Commit Graph

53 Commits

Author SHA1 Message Date
David Benjamin
17dd904eb9 do_dirname: Don't change gen on failures
It would set gen->d.dirn to a freed pointer in case X509V3_NAME_from_section
failed.

(Imported from upstream's ea9de25f2f577db69d67c39e5cf60be7da17c931.)

This only affects the various config file parsing bits.

Change-Id: I530c09be81bfb40bca931c064c39cbc93dfd454f
Reviewed-on: https://boringssl-review.googlesource.com/6348
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-26 19:44:09 +00:00
David Benjamin
0ea470fdb2 Fix self-signed handling.
Don't mark a certificate as self-signed if keyUsage is present and
certificate signing is not asserted.

PR#3979

(Imported from upstream's e272f8ef8f63298466494adcd29512797ab1eece.)

Change-Id: I3120832f32455e8e099708fa2491d85d3d4a3930
Reviewed-on: https://boringssl-review.googlesource.com/6341
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-26 17:46:22 +00:00
David Benjamin
b50c91b5df Cleaner handling of "cnid" in do_x509_check
Avoid using cnid = 0, use NID_undef instead, and return early instead of
trying to find an instance of that in the subject DN.

(Imported from upstrea's 40d5689458593aeca0d1a7f3591f7ccb48e459ac.)

Change-Id: I1bdf6bf7a4b1f4774a8dbec7e5df421b3a27c7e4
Reviewed-on: https://boringssl-review.googlesource.com/5947
Reviewed-by: Adam Langley <agl@google.com>
2015-09-23 23:59:43 +00:00
Adam Langley
73415b6aa0 Move arm_arch.h and fix up lots of include paths.
arm_arch.h is included from ARM asm files, but lives in crypto/, not
openssl/include/. Since the asm files are often built from a different
location than their position in the source tree, relative include paths
are unlikely to work so, rather than having crypto/ be a de-facto,
second global include path, this change moves arm_arch.h to
include/openssl/.

It also removes entries from many include paths because they should be
needed as relative includes are always based on the locations of the
source file.

Change-Id: I638ff43d641ca043a4fc06c0d901b11c6ff73542
Reviewed-on: https://boringssl-review.googlesource.com/5746
Reviewed-by: Adam Langley <agl@google.com>
2015-08-26 01:57:59 +00:00
Matt Braithwaite
c4ef5ff112 In |NCONF_load|, strdup section names rather than adding refs.
The fact that |value_free| expects to free() value->section is
inconsistent with the behavior of |add_string|, which adds a reference
to an existing string.

Along the way, add a |CONF_VALUE_new| method to simplify things a bit.

Change-Id: I438abc80575394e4d8df62a4fe2ff1050e3ba039
Reviewed-on: https://boringssl-review.googlesource.com/5744
Reviewed-by: Adam Langley <agl@google.com>
2015-08-24 22:08:08 +00:00
David Benjamin
3570d73bf1 Remove the func parameter to OPENSSL_PUT_ERROR.
Much of this was done automatically with
  find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/'
  find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+,  ([a-zA-Z_0-9]+\);)/\1\2/'

BUG=468039

Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8
Reviewed-on: https://boringssl-review.googlesource.com/5276
Reviewed-by: Adam Langley <agl@google.com>
2015-07-16 02:02:37 +00:00
Adam Langley
a89fac585f Rename tabtest.c and v3nametest.c
The binaries for these already have underscores in, best to have the
source files match.

Change-Id: I32a419f32ec7786fe2537d061eb0706a7bc73f4a
Reviewed-on: https://boringssl-review.googlesource.com/5101
Reviewed-by: Adam Langley <agl@google.com>
2015-06-16 18:07:27 +00:00
David Benjamin
ff81e10313 Add OPENSSL_PUT_ERROR line to X509V3_parse_list.
See upstream's 344c271eb339fc2982e9a3584a94e51112d84584. We had the error check
already. But, for consistency with the rest of that function's error paths,
pushing an error on the error queue would be prudent.

Change-Id: I8b702abc679dc94dffa79c19a9b7c3d0adc0638b
Reviewed-on: https://boringssl-review.googlesource.com/4889
Reviewed-by: Adam Langley <agl@google.com>
2015-05-27 21:56:16 +00:00
David Benjamin
1590811111 Fix typo in valid_star.
(Imported from upstream's 9a3bf97315aa121441777bf1bc4bea3c5e00af29.)

Change-Id: I1ce28437333012347985c788c86671f5ec34b34f
Reviewed-on: https://boringssl-review.googlesource.com/4888
Reviewed-by: Adam Langley <agl@google.com>
2015-05-27 21:55:14 +00:00
David Benjamin
0b635c52b2 Add malloc test support to unit tests.
Currently far from passing and I haven't even tried with a leak checker yet.
Also bn_test is slow.

