Commit Graph

73 Commits

Author SHA1 Message Date
Brian Smith
054e682675 Eliminate unnecessary includes from low-level crypto modules.
Beyond generally eliminating unnecessary includes, eliminate as many
includes of headers that declare/define particularly error-prone
functionality like strlen, malloc, and free. crypto/err/internal.h was
added to remove the dependency on openssl/thread.h from the public
openssl/err.h header. The include of <stdlib.h> in openssl/mem.h was
retained since it defines OPENSSL_malloc and friends as macros around
the stdlib.h functions. The public x509.h, x509v3.h, and ssl.h headers
were not changed in order to minimize breakage of source compatibility
with external code.

Change-Id: I0d264b73ad0a720587774430b2ab8f8275960329
Reviewed-on: https://boringssl-review.googlesource.com/4220
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:49:18 +00:00
Brian Smith
a039d70270 Enable MSVC warning C4701, use of potentially uninitialized variable.
C4701 is "potentially uninitialized local variable 'buf' used". It
sometimes results in false positives, which can now be suppressed
using the macro OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS.

Change-Id: I15068b5a48e1c704702e7752982b9ead855e7633
Reviewed-on: https://boringssl-review.googlesource.com/3160
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:32:26 +00:00
David Benjamin
4b1510c71e Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209

(Imported from upstream's 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f.)

Change-Id: Ic2e5dc5c96e316c55f76bedc6ea55b416be3287a
Reviewed-on: https://boringssl-review.googlesource.com/4049
Reviewed-by: Adam Langley <agl@google.com>
2015-03-19 19:50:32 +00:00
David Benjamin
87b2a13a86 Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf
(Imported from upstream's ac5a110621ca48f0bebd5b4d76d081de403da29e)

Change-Id: I1a0518447716a93038bd95d40abef1d9fb4e5f72
Reviewed-on: https://boringssl-review.googlesource.com/4004
Reviewed-by: Adam Langley <agl@google.com>
2015-03-19 11:08:50 +00:00
David Benjamin
3305858342 Fix wrong numbers being passed as string lengths
(Imported from upstream's 0b142f022e2c5072295e00ebc11c5b707a726d74.)

Modified further because these ought to just be BIO_puts.

Change-Id: I8b70d70d0f626bb19b455adb4f0e08bacf453c1d
Reviewed-on: https://boringssl-review.googlesource.com/4002
Reviewed-by: Adam Langley <agl@google.com>
2015-03-19 11:07:45 +00:00
David Benjamin
9d102ddbc0 Check public key is not NULL.
CVE-2015-0288
PR#3708

(Imported from upstream's 28a00bcd8e318da18031b2ac8778c64147cd54f9.)

Change-Id: I6d60691da4c6860f87c753c065e93e9d0704aba9
Reviewed-on: https://boringssl-review.googlesource.com/3750
Reviewed-by: Adam Langley <agl@google.com>
2015-03-06 18:55:32 +00:00
Adam Langley
4e581b5378 Add support for reading PKCS#7 data from PEM files.
(There are times when I actually miss C++ templates.)

Change-Id: I3db56e4946ae4fb919105fa33e2cfce3c7542d37
Reviewed-on: https://boringssl-review.googlesource.com/3700
Reviewed-by: Adam Langley <agl@google.com>
2015-02-27 21:02:38 +00:00
Adam Langley
50073e8c5e Add functions to parse and generate PKCS#7 files with CRLs.
Change-Id: I7b6acc9004beb7b7090de1837814ccdff2e9930e
Reviewed-on: https://boringssl-review.googlesource.com/3680
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-02-27 19:48:19 +00:00
David Benjamin
dd1ca99da4 Remove X509_get_pubkey_parameters.
It's never called in outside code. This too seems to be a remnant of the DSA
PKIX optional parameter stuff. This is confirmed both by a removed comment and
by the brief documentation at http://www.umich.edu/~x509/ssleay/x509_pkey.html

RFC 5480 does not allow ECDSA keys to be missing parameters, so this logic is
incorrect for ECDSA anyway.  It was also failing to check
EVP_PKEY_copy_parameters' return value. And that logic looks pretty suspect if
you have a chain made up multiple certificate types.

