summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add a shutdown sequence regress test.jsing2024-01-301-3/+133
| | | | | | | | | | Some software relies on SSL_shutdown() returning 0 (indicating close-notify sent) before returning 1 on a subsequent call (indicating close-notify sent and received). It is worth noting that there is no guarantee that this will occur in normal operation, as the peer could send a close-notify prior to SSL_shutdown() being called. This is currently failing for TLSv1.3.
* Add id-ct-rpkiSignedPrefixList NIDjob2024-01-291-0/+1
| | | | | | | | References: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/ https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@
* Add id-ct-rpkiSignedPrefixList OIDjob2024-01-291-0/+1
| | | | | | | | References: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/ https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@
* Curious to see if explicitly ignoring the return value appeases Coveritytb2024-01-291-2/+2
|
* The KNF script didn't grok LHASH_OF(), STACK_OF()tb2024-01-281-9/+9
|
* Avoid calling EVP_CIPHER_CTX_reset() on a NULL ctxtb2024-01-281-2/+3
|
* Clean up EVP_CIPHER_CTX_init() usage in cmac.cjoshua2024-01-281-25/+33
| | | | | | | | | This replaces usage of EVP_CIPHER_CTX_init() with EVEP_CIPHER_CTX_new(), and EVP_CIPHER_CTX_cleanup() with EVP_CIPHER_CTX_reset(). This also replaces usage of malloc with calloc, and free with freezero. ok tb@
* Clean up EVP_MD_CTX_{init,cleanup}() usage in ASN1_item_verify()joshua2024-01-281-9/+10
| | | | ok tb@
* Dynamic EVP_PKEY_METHODs are a thing from the pasttb2024-01-271-3/+1
|
* Add a few aliases for ECDSA and DSA for security/xcatb2024-01-271-1/+143
| | | | ok jsing
* Use ret instead of rv in a few keyivgen functionstb2024-01-271-11/+11
|
* Fold keyivgen functions into evp_pbe.ctb2024-01-275-599/+387
| | | | | These are only used by the EVP_PBE routines and will become internal in the next major bump.
* Make some comments and some whitespace less uglytb2024-01-271-13/+14
|
* Whitespace tweaktb2024-01-271-2/+4
|
* Throw PKCS5_PBE_add() into the trash bin at the end of evp_pbe.ctb2024-01-272-10/+7
| | | | This has been a noop since forever and will be removed in the next bump.
* Mark the functions at the end of this file for removaltb2024-01-271-1/+5
|
* Support HMAC with SHA-3 as a PBE PRFtb2024-01-271-1/+21
| | | | ok jsing
* Support HMAC with truncated SHA-2 as a PBE PRFtb2024-01-271-1/+11
| | | | ok jsing
* Teach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3tb2024-01-271-1/+21
| | | | | | | | This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3 signature algorithms. With this diff, ECDSA certificates and CMS products using ECDSA with SHA-3 can be generated using the openssl command line tool. ok jsing
* Enable for TLSv1.3 now that shutdown behaviour matches the legacy stack.jsing2024-01-271-3/+1
|
* Rework tls13_legacy_shutdown() to match the legacy stack behaviour.jsing2024-01-271-18/+19
| | | | | | | | Respect the ssl->shutdown flags rather than what has actually happened, return -1 for all EOF errors and completely ignore the return value when attempting to read a close-notify from the wire. ok tb@
* Make tls13_legacy_return_code() static.jsing2024-01-272-4/+3
|
* Add message callbacks for alerts in the TLSv1.3 stack.jsing2024-01-273-10/+49
| | | | | | | | This will make it easier to regress test shutdown behaviour in the TLSv1.3 stack. Additionally, `openssl -msg` now shows alerts for TLSv1.3 connections. ok tb@
* Allocate a fixed NID for the acmeIdentifer OIDtb2024-01-271-0/+1
| | | | ok job jsing
* Add data for the RFC 8737 acmeIdentifiertb2024-01-271-0/+1
| | | | | | | This teaches the object database OID, long and short names for the ACME identifier X.509v3 extension defined in RFC 8737. ok job jsing
* Add 'openssl x509 -new' functionality to the libcrypto CLI utilityjob2024-01-263-15/+121
| | | | | | | | | The ability to generate a new certificate is useful for testing and experimentation with rechaining PKIs. While there, alias '-key' to '-signkey' for compatibility. with and OK tb@
* Plug a few leaks and perform some other code hygienetb2024-01-251-34/+59
| | | | | | Closing this directory now until the daily Coverity run throws a hissy fit. ok jsing
* This table no longer needs to be sortedtb2024-01-251-5/+1
|
* p12_npas.c: hoist some helpers from the bottom to the top in reverse ordertb2024-01-251-64/+53
|
* p12_npas.c: maclen -> mac_lentb2024-01-251-4/+4
|
* p12_npas.c: Use slightly less awkward variable namestb2024-01-251-21/+21
|
* Fix various NULL dereferences in PKCS #12tb2024-01-255-15/+37
| | | | | | | | | | The PKCS #7 ContentInfo has a mandatory contentType, but the content itself is OPTIONAL. Various unpacking API assumed presence of the content type is enough to access members of the content, resulting in crashes. Reported by Bahaa Naamneh on libressl-security, many thanks ok jsing
* Merge PKCS12_newpass() and newpass_p12()tb2024-01-251-37/+20
| | | | | | | | With the previous refactoring, newpass_p12() became simple enough that it doesn't require a separate function anymore. Merge the public API into it and move it below (most of) the things it calls. ok jsing