Change-Id: I4fe2783aa5f7897839ca846062ae7e4a367d2469
Reviewed-on: https://boringssl-review.googlesource.com/4794
Reviewed-by: Adam Langley <agl@google.com>
2015-05-21 17:59:48 +00:00
Adam Langley
4bdb6e43fa Remove remaining calls to the old lock functions.
|SSL_CTX| and |X509_STORE| have grown their own locks. Several static
locks have been added to hack around not being able to use a
|CRYPTO_once_t| in public headers. Lastly, support for calling
|SSL_CTX_set_generate_session_id| concurrently with active connections
has been removed. No other property of an |SSL_CTX| works like that.

Change-Id: Iff5fe3ee3fdd6ea9c9daee96f850b107ad8a6bca
Reviewed-on: https://boringssl-review.googlesource.com/4775
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 19:18:13 +00:00
Adam Langley
f0320d3c73 Fix use after free in X509.
This change import's upstream's beeb0fa7 and fixes a UAF in X509.
Thankfully, this shouldn't impact Chromium, which doesn't use OpenSSL
for certificate verification.

BUG=489764

Change-Id: I0ce2ec05083f7c588ba5504bb12151437dec593e
Reviewed-on: https://boringssl-review.googlesource.com/4810
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-05-19 19:16:44 +00:00
Matt Braithwaite
f7535aed7d Remove spurious declarations of |X509V3_EXT_conf| and friends.
These functions were #if 0'ed out in the code, which is a distraction.

Change-Id: I186196ab512565507476f9b56682bf59d003d85f
Reviewed-on: https://boringssl-review.googlesource.com/4604
Reviewed-by: Adam Langley <agl@google.com>
2015-05-05 00:22:59 +00:00
David Benjamin
de95d262ab Add missing BUF_strdup failure checks.
Change-Id: I997e8806b0bccb58fe7b8bbea4e98c68d0925361
Reviewed-on: https://boringssl-review.googlesource.com/4513
Reviewed-by: Adam Langley <agl@google.com>
2015-05-04 22:58:38 +00:00
Brian Smith
054e682675 Eliminate unnecessary includes from low-level crypto modules.
Beyond generally eliminating unnecessary includes, eliminate as many
includes of headers that declare/define particularly error-prone
functionality like strlen, malloc, and free. crypto/err/internal.h was
added to remove the dependency on openssl/thread.h from the public
openssl/err.h header. The include of <stdlib.h> in openssl/mem.h was
retained since it defines OPENSSL_malloc and friends as macros around
the stdlib.h functions. The public x509.h, x509v3.h, and ssl.h headers
were not changed in order to minimize breakage of source compatibility
with external code.

Change-Id: I0d264b73ad0a720587774430b2ab8f8275960329
Reviewed-on: https://boringssl-review.googlesource.com/4220
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:49:18 +00:00
Brian Smith
a039d70270 Enable MSVC warning C4701, use of potentially uninitialized variable.
C4701 is "potentially uninitialized local variable 'buf' used". It
sometimes results in false positives, which can now be suppressed
using the macro OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS.

Change-Id: I15068b5a48e1c704702e7752982b9ead855e7633
Reviewed-on: https://boringssl-review.googlesource.com/3160
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:32:26 +00:00
David Benjamin
06e5161423 Fix the linux_shared bot.
all_tests.go will still complain if tab_test is missing.

Change-Id: I97c3684a4397caa55aaae2ec6555b16ee8366233
Reviewed-on: https://boringssl-review.googlesource.com/4250
Reviewed-by: Adam Langley <agl@google.com>
2015-04-07 00:24:57 +00:00
David Benjamin
72f5911a16 Fix the standalone shared library build.
BUG=473360

Change-Id: I6dc06eb425dd10c8d6a40d17f94405ea6f2f3905
Reviewed-on: https://boringssl-review.googlesource.com/4210
Reviewed-by: Adam Langley <agl@google.com>
2015-04-02 21:07:17 +00:00
Håvard Molland
ab2479a08a Clean up error reporting.
Quite a few functions reported wrong function names when pushing
to the error stack.

Change-Id: I84d89dbefd2ecdc89ffb09799e673bae17be0e0f
Reviewed-on: https://boringssl-review.googlesource.com/4080
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-03-20 22:12:59 +00:00
David Benjamin
7e3b5840c2 Fix more missing error checks in v3_cpols.c
I only imported half of upstream's c5f2b5336ab72e40ab91e2ca85639f51fa3178c6 on
accident.