Change-Id: Id6c60659a0162356c7f3eae5c797047366baae1c
Reviewed-on: https://boringssl-review.googlesource.com/3485
Reviewed-by: Adam Langley <agl@google.com>
2015-02-17 23:15:47 +00:00
Adam Langley
6899b19464 Update API to use (char *) for email addresses and hostnames.
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

(Imported from upstream's e83c913723fac7432a7706812f12394aaa00e8ce.)

Change-Id: Id0fc11773a0cee8933978cd4bdbd8251fd7cfb5f
2015-02-13 11:00:48 -08:00
Adam Langley
6f8c366989 Set optional peername when X509_check_host() succeeds.
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().

(Imported from upstream's 55fe56837a65ff505b492aa6aee748bf5fa91fec.)

Change-Id: Ic21bfb361b8eb25677c4c2175882fa95ea44fc31
2015-02-13 11:00:48 -08:00
Adam Langley
d0f5df2d71 New peername element in X509_VERIFY_PARAM_ID.
Declaration, memory management, accessor and documentation.

(Imported from upstream's 1eb57ae2b78c119bfba7ab647951130e968d1664.)

Change-Id: Ifa9672e46445e44a78001b0f9430a93c138d73d7
2015-02-13 11:00:47 -08:00
Adam Langley
589963f79e Multiple verifier reference identities.
(Imported from upstream's 8abffa4a73fcbf6536e0a42d736ed9211a8204ea,
9624b50d51de25bb2e3a72e81fe45032d80ea5c2 and
41e3ebd5abacfdf98461cdeb6fa97a4175b7aad3.)

Change-Id: Ic9099eb5704b19b4500229e89351371cc6184f9d
2015-02-13 10:59:10 -08:00
Adam Langley
c68f3e02b0 X509_check_mumble() failure is <= 0, not just 0.
(This change is for a future change that increases the range of the
return values.)

(Imported from upstream's 3fc0b1edad0c75d7beb51fa77f63ffe817295e2c.)

Change-Id: I221d4ee0e90586f89f731e01ff4d813058173211
2015-02-13 10:58:55 -08:00
Adam Langley
fcd34624a1 Drop hostlen from X509_VERIFY_PARAM_ID.
Just store NUL-terminated strings. This works better when we add
support for multiple hostnames.

(Imported from upstream's d93edc0aab98377f42dd19312248597a018a7889.)

Change-Id: Ib3bf8a8c654b829b4432782ba21ba55c3d4a0582
2015-02-13 10:51:02 -08:00
David Benjamin
96396b3aaa Fix cross-module errors.
Some files in crypto/x509 were moved from crypto/asn1, so they emit errors from
another module. Fix make_errors.go to account for this: cross module errors
must use the foreign module as the first argument to OPENSSL_PUT_ERROR. Both
the function code and the error code should be declared in the foreign module.

Update make_errors.go to ignore cross-module error lines when deciding which
function tokens to emit.

Change-Id: Ic38377ddd56e22d033ef91318c30510762f6445d
Reviewed-on: https://boringssl-review.googlesource.com/3383
Reviewed-by: Adam Langley <agl@google.com>
2015-02-11 23:11:55 +00:00
Adam Langley
29b186736c Precompute sorted array for error strings.
Previously, error strings were kept in arrays for each subdirectory and
err.c would iterate over them all and insert them at init time to a hash
table.

This means that, even if you have a shared library and lots of processes
using that, each process has ~30KB of private memory from building that
hash table.

This this change, all the error strings are built into a sorted list and
are thus static data. This means that processes can share the error
information and it actually saves binary space because of all the
pointer overhead in the old scheme. Also it saves the time taken
building the hash table at startup.

This removes support for externally-supplied error string data.

Change-Id: Ifca04f335c673a048e1a3e76ff2b69c7264635be
2015-02-09 17:35:31 -08:00
David Benjamin
9e128b06a1 Fix memory leak on malloc failure.
Found by running malloc tests with -valgrind. Unfortunately, the next one is
deep in crypto/asn1 itself, so I'm going to stop here for now.

