summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* _CONF_new_section(): malloc() -> calloc()tb8 days1-4/+2
| | | | ok jsing
* asn1_multi: remove a pointless casttb9 days1-2/+2
| | | | | There's no need to cast away const from a const char * if you're going to pass it to a const char * argument of a function.
* Rename X509V3_get_section() to X509V3_get0_section()tb9 days6-15/+15
| | | | | | | | This makes it clear for those fluent in OpenSSL API gibberish that nothing needs to be freed here. This is because it returns something hanging off a hash entry owned by cnf. ok jsing
* Garbage collect X509V3_section_free()tb10 days6-25/+8
| | | | | | | | Historically, X509V3_section_free() could be customized by the conf db method to release memory allocated by X509V3_get_section(). This is no longer supported, so it is always a noop and can be removed. ok jsing
* unifdef OPENSSL_NO_CHAIN_VERIFYtb11 days1-6/+3
| | | | ok jsing
* Zap trailing whitespace in dsa.htb2025-03-011-7/+7
|
* Remove offensive whitespace from x509.htb2025-03-011-27/+27
|
* conf.h: remove outdated commenttb2025-03-011-4/+1
| | | | | Despite the claim in this comment, the "new" conf code did replace the "old" conf code (which no longer exists in the public API).
* Rename the crl_inf_cb() to crl_info_cb()tb2025-02-271-3/+3
|
* Hoist X509_REVOKED_cmp() above its only callertb2025-02-271-9/+7
| | | | | This way we don't need a prototype and things that belong together are together. Slight KNF tweak while there
* obj_dat: remove parens from returntb2025-02-261-9/+9
|
* asn1object: improve error message to include returned valuetb2025-02-261-2/+2
| | | | From Kenjiro Nakayama
* obj_dat: don't shift a->length into the sign bittb2025-02-261-2/+2
| | | | | | | For an OID of excessive length >= 2^12, a->length << 20L is undefined, so add a cast to the target type of (unsigned long). From Kenjiro Nakayama
* obj_dat: don't shift ca->type into the sign bittb2025-02-261-2/+2
| | | | | | | | This is undefined for a ca->type of ADDED_LNAME (2) and ADDED_NID (3) when ca->type << 30L results in a shift into the sign bit, so add a cast to the target type of unsigned long. From Kenjiro Nakayama
* openssl ca: use BN_bn2hex() rather than reimplementing ittb2025-02-251-28/+18
| | | | ok jsing
* x_crl.c: remove two NULL checks before *_free()tb2025-02-241-5/+3
|
* Remove unused name member from x509_sttb2025-02-212-11/+2
| | | | | | | As far as I can tell this has never been used since the beginning of git history with SSLeay 0.8.1b, so we can simplify the x509_cb() a little. ok jsing miod
* Remove unused valid member of x509_sttb2025-02-202-4/+2
| | | | | | internal_verify() (now x509_vfy_internal_verify()) used to cache the validity of the signature of a cert in this field. This is no longer the case since x509_vfy.c 1.57 (2017).
* pkey_ec_derive(): simplify keylen calculationtb2025-02-181-5/+3
| | | | ok jsing
* Simplify ECDH_size() by using BN_num_bytes()tb2025-02-171-3/+3
| | | | ok jsing
* Replace Makefile based SHA*_ASM defines with HAVE_SHA_* defines.jsing2025-02-1420-58/+120
| | | | | | | | | | | | | | | | Currently, SHA{1,256,512}_ASM defines are used to remove the C implementation of sha{1,256,512}_block_data_order() when it is provided by assembly. However, this prevents the C implementation from being used as a fallback. Rename the C sha*_block_data_order() to sha*_block_generic() and provide a sha*_block_data_order() that calls sha*_block_generic(). Replace the Makefile based SHA*_ASM defines with two HAVE_SHA_* defines that allow these functions to be compiled in or removed, such that machine specific verisons can be provided. This should effectively be a no-op on any platform that defined SHA{1,256,512}_ASM. ok tb@
* ec_mont_group_set_curve: convert to BN_MONT_CTX_create() and simplifytb2025-02-131-20/+7
| | | | | | | | This removes the penultimate internal call of BN_MONT_CTX_new(). The last one could be removed at the cost of introducing a BN_MONT_CTX_dup(), which probably isn't worth it. ok jsing
* dsa_gen: convert to BN_MONT_CTX_create()tb2025-02-131-5/+2
| | | | | | | This can now be a single call before the BN_MONT_CTX is actually used rather than two calls separated by 170 lines. ok jsing
* Convert bn_exp to BN_MONT_CTX_create()tb2025-02-131-53/+38
| | | | | | | | This simplifies the handling of the BN_MONT_CTX passed in and unifies the exit paths. Also zap some particularly insightful comments by our favorite captain. ok jsing
* Convert BPSW to BN_MONT_CTX_create()tb2025-02-131-5/+2
| | | | ok jsing
* Convert BN_MONT_CTX_set_locked() to BN_MONT_CTX_create()tb2025-02-131-4/+2
| | | | ok jsing
* bn: add internal BN_MONT_CTX_create()tb2025-02-132-2/+22
| | | | | | | | | | | | | This does what the public BN_MONT_CTX_new() should have done in the first place rather than doing the toolkit thing of returning an invalid object that you need to figure out how to populate and with what because the docs are abysmal. It takes the required arguments and calls BN_MONT_CTX_set(), which all callers do immediately after _new() (except for DSA which managed to squeeze 170 lines of garbage between the two calls). ok jsing
* recp -> reciprocal renaming in teststb2025-02-122-7/+7
|
* Rename BN_mod_exp_recp() to BN_mod_exp_reciprocal()tb2025-02-122-5/+5
| | | | | (leaving out a dotasm comment that would become harder to read than it already is)