Change-Id: Ice8185ca6770f915eb859e918f5db7d5ccdc7cc7
Reviewed-on: https://boringssl-review.googlesource.com/4045
Reviewed-by: Adam Langley <agl@google.com>
2015-03-19 19:41:28 +00:00
David Benjamin
859a04b7ff Fix missing return checks in v3_cpols.c
Fixed assorted missing return value checks in v3_cpols.c

(Imported from upstream's c5f2b5336ab72e40ab91e2ca85639f51fa3178c6.)

Change-Id: I95e4157fc689201ca32e1c8e51d04801ba478685
Reviewed-on: https://boringssl-review.googlesource.com/4008
Reviewed-by: Adam Langley <agl@google.com>
2015-03-19 11:31:03 +00:00
Adam Langley
c64ccb51b0 Remove support for zero lengths from do_x509_check.
Change-Id: I9ea838850d4c7ea8280cacb1a275b2d6cee1cbbe
2015-02-13 11:00:48 -08:00
Adam Langley
6899b19464 Update API to use (char *) for email addresses and hostnames.
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

(Imported from upstream's e83c913723fac7432a7706812f12394aaa00e8ce.)

Change-Id: Id0fc11773a0cee8933978cd4bdbd8251fd7cfb5f
2015-02-13 11:00:48 -08:00
Adam Langley
6f8c366989 Set optional peername when X509_check_host() succeeds.
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().

(Imported from upstream's 55fe56837a65ff505b492aa6aee748bf5fa91fec.)

Change-Id: Ic21bfb361b8eb25677c4c2175882fa95ea44fc31
2015-02-13 11:00:48 -08:00
Adam Langley
82fc3bd333 More complete input validation of X509_check_mumble.
(Imported from upstream's 3d15d58e55b97207188e87708a0e7f49b4bfd7fd.)

Change-Id: Iae9e3f839e03c22dc45ac2151884e7afcf31af7b
2015-02-13 10:59:10 -08:00
Adam Langley
fcd34624a1 Drop hostlen from X509_VERIFY_PARAM_ID.
Just store NUL-terminated strings. This works better when we add
support for multiple hostnames.

(Imported from upstream's d93edc0aab98377f42dd19312248597a018a7889.)

Change-Id: Ib3bf8a8c654b829b4432782ba21ba55c3d4a0582
2015-02-13 10:51:02 -08:00
Adam Langley
29b186736c Precompute sorted array for error strings.
Previously, error strings were kept in arrays for each subdirectory and
err.c would iterate over them all and insert them at init time to a hash
table.

This means that, even if you have a shared library and lots of processes
using that, each process has ~30KB of private memory from building that
hash table.

This this change, all the error strings are built into a sorted list and
are thus static data. This means that processes can share the error
information and it actually saves binary space because of all the
pointer overhead in the old scheme. Also it saves the time taken
building the hash table at startup.

This removes support for externally-supplied error string data.

Change-Id: Ifca04f335c673a048e1a3e76ff2b69c7264635be
2015-02-09 17:35:31 -08:00
David Benjamin
1eed2c0e40 Fix some unchecked mallocs.
BUG=456599

Change-Id: Id0652c2aff1cb8a5de35350feb8410285b3fef20
Reviewed-on: https://boringssl-review.googlesource.com/3330
Reviewed-by: Adam Langley <agl@google.com>
2015-02-09 19:39:41 +00:00
Adam Langley
2b2d66d409 Remove string.h from base.h.
Including string.h in base.h causes any file that includes a BoringSSL
header to include string.h. Generally this wouldn't be a problem,
although string.h might slow down the compile if it wasn't otherwise
needed. However, it also causes problems for ipsec-tools in Android
because OpenSSL didn't have this behaviour.

This change removes string.h from base.h and, instead, adds it to each
.c file that requires it.

Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37
Reviewed-on: https://boringssl-review.googlesource.com/3200
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-02-02 19:14:15 +00:00
Brian Smith
efed2210e8 Enable more warnings & treat warnings as errors on Windows.
Change-Id: I2bf0144aaa8b670ff00b8e8dfe36bd4d237b9a8a
Reviewed-on: https://boringssl-review.googlesource.com/3140
Reviewed-by: Adam Langley <agl@google.com>
2015-01-31 00:18:55 +00:00
Adam Langley
9115755006 Convert latin-1 files to UTF-8.
A handful of latin-1 codepoints existed a trio of files. This change
switches the encoding to UTF-8.