Change-Id: I7a33971ee07c6b7b7a98715f2f18e0f29380c0a1
Reviewed-on: https://boringssl-review.googlesource.com/3350
Reviewed-by: Adam Langley <agl@google.com>
2015-02-10 01:23:34 +00:00
David Benjamin
1eed2c0e40 Fix some unchecked mallocs.
BUG=456599

Change-Id: Id0652c2aff1cb8a5de35350feb8410285b3fef20
Reviewed-on: https://boringssl-review.googlesource.com/3330
Reviewed-by: Adam Langley <agl@google.com>
2015-02-09 19:39:41 +00:00
Adam Langley
2b2d66d409 Remove string.h from base.h.
Including string.h in base.h causes any file that includes a BoringSSL
header to include string.h. Generally this wouldn't be a problem,
although string.h might slow down the compile if it wasn't otherwise
needed. However, it also causes problems for ipsec-tools in Android
because OpenSSL didn't have this behaviour.

This change removes string.h from base.h and, instead, adds it to each
.c file that requires it.

Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37
Reviewed-on: https://boringssl-review.googlesource.com/3200
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-02-02 19:14:15 +00:00
Adam Langley
4a0f0c4910 Change CMakeLists.txt to two-space indent.
find -name CMakeLists.txt -type f | xargs sed -e 's/\t/  /g' -i

Change-Id: I01636b1849c00ba918f48828252492d99b0403ac
2015-01-28 16:37:10 -08:00
David Benjamin
2a0e72f08a Fix segfault with empty fields as last in the config.
(Imported from upstream's 2747d73c1466c487daf64a1234b6fe2e8a62ac75.)

Also fix up some stylistic issues in conf.c and clarify empty case in
documentation.

Change-Id: Ibacabfab2339d7566d51db4b3ac4579aec0d1fbf
Reviewed-on: https://boringssl-review.googlesource.com/3023
Reviewed-by: Adam Langley <agl@google.com>
2015-01-26 18:37:47 +00:00
David Benjamin
df1cda345f Use inner algorithm when printing certificate.
(Imported from upstream's 004efdbb41f731d36bf12d251909aaa08704a756.)

The outer algorithm is already printed at the bottom of the function. This
allows any tools which print the X509 this way to determine if there is a
mismatch. This is also the point where the TBSCertificate is printed, not the
Certificate. See upstream's RT #3665.

Change-Id: I89baa4e4b626abf8813545a90eaa4409489ad893
Reviewed-on: https://boringssl-review.googlesource.com/3022
Reviewed-by: Adam Langley <agl@google.com>
2015-01-26 18:37:23 +00:00
David Benjamin
aa3f6daa86 Tag a number of globals as const.
Change-Id: I6f334911f153395a2e5e26adfd08912a1d8c558b
Reviewed-on: https://boringssl-review.googlesource.com/2847
Reviewed-by: Adam Langley <agl@google.com>
2015-01-14 21:53:00 +00:00
Adam Langley
ca9a538aa0 Fix various certificate fingerprint issues.
By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.

1. Reject signatures with non zero unused bits.

If the BIT STRING containing the signature has non zero unused bits reject the
signature. All current signature algorithms require zero unused bits.

2. Check certificate algorithm consistency.

Check the AlgorithmIdentifier inside TBS matches the one in the certificate
signature. NB: this will result in signature failure errors for some broken
certificates.

3. Check DSA/ECDSA signatures use DER.

Reencode DSA/ECDSA signatures and compare with the original received signature.
Return an error if there is a mismatch.

This will reject various cases including garbage after signature (thanks to
Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for
discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or
with leading zeroes).

CVE-2014-8275

(Imported from upstream's 85cfc188c06bd046420ae70dd6e302f9efe022a9 and
4c52816d35681c0533c25fdd3abb4b7c6962302d)

Change-Id: Ic901aea8ea6457df27dc542a11c30464561e322b
Reviewed-on: https://boringssl-review.googlesource.com/2783
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-01-09 19:41:59 +00:00
Adam Langley
b9e0ccc650 Fix a couple of minor compiler warnings.
One about a possible uninitialised variable (incorrect, but it's easier
to keep the compiler happy) and one warning about "const static" being
backwards.

Change-Id: Ic5976a5f0b48f32e09682e31b65d8ea1c27e5b88
Reviewed-on: https://boringssl-review.googlesource.com/2632
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-01-06 00:27:22 +00:00
Adam Langley
69a01608f3 Add malloc failure tests.
This commit fixes a number of crashes caused by malloc failures. They
were found using the -malloc-test=0 option to runner.go which runs tests
many times, causing a different allocation call to fail in each case.

