summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Provide prototype for X509_ALGOR_set_md()tb2023-10-261-1/+3
| | | | | | Once we remove X509_ALGOR_set_md() we can link this test statically and use X509_ALGOR_set_evp_md() but for now make sure the documented workaround for this garbage API works.
* Rework the MD setting in the RSA ASN.1 methodtb2023-10-261-45/+95
| | | | | | | | | | | This streamlines the code to use safer idioms, do proper error checking and be slightly less convoluted. Sprinkle a few references to RFC 8017 and explain better what we are doing and why. Clarify ownership and use more consistent style. This removes the last internal use of X509_ALGOR_set_md(). ok jsing
* Add chacha aliases for OpenSSL compatibilitytb2023-10-241-1/+3
| | | | | | | | | | | OpenSSL has the 20 in the long and short names, so add aliases to the existing names to make things work. In particular, EVP_get_cipherbyname() will now return EVP_chacha20() for both 'ChaCha20' and 'chacha20'. Found by Facundo Tuesca when trying to add LibreSSL support for ChaCha20 in https://github.com/pyca/cryptography/pull/9209 ok jsing
* correct Va in previous;jmc2023-10-221-2/+3
|
* A few more testsotto2023-10-221-1/+15
|
* When option D is active, store callers for all chunks; this avoidsotto2023-10-222-86/+178
| | | | | | | the 0x0 call sites for leak reports. Also display more info on detected write of free chunks: print the info about where the chunk was allocated, and for the preceding chunk as well. ok asou@
* Remove mention of alg_section. This never worked in LibreSSL.tb2023-10-211-3/+2
|
* style tweak: avoid double conjunction to make it read betterschwarze2023-10-211-4/+4
| | | | OK tb@
* Rename the modulus from n into mtb2023-10-191-9/+12
| | | | | This matches what other pages use. Also rewrite the definition of the modular inverse to be less ugly.
* Add a few more test cases for mod_exp aliasingtb2023-10-191-33/+78
|
* Garbage collect weird /* 1 */ and /* 2 */ commentstb2023-10-191-7/+7
| | | | | | If they ever had any meaning, that's long been lost. Requested by jsing
* The bn_mod_exp test is no longer an expected failuretb2023-10-191-3/+1
|
* Fix aliasing of result and exponent in the internal BN_mod_exp_recp()tb2023-10-191-12/+19
| | | | This is basically the same fix as the one applied in BN_mod_exp_simple().
* Fix aliasing of result with exponent or modulus in BN_mod_exp_simple()tb2023-10-191-10/+22
| | | | | | Reported and reminded by Guido Vranken in OpenSSL issue #21110 ok jsing
* Add test case checking aliasing of the result with other argumentstb2023-10-192-2/+108
| | | | | These are expected failures for BN_mod_exp_simple() and the internal BN_mod_exp_recp(), which will be fixed shortly.
* Make libssl interop server/client tests less flaky by ensuring theanton2023-10-181-1/+3
| | | | server has terminated before examining the outcome.
* Remove EVP_add_alg_module() prototypetb2023-10-181-3/+1
| | | | | | | | | | | | | | | | This function was the unfortunate protagonist in a series of tragic merge errors resulting in only a short stint of a year and nine months between OpenSSL 0.9.8j and 1.0.0a actually present in OpenBSD. Then it said good bye for good, but somehow a prototype came back with 1.0.1g, a famous version released when there were slightly more pressing things to be taken care of than a function supporting a config knob whose only purpose was to turn off fips mode or to error. from schwarze PS: The mechanism that it was supposed to provide is still documented in openssl.cnf(5). I am going remove the relevant bit at some point, but not today.
* Use X509_ALGOR_set_evp_md() in CMS_add1_signer()tb2023-10-181-16/+24
| | | | | | | | | | Contrary to X509_ALGOR_set_md() this allows for error checking. Avoid local complications by freeing in the exit path and use a const version of X509_ALGOR for walking a STACK_OF() to avoid a bad free. Clean up includes ok jsing
* cms_DigestedData_create() use X509_ALGOR_set_evp_md()tb2023-10-181-6/+8
| | | | | | | | | Our internal version allows for error checking and this avoids a silent failure leading to corruption later on. Clean up includes while there. ok jsing
* Tweak previous by using the argument name, not its typetb2023-10-131-2/+2
|
* Improve the description of X509_ALGOR_dup(3)tb2023-10-131-5/+11
| | | | | The old description was vague, but strictly speaking a lie, so make it more precise and turn the lie into a truth.
