| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
|
|
| |
This will be needed to deal with Curve25519 based keys.
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL dealt with time conversion using a classical julian
day scheme. BoringSSL got rid of it and uses only a julian
style calculation for seconds since the POSIX time epoch.
This changes libressl to use the seconds calculation exculusively
instead of a mix of the julian day based conversions and the
system time conversions to and from time_t to tm.
ok tb@ jsing@
|
| |
|
|
|
|
|
|
| |
This removes c2i_ASN1_OBJECT(), {c2i,i2c}_ASN1_BIT_STRING() and
{c2i,i2c}_ASN1_INTEGER(). These are not part of the OpenSSL 1.1
API and should never have been exposed in the first place.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
Per X.690, some ASN.1 types must be primitive encoded, some must be
constructed and some may be either. Add this data to our types table
and check the encoding against this information when decoding.
ok tb@
|
| |
|
|
|
|
|
| |
This avoids asn1_c2i_primitive() from needing knowledge about the internals
of ASN1_INTEGER and ASN1_ENUMERATED.
ok tb@
|
| |
|
|
|
|
|
|
| |
While we're here enforce valid days for months and leap years.
Inspired by same in boringssl.
ok jsing@
|
| |
|
|
|
|
|
| |
This also provides a pkey_security_bits member to the PKEY ASN.1 methods
and a corresponding setter EVP_PKEY_asn1_set_security_bits().
ok beck jsing
|
| |
|
|
|
|
| |
In the process, prepare to provide ASN1_INTEGER_{get,set}_{u,}int64().
ok beck@ tb@
|
| |
|
|
|
|
| |
Should have been part of a previous commit.
ok jsing
|
| |
|
|
|
|
|
| |
This function does not actually free an ASN1_ENCODING, which are embedded
in a struct.
Name suggested by tb@
|
| |
|
|
|
|
| |
Rework and clean up other asn1_enc_* related functions while here.
ok tb@
|
| |
|
|
|
|
|
|
| |
Change asn1_get_length_cbs() and asn1_get_object_cbs() to handle and return
a length as a size_t rather than a uint32_t. This makes it simpler and less
error prone in the callers.
Suggested by and ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than calling asn1_get_object_cbs(), call asn1_get_identifier_cbs(),
then immediately proceed with the tag number and tag class check. Only if
that succeeds (or it is not required) do we call asn1_get_length_cbs().
This avoids incurring the overhead of decoding the length in the case where
the tag number and tag class do not match.
While here rename asn1_check_tlen() to asn1_check_tag() - while we decode
the length, what we are normally checking is the tag number and tag class.
Also rename the arguments for readability. For now the argument types
and encoding remain unchanged.
ok inoguchi@ tb@
|
| | |
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
This allows us to make direct use of c2i_ASN1_OBJECT_cbs().
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
This takes a CBS, gets the ASN.1 identifier and length, ensures the
resulting identifier is a valid primitive, then returns the tag number and
the content as a CBS.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
The current OBJ_txt2obj() implementation converts the text to ASN.1
object content octets, builds a full DER encoding from it, then feeds
the entire thing back through the DER to ASN.1 object conversion. Rather
than doing this crazy dance, provide an t2i_ASN1_OBJECT_internal() function
that converts the text to ASN.1 object content octets, then creates a new
ASN1_OBJECT and attaches the content octets to it.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
The constructed ASN.1 handling in asn1_d2i_ex_primitive() and asn1_ex_c2i()
currently has code to potentially avoid a malloc/memcpy - this is a less
common code path and it introduces a bunch of complexity for minimal gain.
In particular, we're manually adding a trailing NUL when ASN1_STRING_set()
would already do that for us, plus we currently manually free() the data on
an ASN1_STRING, rather than using freezero().
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
Rewrite the ASN1_OBJECT content to ascii/text conversion code using CBB and
CBS. Currently there is a strange split with i2t_ASN1_OBJECT() calling
OBJ_obj2txt() which implements the conversion, while OBJ_txt2obj() calls
back into the misnamed a2d_ASN1_OBJECT() function. Move the conversion
code into asn1/a_object.c and have OBJ_txt2obj() call that instead.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
This moves {d2i,i2d}_ASN1_BOOLEAN() to internal only. They are unused,
but help us testing the encoding.
ok jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
Move the struct declaration to asn1_locl.h and add a forward
declaration to ossl_typ.h. This makes struct visibility in the
asn1 headers match OpenSSL.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements checking of a public key and of key generation
parameters for DH and EC keys. With the same logic and setters
and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check()
is implemented, instead EVP_PKEY_param_check() calls DH_check_ex()
even though DH_param_check_ex() was added for this purpose.
EVP_PKEY_public_check() for EC curves also checks the private key
if present.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys
are supported. If a check function is set the EVP_PKEY_METHOD, it will
be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is
used. The default ASN.1 methods wrap RSA_check_key() and
EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method
has const.
Requested by tobhe and used by PHP 8.1.
Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
Consolidate various ASN1_item_* functions into asn1_item.c and the
remaining NO_OLD_ASN1 code (not to be confused with the NO_ASN1_OLD code)
into asn1_old.c. This is preferable to having many files, often with one
or two functions per file.
No functional change.
Discussed with tb@
|
| |
|
|
|
|
|
|
|
| |
Provide internal asn1_get_identifier_cbs() and asn1_get_length_cbs()
functions that are called from asn1_get_object_cbs(). Convert the existing
ASN1_get_object() function so that it calls asn1_get_object_cbs(), before
mapping the result into the API that it implements.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There are currently three different tables in three different files that
contain information about ASN.1 universal class tag types. Range checking
is also implemented in three different places (with different
implementations).
Consolidate all of this into a single table, provide a lookup function that
deals with the range checks and wrappers to deal with specific types.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
These are internal only for now.
Based on OpenSSL 1.1.1d.
ok inoguchi@
|
| |
|
|
|
|
|
|
|
| |
Requires adding a const to the priv_decode() member of
EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode()
functions. All this is already documented this way.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
| |
can get at it, so libtls can also deal with notafter's past the
realm of 32 bit time in portable
|
| |
|
|
|
|
| |
This will only be used in portable. As noted, necessary to
make us conformant to RFC 5280 4.1.2.5.
ok jsing@ bcook@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting
the bn_* symbols. These are documented as only being intended for internal
use, so why they were placed in a public header is beyond me...
This hides 363 previously exported symbols, most of which exist in headers
that are not installed and were never intended to be public. This also
removes a few crusty old things that should have died long ago (like
_ossl_old_des_read_pw). But don't worry... there are still 3451 symbols
exported from the library.
With input and testing from inoguchi@.
ok beck@ inoguchi@
|
| |
|
|
|
|
| |
utctime and gentime wrappers accordingly. Along with some other cleanup.
this also removes the need for timegm.
ok bcook@ sthen@ jsing@
|
| |
|
|
|
|
|
|
|
| |
in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing
together in one function that converts into a struct tm. While we are at it this
also brings us into conformance with RFC 5280 for times allowed in an X509 cert,
as OpenSSL is very liberal with what it allows.
input and fixes from deraadt@ jsing@ guethther@ and others.
ok krw@, guenther@, jsing@
|
| | |
|
| | |
|
| |
|
|
| |
ok miod@
|
| |
|
|
|
|
|
|
| |
encodings and encoding of surrogate pair code points were banned. Add
checks for those, both to those functions and to the code decoding the
BMP and UNIV encodings.
ok miod@
|
| | |
|
| |
|
