Fix an error exit in X509v3_addr_validate_path()

If the topmost cert is invalid, this should result in a validation failure.
Do the same dance as elsewhere permitting the verify callback to intercep

Fix an error exit in X509v3_addr_validate_path()

If the topmost cert is invalid, this should result in a validation failure.
Do the same dance as elsewhere permitting the verify callback to intercept
the error but ensuring that we throw an error.

ok jsing

show more ...

RFC 3779: stop pretending we support AFIs other than IPv4 and IPv6

This code is a complete bug fest and using it with any other AFI is
downright dangerous. Such don't arise in this context in practi

RFC 3779: stop pretending we support AFIs other than IPv4 and IPv6

This code is a complete bug fest and using it with any other AFI is
downright dangerous. Such don't arise in this context in practice.

ok claudio jsing

show more ...

Back out superfluous initialization

requested by jsing@

Initialize afi & safi to zero

OK tb@

Avoid use-of-uninitialized in i2r_IPAddrBlocks()

Reported by Viktor Szakats in
https://github.com/libressl/portable/issues/910

ok job

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h

fix suggested by & ok jsing

show more ...

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Hide public symbols in libcrypto/x509 .c files

ok tb@

Remove an unnecessary XXX comment. The suggested check is part of
extract_min_max().

Rewrite make_addressRange() using CBS

Factor the trimming of the end and the counting of unused bits into
helper functions and reuse an ASN.1 bit string API to set the unused
bits and the ASN1_STRIN

Rewrite make_addressRange() using CBS

Factor the trimming of the end and the counting of unused bits into
helper functions and reuse an ASN.1 bit string API to set the unused
bits and the ASN1_STRING_FLAG_BITS_SET. With a couple of explanatory
comments it becomes much clearer what the code is actually doing and
why.

ok jsing

show more ...

Simplify make_addressPrefix()

In order to set the BIT STRING containing an address prefix, use existing
helper functions from the ASN.1 code instead of redoing everything by
hand. Make the function

Simplify make_addressPrefix()

In order to set the BIT STRING containing an address prefix, use existing
helper functions from the ASN.1 code instead of redoing everything by
hand. Make the function single exit and rename a few variables to make
it clearer what is being done.

ok jsing

show more ...

Clarify comments at the start of {asid,addr}_validate_path_internal()

Requested by jsing

Avoid expensive RFC 3779 checks during cert verification

X509v3_{addr,asid}_is_canonical() check that the ipAddrBlocks and
autonomousSysIds extension conform to RFC 3779. These checks are not
cheap.

Avoid expensive RFC 3779 checks during cert verification

X509v3_{addr,asid}_is_canonical() check that the ipAddrBlocks and
autonomousSysIds extension conform to RFC 3779. These checks are not
cheap. Certs containing non-conformant extensions should not be
considered valid, so mark them with EXFLAG_INVALID while caching the
extension information in x509v3_cache_extensions(). This way the
expensive check while walking the chains during X509_verify_cert() is
replaced with a cheap check of the extension flags. This avoids a lot
of superfluous work when validating numerous certs with similar chains
against the same roots as is done in rpki-client.

Issue noticed and fix suggested by claudio
ok claudio inoguchi jsing

show more ...

Make gcc 4 happier about x509_addr.c

gcc 4 on sparc64 issues a few 'warning: value computed is not used'.
There are two cases: sk_set_cmp_function() returns the old comparison
function of the stack

Make gcc 4 happier about x509_addr.c

gcc 4 on sparc64 issues a few 'warning: value computed is not used'.
There are two cases: sk_set_cmp_function() returns the old comparison
function of the stack which we don't care about. The one warning about
an sk_delete() is about a return value that we know already and which
we will free a few lines down.

ok inoguchi miod

show more ...

Remove a strange inheritance check from addr_validate_path_internal()

The trust anchor can't inherit, but the code says that it can inherit
just not if the leaf tries to inherit from that. This make

Remove a strange inheritance check from addr_validate_path_internal()

The trust anchor can't inherit, but the code says that it can inherit
just not if the leaf tries to inherit from that. This makes no sense
and doesn't match what is done on the asid side.

ok jsing

show more ...

minor tweaks, no code change

Adjust a comment to reality, zap a stray empty line and fix whitespace
before comment after #endif

Unindent a few lines of code and avoid shadowed variables.

Rename {c,p}_{min,max} into {child,parent}_{min,max}

Two minor KNF tweaks

Use child_aor and parent_aor instead of aorc and aorp

suggested by jsing

Rename fp and fc into parent_af and child_af for readability.

suggested by jsing

Globally rename all IPAddressFamily *f into af since this is slightly
more readable.

Repeated complaints by jsing

Add a helper function to turn unchecked (but sound) use of
sk_find + sk_value into something easier to follow and swallow.

ok inoguchi jsing

Hoist IPAddressFamily_cmp() to the other IPAddressFamily functions.

ok inoguchi jsing

Call x a cert for readability.