* x509_algor: fix error messagetb2023-10-121-7/+7
|
* x509_algor: add a few missing includestb2023-10-121-1/+4
|
* Some housekeeping in x_algortb2023-10-111-3/+5
| | | | | | Fix includes and zap an empty line. ok jsing
* Rewrite X509_ALGOR_set0()tb2023-10-111-17/+13
| | | | | | | | | | | | | | | | | | | | The current implementation is a complete mess. There are three cases: 1) ptype == V_ASN1_UNDEF: parameter must be freed and set to NULL. 2) ptype == 0: existing non-NULL parameters are left untouched, NULL parameters are replaced with ASN1_TYPE_new()'s wacky defaults. 3) otherwise allocate new parameters if needed and set them to ptype/pval. In all three cases free the algorithm and set it to aobj. The challenge now is to implement this using nine if statements and one else clause... We can do better. This preserves existing behavior. There would be cleaner implementations possible, but they would change behavior. There are many callers in the ecosystem that do not error check X509_ALGOR_set0() since OpenSSL failed to do so. So this was carefully rewritten to leave alg in a consisten state so that unchecking callers don't encounter corrupted algs. ok jsing
* x509_algor: Turn expected failure into actual failure now that the API istb2023-10-111-3/+3
| | | | fixed.
* Ensure that out_value is initialized even if out_type is NULLtb2023-10-111-1/+5
| | | | | | This fixes the printf in the x509_algor regress. ok jsing
* Rewrite X509_ALGOR_get0()tb2023-10-111-13/+19
| | | | | | | | Make the logic slightly less convoluted. Preserve the behavior that *ppval remains unset if pptype == NULL for now. However, ensure that *ppval is set to NULL if pptype is V_ASN1_UNDER. ok jsing
* Add internal version of X509_ALGOR_set_md()tb2023-10-112-7/+17
| | | | | | | | | | | | | | | | | | | X509_ALGOR_set_md() is a void function that cannot easily be error checked. The caller has to jump through hoops to make sure this function doesn't fail. Prepare replacing this internally with X509_ALGOR_set_evp_md(), which allows error checking. There is one slight change of behavior: if the EVP_MD object passed in does not have an OID known to the library, then this new API fails. It is unclear what the library should do with such an object and people who use EVP_MD_meth_new() need to know what they are doing anyway and they are better off teaching the lib about the OID if they're going to be messing with certs. Oh, and the prototype is in x509_local.h because the rest of this API is in x509.h despite being implemented in asn1/. ok jsing
* Add preallocation dance for X509_ALGOR_set_md() as documentedtb2023-10-111-1/+5
|
* Clean up X509_ALGOR_cmp()tb2023-10-111-10/+10
| | | | | | | This is currently written in what is likely the most stupid way possible. Rewrite this function in a more straightforward way. ok jsing
* Add regress coverage for X509_ALGOR_*tb2023-10-112-2/+377
| | | | | | | | | This covers the setters and getters. Serialization and deserialization as well as comparison is already well covered by the pieces of regress using certs. There is currently one printf indicating failure. This will be fixed shortly.