* Cache CRLs in issuer cachetb2025-02-082-18/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | The issuer cache holds a pair of SHA-512 of parent and child cert plus the result of the signature verification. Since CRLs also have a cached hash of their DER, we can easily add them to the same cache. This way we also avoid the cost of repeated signature verification for CRLs. For ordinary workloads the cache is larger than necessary and it won't currently take up more space than ~8M anyway, so the cost of doing this is negligible. For applications like rpki-client where the same (CA, CRL) pair is used to verify multiple EE certs, the gain is significant. In fact, the current worst case is a single pair being used for > 50k EE certs, responsible for about 20-25% of the total runtime of an ordinary rpki-client run if a hw-accelerated version of SHA-2 is available and even more if it isn't. In both cases the cost of processing of this pair is reduced by more than an order of magnitude. The implementation is a translation of x509_verify_parent_signature() to the case of CRLs and is entirely trivial thanks to the cache's design. Found while investigating a performance bottleneck found by job tested by job ok beck
* Move X509_NAME_print() next to its only internal callertb2025-02-082-93/+91
| | | | Fix includes while there
* x509_verify_parent_signature(): no need to bump pkey's refcounttb2025-02-081-4/+2
| | | | | | | The parent certificate outlives the signature check, so we don't have to take a refcount of its pubkey and then release it again. ok beck
* x509_verify: missing verify error on cached signature mismatchtb2025-02-081-2/+5
| | | | | | | | If a signature mismatch is cached, the same error should be passed to the verify callback as if the mismatch was detected by doing the calculation, rather than falling back to the "unable to find the issuer cert locally". ok beck
* bn_recp: reformat another ugly commenttb2025-02-041-5/+6
|
* SSL_select_next_proto: fix invalid octal escape by switching to hexadecimaltb2025-02-041-3/+3
|
* Inline BN_reciprocal() in its only callertb2025-02-041-36/+10
| | | | | | | | | | | This is simpler, doesn't need an auxiliary function of dubious value, avouds an auxiliary variable and gets rid of a bunch of comments that are hard to make sense of. This doesn't bother to invalidate recp->shift since on error you should not be reusing the RECP_CTX without reinitializing it. ok jsing
* Start cleaning up BN_div_reciprocal() a bittb2025-02-041-24/+23
| | | | | | | | | The fast path where no division is performed can be dealt with without BN_CTX, so do that up front so there's no need to clean up before return. Error check BN_CTX_get() on each use asd simplify the logic for optional input parameters. KNF for an ugly comment. ok jsing
* Error check i2t_ASN1_OBJECT() and tweak warning messagetb2025-02-041-2/+4
| | | | | | CID 532326 ok djm jsing
* Improve detection and handling of alerts in renegotiation regress.jsing2025-02-011-23/+76
|
* Hook renegotiation regress.jsing2025-02-011-1/+2
|
* Fix certificate paths.jsing2025-02-011-4/+4
|
* Add regress coverage for TLS renegotiation.jsing2025-02-012-0/+560
|
* Mop up RC4_INDEX.jsing2025-01-2714-116/+19
| | | | | | | | | | | | | The RC4_INDEX define switches between base pointer indexing and per-byte pointer increment. This supposedly made a huge difference to performance on x86 at some point, however compilers have improved somewhat since then. There is no change (or effectively no change) in generated assembly on a the majority of LLVM platforms and even when there is some change (e.g. aarch64), there is no noticable performance difference. Simplify the (still messy) macros/code and mop up RC4_INDEX. ok tb@
* X509_NAME_print(): remove no longer useful length checktb2025-01-271-4/+1
| | | | | This was needed to avoid truncation on BIO_write(). With the switch to BIO_printf() in the previous commit this is no longer needed.
* X509_NAME_print: NUL-terminate and switch to BIO_printf()tb2025-01-271-2/+5
| | | | | | This handles the empty string, which ruby-openssl checks. Pointed out by anton
* x509_obj.c: be better at sortingtb2025-01-271-2/+2
|
* x509_obj.c: fix includestb2025-01-261-4/+5
|
* Rework X509_NAME_print()tb2025-01-261-33/+65
| | | | | | | | | | | | | | | | | | This is legacy API that we can unexport since nothing uses it directly. Unfortunately we need to keep the functions because there are plenty of things that use it indirectly by passing XN_FLAG_COMPAT to X509_print_ex(). The old implementation parsed the X509_NAME_oneline() output in order to remove the / preceding the (one or two-uppercase letters) name and to insert ", " afterward. This is just stupid in so many ways, not least because there's basically no limit to the garbage that you can stuff into an X.500 name. So rework this and only include the name entries whose short names are one or two letters long. This way, this becomes slightly saner and less fragile. ok jsing
* Rewrite X509_NAME_ENTRY_oneline() using CBB and CBStb2025-01-262-104/+123
| | | | | | | | | | | | | | | | | | | | | | This splits the horrid spaghetti into a few relatively straightforward helpers which do one thing at a time. There are still some spectacular dances around ASN1_GENERALSTRING, but let's blame that one on X.500. In brief, X509_NAME_ENTRY_oneline() iterates over the name entries, and writes out a line /name1=value1,/name2=value2,... which you may have seen variations of in issuer or subject output. The name is the short name or the long name or the textual representation of the OID (truncated to 79 characters) and the value is a string where printable ASCII characters are represented as themselves and otherwise as hexadecimal digits preceded by \x. Except for GENERALSTRING, where the four octet representation is shortened to single-octet representation if none of the top three octets in the entire string is populated. It's the mother of all pretty things. But, hey, you could do worse and try to parse this garbage... ok jsing
* x509_utl.c: use normal order of internal headerstb2025-01-261-3/+2
|