summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Throw PKCS5_PBE_add() into the trash bin at the end of evp_pbe.ctb2024-01-272-10/+7
| | | | This has been a noop since forever and will be removed in the next bump.
* Mark the functions at the end of this file for removaltb2024-01-271-1/+5
|
* Support HMAC with SHA-3 as a PBE PRFtb2024-01-271-1/+21
| | | | ok jsing
* Support HMAC with truncated SHA-2 as a PBE PRFtb2024-01-271-1/+11
| | | | ok jsing
* Teach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3tb2024-01-271-1/+21
| | | | | | | | This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3 signature algorithms. With this diff, ECDSA certificates and CMS products using ECDSA with SHA-3 can be generated using the openssl command line tool. ok jsing
* Enable for TLSv1.3 now that shutdown behaviour matches the legacy stack.jsing2024-01-271-3/+1
|
* Rework tls13_legacy_shutdown() to match the legacy stack behaviour.jsing2024-01-271-18/+19
| | | | | | | | Respect the ssl->shutdown flags rather than what has actually happened, return -1 for all EOF errors and completely ignore the return value when attempting to read a close-notify from the wire. ok tb@
* Make tls13_legacy_return_code() static.jsing2024-01-272-4/+3
|
* Add message callbacks for alerts in the TLSv1.3 stack.jsing2024-01-273-10/+49
| | | | | | | | This will make it easier to regress test shutdown behaviour in the TLSv1.3 stack. Additionally, `openssl -msg` now shows alerts for TLSv1.3 connections. ok tb@
* Allocate a fixed NID for the acmeIdentifer OIDtb2024-01-271-0/+1
| | | | ok job jsing
* Add data for the RFC 8737 acmeIdentifiertb2024-01-271-0/+1
| | | | | | | This teaches the object database OID, long and short names for the ACME identifier X.509v3 extension defined in RFC 8737. ok job jsing
* Add 'openssl x509 -new' functionality to the libcrypto CLI utilityjob2024-01-263-15/+121
| | | | | | | | | The ability to generate a new certificate is useful for testing and experimentation with rechaining PKIs. While there, alias '-key' to '-signkey' for compatibility. with and OK tb@
* Plug a few leaks and perform some other code hygienetb2024-01-251-34/+59
| | | | | | Closing this directory now until the daily Coverity run throws a hissy fit. ok jsing
* This table no longer needs to be sortedtb2024-01-251-5/+1
|
* p12_npas.c: hoist some helpers from the bottom to the top in reverse ordertb2024-01-251-64/+53
|
* p12_npas.c: maclen -> mac_lentb2024-01-251-4/+4
|
* p12_npas.c: Use slightly less awkward variable namestb2024-01-251-21/+21
|
* Fix various NULL dereferences in PKCS #12tb2024-01-255-15/+37
| | | | | | | | | | The PKCS #7 ContentInfo has a mandatory contentType, but the content itself is OPTIONAL. Various unpacking API assumed presence of the content type is enough to access members of the content, resulting in crashes. Reported by Bahaa Naamneh on libressl-security, many thanks ok jsing
* Merge PKCS12_newpass() and newpass_p12()tb2024-01-251-37/+20
| | | | | | | | With the previous refactoring, newpass_p12() became simple enough that it doesn't require a separate function anymore. Merge the public API into it and move it below (most of) the things it calls. ok jsing
* Ditch another noop from OPENSSL_cleanup()tb2024-01-251-2/+1
|
* Remove the custom X509v3 extensions stacktb2024-01-251-105/+42
| | | | | | | | | | | | | | | This is essentially unused. The only consumer, www/kore,-acme is in the process of being fixed. It is also incomplete: in particular, the verifier doesn't learn about extensions added to the list, making the entire exercise rather pointless. So let's ditch that crap. This was the last consumer of the horror that is OBJ_bsearch_(). The even worse OBJ_bsearch_ex_() is still being "used" by M2Crypto... This prepares the removal of X509V3_EXT_{add{,_list,_alias},cleanup}(). and removes another piece of thread-unsafe global state. ok jsing
