summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Future users of libcrypto will also have to do without strong extranettb2023-04-242-2/+8
| | | | | | support. discussed with beck and jsing
* Mark NETSCAPE_CERT_SEQUENCE for removaltb2023-04-243-4/+12
| | | | discussed with beck and jsing
* Mark the NDEF API for removaltb2023-04-242-2/+9
| | | | Discussed with jsing and beck
* Free and calloc() the tlsext_build_order and remember its lengthtb2023-04-241-2/+14
| | | | | | | Aligns tlsext_randomize_build_order() with tlsext_linearize_build_order() and will help regression testing. ok jsing
* Fix sk_is_sorted to tread 0 and 1 element lists as sorted.beck2023-04-241-3/+12
| | | | | | from boringssl ok tb@ jsing@
* Use TLSEXT_TYPE_alpn instead of the stupid long onetb2023-04-241-2/+2
|
* Sort X.509 error reasons, use next available error value, and alignjob2023-04-242-4/+4
| | | | | | error message with internal error code name. OK tb@ jsing@
* Revert 1.32job2023-04-241-27/+2
| | | | | | | jsing@ noted that ASN1_OP_D2I_POST might not be the best place to introduce this check (as could lead to pushing errors (ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching validation on the encoding side brittleness is introduced.
* Replace X509v3_get_ext_count() with X509_get_ext_count()job2023-04-231-2/+2
| | | | Error introduced in 1.24
* In the case of V1 certs, the extension count should be exactly 0job2023-04-231-2/+2
| | | | OK tb@
* If extensions are encountered on a X.509 V1 cert, mark as invalidjob2023-04-231-2/+5
| | | | | | | While there, explicitly check for 0 - as X509_get_version() is a wrapper around the less than beloved ASN1_INTEGER_get(). OK tb@
* Add compliance checks for the X.509 version fieldjob2023-04-233-4/+31
| | | | | | | | | | | | | | Check whether the X.509 version is in the range of valid version values, and also checks whether the version is consistent with fields new to those versions (such as X.509 v3 extensions). X.690 section 11.5 states: "The encoding of a set value or a sequence value shall not include an encoding for any component value which is equal to its default value." However, enforcing version 1 (value 0) to be absent reportedly caused some issues as recent as July 2020, so accept version 1 even if it is explicitly encoded. OK tb@ beck@
* Fix the client test and the tlsext test to work with randomizedtb2023-04-233-4/+21
| | | | | TLS extensions (this involves unrandomizing the extension order for the tests that rely on golden numbers.
* Randomize the order of TLS extensionstb2023-04-234-5/+71
| | | | | | | | | | | | | | | | | | | | | On creation of an SSL using SSL_new(), randomize the order in which the extensions will be sent. There are several constraints: the PSK extension must always come last. The order cannot be randomized on a per-message basis as the strict interpretation of the standard chosen in the CH hashing doesn't allow changing the order between first and second ClientHello. Another constraint is that the current code calls callbacks directly on parsing an extension, which means that the order callbacks are called depends on the order in which the peer sent the extensions. This results in breaking apache-httpd setups using virtual hosts with full ranomization because virtual hosts don't work if the SNI is unknown at the time the ALPN callback is called. So for the time being, we ensure that SNI always precedes ALPN to avoid issues until this issue is fixed. This is based on an idea by David Benjamin https://boringssl-review.googlesource.com/c/boringssl/+/48045 Input & ok jsing
* Man page update for EVP_sha512_224() and EVP_sha512_256()job2023-04-231-2/+22
| | | | OK tb@
* Link c2sp test to buildtb2023-04-231-1/+2
|
* Import C2SP/CCTV testtb2023-04-232-0/+247
