Upstream merge 2024 09 16 #1862
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This will be needed for python/cpython#114573. Along the way, document the various functions that expose "query from X509_STORE". Most of them unfortunately leak the weird caching thing that hash_dir does, as well as OpenSSL's generally poor handling of issuers with the same name and CRL lookup, but I don't think it's really worth trying to unexport these APIs. Change-Id: I18137bdc4cbaa4bd20ff55116a18f350df386e4a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65787 Auto-Submit: David Benjamin <[email protected]> Commit-Queue: David Benjamin <[email protected]> Reviewed-by: Bob Beck <[email protected]> (cherry picked from commit ba5eb621d7d9bf2872386b4303fd5e9aa64f7230)
This is only used internally, for X509_PURPOSE_ANY to mark that it has no corresponding trust value. Countrary to the name, this doesn't mean to use the default X509_TRUST behavior, but to make it impossible to configure via X509_STORE_CTX_set_purpose. Since it's only used in one place, as any value that fails lookup, I've just put a local define in v3_purp.c. Change-Id: Id3e44c08528a303132ef09d0a94521af67cc2230 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65212 Auto-Submit: David Benjamin <[email protected]> Reviewed-by: Bob Beck <[email protected]> Commit-Queue: David Benjamin <[email protected]> (cherry picked from commit 5a1a5fbdb865fa58f1da0fd8bf6426f801ea37ac)
X509_PURPOSE can't be fully trimmed because rust-openssl uses a few APIs to look up purposes by string. Change-Id: I39e3cec4d8b01ecf7dec1f368fabea4a82eff8e9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65788 Commit-Queue: David Benjamin <[email protected]> Reviewed-by: Bob Beck <[email protected]> (cherry picked from commit 1b08502fe2f9ffa82d2fcaa3bec39eda0bf83e83)
OpenSSL's API uses this weird "index" intermediate integer representation, which is the same as the ID but offset bit. Just use the IDs throughout. Also document and deprecate the string-based APIs that rust-openssl uses. As a bonus, we remove some int/size_t casts. Change-Id: I3ffd2ab59bf3c9d96014a028b667b0bd3288b16b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65789 Commit-Queue: David Benjamin <[email protected]> Reviewed-by: Bob Beck <[email protected]> (cherry picked from commit 8e6a26d128484b886e6dcbfa558b993d38950bb5)
These were mostly already documented, but fit the current style. Add a couple tests for some interesting cases. With this, all we have left to document are: - Built-in and custom extensions - Filesystem-based X509_STORE bits - The APIs to query X509_STORE (mildly annoying because the sort-of-a-cache-sort-of-not thing is exposed) Bug: 426 Change-Id: I68c16071b8781f560e6601fd65a7fba9b6efe862 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65790 Commit-Queue: David Benjamin <[email protected]> Reviewed-by: Bob Beck <[email protected]> (cherry picked from commit a028a23fe5fe8390389b05d2740f0576908fe25d)
It's less bad than I originally wrote because trust properties only matter if configured on the X509_STORE. Add a test for this. This is good because lots of functions trigger d2i_X509_AUX, so I think we have to assume attackers can specify these values. Nonetheless, this is surprising, so document which functions trigger this. Change-Id: I73ce44acfa2a373ef3f3ef09c3e46cea98124f33 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65791 Reviewed-by: Bob Beck <[email protected]> Commit-Queue: David Benjamin <[email protected]> (cherry picked from commit 0568c2c1dbff4e1de4d5a63fbaf7d13925df27fa)
Probably we could remove this altogether. The new verifier doesn't support nameRelativeToCRLIssuer. Change-Id: Ibb2210d513827577656d816fad90f658c2875601 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65792 Reviewed-by: Bob Beck <[email protected]> Commit-Queue: David Benjamin <[email protected]> (cherry picked from commit 46ff4f7f73304a0ccf65109a2ff47469cf4cfb26)
There are still a pile of functions left to document, but we're far enough now that the doc generation is happy to run on this header. Go ahead and start generating output. Bug: 426 Change-Id: I4c807d625df3a4a881936e99b5a3fc6559cda6c9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65793 Reviewed-by: Bob Beck <[email protected]> Commit-Queue: David Benjamin <[email protected]> (cherry picked from commit ea003bdaab1a6611b1a09f4e7f4cae3fa7390588)
Although the comments say draft-03, we're currently on draft-06. dcd6e44 forgot to update all the comments. The final RFC is identical to draft-06, except expected_cert_verify_algorithm was renamed to dc_cert_verify_algorithm, so this is just changing comment and renaming something. While I'm here, write the codepoint in decimal instead of hex, to match the document and how the other IANA codepoints are written out. Change-Id: I6d1f362a21eecafeef5bba5879f4158e31c8def4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66367 Reviewed-by: Bob Beck <[email protected]> Commit-Queue: Bob Beck <[email protected]> Auto-Submit: David Benjamin <[email protected]> (cherry picked from commit 48b0edfdf2dd9f38650d2ec13fa72cc0407a0d84)
We always pass this, so checks are redundant. Note this doesn't control the SSE2 runtime checks, just whether SSE2 code is emitted. Change-Id: I159806928643915afecf738dcac218007ba94600 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65869 Reviewed-by: Bob Beck <[email protected]> Commit-Queue: David Benjamin <[email protected]> (cherry picked from commit 20c93abd47726624ab3e479466078f7e63f081f7)
Bug: 673 Change-Id: I7e213dc1bbb62553499666c1b271d97f8c43a3ce Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65870 Reviewed-by: Bob Beck <[email protected]> Commit-Queue: David Benjamin <[email protected]> (cherry picked from commit 6d0caa1a0aad0b035ff1a63f9e292fec45ad3b35)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.