Change-Id: I00309e4d1ee3101e0cc02abc53196eafa17a4fa5
2015-01-29 17:26:36 -08:00
Adam Langley
4a0f0c4910 Change CMakeLists.txt to two-space indent.
find -name CMakeLists.txt -type f | xargs sed -e 's/\t/  /g' -i

Change-Id: I01636b1849c00ba918f48828252492d99b0403ac
2015-01-28 16:37:10 -08:00
David Benjamin
4de5f54e54 RT3662: Allow leading . in nameConstraints
Change by SteveH from original by John Denker (in the RT)

(Imported from upstream's 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1)

Confirmed by inspection of source that this matches mozilla::pkix behavior. See
https://mxr.mozilla.org/mozilla-central/source/security/pkix/lib/pkixnames.cpp#939

Change-Id: Ic4e7d011f7c10cbc83e5267550063b0ebe9648fb
Reviewed-on: https://boringssl-review.googlesource.com/2848
Reviewed-by: Adam Langley <agl@google.com>
2015-01-14 21:53:12 +00:00
David Benjamin
aa3f6daa86 Tag a number of globals as const.
Change-Id: I6f334911f153395a2e5e26adfd08912a1d8c558b
Reviewed-on: https://boringssl-review.googlesource.com/2847
Reviewed-by: Adam Langley <agl@google.com>
2015-01-14 21:53:00 +00:00
Adam Langley
b9e0ccc650 Fix a couple of minor compiler warnings.
One about a possible uninitialised variable (incorrect, but it's easier
to keep the compiler happy) and one warning about "const static" being
backwards.

Change-Id: Ic5976a5f0b48f32e09682e31b65d8ea1c27e5b88
Reviewed-on: https://boringssl-review.googlesource.com/2632
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-01-06 00:27:22 +00:00
David Benjamin
a85093f5bb Fix error handling in X509_PURPOSE_add and X509_TRUST_add.
Two leaks can happen: if idx is -1, the newly allocated entry may not be freed.
Also, for X509_PURPOSE_add, if only one BUF_strdup succeeds, it will leak.

Restructure both so that the allocations happen ahead of time and are properly
cleaned up. This avoids leaving an existing entry in a half-broken state.

Found (sort of) by scan-build; because of all the indirections and DYNAMIC
flags, it doesn't actually realize the leak's been fixed.

Change-Id: I5521889bd14e007b3f62b6a4906d7c346698b48c
Reviewed-on: https://boringssl-review.googlesource.com/2209
Reviewed-by: Adam Langley <agl@google.com>
2014-11-06 01:44:43 +00:00
David Benjamin
ab2815eaff Fix leak in X509V3_EXT_add on error.
If it fails to be added to the list, the input should be freed. Found (sort of)
by scan-build; because of all the indirections and DYNAMIC flags, it doesn't
actually realize the leak's been fixed.

Change-Id: Idca10964e1ffb2ace1cea7f88d94693205d70d5b
Reviewed-on: https://boringssl-review.googlesource.com/2208
Reviewed-by: Adam Langley <agl@google.com>
2014-11-06 01:40:58 +00:00
David Benjamin
2a0f3420f7 Fix standalone bio_test and v3name_test on Win64.
Win32 still has assembly issues and bssl wants to select() on both sockets and
stdin (doesn't work on Windows). But this is a start.

Change-Id: Iafc5215be281aed836c5ac2dc8b379399848a2c2
Reviewed-on: https://boringssl-review.googlesource.com/2090
Reviewed-by: Adam Langley <agl@google.com>
2014-10-29 21:17:27 +00:00
David Benjamin
a70c75cfc0 Add a CRYPTO_library_init and static-initializer-less build option.
Chromium does not like static initializers, and the CPU logic uses one to
initialize CPU bits. However, the crypto library lacks an explicit
initialization function, which could complicate (no compile-time errors)
porting existing code which uses crypto/, but not ssl/.

Add an explicit CRYPTO_library_init function, but make it a no-op by default.
It only does anything (and is required) if building with
BORINGSSL_NO_STATIC_INITIALIZER.

Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39
Reviewed-on: https://boringssl-review.googlesource.com/1770
Reviewed-by: Adam Langley <agl@google.com>
2014-09-12 00:10:53 +00:00
David Benjamin
457112e197 unifdef a bunch of OPENSSL_NO_* ifdefs.
Get all this stuff out of the way.

- OPENSSL_NO_MD5
- OPENSSL_NO_SHA
- OPENSSL_NO_EC
- OPENSSL_NO_ECDSA
- OPENSSL_NO_ECDH
- OPENSSL_NO_NEXTPROTONEG
- OPENSSL_NO_DH
- OPENSSL_NO_SSL3
- OPENSSL_NO_RC4
- OPENSSL_NO_RSA

Also manually removed a couple instances of OPENSSL_NO_DSA that seemed to be
confused anyway. Did some minor manual cleanup. (Removed a few now-pointless
'if (0)'s.)

