summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Tweak some comments and whitespace around commentstb2022-07-291-9/+32
|
* Do not pass input length <= 0 to the cipher handlerstb2022-07-261-11/+17
| | | | | | | | | | Input length < 0 is an error and input length == 0 can result in strange effects in some ciphers, except in CCM mode, which is extra special. Based on OpenSSL 420cb707 by Matt Caswell and Richard Levitte found by & ok jsing
* fix indenttb2022-07-251-2/+2
|
* Plug leak in X509V3_add1_i2d()tb2022-07-241-2/+3
| | | | | | | | Do not leak the extension that was deleted from the stack. via OpenSSL c3efe5c9. ok jsing
* Prepare to resurrect TS_RESP_CTX_set_time_cb()tb2022-07-242-2/+14
| | | | | | | | | This was removed shortly after the fork since TS is not 2038-ready and since there were no consumers of this API. Now there are consumers and they add it themselves if it's missing from libcrypto. This will no longer be possible with opaque TS structs, so begrudgingly add it back. ok jsing kn
* Prepare to provide TS_VERIFY_CTX accessorstb2022-07-242-2/+79
| | | | | | | | | | | | | | | | | | | | | | | | The setters make no sense since they do not free the old members and return what was passed in instead of returning the old struct member so that the caller has a chance of freeing them. This has the side effect that calling a setter a second time will likely result in a leak. TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but the other three setters were missed since discussing the contributor's CLA was more important. Also missed was that adding frees will result in double frees: careful consumers like openssl/ruby have workarounds for the strange existing semantics. Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the public API with a typo. A good illustration of the amount of thought and care that went into the OpenSSL 1.1 API by both the implementers and the reviewers. Amazing job overall. We will be stuck with this nonsense for a long time. ok jsing kn
* Prepare to provide various TS_STATUS_INFO accessorstb2022-07-242-2/+34
| | | | | | | | This adds TS_STATUS_get0_{failure_info,text,status}() as well as TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1) when we make the structs in ts.h opaque. ok kn jsing
* Align PKCS12_key_gen_uni() with OpenSSLtb2022-07-241-58/+50
| | | | | | | | This is Dr Stephen Henson's rewrite avoiding BIGNUM (OpenSSL 54c68d35). Additionally this pulls in a < vs <= fix by Pauli Dale (OpenSSL 9d868840). There is also some minor cleanup by myself. ok jsing
* Minor fixes in PKCS12_parse()tb2022-07-241-24/+23
| | | | | | | | Pull up clearing of output parameters before first return (OpenSSL 524fdd51 by Bernd Edlinger), explicit comparisons against NULL, '\0', etc. ok jsing
* Per RFC 7292, safeContentsBag is a SEQUENCE OF, not a SET OFtb2022-07-241-2/+2
| | | | | | OpenSSL b709babb by Richard Levitte ok jsing
* Clear key on exit in PKCS12_gen_mac()tb2022-07-241-25/+38
| | | | | | | | | Also switch to heap-allocated HMAC_CTX and clean a few things up stylistically. loosely based on OpenSSL f5cee414 by Shane Lontis ok jsing
* Plug a leak in PKCS12_setup_mac()tb2022-07-241-2/+3
| | | | | | based on OpenSSL 1b8f1937 by Dmitry Belyavskiy ok jsing
* Start making ts opaquetb2022-07-2410-50/+134
| | | | | | | | | Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them. Include ts_local.h where necessary or where it will be needed soon. ok jsing
* Fix file names in comments.tb2022-07-231-7/+7
|
* Avoid unnecessary loops in BN_generate_prime_ex()tb2022-07-191-4/+6
| | | | | | | | | Since there is nothing randomized in bn_is_prime_bpsw(), the concept of rounds makes no sense. Apply a minimal change for now that avoids expensive loops that won't change the outcome in case we found a probable prime. ok jsing
* Handle X509_check_purpose(3) and EVP_get_digestbyobj(3)kn2022-07-171-2/+5
| | | | OK tb
* Add initial support for ESSCertIDv2 verificationkn2022-07-171-19/+99
| | | | | | | | | Based on OpenSSL commit f0ef20bf386b5c37ba5a4ce5c1de9a819bbeffb2 "Added support for ESSCertIDv2". This makes TS validation work in the new security/libdigidocpp port. Input OK tb
* Add ESSCertIDv2 stack macroskn2022-07-161-1/+25
| | | | | | | | Copy existing ESSCertID macros and s/_ID/&_V2/g. Guard the new code under LIBRESSL_INTERNAL to defer visibility. OK tb
* Add ESSCertIDv2 ASN.1 boilerplatekn2022-07-162-2/+170
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb). ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2) IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) Feedback OK tb
* Add NID for signingCertificateV2kn2022-07-162-0/+2
| | | | | | https://oidref.com/1.2.840.113549.1.9.16.2.47 OK tb
* Avoid direct X509 structure accesskn2022-07-162-12/+12
| | | | | | | Cherry-picked from OpenSSL commit a8d8e06b0ac06c421fd11cc1772126dcb98f79ae. This reduces upcoming TS changes. OK jsing tb
* Zap duplicate ERR_load_TS_strings() prototypekn2022-07-161-3/+1
| | | | | | It's defined again (more appropiately) further down above the error codes. OK jsing tb
* Expand the comment explaining the for loop with bn_lucas_step() a bit.tb2022-07-151-3/+3
|
* Comment for factorization of n - 1 = k * 2^s in bn_miller_rabin_base_2()tb2022-07-151-1/+2
|
* Rename is_perfect_square to out_perfect in prototype to matchtb2022-07-151-2/+2
| | | | the code in bn_isqrt.c.