(This test only works on Linux and only looks for crashes caused by
allocation failures, not memory leaks or other errors.)

This is not the complete set of crashes! More can be found by collecting
core dumps from running with -malloc-test=0.

Change-Id: Ia61d19f51e373bccb7bc604642c51e043a74bd83
Reviewed-on: https://boringssl-review.googlesource.com/2320
Reviewed-by: Adam Langley <agl@google.com>
2014-11-19 01:24:46 +00:00
David Benjamin
b044020f84 Remove i2d_X509_PKEY and d2i_X509_PKEY.
One of them was never implemented upstream or downstream. The other no longer
works in BoringSSL. They're not used within BoringSSL (this still compiles),
even in X509_INFO, and do not appear to be used by consumers. If they were, we
would like to know via a compile failure.

This removes the last consumer within BoringSSL of the ASN.1 parsing macros.

Change-Id: Ifb72b1fcd0a4f7b3e6b081486f8638110872334b
Reviewed-on: https://boringssl-review.googlesource.com/2203
Reviewed-by: Adam Langley <agl@google.com>
2014-11-10 22:28:23 +00:00
Adam Langley
fba236fa88 Omit version for v1 certificates.
When calling X509_set_version to set v1 certificate, that should mean
that the version number field is omitted.

(Imported from upstream's 8c0d19d8577c9a96b65622bfa92d0affd6bbb4ac)

Change-Id: If433fda7b6ccbd899f3379a38581c351cf4a82da
2014-11-10 13:45:32 -08:00
Adam Langley
920e69658e Extra return in check_issued.
(Imported from upstream's b8d687bb561384bb3d52027cbf637fa4852c4225)

Change-Id: I5155b8fa165fbb83a0ba6790571fec28e22cd45c
2014-11-10 13:45:32 -08:00
Adam Langley
655038e7db ASN1_STRING_to_UTF8 missing initializer.
(Imported from upstream's b85d461cdf92b1d76d903c245ec01fd7398179d8)

Change-Id: I85f620a5a924c3fe73aa394b39ab8ab343c4c7eb
2014-11-10 13:45:32 -08:00
David Benjamin
a85093f5bb Fix error handling in X509_PURPOSE_add and X509_TRUST_add.
Two leaks can happen: if idx is -1, the newly allocated entry may not be freed.
Also, for X509_PURPOSE_add, if only one BUF_strdup succeeds, it will leak.

Restructure both so that the allocations happen ahead of time and are properly
cleaned up. This avoids leaving an existing entry in a half-broken state.

Found (sort of) by scan-build; because of all the indirections and DYNAMIC
flags, it doesn't actually realize the leak's been fixed.

Change-Id: I5521889bd14e007b3f62b6a4906d7c346698b48c
Reviewed-on: https://boringssl-review.googlesource.com/2209
Reviewed-by: Adam Langley <agl@google.com>
2014-11-06 01:44:43 +00:00
David Benjamin
9ecafa5c78 Shush some dead assignments.
Appease clang scan-build a bit. I'm not sure it's actually worth silencing all
of them because some of them look like preserving invariants between local
variables, but some are clearly pointless or can be restructured slightly.

Change-Id: I0bc81e2589bb402ff3ef0182d7a8921e31b85052
Reviewed-on: https://boringssl-review.googlesource.com/2205
Reviewed-by: Adam Langley <agl@google.com>
2014-11-06 01:34:33 +00:00
David Benjamin
626fb8b75c Fix leaks in and de-macro X509_PKEY_new.
Caught by clang scan-build.

Change-Id: I075ae0423ec72493f21608ab5704e2984ca3e86c
Reviewed-on: https://boringssl-review.googlesource.com/2202
Reviewed-by: Adam Langley <agl@google.com>
2014-11-06 01:30:59 +00:00
David Benjamin
b06711ca34 Move the X509_NAME typedef into x509.h.
X509_NAME is one of the symbols that collide with wincrypt.h. Move it to x509.h
so libraries which only use the pure-crypto portions of BoringSSL without X.509
needn't have to resolve the collision.