* Rename pkcs12_repack_safe() into pkcs12_repack_authsafes()tb2024-01-251-3/+3
| | | | discussed with jsing
* Rework newpass_p12() a bit moretb2024-01-251-34/+49
| | | | | | | | | Split the bottom half that repacks the authsafes into a helper function. This simplifies the curly exit path and makes it clearer what is being done. PKCS12_pack_authsafes() is a very inconvenient API and there are some extra dances needed due to it. ok jsing
* newpass_p12(): factor for loop body into helperstb2024-01-251-35/+72
| | | | | | | | | | Since newpass_bags() and sk_PKCS7_push() could be shared between two otherwise entirely unrelated code paths, it was decided to dedup the code in about the ugliest possible way. Untangle the spaghetti and split the code paths into helper functions, so we can easily error check and avoid a bunch of leaks. ok jsing
* Fix a memleak and a double free in newpass_p12()tb2024-01-251-6/+8
| | | | | | | | If the allocation of newsafes fails, asafes is leaked. And if the ASN1_OCTET_STRING_new() after the freeing of asafes fails, asafes is freed a second time. ok jsing
* Avoid a four-byte overread in gcm_ghash_4bit_mmx() on i386tb2024-01-241-1/+1
| | | | | | | This is a variant of the same logic error fixed in ghash-x86_64.pl r1.6. The code path is only reachable on machines without FXSR or PCLMUL. ok jsing
* Stop fiddling with hash table internals from lhash doall callers.jsing2024-01-243-12/+6
| | | | | | | | It is now safe to call delete from an lhash doall callback - stop fiddling wit hash table internals from lhash doall callers that previously has to workaround this themselves. ok tb@
* Make it safe to delete entries from an lhash doall callback.jsing2024-01-242-13/+19
| | | | | | | | | | | | | | | | | | Currently, the callback cannot safely delete entries as it could lead to contraction of the hash table, which in turn could lead to doall skipping entries (and that typically leads to memory leaks). The recommended workaround is to reach in and fiddle with the hash table internals in order to prevent contraction, call the doall function and then restore the internals that were changed. Rather than just improving our documentation, actually make it safe to delete entries from an lhash doall callback by pausing contractions prior to starting the callback loop, then restoring the down load factor and triggering contraction once completed. This means that callers no longer need access to change hash table internals in order to achieve this same behaviour. ok tb@
* Avoid a four byte overread in gcm_ghash_4bit() on amd64.jsing2024-01-241-1/+1
| | | | | | | | | | | | | | The assembly code for gcm_ghash_4bit() reads one too many times from Xi, resulting in a four byte overread. Prevent this by not loading the next value in the final iteration of the loop. If another full iteration is required the next Xi value will be loaded at the top of the outer_loop. Many thanks to Douglas Gliner <Douglas.Gliner at sony dot com> for finding and reporting this issue, along with a detailed reproducer. Same diff from deraadt@ ok tb@
* make login.conf(5) and crypt_newhash(3) and the underlying codederaadt2024-01-221-2/+2
| | | | | | | | consistant regarding bcrypt,a instead of blowfish,a. "blowfish" is a historical alias which we don't need to document as firmly as "bcrypt". report about difficult manual page discovery from ataraxia937 ok millert
* Link CMS_signed_add1_attr(3) to tree structure of crypto(3) manuals andtb2024-01-223-5/+8
| | | | add a back reference from CMS_get0_SignerInfos(3).
