openbsd/src/lib/libcrypto/pkcs7, branch libressl-v3.7.0

Make internal header file names consistent

2022-11-26T16:08:57+00:00

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include was fixed manually. discussed with jsing, no objection bcook

Hide symbols in libcrypto/pkcs7

2022-11-12T12:11:14+00:00

This applies the guentherizer 9000(tm) to pkcs7, after moving several pkcs7 funcitions back to pkcs7 that were in x509/x_all.c for reasons known only to the miasma. ok jsing@

Remove mkerr.pl remnants from LibreSSL

2022-07-12T14:42:50+00:00

This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb

Simplify X509_ATTRIBUTE ASN.1 encoding.

2022-05-09T19:19:33+00:00

For some unknown historical reason, X509_ATTRIBUTE allows for a single ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF. Simplify encoding and remove support for single values - this is similar to OpenSSL e20b57270dec. This removes the last use of COMBINE in the ASN.1 decoder. ok tb@

Garbage collect the app_items field of ASN1_ADB

2022-01-14T08:16:13+00:00

This is unused and was removed in OpenSSL 5b70372d when it was replaced with an ASN.1 ADB callback (which we don't support). ok inoguchi jsing

Include evp_locl.h where it will be needed once most structs from

2021-12-12T21:30:14+00:00

evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi

Move the now internal X.509-related structs into x509_lcl.h.

2021-11-01T20:53:08+00:00

Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing

Remove remaining error *_str_functs[]

2020-06-05T16:51:12+00:00

A number of years ago we dropped the concept of having function names in errors, since it is not that useful and very quickly gets out of sync when refactoring. It would seem that some new ones got imported and some missed the last clean up. ok tb@ beck@ "kill it with fire"

Remove redundant ASN1_INTEGER_set call in PKCS7_set_type

2020-01-21T10:18:52+00:00

ok bcook@

Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.

2019-10-04T18:03:56+00:00

(Note that the CMS code is currently disabled.) Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license) tests from bluhm@ ok jsing commit e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f Author: Bernd Edlinger Date: Sun Sep 1 00:16:28 2019 +0200 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9777) (cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37)