* Zap trailing whitespacetb2022-07-141-4/+4
|
* add a few .Xr links to new manual pagesschwarze2022-07-1311-24/+36
|
* In dsa.h rev. 1.34 (14 Jan 2022), tb@ provided DSA_bits(3).schwarze2022-07-131-10/+51
| | | | | | | Document it from scratch. While here, merge a few details from the OpenSSL 1.1.1 branch, which is still under a free license, into the documentation of DSA_size(3).
* In x509_vfy.h rev. 1.54, tb@ provided X509_VERIFY_PARAM_get_time(3)schwarze2022-07-131-3/+44
| | | | | | and X509_VERIFY_PARAM_set_auth_level(3). Document them. For the latter, i included a few sentences from the OpenSSL 1.1.1 branch, which is still under a free license.
* link three new manual pages to the buildschwarze2022-07-131-1/+4
|
* Cast int64_t to uint64_t before negating.jsing2022-07-131-3/+7
| | | | | | | | | Avoid undefined behaviour/integer overflow by casting an int64_t to uint64_t before negating. Fixes oss-fuzz #49043 ok tb@
* Write documentation for EVP_PKEY_check(3), EVP_PKEY_public_check(3),schwarze2022-07-135-44/+504
| | | | | | | | | | | | EVP_PKEY_param_check(3), and EVP_PKEY_security_bits(3) from scratch. Move the documentation of EVP_PKEY_size(3) and EVP_PKEY_bits(3) to the new manual page EVP_PKEY_size(3). Merge the documentation of the related function pointers from the OpenSSL 1.1.1 branch, which is still under a free license. OK tb@ on the new page EVP_PKEY_size(3).
* Simplify computation of max_pub_key = dh->p - 1.tb2022-07-131-4/+2
| | | | ok jsing
* New manual page written from scratch;schwarze2022-07-131-0/+137
| | | | | tb@ recently added these functions to libcrypto and also provided feedback on my first draft of this page.
* On May 4 14:19:08 2006 UTC, while fixing a security issue, djm@schwarze2022-07-131-11/+64
| | | | | | | | | provided the new public function DH_check_pub_key(3) in <openssl/dh.h>. Sorry for being a bit tardy in documenting the new function. Then again, OpenSSL doesn't document it either, yet. While here, drop a HISTORY entry about a constant that was renamed in OpenSSL 0.9.5. That's no longer relevant.
