summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Move towards making RSA OAEP functions handle arbitrary message digests.jsing2019-10-031-53/+59
| | | | | | Based on OpenSSL 1.1.1. ok tb@, inoguchi@ (on an earlier/larger diff)
* bump for LibreSSL 3.0.1libressl-v3.0.1bcook2019-09-301-3/+3
|
* zap trailing whitespace;jmc2019-09-291-3/+3
|
* If a NULL or zero cofactor is passed to EC_GROUP_set_generator(),tb2019-09-293-11/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | try to compute it using Hasse's bound. This works as long as the cofactor is small enough. Port of Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1 (old license) tests & ok inoguchi input & ok jsing commit 30c22fa8b1d840036b8e203585738df62a03cec8 Author: Billy Brumley <bbrumley@gmail.com> Date: Thu Sep 5 21:25:37 2019 +0300 [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it The cofactor argument to EC_GROUP_set_generator is optional, and SCA mitigations for ECC currently use it. So the library currently falls back to very old SCA-vulnerable code if the cofactor is not present. This PR allows EC_GROUP_set_generator to compute the cofactor for all curves of cryptographic interest. Steering scalar multiplication to more SCA-robust code. This issue affects persisted private keys in explicit parameter form, where the (optional) cofactor field is zero or absent. It also affects curves not built-in to the library, but constructed programatically with explicit parameters, then calling EC_GROUP_set_generator with a nonsensical value (NULL, zero). The very old scalar multiplication code is known to be vulnerable to local uarch attacks, outside of the OpenSSL threat model. New results suggest the code path is also vulnerable to traditional wall clock timing attacks. CVE-2019-1547 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9781)
* Xr random 4 in a better wayderaadt2019-09-281-3/+5
|
* Add comment line saying S is described vaguely on purpose.otto2019-09-141-2/+3
| | | | Prompted by guenther@
* document EVP_PKEY_CTX_get_signature_md(3);schwarze2019-09-101-4/+17
| | | | jsing@ provided it in evp.h rev. 1.77
* Plug memory leak in error paths. Found while comparing this filetb2019-09-091-5/+5
| | | | | | with OpenSSL 1.1.1's version which contains a similar fix. ok jsing
* Provide EVP_PKEY_CTX_get_signature_md() macro and implement thejsing2019-09-094-7/+25
| | | | | | | | EVP_PKEY_CTRL_GET_MD control for DSA, EC and RSA. This is used by the upcoming RSA CMS code. ok inoguchi@ tb@
* Load CMS error strings.jsing2019-09-091-1/+5
|
* Move #include <openssl/cms.h> to more appropriate location (since it isjsing2019-09-091-3/+2
| | | | now being installed).
* Install the openssl/cms.h header.jsing2019-09-091-1/+3
| | | | | | | | This header includes OPENSSL_NO_CMS guards, so even if things find the header it provides no useful content (and other code should technically also be using OPENSSL_NO_CMS...). ok deraadt@ inoguchi@
* Add CMS ECC support.jsing2019-09-081-2/+370
| | | | | | | | This brings in EC code from OpenSSL 1.1.1b, with style(9) and whitespace cleanups. All of this code is currently under OPENSSL_NO_CMS hence is a no-op. ok inoguchi@
* Add various macros and controls for EC_PKEY_CTX.jsing2019-09-064-28/+316
| | | | | | | | | These are needed for the upcoming EC CMS support (nothing else appears to use them). This largely syncs our ec_pmeth.c with OpenSSL 1.1.1b. With input from inoguchi@ and tb@. ok inoguchi@ tb@
* Handle CMS PEM headers.jsing2019-09-061-1/+11
| | | | ok inoguchi@ tb@
* Add objects for ECDH schemes in RFC 5753.jsing2019-09-052-0/+32
| | | | | | Based on OpenSSL 1.1.1b. ok inoguchi@ tb@
* Build ecdh_kdf.cjsing2019-09-051-2/+2
|
* Replace OPENSSL_cleanse() with explicit_bzero().jsing2019-09-051-1/+1
|
* Provide prototype for ecdh_KDF_X9_63()jsing2019-09-051-1/+7
|
* Include correct header.jsing2019-09-051-1/+1
|
* style(9) and whitespace.jsing2019-09-051-65/+72
|
* Restore per-file license/copyright removed in OpenSSL commit 4f22f40507f.jsing2019-09-051-5/+48
|
* Remove ECDH_KDF_X9_62 wrapper.jsing2019-09-051-12/+0
|
* Provide ECDH KDF for X9.63 as needed for CMS ECC.jsing2019-09-051-0/+81
| | | | | | From OpenSSL 1.1.1b. ok tb@ inoguchi@
* Feed the bntest output to bc(1). This checks the result of the bigbluhm2019-09-052-13/+16
| | | | | | num calculations and avoids lots of ugly output to stdout. Remove fflush(3) of stderr, it is unbuffered anyway. with Moritz Buhl
* Document EVP_PKEY_get0(3), EVP_PKEY_assign_GOST(3), EVP_PKEY_assign(3),schwarze2019-09-012-31/+116
| | | | | and EVP_PKEY_set_type(3). While here, clarify a few points regarding reference count and type checking.