Change-Id: I057873498e58fe4a4cf264356f9a58d7a15397b7
Reviewed-on: https://boringssl-review.googlesource.com/2080
Reviewed-by: Adam Langley <agl@google.com>
2014-10-28 22:38:38 +00:00
David Benjamin
0248889950 Don't mix and match libraries and errors.
The same library code applies for both the error and the function, so modules
cannot easily report errors from each other. Switch evp/algorithm.c's error
codes to the EVP library. Remove the original error codes so it's obvious some
changes are needed.

- X509_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED -> EVP_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED
  ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED -> EVP_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED
  (Actually, the X509 version of this error code doesn't exist in OpenSSL. It should
   have been ASN1.)

- ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM -> EVP_R_UNKNOWN_SIGNATURE_ALGORITHM

- ASN1_R_WRONG_PUBLIC_KEY_TYPE -> EVP_R_WRONG_PUBLIC_KEY_TYPE

- ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM -> EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM

Change-Id: I05b1a05b465d800c85f7d63ca74588edf40847b9
Reviewed-on: https://boringssl-review.googlesource.com/1940
Reviewed-by: Adam Langley <agl@google.com>
2014-10-13 22:56:28 +00:00
David Benjamin
8f160a680b Add EVP_DigestVerifyInitFromAlgorithm and EVP_DigestSignAlgorithm.
Factor the AlgorithmIdentifier portions of ASN1_item_sign and ASN1_item_verify
out. This makes it possible to initialize a signature context from an
AlgorithmIdentifier without needing the data parsed into an ASN1_ITEM/void*
pair and reserialized.

Change-Id: Idc2e06b1310a3f801aa25de323d39d2b7a44ef50
Reviewed-on: https://boringssl-review.googlesource.com/1916
Reviewed-by: Adam Langley <agl@google.com>
2014-10-09 21:52:52 +00:00
David Benjamin
2e1594dfb5 Remove #if-0'd ASN1_sign.
Verified that nothing uses it.

Change-Id: I1755144129e274f3d1680ddb8cb12273070eb078
Reviewed-on: https://boringssl-review.googlesource.com/1912
Reviewed-by: Adam Langley <agl@google.com>
2014-10-09 21:07:48 +00:00
David Benjamin
a87941ad17 Remove misspelled error code.
One ASN1_R_UNKNOWN_FORMAT got mispelled into ASN1_R_UNKOWN_FORMAT and
duplicated.

Change-Id: If123ef848ffe68afa021f5f3e3fb08eac92c5f94
Reviewed-on: https://boringssl-review.googlesource.com/1911
Reviewed-by: Adam Langley <agl@google.com>
2014-10-09 21:03:42 +00:00
David Benjamin
bce495c9f3 Fix a_{digest,verify}.c error codepaths.
Not that these functions can actually fail. The only codepaths that do so are
user errors.

Change-Id: I9fcbd402ab6574b5423ae22b462a0e1192ef01d7
Reviewed-on: https://boringssl-review.googlesource.com/1900
Reviewed-by: Adam Langley <agl@google.com>
2014-10-06 23:50:31 +00:00
David Benjamin
fb3ff2c66c Don't compare signed vs. unsigned.
This resolves a pile of MSVC warnings in Chromium.

Change-Id: Ib9a29cb88d8ed8ec4118d153260f775be059a803
Reviewed-on: https://boringssl-review.googlesource.com/1865
Reviewed-by: Adam Langley <agl@google.com>
2014-10-01 02:17:38 +00:00
David Benjamin
a70c75cfc0 Add a CRYPTO_library_init and static-initializer-less build option.
Chromium does not like static initializers, and the CPU logic uses one to
initialize CPU bits. However, the crypto library lacks an explicit
initialization function, which could complicate (no compile-time errors)
porting existing code which uses crypto/, but not ssl/.

Add an explicit CRYPTO_library_init function, but make it a no-op by default.
It only does anything (and is required) if building with
BORINGSSL_NO_STATIC_INITIALIZER.

Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39
Reviewed-on: https://boringssl-review.googlesource.com/1770
Reviewed-by: Adam Langley <agl@google.com>
2014-09-12 00:10:53 +00:00
David Benjamin
457112e197 unifdef a bunch of OPENSSL_NO_* ifdefs.
Get all this stuff out of the way.