* Do not make tables static so we can access them from regress.tb2022-07-131-5/+5
|
* Enable BPSW primality test.tb2022-07-131-1/+3
| | | | ok jsing
* Hook BPSW into BN_is_prime_fasttest_ex()tb2022-07-131-3/+13
| | | | ok jsing
* Link bn_bpsw.c to buildtb2022-07-131-2/+2
| | | | ok jsing
* Implement the Baillie-PSW primality testtb2022-07-132-1/+423
| | | | | | | | | | | | | | | | | | | | | | | | | | | It has long been known that pure Miller-Rabin primality tests are insufficient. "Prime and Prejudice: Primality Testing Under Adversarial Conditions" https://eprint.iacr.org/2018/749 points out severe flaws in many widely used libraries. In particular, they exhibited a method to generate 2048-bit composites that bypass the default OpenSSL (and hence LibreSSL) primality test with a probability of 1/16 (!). As a remedy, the authors recommend switching to using BPSW wherever possible. This possibility has always been there, but someone had to sit down and actually implement a properly licensed piece of code. Fortunately, espie suggested to Martin Grenouilloux to do precisely this after asking us whether we would be interested. Of course we were! After a good first implementation from Martin and a lot of back and forth, we came up with the present version. This implementation is ~50% slower than the current default Miller-Rabin test, but that is a small price to pay given the improvements. Thanks to Martin Grenouilloux <martin.grenouilloux () lse ! epita ! fr> for this awesome work, to espie without whom it wouldn't have happened, and to djm for pointing us at this problem a long time back. ok jsing
* Link bn_isqrt.c to buildtb2022-07-131-1/+2
| | | | ok jsing
* Integer square root and perfect square testtb2022-07-132-1/+241
| | | | | | | | | | | | | | This adds an implementation of the integer square root using a variant of Newton's method with adaptive precision. The implementation is based on a pure Python description of cpython's math.isqrt(). This algorithm is proven to be correct with a tricky but very neat loop invariant: https://github.com/mdickinson/snippets/blob/master/proofs/isqrt/src/isqrt.lean Using this algorithm instead of Newton method, implement Algorithm 1.7.3 (square test) from H. Cohen, "A course in computational algebraic number theory" to detect perfect squares. ok jsing
* Unbreak the tree, after the previous commit.jsing2022-07-121-2/+1
|
* Move BN_lsw() to bn_lcl.h so that other code can use it.tb2022-07-122-5/+5
| | | | ok jsing
* Remove mkerr.pl remnants from LibreSSLkn2022-07-1261-1249/+59
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Sync cert.pem with certdata.txt from the NSS release branch. OK tb@ bcook@sthen2022-07-111-382/+849
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remove (expired): /O=Cybertrust, Inc/CN=Cybertrust Global Root /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign remove: /C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC /C=GB/O=Trustis Limited/OU=Trustis FPS Root CA add new root (existing CAs): /C=TW/O=Chunghwa Telecom Co., Ltd./CN=HiPKI Root CA - G1 /C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 1 2020 /C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 1 2020 /C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS ECC Root CA 2021 /C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS RSA Root CA 2021 /C=US/O=Internet Security Research Group/CN=ISRG Root X2 /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2 add (new CAs): /C=TN/O=Agence Nationale de Certification Electronique/CN=TunTrust Root CA /serialNumber=G63287510/C=ES/O=ANF Autoridad de Certificacion/OU=ANF CA Raiz/CN=ANF Secure Server Root CA /C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum EC-384 CA /C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum Trusted Root CA /C=AT/O=e-commerce monitoring GmbH/CN=GLOBALTRUST 2020 /C=CN/O=iTrusChina Co.,Ltd./CN=vTrus ECC Root CA /C=CN/O=iTrusChina Co.,Ltd./CN=vTrus Root CA /C=FI/O=Telia Finland Oyj/CN=Telia Root CA v2 replace with another cert with same CN (SHA1 vs SHA256): /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
* fix NULL return adding missing semicolonbcook2022-07-111-2/+2
| | | | ok tb@
* In dsa.h rev. 1.38, tb@ provided DSA_meth_get0_name(3)schwarze2022-07-101-8/+55
| | | | | | and DSA_meth_set1_name(3). Merge the documentation from the OpenSSL 1.1.1 branch, which is still under a free license, significantly tweaked by me.
* Make ASN1_{INTEGER,ENUMERATED}_get() return 0 on NULL againtb2022-07-092-2/+6
| | | | | | | | This is the documented behavior which got lost in the recent rewrite. Mismatch of documentation and reality pointed out by schwarze ok jsing
* Document ASN1_INTEGER_get_uint64(3), ASN1_INTEGER_get_int64(3),schwarze2022-07-091-6/+90
| | | | | | | | | | | ASN1_INTEGER_set_uint64(3), ASN1_INTEGER_set_int64(3), ASN1_ENUMERATED_get_int64(3), and ASN1_ENUMERATED_set_int64(3) recently provided by tb@. Even though Dr. Steven Henson also documented these functions in OpenSSL, the text over there is excessively verbose, repetitive, very badly ordered, and incomplete, so i chose to instead write this patch from scratch, also adding some precision in a few places.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 04:50:29 +0000