| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
is leaked in OBJ_NAME_add.
ok tb
Found by CodeChecker.
|
| |
|
|
|
|
|
|
|
| |
IANA made a permanent registration in the SMI Security for S/MIME CMS
Content Type registry at
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
for signed objects conforming to draft-ietf-sidrops-signed-tal.
OK tb@
|
| |
|
|
|
|
| |
https://oidref.com/1.2.840.113549.1.9.16.2.47
OK tb
|
| |
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
The current OBJ_txt2obj() implementation converts the text to ASN.1
object content octets, builds a full DER encoding from it, then feeds
the entire thing back through the DER to ASN.1 object conversion. Rather
than doing this crazy dance, provide an t2i_ASN1_OBJECT_internal() function
that converts the text to ASN.1 object content octets, then creates a new
ASN1_OBJECT and attaches the content octets to it.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
Rewrite the ASN1_OBJECT content to ascii/text conversion code using CBB and
CBS. Currently there is a strange split with i2t_ASN1_OBJECT() calling
OBJ_obj2txt() which implements the conversion, while OBJ_txt2obj() calls
back into the misnamed a2d_ASN1_OBJECT() function. Move the conversion
code into asn1/a_object.c and have OBJ_txt2obj() call that instead.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current implementation uses an unsigned long, then switches to BN once
the arc exceeds its size. However, the complexity of BN_bn2dec() is
quadratic in the length of number being converted. This means that OIDs
with excessively large arcs take a lot of computation to convert to text.
While the X.660 specification states that arcs are unbounded, in reality
they are not overly large numbers - 640K^W64 bits ought to be enough for
any arc. Remove BN entirely, switch from unsigned long to uin64_t and fail
if an arc exceeds this size.
Identified via oss-fuzz timeouts - should fix #41028 and #44372.
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
Currently OBJ_obj2nid() with NID_undef returns NID_ccitt - this is due to
doing a lookup on an empty value and having NID_undef conflict with an
uninitialised NID value.
Somewhat based on OpenSSL 0fb99904809.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
This removes OBJ_bsearch_ex_() from the exported symbols and makes
OBJ_bsearch_() semi-private. It is still used in libssl.
While here, remove some hideous unused macros
ok inoguchi jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
| |
This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).
|
| |
|
|
|
|
|
|
| |
OBJ_length() turns the int obj->length into a size_t, so add
an overflow check. While obj->length should never be negative,
who knows...
ok jsing
|
| | |
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
| |
Do not expose it yet, this will wait for an upcoming bump
ok tb@
|
| |
|
|
|
|
| |
draft-ietf-sidrops-aspa-profile
OK tb@
|
| |
|
|
| |
OK beck@ tb@
|
| |
|
|
| |
OK tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To generate current obj_xref.h, third item of lines
id_tc26_signwithdigest_gost3410_2012_256/512 should be id_GostR3410_2001.
obj_xref.txt r1.2 and obj_xref.h r1.3 were committed at the same time,
and these third item were coded different value each other.
This adjusts obj_xref.txt to current obj_xref.h.
ok tb@
|
| |
|
|
|
|
|
| |
Modify objxref.pl to output $OpenBSD$ header and
__BEGIN_HIDDEN_DECLS / __END_HIDDEN_DECLS .
ok and comment from tb@
|
| |
|
|
|
|
|
|
|
|
| |
Found missing sigoid_srt record in crypto/objects/obj_xref.h, and
this causes error while executing openssl cms -encrypt with EC key/cert.
Added required definitions to obj_xref.txt and obj_xref.h.
Issue reported by Theodore Wynnychenko (tmw <at> uchicago.edu) on misc.
ok tb@
|
| |
|
|
|
|
|
|
| |
Listed under 'SMI Security for S/MIME CMS Content Type
(1.2.840.113549.1.9.16.1)'
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
OK tb@
|
| |
|
|
|
|
|
|
|
| |
https://tools.ietf.org/html/draft-ietf-opsawg-finding-geofeeds describes
a mechanism to authenticate RFC 8805 Geofeed data files through the RPKI.
OpenSSL counterpart https://github.com/openssl/openssl/pull/14050
OK tb@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
RFC6482 - A Profile for Route Origin Authorizations (ROAs)
RFC6484 - Certificate Policy (CP) for the RPKI
RFC6493 - The RPKI Ghostbusters Record
RFC8182 - The RPKI Repository Delta Protocol (RRDP)
RFC8360 - RPKI Validation Reconsidered
draft-ietf-sidrops-rpki-rta - A profile for RTAs
Also in OpenSSL: https://github.com/openssl/openssl/commit/d3372c2f35495d0c61ab09daf7fba3ecbbb595aa
OK sthen@ tb@ jsing@
|
| |
|
|
|
|
|
|
| |
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
These GOST curves are defined in RFC 7836 and draft-deremin-rfc4491-bis.
Add aliases for 256-bit GOST curves (see
draft-smyshlyaev-tls12-gost-suites) and rename the 512-bit curve ids to
follow names defined in tc26 OID registry.
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux.
ok inoguchi@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
| |
Based on OpenSSL 1.1.1b.
ok inoguchi@ tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This is an ISC licensed version based on the sources by Ribose Inc
that were ported to OpenSSL in 2017.
Patch from Daniel Wyatt with minor tweaks.
ok inoguchi, jsing
|
| |
|
|
|
|
| |
with the OID for SM2 signing with SM3.
From Daniel Wyatt
|
| |
|
|
|
|
|
|
|
| |
tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory
for legal use of cryptography within China and [are] widely applied in
the country, covering identification/financial cards, contactless,
TPM 2.0 and PKI.
ok beck inoguchi jsing
|
| |
|
|
| |
ok inoguchi, jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
authentication.
|
| |
|
|
| |
From Kyle J. McKay <mackyle at gmail dot com>
|
| | |
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| |
|
|
| |
LIBRESSL_INTERNAL.
|
| |
|
|
| |
No change to generated assembly excluding line numbers.
|
| |
|
|
|
| |
reported by @rhenium on GitHub
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting
the bn_* symbols. These are documented as only being intended for internal
use, so why they were placed in a public header is beyond me...
This hides 363 previously exported symbols, most of which exist in headers
that are not installed and were never intended to be public. This also
removes a few crusty old things that should have died long ago (like
_ossl_old_des_read_pw). But don't worry... there are still 3451 symbols
exported from the library.
With input and testing from inoguchi@.
ok beck@ inoguchi@
|
| |
|
|
| |
ok miod@
|
| |
|
|
| |
ok tedu@
|
| |
|
|
|
|
| |
buf is at all times kept nul terminated, so there is no need to enforce
this again upon exit. (no need to move buf around after we exahust space.)
ok beck miod
|