- OPENSSL_NO_MD5
- OPENSSL_NO_SHA
- OPENSSL_NO_EC
- OPENSSL_NO_ECDSA
- OPENSSL_NO_ECDH
- OPENSSL_NO_NEXTPROTONEG
- OPENSSL_NO_DH
- OPENSSL_NO_SSL3
- OPENSSL_NO_RC4
- OPENSSL_NO_RSA

Also manually removed a couple instances of OPENSSL_NO_DSA that seemed to be
confused anyway. Did some minor manual cleanup. (Removed a few now-pointless
'if (0)'s.)

Change-Id: Id540ba97ee22ff2309ab20ceb24c7eabe766d4c4
Reviewed-on: https://boringssl-review.googlesource.com/1662
Reviewed-by: Adam Langley <agl@google.com>
2014-08-28 00:41:34 +00:00
Adam Langley
58f90951eb Remove hack in parsing PKCS#12.
This change removes the previous OpenSSL/NSS hack in PKCS#12 parsing and
limits the hacks purely to the BER->DER conversion function, where they
belong.

PKCS#7 and #12 switch between implicit and explicit tags in different
places and sometimes only implicitly define that they are using implicit
tags. This change fixes a previous confusion where an implicit tag was
thought to be explicit.

Change-Id: Ib68c78cf2a1bfcbf90a296cb98313ab86ed2a1f3
Reviewed-on: https://boringssl-review.googlesource.com/1640
Reviewed-by: Adam Langley <agl@google.com>
2014-08-26 22:07:02 +00:00
David Benjamin
d698f322b5 Introduce EVP_DecodeBase64.
This fixes several of the problems with the old API.
- Padding was completely ignored.
- ='s in the middle of the input were accepted.
- It tries to be helpful and strips leading/trailing whitespace.

Change-Id: I99b9d5e6583f7eaf9bf0b6ee9ca39799811b58dc
Reviewed-on: https://boringssl-review.googlesource.com/1602
Reviewed-by: Adam Langley <agl@google.com>
2014-08-25 23:00:28 +00:00
Adam Langley
9c01e00c2e Rework support for ASN.1 BER.
Previously, the ASN.1 functions in bytestring were capable of processing
indefinite length elements when the _ber functions were used. That works
well enough for PKCS#3, but NSS goes a bit crazy with BER encoding and
PKCS#12. Rather than complicate the core bytestring functions further,
the BER support is removed from them and moved to a separate function
that converts from BER to DER (if needed).

Change-Id: I2212b28e99bab9fab8c61f80d2012d3e5a3cc2f0
Reviewed-on: https://boringssl-review.googlesource.com/1591
Reviewed-by: Adam Langley <agl@google.com>
2014-08-25 21:38:08 +00:00
David Benjamin
c44d2f4cb8 Convert all zero-argument functions to '(void)'
Otherwise, in C, it becomes a K&R function declaration which doesn't actually
type-check the number of arguments.

Change-Id: I0731a9fefca46fb1c266bfb1c33d464cf451a22e
Reviewed-on: https://boringssl-review.googlesource.com/1582
Reviewed-by: Adam Langley <agl@google.com>
2014-08-21 01:06:07 +00:00
Adam Langley
660140206e Add EVP_EncodedLength.
Several callers of EVP_EncodeBlock are doing ad-hoc versions of this
function without any overflow checks.

Change-Id: I4d0cad2347ea8c44b42465e8b14b2783db69ee8f
Reviewed-on: https://boringssl-review.googlesource.com/1511
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-08-14 16:37:22 +00:00
Adam Langley
eeb9f491e8 Add PKCS7_bundle_certificates.
This function serialises a PKCS#7 structure containing a number of
certificates.

Change-Id: Iaf15887e1060d5d201d5a3dd3dca8d51105ee6d6
Reviewed-on: https://boringssl-review.googlesource.com/1431
Reviewed-by: Adam Langley <agl@google.com>
2014-08-07 18:12:25 +00:00
David Benjamin
150c617cfc Add X509_up_ref and use it internally.
Avoid needing to manually increment the reference count and using the right
lock, both here and in Chromium.

Change-Id: If116ebc224cfb1c4711f7e2c06f1fd2c97af21dd
Reviewed-on: https://boringssl-review.googlesource.com/1415
Reviewed-by: Adam Langley <agl@google.com>
2014-08-07 00:06:34 +00:00