* mop up resolver.3 rename; ok deraadtjmc2019-08-305-15/+15
|
* mop up for inet_net rename; ok deraadtjmc2019-08-303-9/+9
|
* adapt to bitstring(3) renaming, and look at that bit_ffs(3) is the actualderaadt2019-08-301-3/+3
| | | | | name we want to Xr... ok jmc
* Move 4 manual pages from not-a-function filenames to a correct filename,deraadt2019-08-306-16/+16
| | | | | and correct Xr. ok jmc
* Remove unnecessary NULL check before free function in openssl(1) dgstinoguchi2019-08-301-11/+6
|
* Wrap lines over 80 cols and put space before goto label in openssl(1) dgstinoguchi2019-08-301-20/+30
|
* Simplify checking and more readable descriptions in openssl(1) dgstinoguchi2019-08-301-8/+8
| | | | suggested from jsing@
* Convert openssl(1) dgst to the newer style of option handlinginoguchi2019-08-301-99/+216
| | | | | | | | Adapt openssl(1) dgst command to new option handling. Added dgst_options struct and option handlers, and replaced for-if-strcmp handling with options_parse(). ok bcook@ jsing@
* new manual page AES_encrypt(3)schwarze2019-08-284-5/+181
|
* document OCSP_parse_url(3)schwarze2019-08-271-6/+75
|
* document OCSP_cert_status_str(3)schwarze2019-08-271-3/+19
|
* document OCSP_response_status_str(3)schwarze2019-08-271-4/+19
|
* document i2a_ASN1_INTEGER(3)schwarze2019-08-261-5/+50
|
* document ASN1_put_object(3) and ASN1_put_eoc(3)schwarze2019-08-263-3/+186
|
* document ASN1_OCTET_STRING_cmp(3), ASN1_OCTET_STRING_dup(3), andschwarze2019-08-261-12/+45
| | | | ASN1_OCTET_STRING_set(3)
* Change generating and checking of primes so that the error rate ofschwarze2019-08-252-26/+93
| | | | | | | | | | | not being prime depends on the intended use based on the size of the input. For larger primes this will result in more rounds of Miller-Rabin. The maximal error rate for primes with more than 1080 bits is lowered to 2^-128. Patch from Kurt Roeckx <kurt@roeckx.be> and Annie Yousar via OpenSSL commit feac7a1c Jul 25 18:55:16 2018 +0200, still under a free license. OK tb@.
* document EVP_sm3(3) and EVP_whirlpool(3), loosely based on theschwarze2019-08-255-6/+177
| | | | OpenSSL 1.1.1 pages, which are still under a free license
* fix reversed meaning of error codes;schwarze2019-08-251-7/+7
| | | | | from Martin Ukrop <mukrop at mail dot muni dot cz> via OpenSSL commit bb00b040 Aug 5 14:14:54 2019 +0200
* typo in function argument type;schwarze2019-08-251-4/+4
| | | | | from Jan Macku <jamacku at redhat dot com> via OpenSSL commit a9b9d265 Jan 30 16:09:50 2019 +0100
* Correctly document the return values of i2d_ECDSA_SIG(3) andschwarze2019-08-251-25/+28
| | | | | | | d2i_ECDSA_SIG(3); triggered by OpenSSL commit da4ea0cf Aug 5 16:13:24 2019 +0100, but solved differently. While here, adjust argument placeholders and wording to our usual conventions, and don't try to reiterate the complicated contents of ASN1_item_d2i(3) here.
* import the CRYPTO_memcmp(3) manual from OpenSSL 1.1.1,schwarze2019-08-252-1/+97
| | | | still under a free license, tweaked by me
* document RSAPrivateKey_dup(3) and RSAPublicKey_dup(3)schwarze2019-08-231-11/+55
|
* document X509_get1_email(3), X509_get1_ocsp(3), X509_email_free(3)schwarze2019-08-236-12/+141
|
* document X509_dup(3)schwarze2019-08-231-8/+40
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-19 21:10:35 +0000