Make X509_VERIFY_PARAM_set1_policies() less bad

If any OBJ_dup() fails along the way, a partially copied policy stack
would remain on the params object. This makes no sense. Implement and
use an sk_

Make X509_VERIFY_PARAM_set1_policies() less bad

If any OBJ_dup() fails along the way, a partially copied policy stack
would remain on the params object. This makes no sense. Implement and
use an sk_ASN1_OBJECT_deep_copy(), that copies the full stack or else
returns NULL.

Remove unnecessary NULL check and streamline some other logic.

ok jsing

show more ...

Clean up X509_VERIFY_PARAM_add0_policy()

Streamline some checks and use more idiomatic sk_push() error check

ok jsing

Fix indent

Inline X509_{TRUST,PUPROSE}_set() in their only callers

They are now unused and will join the exodus to the attic in the next bump.

ok jsing

Fix sk_deep_copy() implementation

sk_deep_copy() is bad code. It is less bad than the upstream code, but
still bad: it passes strdup() through a void pointer and assigns it to
a function pointer of

Fix sk_deep_copy() implementation

sk_deep_copy() is bad code. It is less bad than the upstream code, but
still bad: it passes strdup() through a void pointer and assigns it to
a function pointer of different type before calling the latter. That's
not kosher in more than one way.

There is no need for such gymnastics. If we need a deep copy for a type,
we should implement it as appropriate for that type.

Also, we should not expect and even less so allow holes in a STACK_OF().
The only way the vpm->hosts can be populated is by way of this deep_copy
function or x509_param_set_hosts_internal(), which pushes only after a
non-NULL check. Invariants: they're useful.

ok jsing

show more ...

Merge X509_VERIFY_PARAM_ID into X509_VERIFY_PARAM

Back in the day when essentially every struct was open to all applications,
X509_VERIFY_PARAM_ID provided a modicum of opacity. This indirection is

Merge X509_VERIFY_PARAM_ID into X509_VERIFY_PARAM

Back in the day when essentially every struct was open to all applications,
X509_VERIFY_PARAM_ID provided a modicum of opacity. This indirection is now
no longer needed with X509_VERIFY_PARAM being opaque itself, so stop using
X509_VERIFY_PARAM_ID and merge it into X509_VERIFY_PARAM. This is a first
small step towards cleaning up the X509_VERIFY_PARAM mess.

ok jsing

show more ...

Copy the verify param hostflags independently of the host list

Without this, hostflags set on the SSL_CTX would not propagate to newly
created SSL. This is surprising behavior that was changed in Op

Copy the verify param hostflags independently of the host list

Without this, hostflags set on the SSL_CTX would not propagate to newly
created SSL. This is surprising behavior that was changed in OpenSSL 1.1
by Christian Heimes after the issue was flagged by Quentin Pradet:
https://bugs.python.org/issue43522
This is a version of the fix that landed in OpenSSL.

There used to be a workaround in place in urllib3, but that was removed at
some point. We haven't fixed this earlier since it wasn't reported. It only
showed up after recent fallout of extraordinarily strict library checking
in urllib3 coming from their own interpretation of the implications of
PEP 644.

ok jsing

show more ...

Provide X509_VERIFY_PARAM_set_hostflags()

This is needed for an upcoming regress test that needs to access the
hostflag. This is public API in OpenSSL but since nothing seems to be
using this, this

Provide X509_VERIFY_PARAM_set_hostflags()

This is needed for an upcoming regress test that needs to access the
hostflag. This is public API in OpenSSL but since nothing seems to be
using this, this accessor will be kept internal-only for the time being.

ok jsing

show more ...

Enable policy checking by default now that we are DAG implementation based.

This ensures that we will no longer silently ignore a certificate with
a critical policy extention by default.

ok tb@

Garbage collect the now unused obfuscating macro string_stack_free()

Inline the three uses of string_stack_free()

sk_OPENSSL_STRING_pop_free() is much more explicit and isn't that much
more complicated. x509_util.c can also use it directly...

No binary change

x509_vfy.c and x509_vpm.c don't need vpm_int.h anymore

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h

fix suggested by & ok jsing

show more ...

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Hide public symbols in libcrypto/x509 .c files

ok tb@

Prepare to provide X509_VERIFY_PARAM_get_time()

ok jsing sthen

Prepare to provide X509_VERIFY_PARAM_set_auth_level()

For some unknown reason this needed a different name than security_level,
both internally and in the public API. Obviously it is exactly the sam

Prepare to provide X509_VERIFY_PARAM_set_auth_level()

For some unknown reason this needed a different name than security_level,
both internally and in the public API. Obviously it is exactly the same
garbage.

ok beck jsing

show more ...

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of un

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

show more ...

Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.

In order to work around the expired DST Root CA X3 certficiate, enable
X509_V_FLAG_TRUSTED_FIRST in the legacy verifier. This mean

Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.

In order to work around the expired DST Root CA X3 certficiate, enable
X509_V_FLAG_TRUSTED_FIRST in the legacy verifier. This means that the
default chain provided by Let's Encrypt will stop at the ISRG Root X1
intermediate, rather than following the DST Root CA X3 intermediate.

Note that the new verifier does not suffer from this issue, so only a
small number of things will hit this code path.

ok millert@ robert@ tb@

show more ...

Enable the new verifier again so hopefully the remaining kinks get ironed
out in this release cycles.

discussed with deraadt and jsing

Switch back to the legacy verifier for the release.

This is disappointing as a lot of work was put into the new verifier
during this cycle. However, there are still too many known bugs and
incompati

Switch back to the legacy verifier for the release.

This is disappointing as a lot of work was put into the new verifier
during this cycle. However, there are still too many known bugs and
incompatibilities. It is better to be faced with known broken behavior
than with new broken behavior and to switch now rather than via errata.
This way we have another cycle to iron out the kinks and to fix some of
the remaining bugs.

ok jsing

show more ...

Don't leak param->name in x509_verify_param_zero()

For dynamically allocated verify parameters, param->name is only ever set
in X509_VERIFY_set1_name() where the old one is freed and the new one is

Don't leak param->name in x509_verify_param_zero()

For dynamically allocated verify parameters, param->name is only ever set
in X509_VERIFY_set1_name() where the old one is freed and the new one is
assigned via strdup(). Setting it to NULL without freeing it beforehand is
a leak.

looks correct to millert, ok inoguchi

show more ...

Fix some KNF issues

re-enable new x509 chain verifier as the default

ok tb@

revert previous, need to fix a problem