CVSROOT: /cvs
Module name: src
Changes by: b...@cvs.openbsd.org 2023/05/29 05:54:50
Modified files:
lib/libcrypto/man: X509_NAME_get_index_by_NID.3
lib/libcrypto/x509: x509name.c
regress/lib/libcrypto/x509: x509_asn1.c
Log message:
Make X509_NAME_get_text_by[NID|OBJ] safer.
This is an un-revert with nits of the previously landed change
to do this which broke libtls. libtls has now been changed to
not use this function.
This change ensures that if something is returned it is "text"
(UTF-8) and a C string not containing a NUL byte. Historically
callers to this function assume the result is text and a C string
however the OpenSSL version simply hands them the bytes from an
ASN1_STRING and expects them to know bad things can happen which
they almost universally do not check for. Partly inspired by
goings on in boringssl.
ok jsing@ tb@
