| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Initialize the mdalgs stack at the top and test and assign for ctype_nid.
Use an empty line to separate variable declarations from the actual code
and zap an extra empty line.
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Discussed with jsing and beck
|
| |
|
|
|
|
| |
Add and fix FALLTHROUGH statement. I was confused for way too long since
I hadn't noticed that this case fell through to the next. Also add and
move some empty lines in the cms_cb() to make this resemble KNF more.
|
| |
|
|
|
|
|
|
| |
Check the return value of BIO_set_md(). Prompted by OpenSSL's fix for
CVE-2023-0401 (the crash in that bug is an OpenSSL 3-only problem due
to provider design).
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
| |
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h
fix suggested by & ok jsing
|
| |
|
|
|
|
|
| |
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
|
|
|
|
| |
This applies the guentherizer 9000(tm) to pkcs7, after moving
several pkcs7 funcitions back to pkcs7 that were in x509/x_all.c
for reasons known only to the miasma.
ok jsing@
|
| |
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
| |
|
|
|
|
|
|
|
|
|
| |
For some unknown historical reason, X509_ATTRIBUTE allows for a single
ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF.
Simplify encoding and remove support for single values - this is similar
to OpenSSL e20b57270dec.
This removes the last use of COMBINE in the ASN.1 decoder.
ok tb@
|
| |
|
|
|
|
|
| |
This is unused and was removed in OpenSSL 5b70372d when it was
replaced with an ASN.1 ADB callback (which we don't support).
ok inoguchi jsing
|
| |
|
|
|
|
| |
evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
|
| |
|
|
|
|
|
|
| |
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
A number of years ago we dropped the concept of having function names in
errors, since it is not that useful and very quickly gets out of sync when
refactoring. It would seem that some new ones got imported and some missed
the last clean up.
ok tb@ beck@ "kill it with fire"
|
| |
|
|
| |
ok bcook@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(Note that the CMS code is currently disabled.)
Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license)
tests from bluhm@
ok jsing
commit e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun Sep 1 00:16:28 2019 +0200
Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
An attack is simple, if the first CMS_recipientInfo is valid but the
second CMS_recipientInfo is chosen ciphertext. If the second
recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
encryption key will be replaced by garbage, and the message cannot be
decoded, but if the RSA decryption fails, the correct encryption key is
used and the recipient will not notice the attack.
As a work around for this potential attack the length of the decrypted
key must be equal to the cipher default key length, in case the
certifiate is not given and all recipientInfo are tried out.
The old behaviour can be re-enabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9777)
(cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37)
|
| |
|
|
|
|
|
|
|
|
|
| |
mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function
takes signs into account while ASN1_STRING_cmp doesn't. The mixups
mostly involve serialNumbers, which, in principle, should be positive.
However, it is unclear whether that is checked or enforced anywhere
in the code, so these are probably bugs.
Patch from Holger Mikolon
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
reduces conditional logic (-218, +82).
MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c
wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and
BN_FLG_STATIC_DATA where the condition cannot be collapsed completely.
Passes regress. ok beck
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| | |
|
| |
|
|
| |
preprocesssor output.
|
| |
|
|
|
| |
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.
|
| | |
|
| |
|
|
| |
ok beck@ jsing@
|
| |
|
|
| |
No change in preprocessed output, ignoring whitespace and line numbers.
|
| | |
|
| |
|
|
|
|
|
| |
different from the macro expansion, but the result is the same. Also
replace some ASN1_STRING_dup() with ASN1_INTEGER_dup().
ok beck@ doug@
|
| |
|
|
| |
ok miod@
|
| |
|
|
|
|
| |
assembly.
ok bcook@
|
| | |
|
| |
|
|
|
| |
type.
ok guenther@ doug@
|
| |
|
|
|
| |
memory. Coverity CID 24810, 24846.
ok bcook@ doug@
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
These include:
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed.
Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
| |
|
|
|
|
|
|
| |
macros so that the code is visible and functions can be readily located.
Change has been scripted and there is no change to the generated assembly.
Discussed with beck@ miod@ tedu@
|
| |
|
|
| |
the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
| |
|
|
|
|
|
|
|
| |
and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
|
| |
|
|
|
|
|
|
| |
functions can be readily located.
Change has been scripted and there is no change to the generated assembly.
Discussed with beck@ miod@ tedu@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently "very old" Netscape versions illegally included empty content
and a detached signature. OpenSSL removed the #if 0 that protected
these users and added a new button OPENSSL_DONT_SUPPORT_OLD_NETSCAPE.
It appears to be off by default to keep the hopes and dreams of very old
Netscape users alive. We decided to be rebels and disable support.
If you installed your browser from floppy disks, it's time to upgrade!
Based on OpenSSL commit: 02a938c953b3e1ced71d9a832de1618f907eb96d
ok tedu@, miod@, jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't
strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3
3d47c1d331fdc7574d2275cda1a630ccdb624b08
dfb56425b68314b2b57e17c82c1df42e7a015132
c8fa2356a00cbaada8963f739e5570298311a060
f16a64d11f55c01f56baa62ebf1dec7f8fe718cb
9ccc00ef6ea65567622e40c49aca43f2c6d79cdb
02a938c953b3e1ced71d9a832de1618f907eb96d
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
d6fbb194095312f4722c81c9362dbd0de66cb656
6f1a93ad111c7dfe36a09a976c4c009079b19ea1
1a5adcfb5edfe23908b350f8757df405b0f5f71f
8de24b792743d11e1d5a0dcd336a49368750c577
a2b18e657ea1a932d125154f4e13ab2258796d90
8e964419603d2478dfb391c66e7ccb2dcc9776b4
32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.
This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.
None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.
|
| |
|
|
| |
ok doug@ jsing@
|
| |
|
|
|
|
|
|
| |
arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.
ok deraadt@
|
| | |
|
| |
|
|
|
|
| |
Remove unnecessary NULL check.
ok miod@
|