* Simplify history section to match what other manuals dotb2024-01-221-23/+2
|
* Document various CMS_{signed,unsigned}_* functionsjob2024-01-222-1/+393
| | | | | | These functions change signed & unsigned attributes of a CMS SignerInfo object With & OK tb@
* Replace more occurrences of OBJ_NAME_do_all_sorted() withtb2024-01-211-7/+4
| | | | OBJ_NAME_do_all()
* Make our mktemp(3) callback-driven and split into multiple files.millert2024-01-195-130/+195
| | | | | | Previously, calling any of the mktemp(3) family would pull in lstat(2), open(2) and mkdir(2). Now, only the necessary system calls will be reachable from the binary. OK deraadt@ guenther@
* Move mktemp.c to stdlib where it belongs.millert2024-01-193-4/+582
| | | | OK deraadt@
* Enable shutdown regress test.jsing2024-01-191-1/+2
|
* Add regress test coverage for SSL_shutdown().jsing2024-01-192-0/+546
| | | | | | | This tests and codifies the behaviour of SSL_shutdown() with respect to SSL_quiet_shutdown() and SSL_set_shutdown(). For now, only the legacy stack (TLSv1.2) is tested, as there are currently some subtle differences with the TLSv1.3 stack.
* ec_point_conversion: zap an empty linetb2024-01-181-2/+1
|
* Switch from EVP_CIPHER_type() to EVP_CIPHER_nid()tb2024-01-181-2/+2
| | | | | | | | EVP_CIPHER_type() will never return NID_gost89_cnt since it has no associated ASN1_OBJECT. Switching to EVP_CIPHER_nid() has a slight chance of working. Do that before beck applies the flensing knife. ok beck
* Run the pkey cleanup test also for {Ed,X}25519tb2024-01-151-1/+3
|
* Switch to EVP_CIPHER_do_all() now that snaps are available on most archestb2024-01-151-5/+3
|
* Tidy a few more includes in cms/tb2024-01-144-8/+13
|
* Prepare for removing most of the X509_TRUST APItb2024-01-131-41/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | X509_check_trust() is of course used by the verifier. Unfortunately M2Crypto exposes it. The only other part of the X509_TRUST API that are still needed are the X509_TRUST_* macros in x509.h, as they are used via *_set_trust and indirectly via the purpose stuff. The rest will be removed. X509_TRUST_add() was defanged recently, in particular it no longer hangs strdup()'ed strings off the global struct. Nothing ever cleaned these up. TRUST_cleanup() attempted to do so, but since it checked the dynamic/dynamic strings flags in the wrong order, that cleanup call ended up doing nothing, so that code was removed at some point. As a consequence, the struct can now be made const. Use a CTASSERT() to ensure size assumptions on X509_TRUST_COUNT, X509_TRUST_MAX, and X509_TRUST_MIN hold true. Remove the global variable underlying X509_TRUST_set_default()'s functionality and move its accessor down to all the other functions that will be deleted. Inline a few things in X509_check_trust(), so we can excise the internals of X509_TRUST_get0(), X509_TRUST_get_by_id(). Since the default trust function can no longer be changed, call obj_trust() directly. ok jsing
* Remove check{,obj_cleanup}_defer documentationtb2024-01-131-66/+3
| | | | | | | | | Both check_defer() and the global variable obj_cleanup_defer were removed from the public API two years ago. Now they were removed from the internals as well, simplifying the cleanup process greatly. We no longer need them to have a chance to understand the cleanup process. Also remove references to EVP_cleanup() since this has long been deprecated and now it doesn't clean up things anymore.
* Remove mention of a refcount bugtb2024-01-131-18/+1
| | | | | | Said bug was fixed in OpenSSL 1.0.0, released 14 years ago. It is of course unsurprising that you may accidentally increment the refcount if your idiom for decrementing it is CRYPTO_add(&bio-references, -1, CRYPTO_LOCK_BIO)).
* BIO_f_ssl.3: Remove explicit library initializationtb2024-01-131-8/+2
|
* Remove calls to OpenSSL_add_all_{ciphers,digests}()tb2024-01-131-3/+1
|
* Move errno.h inclusion where it belongstb2024-01-131-3/+2
|
* Clean up EVP_MD_CTX_init() usage in ASN1_item_sign()joshua2024-01-131-8/+15
| | | | ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 18:04:53 +0000