* Ditch another noop from OPENSSL_cleanup()tb2024-01-251-2/+1
|
* Remove the custom X509v3 extensions stacktb2024-01-251-105/+42
| | | | | | | | | | | | | | | This is essentially unused. The only consumer, www/kore,-acme is in the process of being fixed. It is also incomplete: in particular, the verifier doesn't learn about extensions added to the list, making the entire exercise rather pointless. So let's ditch that crap. This was the last consumer of the horror that is OBJ_bsearch_(). The even worse OBJ_bsearch_ex_() is still being "used" by M2Crypto... This prepares the removal of X509V3_EXT_{add{,_list,_alias},cleanup}(). and removes another piece of thread-unsafe global state. ok jsing
* Rename pkcs12_repack_safe() into pkcs12_repack_authsafes()tb2024-01-251-3/+3
| | | | discussed with jsing
* Rework newpass_p12() a bit moretb2024-01-251-34/+49
| | | | | | | | | Split the bottom half that repacks the authsafes into a helper function. This simplifies the curly exit path and makes it clearer what is being done. PKCS12_pack_authsafes() is a very inconvenient API and there are some extra dances needed due to it. ok jsing
* newpass_p12(): factor for loop body into helperstb2024-01-251-35/+72
| | | | | | | | | | Since newpass_bags() and sk_PKCS7_push() could be shared between two otherwise entirely unrelated code paths, it was decided to dedup the code in about the ugliest possible way. Untangle the spaghetti and split the code paths into helper functions, so we can easily error check and avoid a bunch of leaks. ok jsing
* Fix a memleak and a double free in newpass_p12()tb2024-01-251-6/+8
| | | | | | | | If the allocation of newsafes fails, asafes is leaked. And if the ASN1_OCTET_STRING_new() after the freeing of asafes fails, asafes is freed a second time. ok jsing
* Avoid a four-byte overread in gcm_ghash_4bit_mmx() on i386tb2024-01-241-1/+1
| | | | | | | This is a variant of the same logic error fixed in ghash-x86_64.pl r1.6. The code path is only reachable on machines without FXSR or PCLMUL. ok jsing
* Stop fiddling with hash table internals from lhash doall callers.jsing2024-01-243-12/+6
| | | | | | | | It is now safe to call delete from an lhash doall callback - stop fiddling wit hash table internals from lhash doall callers that previously has to workaround this themselves. ok tb@
* Make it safe to delete entries from an lhash doall callback.jsing2024-01-242-13/+19
| | | | | | | | | | | | | | | | | | Currently, the callback cannot safely delete entries as it could lead to contraction of the hash table, which in turn could lead to doall skipping entries (and that typically leads to memory leaks). The recommended workaround is to reach in and fiddle with the hash table internals in order to prevent contraction, call the doall function and then restore the internals that were changed. Rather than just improving our documentation, actually make it safe to delete entries from an lhash doall callback by pausing contractions prior to starting the callback loop, then restoring the down load factor and triggering contraction once completed. This means that callers no longer need access to change hash table internals in order to achieve this same behaviour. ok tb@
* Avoid a four byte overread in gcm_ghash_4bit() on amd64.jsing2024-01-241-1/+1
| | | | | | | | | | | | | | The assembly code for gcm_ghash_4bit() reads one too many times from Xi, resulting in a four byte overread. Prevent this by not loading the next value in the final iteration of the loop. If another full iteration is required the next Xi value will be loaded at the top of the outer_loop. Many thanks to Douglas Gliner <Douglas.Gliner at sony dot com> for finding and reporting this issue, along with a detailed reproducer. Same diff from deraadt@ ok tb@
* make login.conf(5) and crypt_newhash(3) and the underlying codederaadt2024-01-221-2/+2
| | | | | | | | consistant regarding bcrypt,a instead of blowfish,a. "blowfish" is a historical alias which we don't need to document as firmly as "bcrypt". report about difficult manual page discovery from ataraxia937 ok millert
* Link CMS_signed_add1_attr(3) to tree structure of crypto(3) manuals andtb2024-01-223-5/+8
| | | | add a back reference from CMS_get0_SignerInfos(3).
* Simplify history section to match what other manuals dotb2024-01-221-23/+2
|
* Document various CMS_{signed,unsigned}_* functionsjob2024-01-222-1/+393
| | | | | | These functions change signed & unsigned attributes of a CMS SignerInfo object With & OK tb@
* Replace more occurrences of OBJ_NAME_do_all_sorted() withtb2024-01-211-7/+4
| | | | OBJ_NAME_do_all()
* Make our mktemp(3) callback-driven and split into multiple files.millert2024-01-195-130/+195
| | | | | | Previously, calling any of the mktemp(3) family would pull in lstat(2), open(2) and mkdir(2). Now, only the necessary system calls will be reachable from the binary. OK deraadt@ guenther@
* Move mktemp.c to stdlib where it belongs.millert2024-01-193-4/+582
| | | | OK deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 05:48:27 +0000