwing an error. This makes sense and is also the OpenSSL behavior.
As pointed out by jsing, this is a partial fix for the long standing
GH issue #100 on libtls where connections would fail if the store
contains duplicate certificates.
Also: remove the internal X509_OBJECT_dec_ref_count(), which is no
longer used.
ok jsing
|
|
simplify the flow of X509_add_lookup().
ok jsing
|
|
ok jsing
|
|
the unused cache member of X509_STORE.
ok jsing
|
|
Check for allocation failures and if one happens push an error on
the stack and clean up using X509_STORE_free().
ok jsing
|
|
ok jsing
|
|
callbacks are called.
ok jsing
|
|
Switch from malloc() to calloc() and drop a bunch of initializations
to 0. Call the returned object lu instead of the generic ret.
ok jsing
|
|
Both these are essentially unused. Remove the last use of data.ptr
by initializing and copying the X509_OBJECT using memset() and
struct assignment in X509_STORE_CTX_get_subject_by_name() and add
a missing error check for X509_OBJECT_up_ref_count() while there.
ok beck
|
|
the generic 'ret' to obj' in X509.
Requested by jsing
|
|
around X509_STORE_get_by_subject() that eliminates the need of
allocating an object on the heap by hand.
ok beck inoguchi jsing
|
|
OpenSSL's signatures.
ok beck inoguchi jsing
|
|
ok beck inoguchi jsing
|
|
that we know that it only returns 0 or 1. Eliminate the last uses
of X509_LU_{FAIL,RETRY}.
ok jsing
|
|
Initialize stmp.type and stmp.data.ptr so that a user-defined lookup
method need not take responsibility of initializing those. Get rid of
current_method, which was never really used. Stop potentially returning
a negative value since most callers assume Boolean return values already.
In addition, garbage collect the pointless j variable.
ok jsing
|
|
for a NULL ctx->ctx in the lookup functions using X509_STORE_CTX.
This affects X509_STORE_get1_certs(), X509_STORE_get1_crls(),
X509_STORE_CTX_get1_issuer() and X509_STORE_get_by_subject().
With this X509_verify_cert() no longer crashes with a NULL store.
With and OK tb@
|
|
Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387
tested in a bulk by sthen
ok jsing
|
|
X509_LOOKUP_by_fingerprint() 'const unsigned char *bytes'.
tested in a bulk build by sthen
ok jsing
|
|
ok jsing
|
|
(which we don't have) it returns a plain int.
ok jsing
|
|
X509_STORE_set_ex_data().
|
|
|
|
|
|
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
|
object in the error path - we don't own it.
|
|
to push in that case. While there replace an inline version of
X509_OBJECT_free_contents() by a call to said function.
ok beck@
|
|
Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7
which didn't make it into a release until 1.0.2.
Thanks to william at 25thandclement dot com for reporting this!
ok deraadt@ jsing@ beck@
|
|
15 years.
|
|
X509_STORE_get1_certs(), X509_STORE_get1_crls(): check the result of
allocations.
ok tedu@
|
|
expired or not valid yet, continue looking; only return an expired certificate
if no valid certificates have been found.
OpenSSL PR #3359 via OpenSSL trunk.
|
|
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
|
|
|
ok miod
|
|
|
|
|
|
ok miod@
|
|
ok miod@ looks good deraadt@
|
|
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
|
|
|
|
|
|
|
|
|
|
