openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	include asn1_locl.h where it will be needed for the bump.	tb	2022-01-07	1	-1/+2
\| \| \| \|	discussed with jsing
*	Move the now internal X.509-related structs into x509_lcl.h.	tb	2021-11-01	1	-1/+2
\| \| \| \| \| \| \| \|	Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
*	whitespace/KNF	tb	2021-05-14	1	-4/+4
\|
*	use timing-safe compares for checking results in signature verification	djm	2018-09-05	1	-3/+4
\| \| \| \| \| \|	(there are no known attacks, this is just inexpensive prudence) feedback and ok tb@ jsing@
*	Implement RSASSA-PKCS1-v1_5 as specified in RFC 8017.	tb	2018-07-23	1	-120/+148
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Based on an OpenSSL commit by David Benjamin. Alex Gaynor and Paul Kehrer from the pyca/cryptography Python library reported that more than 200 "expected to fail" signatures among Project Wycheproof's test vectors validated on LibreSSL. This patch makes them all fail. ok jsing commit 608a026494c1e7a14f6d6cfcc5e4994fe2728836 Author: David Benjamin <davidben@google.com> Date: Sat Aug 20 13:35:17 2016 -0400 Implement RSASSA-PKCS1-v1_5 as specified. RFC 3447, section 8.2.2, steps 3 and 4 states that verifiers must encode the DigestInfo struct and then compare the result against the public key operation result. This implies that one and only one encoding is legal. OpenSSL instead parses with crypto/asn1, then checks that the encoding round-trips, and allows some variations for the parameter. Sufficient laxness in this area can allow signature forgeries, as described in https://www.imperialviolet.org/2014/09/26/pkcs1.html Although there aren't known attacks against OpenSSL's current scheme, this change makes OpenSSL implement the algorithm as specified. This avoids the uncertainty and, more importantly, helps grow a healthy ecosystem. Laxness beyond the spec, particularly in implementations which enjoy wide use, risks harm to the ecosystem for all. A signature producer which only tests against OpenSSL may not notice bugs and accidentally become widely deployed. Thus implementations have a responsibility to honor the specification as tightly as is practical. In some cases, the damage is permanent and the spec deviation and security risk becomes a tax all implementors must forever pay, but not here. Both BoringSSL and Go successfully implemented and deployed RSASSA-PKCS1-v1_5 as specified since their respective beginnings, so this change should be compatible enough to pin down in future OpenSSL releases. See also https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00 As a bonus, by not having to deal with sign/verify differences, this version is also somewhat clearer. It also more consistently enforces digest lengths in the verify_recover codepath. The NID_md5_sha1 codepath wasn't quite doing this right. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1474
*	use freezero() instead of memset/explicit_bzero + free. Substantially	deraadt	2017-05-02	1	-11/+5
\| \| \| \| \| \| \| \| \| \|	reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
*	revert previous accidental commit	beck	2017-04-28	1	-7/+9
\|
*	* empty log message *	beck	2017-04-28	1	-9/+7
\|
*	Send the function codes from the error functions to the bit bucket,	beck	2017-01-29	1	-17/+15
\| \| \| \| \| \|	as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
*	Correct spelling of OPENSSL_cleanse.	jsing	2015-09-10	1	-3/+3
\| \| \| \|	ok miod@
*	Drop stupid (int) casts for the arguments of malloc() and friends. This is	miod	2015-07-19	1	-3/+3
\| \| \| \| \|	not 16-bit MS-DOS anymore. ok bcook@ tedu@
*	Remove obsolete MDC-2DES from libcrypto.	doug	2015-06-20	1	-16/+1
\| \| \| \|	ok deraadt@ jsing@ miod@
*	Only import cryptlib.h in the four source files that actually need it.	jsing	2014-07-11	1	-3/+4
\| \| \| \| \| \| \| \|	Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
*	Stop including standard headers via cryptlib.h - pull in the headers that	jsing	2014-07-10	1	-1/+3
\| \| \| \| \| \|	are needed in the source files that actually require them. ok beck@ miod@
*	More KNF.	jsing	2014-07-09	1	-10/+10
\|
*	In the old days (not in this century), SSLeay 0.4.5 would create X.509 RSA	miod	2014-07-09	1	-14/+3
\| \| \| \| \| \| \| \| \|	signatures using the wrong oid for the signature type. The signature verification code has thus been modified to allow these signatures to be accepted, with a printf to stderr to notify the user something was fishy. Remove this chunk; these signatures will no longer get accepted. ok deraadt@ guenther@ jsing@ tedu@
*	KNF	miod	2014-07-09	1	-156/+135
\|
*	tags as requested by miod and tedu	deraadt	2014-06-12	1	-1/+1
\|
*	malloc() result does not need a cast.	deraadt	2014-06-07	1	-2/+2
\| \| \| \|	ok miod
*	We have stdio and are not WIN16.	jsing	2014-05-23	1	-2/+0
\|
*	Change library to use intrinsic memory allocation functions instead of	beck	2014-04-17	1	-4/+4
\| \| \| \| \| \| \| \|	OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
*	remove FIPS mode support. people who require FIPS can buy something that	tedu	2014-04-15	1	-17/+0
\| \| \| \| \|	meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
*	resolve conflicts	djm	2012-10-13	1	-0/+33
\|
*	resolve conflicts, fix local changes	djm	2010-10-01	1	-36/+52
\|
*	resolve conflicts	djm	2009-01-09	1	-2/+22
\|
*	resolve conflicts	djm	2008-09-06	1	-2/+2
\|
*	fix RSA signature padding vulnerability in OpenSSL libcrypto CVE-2006-4339;	djm	2006-09-09	1	-0/+17
\| \| \| \|	ok beck@ miod@
*	resolve conflicts	djm	2005-04-29	1	-3/+6
\|
*	merge 0.9.7b with local changes; crank majors for libssl/libcrypto	markus	2003-05-12	1	-12/+13
\|
*	OpenSSL 0.9.7 stable 2002 05 08 merge	beck	2002-05-15	1	-13/+17
\|
*	openssl-engine-0.9.6 merge	beck	2000-12-15	1	-6/+9
\|
*	OpenSSL 0.9.5 merge	beck	2000-03-19	1	-60/+93
\| \| \| \| \| \|	warning this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
*	OpenSSL 0.9.4 merge	beck	1999-09-29	1	-18/+10
\|
*	Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build	ryker	1998-10-05	1	-0/+196
	functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.