| | | | | | | | | | | | | This currently only covers Ed25519 using the c2sp-testvectors package and checks that our Ed25519 implementation behaves as expected from a "ref10" implementation. This test has Go and c2sp-testvectors as a hard dependency. It will optionally pick up any OpenSSL package installed on the system and test that as well. https://github.com/C2SP/CCTV https://github.com/C2SP/CCTV/tree/main/ed25519
* Drop some extra parenthesestb2023-04-231-2/+2
|
* Drop a superfluous isneg check.tb2023-04-231-2/+2
|
* Add missing NULL check for BN_new()tb2023-04-231-2/+5
|
* Initialize ishex and isneg at the top and drop some elsestb2023-04-231-6/+4
|
* Align hex_to_string with OpenSSL 1.1 behaviortb2023-04-231-3/+5
| | | | | | | | | | | | | | | | | | | | | | This is a bit of a strange one. When this function was moved and renamed, somehow checks for NULL pointers and 0 length were lost. Whether that was due to great review missing it or great review suggesting it, is unclear. Now the function can actually legitimately be called with a length of 0 (as ASN.1 OCTET STRINGS can have length 0) and "" is the appropriate representation for that, so the fix is to allocate a 0 octet. That much was correct. What was completely missed is that a long can be negative which will then still lead to an out-of-bounds access. So fix that as well. Finally, don't malloc 3 * len + 1 without overflow checking. Rather use calloc's internal checks. The + 1 isn't really needed anyway. All this is still really gross and can be done much more cleanly and safely with CBB/CBS. This will done later once we have better regress coverage. ok jsing
* x509_utl.c: Use correct spelling of NULLtb2023-04-231-4/+4
|
* Document the change in default to comma plus space but leave out thetb2023-04-221-2/+5
| | | | compat nonsense
* Fix UTF-8 issuer printingtb2023-04-221-2/+6
| | | | | | | | | | | | | If no field separator is specified, default to using the comma plus space separation, unless the compat flag is set. Fixes an a bug with printing issuers and other things that contain UTF-8 Reported by Jean-Luc Duprat The very simple fix ix is a joint effort by Henson and Levitte Fixes libressl/portable issue #845 ok jsing
* Improve bn_montgomery_multiply_words()jsing2023-04-221-9/+16
| | | | | | | | | Pull a number of invariants into variables, which avoids repeated loading from memory on architectures where sufficient registers are available. Also keep track of the per-iteration carry in a variable, rather than unnecessarily reading from and writing to memory. This gives a reasonable performance gain on some architectures (e.g. armv7)
* Provide initial regress for BN_{asc,dec,hex}2bn()/BN_bn2{dec,hex}()jsing2023-04-222-1/+592
|
* cms_io: sort includestb2023-04-211-3/+4
|
* cms_io: reverse polarity of an if statement to unindenttb2023-04-211-10/+12
|
* cms_io: Remove a stupid else branchtb2023-04-211-4/+2
| | | | | If you can initialize with functions, you can also initialize with constants...
* Rewrap some lines. No binary changetb2023-04-211-10/+10
|
* Unwrap a linetb2023-04-211-3/+2
|
* s2i_ASN1_INTEGER: make error conditions more explicit, a few more tweakstb2023-04-211-10/+18
|
* s2i_ASN1_INTEGER.3: minor fixestb2023-04-211-4/+8
| | | | | Fix botched Xr and be more precise about errors by being less precise. Add a BUGS section.
* Uncomment and document X.509 verifier error codestb2023-04-211-10/+20
| | | | | | | | These are in actual use, so their meaning should be documented. The remaining commented codes are unused outside of x509_txt.c except for X509_V_ERR_INVALID_NON_CA which looks used at first glance, but it is actually in an unreachable path of the legacy verifier.
* Remove some (soon to be) outdated documentationtb2023-04-211-48/+3
| | | | | | | | | | The documentation of the BN_MOD_CTX has been out of sync with reality for decades. The structure is now opaque, so its members should not be documented this way. They internals aren't important for the rest of the page. BN_MOD_CTX_init() will soon be removed. It's useless unless you like leaks.