* I forgot that we now have ASN1_INTEGER_set_uint64()tb2023-10-111-13/+6
|
* Be more precise about X509_ALGOR_get0()tb2023-10-111-11/+26
|
* Improve X509_ALGOR_new(3) documentationtb2023-10-101-14/+33
| | | | | | | | | | | | | | | The previous wording was misleading since the result of X509_ALGOR_new() is not actually an empty X509_ALGOR object. Rather, it contains the undefined ASN1_OBJECT returned by OBJ_nid2obj(NID_undef). Therefore using X509_ALGOR_get0(3) for error checking X509_ALGOR_set_md() is not trivial. So: change the initial paragraph into a general intro referring to the OpenSSL API needed to interface with X509_ALGOR and write a new paragraph documenting X509_ALGOR_new(3) and drop the incorrect suggestion of an error check. Notably there's now a reference to the OBJ_nid2obj() family without which one cannot really use X509_ALGOR_* for anything at all. With and ok schwarze
* Use the usual text for X509_ALGOR_free()tb2023-10-091-2/+8
|
* Clarify that 'undefined type' means V_ASN1_UNDEFtb2023-10-091-3/+4
|
* Clarify documentation of X509_ALGOR_{set0,set_md}()tb2023-10-091-7/+45
| | | | | | | | | | | | | | | The X509_ALGOR_set0() and X509_ALGOR_set_md() documentation comes from upstream, which means it is as sloppy as the code and as vague as your average upstream manpage. Be precise on what X509_ALGOR_set0() does on different inputs and document return values and failure modes. X509_ALGOR_set_md() is a void function that calls X509_ALGOR_set0() in a way that can fail, leaving alg in a corrupted state. Document when that can occur and how to avoid or detect that, but do not go too far, because EVP_MD_meth_new(), one potential source of failures, is a whole another can of worms. joint work with schwarze
* Add regress coverage for ASN1_UTCTIME_cmp_time_t()tb2023-10-051-5/+12
|
* Fix a typo and move a wordtb2023-10-031-5/+5
|
* Add some coverage for ASN1_TIME_cmp_time_t() as welltb2023-10-021-1/+14
| | | | | ASN1_UTCTIME_cmp_tim_t() could be done similarly, but then I have to mess with LIBRESSL_INTERNAL. Let's do this after unlock.
* Add regress coverage for ASN1_TIME_compare()tb2023-10-021-1/+78
|
* Minor asn1time tweakstb2023-10-021-26/+12
| | | | Sprinkle some (static) const and garbage collect an unused struct.
* Example code tweak: do not hardcode the size of arraytb2023-10-011-2/+2
|
* Fix a copy-paste bug in ASN1_TIME_compare()tb2023-10-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | ASN1_TIME_compare() compares two times t1 and t2. Due to a copy-paste error, we would do ASN1_time_parse(t1->data, t2->length, &tm2, t2->type) Now if t1 is a UTCTime (length 13) and t2 is a GeneralizedTime (length 15), the worst that could happen is a 2-byte out-of-bounds read. Fortunately, t1 will already have parsed as a UTCTime, so it will have a Z where there should be the first digit of the seconds for a GeneralizedTime and we will error out. Now if both t1 and t2 have the same type, we will parse t1's data twice and we will return an incorrect comparison. This could have some security impact if anything relied on this function for security purposes. It is unused in our tree and unused in our ports tree ports and the only consumer I could find was some MongoDB things doing OCSP, so this won't be too bad. Then of course there's also the language bindings. Issue reported by Duncan Thomson at esri dot com via libressl-security ok beck deraadt
* Document EVP_CIPHER_CTX_iv_length() return valuestb2023-10-011-3/+7
| | | | | | | | | | | | We aligned with upstream behavior. Let's document it properly. Surprisingly, OpenSSL 1.1 half-assed the docs: two parts of the manual contradict each other. The part getting EVP_CIPHER_CTX_iv_length() right, incorrectly documents possible -1 return value to EVP_CIPHER_iv_length(). OpenSSL 3 documentation improvement efforts seem to have tried to address this issue with the result that the manual is now entirely wrong when it comes to the EVP_CIPHER_CTX_iv_length() replacement. Par for the course.
* The colons separate the octets, not the digits; add missing link totb2023-10-011-4/+5
| | | | crypto(3)
* Improve a code comment in the EXAMPLES sectiontb2023-10-011-3/+3
|
* Refer to RFC 3779, 2.1.2 for encoding of rangestb2023-10-011-2/+7
| | | | Mention sections 2.1.1 and 2.1.2 in STANDARDS
* Point out that the result of IPAddressRange_new() is an invalid rangetb2023-10-011-3/+3
| | | | since it should be a prefix.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-26 05:40:10 +0000