summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Use a fixed-size array for the message and simplify a few other curlytb2022-11-171-14/+16
| | | | things.
* Add initial Wycheproof EdDSA test coveragetb2022-11-171-1/+111
|
* Add a regression test for curve25519.c r1.14tb2022-11-171-2/+132
| | | | | | | | Generate random signatures of random messages and verify them. Then check that the signature modified by adding the edwards25519 group order to the upper half are rejected. This would not always be accepted without the check in curve25519.c r1.14, but often enough that a few iterations suffice to expose the missing check.
* Prevent Ed25519 signature malleabilitytb2022-11-171-1/+28
| | | | | | | | | | | | Add a check that ensures that the upper half s of an Ed25519 signature is bounded by the group order, i.e, 0 <= s < order. This is required by the Verify procedure in RFC 8032, section 5.1.7, step 1, and prevents simple modifications of signatures such as adding (a multiple of) the group order to the upper half of the signature. Found with EdDSA testcase 63 of project Wycheproof. ok beck jsing
* Revert "Check certificate extensions in trusted certificates"beck2022-11-173-64/+8
| | | | | | | | There are some possible strange side effects noticed by the openssl cms regress tests that I missed. Backing this out until I untangle it ok tb@
* tolower(3) guarantees to return its argument unchanged if it's notflorian2022-11-161-10/+3
| | | | | | | uppercase. While here use the correct idiom of casting to unsigned char. OK millert, farewell to ultrix deraadt
* mark BN_X931_derive_prime_ex, BN_X931_generate_prime_ex,schwarze2022-11-161-2/+8
| | | | | and BN_X931_generate_Xpq as intentionally undocumented because they are unused outside OpenSSL/LibreSSL and deprecated in OpenSSL 3.0
* expose the documentation of X509_STORE_CTX_verify_fn(3)schwarze2022-11-162-42/+26
| | | | | and X509_STORE_set_verify(3) and document X509_STORE_get_verify(3) which tb@ all provided with x509_vfy.h revisions 1.48 and 1.49
* document X509_STORE_CTX_verify_cb(3) and X509_STORE_get_verify_cb(3)schwarze2022-11-162-13/+40
| | | | which tb@ provided with x509_vfy.h revisions 1.48 and 1.49
* Mark BN_mod_exp2_mont() as intentionally undocumented.schwarze2022-11-161-3/+4
| | | | | | | | | | | It appears to be intended for internal use by DSA_do_verify(3) and using codesearch.debian.net, i found nothing outside OpenSSL/LibreSSL using it. In April 2018, jsing@ questioned whether the five related functions BN_mod_exp_mont() and friends should even be exposed by <openssl/bn.h>, so we decided to not document them. Now tb@ agrees that there is no reason to document BN_mod_exp2_mont() as long as we don't want to document BN_mod_exp_mont().
* Remove an outdated TODOtb2022-11-161-4/+1
|
* document BN_mod_sqrt(3)schwarze2022-11-154-5/+119
|
* document BN_kronecker(3)schwarze2022-11-143-3/+61
|
* document BN_reciprocal(3)schwarze2022-11-141-10/+55
|
* Hide public symbols in libcrypto/x509 .c filesbeck2022-11-1455-52/+2073
| | | | ok tb@
* Fix comment styletb2022-11-131-3/+3
|
* Various improvements; joint work with beck@:schwarze2022-11-131-64/+72
| | | | | | | | | | | 1. Explain up front what "ASN1_TIME" is (suggested by beck@, wording by me). 2. For opaque structs, use the generic term "object", like we already do it in many other LibreSSL manual pages. 3. Drop some redundant phrases. 4. Improve the EXAMPLES section (by beck@, with fixes by me). 6. Add a STANDARDS section. ...and some other minor polishing. OK beck@
* Check certificate extensions in trusted certificates.beck2022-11-133-8/+64
| | | | | | | | | | | | | | | | | | Historically the standards let the implementation decide to either check or ignore the certificate properties of trust anchors. You could either use them simply as a source of a public key which was trusted for everything, or you were also permitted to check the certificate properties and fully enforce them. Hooray for freedumb. OpenSSL changed to checking these with : commit 0daccd4dc1f1ac62181738a91714f35472e50f3c Author: Viktor Dukhovni <openssl-users@dukhovni.org> Date: Thu Jan 28 03:01:45 2016 -0500 BoringSSL currently does not check them, as it also inherited the previous OpenSSL behaviour. It will change to check them in the future. (https://bugs.chromium.org/p/boringssl/issues/detail?id=533)
* Bump libtls minor to match libcrypto and libssltb2022-11-131-1/+1
|
* Bump libssl minor to match libcryptotb2022-11-131-1/+1
|
* Bump minor after symbol additiontb2022-11-131-1/+1
|
* Update Symbols.listtb2022-11-131-0/+8
|
* Expose direct access API for Ed25519.tb2022-11-131-3/+1
|
* Expose various EVP hooks for Ed25519 and X25519tb2022-11-131-6/+3
| | | | | | | | This adds the EVP_PKEY_ED25519 and EVP_PKEY_X25519 aliases for the NIDs and exposes the raw public key API. The ED25519_KEYLEN and X25519_KEYLEN defines are still kept internal for now to match what OpenSSL have. We may want to expose those later.
* Add ED25519 aliases for NID, SN and OBJtb2022-11-131-3/+1
| | | | The Ed25519 versions already existed, but OpenSSL chose to uppercase the D.
