| Commit message (Collapse) | Author | Files | Lines |
|---|
|
openssl.cnf.5 will need a major overhaul. But that isn't new...
|
|
|
|
This commit adds a few symbols under OPENSSL_NO_ENGINE. They will be used
after the main ENGINE code is disabled in the next bump.
The ecosystem is mostly prepared for dealing with a libcrypto compiled
with OPENSSL_NO_ENGINE. There are a few stragglers like M2Crypto, dovecot
and the latest apr-util release (fixed in their development branch).
To avoid intrusive patching in these ports, we need to keep a bunch of
ENGINE symbols around despite adding OPENSSL_NO_ENGINE. This of course
meant patching some other ports, but that was way easier.
ok jsing
|
|
|
|
These will be made internal and will likely go away. The OBJ_add_sigid.3
manual should probably be renamed; this can be done in a second step.
|
|
This function will be made internal-only and likely be renamed/rewritten.
|
|
|
|
|
|
ENGINE_get_default_{ECDH,ECDSA} will go away and won't come back. Replace
their documentation with the missing ENGINE_get_defaulT_EC. In the unlikely
event that we will need to bring back ENGINE after the next bump, this
manual will not be outdated and incomplete.
|
|
ENGINE_{get,set}_{ECDH,ECDSA} will go away and won't come back. Replace
their documentation with the missing ENGINE_{get,set}_EC. In the unlikely
event that we will need to bring back ENGINE after the next bump, this
manual will not be outdated and incomplete.
|
|
|
|
discussed with jsing
|
|
This way we will have a manual corresponding to an existing function after
the next bump.
|
|
|
|
It is currently possible to extend libcrypto by having it load a shared
object via dlopen() either from a config file on library initialization
or when an application calls the relevant API. Recent and not so recent
events showed how dangerous an idea dlopen() is. Independently of such
concerns, this should not be handled in the characteristically convoluted
way of this toolkit. DSO will go away in the upcoming bump. This commit
clears the road for a plain cvs rm of the dso code.
ok jsing
|
|
|
|
Their BN_get_rfc*_prime_* aliases from the OpenSSL 1.1 API will remain.
Perhaps the manual should be moved to BN_get_rfc3526_prime_8192.3; that
can be done in a second step.
|
|
These very poorly designed interfaces will go away, so stop documenting
them.
|
|
We refuse to generate RSA keys larger than 16k and DH keys larger than 10k.
Primality checking with adversarial input is a DoS vector, so simply don't
do this. Introduce a cap of 32k for numbers we try to test for primality,
which should be more than large enough for use withing a non-toolkit crypto
library. This is one way of mitigating the DH_check()/EVP_PKEY_param_check()
issue.
ok jsing miod
|
|
|
|
ok tb@
|
|
ok tb@
|
|
ok jsing
|
|
|
|
|
|
|
|
|
|
Test keyshare for all built-in curves and simplify, especially printing
on failure. Incorporate known answer tests from RFC 5114 and RFC 5903.
All in all, this is a lot less code and a lot more test coverage and
hopefully a little less eyebleed.
Very loosely based on OpenSSL b438f0ed by Billy Brumley
|
|
ECDH_compute_key() usually returns -1 on error (but sometimes 0). This
was also the case in OpenSSL when these tests were written. This will
soon change. The check for <= 0 will still be correct.
|
|
Since all non-binary NIST curves have cofactor 1, this is in effect plain
ECDH. Current regress coverage of ECDH is quite lacking on architectures
where Go isn't available. This fixes that.
Actual cofactor ECDH support may be added soon to libcrypto, at which
point I will also add testcases with cofactor > 1.
|
|
|
|
|
|
|
|
MD32_XARRAY was added as a workaround for a broken HP C compiler (circa
1999). Clean it up to simplify the code.
No change in generated assembly.
|
|
MD32_XARRAY was added as a workaround for a broken HP C compiler (circa
1999). Clean it up to simplify the code.
No change in generated assembly.
|
|
Oh, joy! The muppets had a feast: they could combine the horrors of EVP
with X.509... Return values between -1 and 3 indicating how much work
needs to be done, depending on whether methods are present or absent.
Needless to say that RSA and EdDSA had inconsistent return values until
recently.
Instead of interleaving if/else branches, split out two helper functions
that do essentially independent things, which results in something that
isn't entirely bad. Well, at least not compared to the surrounding code.
asn1_item_set_algorithm_identifiers() extracts the signature algorithm
from the digest and pkey if known, and sets it on the two X509_ALGOR that
may or may not have been passed in.
asn1_item_sign() converts data into der and signs.
Of course there were also a few leaks and missing error checks.
ok jsing
|
|
This snuck in with ech_key.c r1.33 because I committed from a dirty tree.
|
|
|
|
|
|
F5 is well-known for needing workaround (go read RFC 8446). In this
particular case, it required implementation sending CHs larger than
255 bytes to 0x0300 otherwise their server would hang. This is the
same hang that required the CH padding extension which broke other
implementations. The CH padding extension was removed ~6 years ago,
so hopefully this kludge will no longer needed either.
ok jsing
|
|
|
|
This test should either be extended or retired. As it is it is useless.
|
|
|
|
This currently adds an incorrect 00: padding, consistent with OpenSSL's
behavior.
|
|
|
|
The get_rfc*_prime_* functions will be removed. The constants will remain
for the BN_get_rfc*_prime_* functions. Make the latter call BN_bin2bn()
directly on these constants rather than going through get_*. This avoids
some overlong lines. Also KNF for some comments.
Reduces the diff I currently carry by quite a bit.
|
|
ok beck jsing millert
|
|
|
|
These functions inline a poor version of asn1_item_flags_i2d() without
error checks. This can be replaced with a single correct call to
ASN1_item_ndef_i2d(). Mechanically adding malloc checks and checks for
negative did not really improve things all that much in a related project.
ok beck jsing
|
|
These can now use the internal version of BN_bn2hex() and be direct
wrappers of BIO_printf() and fprintf() as they should have been all
along.
ok jsing
|
