|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| 
| | This removes the remaining ENGINE members from various internal structs
and functions. Any ENGINE passed into a public API is now completely
ignored functions returning an ENGINE always return NULL.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| | This is mechanical apart from a few manual edits to avoid doubled empty
lines.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Due to OPENSSL_NO_ENGINE the engine member of dh and dsa is currently
uninitialized. As a consequence, {DH,DSA}_get0_engine() will return a
garbage pointer, which is particularly bad because the only reason we
kept them in the first place is that they are used by some software...
A side effect of freeing with {DH,DSA}_free() instead of a hand-rolled
version is that we may call ->meth->finish() before ->meth->init() was
called. We need a NULL check for ->meth to be on the safe side in case
we should need to bring ENGINE back.
with nits from djm
ok deraadt djm | 
| | 
| 
| 
| | ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | The private key is a random number in [1, q-1], so 1 must be allowed.
Since q is at least an 160-bit prime and 2^159 + 1 is not prime (159
is not a power of 2), the probability that this is hit is < 2^-159,
but a tiny little bit wrong is still wrong.
Found while investigating a report by bluhm
ok jsing | 
| | 
| 
| 
| 
| 
| 
| | BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly
instead.
ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This is a cheap check that ensures basid parameter consistency per
FIPS 186-4: 1 < g < q, that q has the allowed bit sizes 160, 224, 256
and that p is neither too small nor too large. Unfortunately, enforcing
the three allowed sizes for p is not possible since the default dsa key
generation has not respected this limitation.
Instead of checking that p and q are prime, we only check that they
are odd. Check that public and private keys, if set, are in the proper
range. In particular, disallow zero values.
Various versions of these checks have been added to the dsa code
over time. This consolidates and extends them and in a subsequent
commit wewill replace the incomplete checks. BoringSSL has a similar
function of the same name, thanks to David Benjamin for pointing it
out.
ok beck jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | DSA_size() and ECDSA_size() have a very special hack. They fudge up an
ASN1_INTEGER with a size which is typically > 100 bytes, backed by a
buffer of size 4. This was "fine", however, since they set buf[0] = 0xff,
where the craziness that was i2c_ASN1_INTEGER() only looks at the first
octet (one may then ask why a buffer of size 4 was necessary...).
This changed with the rewrite of i2c_ASN1_INTEGER(), which doesn't
respect this particular hack and rightly assumes that it is fed an
actual ASN1_INTEGER...
Instead, create an appropriate signature and use i2d to determine its
size.
Fixes an out-of-bounds read flagged by ASAN and oss-fuzz.
ok jsing | 
| | 
| 
| 
| | ok beck jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This was obtained by porting the OpenSSL commit below and then using
expand_crypto_asn1.go to unroll the new ASN.1 macros - actually the
ones from 987157f6f63 which fixed the omission of dsa_cb() in the
first commit.
ok inoguchi jsing
commit ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Thu Mar 26 14:35:49 2015 +0000
    Simplify DSA public key handling.
    DSA public keys could exist in two forms: a single Integer type or a
    SEQUENCE containing the parameters and public key with a field called
    "write_params" deciding which form to use. These forms are non standard
    and were only used by functions containing "DSAPublicKey" in the name.
    Simplify code to only use the parameter form and encode the public key
    component directly in the DSA public key method.
    Reviewed-by: Richard Levitte <levitte@openssl.org> | 
| | 
| 
| 
| 
| 
| | including the local header where it will be needed.
discussed with jsing | 
| | 
| 
| 
| 
| 
| | it will be needed in the upcoming bump.
discussed with jsing | 
| | 
| 
| 
| 
| 
| | Used by Qt5 and Qt6 and slightly reduces the patching in there.
ok inoguchi jsing | 
| | 
| 
| 
| | ok inoguchi jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | OpenSSL commit 7c96dbcdab9 by Rich Salz.
This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifndef OPENSSL_NO_ENGINE.  codesearch.debian.net
shows that almost nothing checks the return value of ENGINE_finish().
While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'.
ok jsing, tested by & ok inoguchi | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| 
| 
| | EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().
ok jsing | 
| | 
| 
| 
| 
| 
| | as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | If you didn't enable deprecated code, there were missing err.h and
bn.h includes.  This commit allows building with or without deprecated
code.
This was not derived from an OpenSSL commit.  However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.
Verified with clang that this only changes line numbers in the generated
asm.
ok miod@ | 
| | 
| 
| 
| 
| 
| 
| | Improves readability, keeps the code smaller so that it is warmer in your
cache.
review & ok deraadt@ | 
| | 
| 
| 
| 
| 
| 
| 
| | Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers. | 
| | 
| 
| 
| 
| 
| | Also remove unused des_ver.h, which exports some of these strings, but is not installed.
ok miod@ tedu@ | 
| | |  | 
| | |  | 
| | 
| 
| 
| | ok miod | 
| | 
| 
| 
| | ok miod | 
| | 
| 
| 
| 
| 
| 
| 
| | OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free | 
| | 
| 
| 
| 
| | meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs | 
| | |  | 
|  | functionality for shared libs.
Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.
Needs documentation and help from ports for easy upgrade to full
functionality where legally possible. |