* Expose ASN1_buf_print() in asn1.htb2022-11-131-3/+1
| | | | | This is needed to print the 32-byte Ed25519 keys which aren't handled as BNs.
* Hide symbols in libcrypto/uibeck2022-11-126-4/+187
| | | | ok jsing@
* Hide symbols in libcrypto/pkcs12beck2022-11-1218-17/+272
| | | | ok jsing@
* Hide symbols in libcrypto/pkcs7beck2022-11-1211-41/+368
| | | | | | | | This applies the guentherizer 9000(tm) to pkcs7, after moving several pkcs7 funcitions back to pkcs7 that were in x509/x_all.c for reasons known only to the miasma. ok jsing@
* Hide symbols in libcrypto/stackbeck2022-11-113-1/+89
| | | | | | | Automated change from the first attempts at the semi automated Guentherizer 2000. ok jsing@ tb@ joshua@
* Clean up openssl(1) command execution.joshua2022-11-111-20/+26
| | | | | | | | | This cleans up the code that handles command execution for openssl(1), displays the help message when 'openssl help' is executed, and exits with code 1 when an invalid command is executed, matching the behaviour of OpenSSL version 1.1+ and above. ok tb@
* Convert the legacy TLS stack to tls_content.jsing2022-11-1110-190/+292
| | | | | | | | | | This converts the legacy TLS stack to tls_content - records are now opened into a tls_content structure, rather than being written back into the same buffer that the sealed record was read into. This will allow for further clean up of the legacy record layer. ok tb@
* Remove the legacy interactive mode from openssl(1).joshua2022-11-1146-376/+231
| | | | | | | | This removes the legacy interactive mode from openssl(1) since it is rarely used, complicates the code, and has also been removed from OpenSSL in version 3.x.x. ok tb@ jsing@
* Symbols.list: Drop comments and sort.tb2022-11-111-33/+22
| | | | | | | While grouping the API by its purpose is nice, it doesn't help much if >90% is "general API". ok jsing
* Use named initialisers.jsing2022-11-111-3/+4
| | | | Requested by tb@
* Merge bf_pi.h into bf_skey.c.jsing2022-11-112-330/+268
| | | | | | | There's not much point having a static table in a header file that is only included in one source file. Discussed with tb@
* Tidy includes, fix comment style and mop up some blank lines.jsing2022-11-116-17/+22
|
* Whack blowfish with a style(9) bat.jsing2022-11-119-740/+741
|
* Start CBS-ifying the name constraints code.beck2022-11-115-138/+198
| | | | ok jsing@ tb@
* Stop pretending that obj_mac.h is optional.jsing2022-11-111-896/+1
| | | | | | | | This is effectively: unifdef -m -DUSE_OBJ_MAC objects/objects.h ok beck@, with extreme prejudice.
* Add support for symbol hiding disabled by default.beck2022-11-1110-5/+232
| | | | | | | | | | | | Fully explained in libcrypto/README. TL;DR make sure libcrypto and libssl's function calls internally and to each other are via symbol names that won't get overridden by linking other libraries. Mostly work by guenther@, which will currently be gated behind a build setting NAMESPACE=yes. once we convert all the symbols to this method we will do a major bump and pick up the changes. ok tb@ jsing@
* zap stray space (CRITICAL!)tb2022-11-111-2/+2
|
* Bump LibreSSL version to 3.7tb2022-11-101-3/+3
|
* Use tls_buffer for alert and handshake fragments in the legacy stack.jsing2022-11-105-49/+94
| | | | | | This avoids a bunch of pointer munging and a handrolled memmove. ok tb@
* Finish migrating to one source file per line.joshua2022-11-101-17/+78
| | | | ok jsing@ tb@
* In asn1.h rev. 1.65, beck@ provided ASN1_TIME_set_string_X509(3),schwarze2022-11-101-11/+139
| | | | | | | | | ASN1_TIME_normalize(3), ASN1_TIME_to_tm(3), ASN1_TIME_cmp_time_t(3), and ASN1_TIME_compare(3). Merge documentation from the OpenSSL 1.1.1 branch, which is still under a free license, with tweaks by me in several respects to match our implementation, and also using some feedback from beck@. OK beck@.
* Allow explicit cert trusts or distrusts for EKU anybeck2022-11-101-4/+6
| | | | | | | | | This matches the current OpenSSL behaviour introduced in their commit: commit 0daccd4dc1f1ac62181738a91714f35472e50f3c Date: Thu Jan 28 03:01:45 2016 -0500 ok jsing@ tb@
* Add regress coverage for Ed25519 and X25519 EVP interfaces.jsing2022-11-102-2/+838
|
* Implement EVP interfaces for Ed25519 and X25519.jsing2022-11-108-7/+902
| | | | ok beck@ tb@
* Remove obsolete function, struct, and macro namesschwarze2022-11-101-5/+0
| | | | | | | | | | that tb@ removed from asn1.h on January 14: rev. 1.58: ASN1_CTX ASN1_const_CTX rev. 1.60: ASN1_OBJECT_FLAG_CRITICAL ASN1_OBJECT_FLAG_DYNAMIC rev. 1.60: ASN1_OBJECT_FLAG_DYNAMIC_DATA ASN1_OBJECT_FLAG_DYNAMIC_STRINGS rev. 1.61: NETSCAPE_X509 NETSCAPE_X509_free NETSCAPE_X509_new rev. 1.61: d2i_NETSCAPE_X509 i2d_NETSCAPE_X509
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-03 16:18:42 +0000