Change-Id: Id540ba97ee22ff2309ab20ceb24c7eabe766d4c4
Reviewed-on: https://boringssl-review.googlesource.com/1662
Reviewed-by: Adam Langley <agl@google.com>
2014-08-28 00:41:34 +00:00
David Benjamin
c44d2f4cb8 Convert all zero-argument functions to '(void)'
Otherwise, in C, it becomes a K&R function declaration which doesn't actually
type-check the number of arguments.

Change-Id: I0731a9fefca46fb1c266bfb1c33d464cf451a22e
Reviewed-on: https://boringssl-review.googlesource.com/1582
Reviewed-by: Adam Langley <agl@google.com>
2014-08-21 01:06:07 +00:00
David Benjamin
150c617cfc Add X509_up_ref and use it internally.
Avoid needing to manually increment the reference count and using the right
lock, both here and in Chromium.

Change-Id: If116ebc224cfb1c4711f7e2c06f1fd2c97af21dd
Reviewed-on: https://boringssl-review.googlesource.com/1415
Reviewed-by: Adam Langley <agl@google.com>
2014-08-07 00:06:34 +00:00
Adam Langley
4c921e1bbc Move public headers to include/openssl/
Previously, public headers lived next to the respective code and there
were symlinks from include/openssl to them.

This doesn't work on Windows.

This change moves the headers to live in include/openssl. In cases where
some symlinks pointed to the same header, I've added a file that just
includes the intended target. These cases are all for backwards-compat.

Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92
Reviewed-on: https://boringssl-review.googlesource.com/1180
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-07-14 22:42:18 +00:00
Alex Chernyakhovsky
2897ed3634 Remove CHARSET_EBCDIC
Since crypto/ebcdic.{c,h} are not present in BoringSSL, remove the #ifdefs
Changes were made by running

find . -type f -name *.c | xargs unifdef -m -U CHARSET_EBCDIC
find . -type f -name *.h | xargs unifdef -m -U CHARSET_EBCDIC

using unifdef 2.10.

An additional two ifdefs (CHARSET_EBCDIC_not) were removed manually.

Change-Id: Ie174bb00782cc44c63b0f9fab69619b3a9f66d42
Reviewed-on: https://boringssl-review.googlesource.com/1093
Reviewed-by: Adam Langley <agl@google.com>
2014-07-07 19:30:35 +00:00
Adam Langley
b0d5fb6c74 Add OPENSSL_str[n]casecmp
Windows has different names for these functions and also doesn't have
the strings.h header in which they appear.

This change adds tiny wrapper functions for Windows.
2014-06-20 13:17:43 -07:00
Adam Langley
464f3a147c Enforce _X509_CHECK_FLAG_DOT_SUBDOMAINS internal-only
(Imported from upstream's cfbc10fb327cf8535d6e9b402d1d03140d23d753)
2014-06-20 13:17:43 -07:00
Adam Langley
8241005bfa Client-side namecheck wildcards.
A client reference identity of ".example.com" matches a server certificate
presented identity that is any sub-domain of "example.com" (e.g.
"www.sub.example.com).

With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches only direct
child sub-domains (e.g. "www.sub.example.com"). (cherry picked from commit
e52c52f10bb8e34aaf8f28f3e5b56939e8f6b357)

(Imported from upstream's 3cc8a3f2343cda796de90c127b9e907ca3ec2da5)
2014-06-20 13:17:42 -07:00
Adam Langley
dc160f84f5 Fixes to host checking.
Fixes to host checking wild card support and add support for setting
host checking flags when verifying a certificate chain.

(Imported from upstream's a2219f6be36d12f02b6420dd95f819cf364baf1d)
2014-06-20 13:17:40 -07:00
Adam Langley
548523fd5e Extension checking fixes.
When looking for an extension we need to set the last found
position to -1 to properly search all extensions.

PR#3309

(Imported from upstream's 5cd5e0219d2e9a8c1f2fec3d867f38179c3a86af)
2014-06-20 13:17:40 -07:00
Adam Langley
a993a70d6d Include self-signed flag in certificates.
Include self-signed flag in certificates by checking SKID/AKID as well as
issuer and subject names. Although this is an incompatible change it should
have little impact in pratice because self-issued certificates that are not
self-signed are rarely encountered.

(Imported from upstream's c00f8d697aed17edbd002e2f6c989d8fbd7c4ecf)
2014-06-20 13:17:38 -07:00