* remove duplicate includejsg2023-04-211-2/+1
| | | | ok otto@
* Remove the now unused x509_enum.ctb2023-04-212-65/+1
|
* Move the CRL reason method into x509_bitst.ctb2023-04-212-33/+33
| | | | | | | The CRL extension handler is completely misplaced in x509_enum.c. Move it to x509_bitst.c until we find a better home for it. This way it is next to the other two extension methods that have the extra usr_data contortion.
* Move i2s_ASN1_ENUMERATED_TABLE() next to i2s_ASN1_ENUMERATED()tb2023-04-212-17/+18
| | | | | These functions probably belong into asn1/ but they definitely don't belong into separate files.
* Tweak whitespace gone wrongtb2023-04-211-5/+4
|
* Stop using ENUMERATED_NAMEStb2023-04-211-3/+5
| | | | | | This is a public alias for the also public BIT_STRING_BITNAME. The ENUMERATED_NAMES type is used exactly twice, namely on two lines in this file. This is silly.
* Fix Dt and Xrtb2023-04-201-3/+3
|
* Flip the default of explicitText to UTF8Stringtb2023-04-201-2/+2
| | | | | | | | | | | While it may have been reasonable to use VisibleString back when this code was written, it's an anachronism nowadays. In particular, configuring BoringSSL reports that they have seen malformed certificates with exactly the issue caused by this unfortuante default. Reported by Alex Gaynor in OpenSSL issue 20772 ok jsing
* Link s2i_ASN1_INTEGER.3 to buildtb2023-04-201-1/+2
|
* Add documentation for s2i_ASN1_INTEGER and related functionstb2023-04-201-0/+195
| | | | | | | | | | | | | | | | These functions convert strings to internal objects and vice versa. This is a best effort, probably with a lot of room for improvement, which can happen in tree if anyone cares. It's better than nothing. Nothing in turn would be significantly better than the utter garbage a related project has managed to land as part of their efforts towards significant documentation improvements in a recent major relase. This leaves a dangling reference to the misnamed X509V3_METHOD_get_nid(3) which I may or may not fill in the future. I am unsure about the HISTORY section's precision, but that's what I got from cvs history. All these functions are about a quarter century old (and it shows), so I don't think it matters very much.
* Exercise d2i_IPAddrBlocks() and X509v3_addr_subset() a little bittb2023-04-201-9/+34
|
* Fix botched line wraptb2023-04-191-4/+3
|
* interop: work around extreme REGRESS_SKIP_SLOW slownesstb2023-04-193-8/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A few years back beck introduced REGRESS_SKIP_SLOW dances with the idea that this should speed up the interop tests for us devs because this also checked interop between opensslX and opensslY, which we don't particularly care about. This never really worked. On a mac m1 mini the result is this: REGRESS_SKIP_SLOW unset 9m56.69s real 3m42.24s user 3m00.70s system REGRESS_SKIP_SLOW=yes 11m04.61s real 7m29.61s user 1m40.29s system The problem is that REGRESS_SKIP_SLOW simply wasn't designed to handle the huge number of tests we have here. There are many nested .for loops resulting in several thousand tests. Each test has a name of length ~80. REGRESS_SKIP_SLOW concatenates them into a several hundred kilobytes long string in REGRESS_SKIP_TARGETS, iterates over all regress targets and tests with ".if ${REGRESS_SKIP_TARGETS:M${RT}}" if it should skip them. This means that during a regress run, make spends a lot of time linearly scanning a huge string. I ran into this when I added OpenSSL 3.0 tests to the already existing 1.0.2 and 1.1 tests with the result that with REGRESS_SLOW_TARGTS set it took the better part of an hour while without it it took about 15 min. The hack here is simply to avoid using REGRESS_SLOW_TARGTES here and handle the situation differently. patch, REGRESS_SKIP_SLOW=yes 5m42.32s real 2m09.98s user 1m45.21s system The real solution would be to fix this in bsd.regress.mk, which someone who understands make well is very welcome to do. For now, I'm happy with this. Debugged with jsing a few months ago
* remove duplicate includesjsg2023-04-192-4/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 19:48:43 +0000