| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This is analogous to EVP_CIPHER_CTX_legacy_clear() and will serve as an
internal replacement for EVP_MD_CTX_init() until the conversion to heap
allocated ctx is completed. This way EVP_MD_CTX_init() can be changed to
match the OpenSSL 1.1 API.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 1.1 made EVP_CIPHER_CTX_init() an alias of EVP_CIPHER_CTX_reset().
In particular, it changed signature and it would no longer leak internal
state if used on an already used ctx. On the other hand, it can't be used
for ctx on the stack.
libcrypto still has a few ctx on the stack which will be converted to heap
allocated contexts at some point. Until this is completed, we will use
EVP_CIPHER_CTX_legacy_clear() internally, so that the public API can be
changed to match OpenSSL 1.1.
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
BIO_set() is a dangerous function that cannot be used safely. Thankfully,
the only consumer is BIO_new(), hence inline the functionality and disable
the BIO_set() function (for complete removal in the near future).
ok tb@
|
| |
|
|
|
|
|
|
| |
Rather than 'a' or 'b', use 'bio' more consistently - there are still some
more complex cases that have been left alone for now. Also use fewer
parentheses.
No change to generated assembly other than line numbers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While EC_POINT_set_affine_coordinates() checks that the resulting point
is on the elliptic curve, this is only necessary, but not sufficient, to
ensure that the point can serve as a valid public key. For example, this
does not check for normalized coordinates or exclude that it is zero (the
point at infinity). Such checks, and more, are performed by the similarly
named EC_KEY_set_public_key_affine_coordinates().
This kind of makes sense from the mathematical standpoint as an elliptic
curve point isn't a priori a public key, even if you are not going to use
libcrypto for actual mathematics (or anything really) unless you like pain.
In a cryptographic library such differences are more of a hazard than a
help.
This is exacerbated by the fact that EC_KEY_set_public_key() does almost
no checking (it only checks that the point's EC_POINT method matches the
one of group set of the EC_KEY, which is far from enough). The API expects
that you call EC_KEY_check_key() on your own. This is kind of confusing
since EC_KEY_set_public_key_affine_coordinates() does that for you.
Unfortunately, adding sanity checks to EC_KEY_set_public_key() isn't easy
since it's going to penalize those who already check. Caching the result
of a check is dangerous and fragile if there are a million ways of fiddling
with an EC_KEY.
While the elliptic curve code is really bad, its documentation is worse
(another thing that applies to OpenSSL in general). Try to help that a
little bit by making it more explicit that you are supposed to call
EC_KEY_check_key() after using lower-level EC_KEY setters. Also make it
clearer that the setters copy the data, they don't take ownership (which
isn't obvious from the naming).
If OpenSSL 3 got one thing kind of right, it was to deprecate the EC_KEY
and EC_POINT APIs. But if you are going to deprecate something, you should
either be prepared to remove it or have a reasonable replacement...
Found by Guido Vranken using cryptofuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66667
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This API returns an int encoding the number of bytes printed. Thus, a dump
of a large enough byte string can make this overflow and rely on undefined
behavior. With an indent of 64, as little as 26 MB is enough to make this
happen.
ok jsing
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
| |
The hash was just created with EVP_MD_CTX_new(), so we memset a calloced
piece of memory to 0.
|
| |
|
|
| |
Also drop now unnecessary NULL checks before it.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of heaps of unchecked strlcpy/strlcat/snprintf doing hard to follow
gymnastics, use a byte string, a somewhat comprehensible computation of the
number of bytes to dump per output line and write using checked BIO_printf()
directly to the BIO.
Longer strings will still overflow the terminal width of 80 and even longer
strings will still overflow the return value (undefined behavior). I don't
care much about the former but the latter should be fixed in a later pass.
ok beck
|
| |
|
|
| |
the trust store is yet another obscure way to add a trust anchor
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This API was already cleaned up quite a bit, but it is unused in the
ecosystem and the two internal callers can be simplified a lot when
inlining the lookups.
EVP_PBE_CipherInit() can walk the table of "outer" PBEs and reach into
the matching pbe for its cipher_nid, md_nid and keygen().
PKCS5_v2_PBKDF2_keyivgen() uses EVP_PBE_find() as a way to mapping a
PRF (given by the nid of an HMAC with some digest) to the digest's nid.
This can be done by a simple switch. Move MD5 to the top and GOST to
the end in that switch and wrap the latter in OPENSSL_NO_GOST, so it
will go away once we define OPENSSL_NO_GOST.
ok beck
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
apache-httpd uses BIO_dump(), libssl uses BIO_dump_indent(), and the
openssl(1) app uses both. Otherwise this is unused. This is horribly
bad code even by libcrypto standards.
By doing away with the callbacks fixes incorrect error checking for
fwrite() but there is a lot more wrong in here. This can be cleaned
up in a later pass, the only concern here is to be able to remove the
unused variants in the next major bump.
ok beck
|
| |
|
|
|
|
|
| |
This is the only OBJ_NAME API that will remain after the next major bump.
The API is misnamed and really is about EVP, so move it to an EVP manual
documenting another API doing essentially the same thing. Remove most cross
references to OBJ_NAME_*.
|
| | |
|
| |
|
|
|
|
|
|
| |
We have a bunch of code that relies on this. Surely there is code out
there in the wider ecosystem that relies on these being NULL-safe by
now since upstream sprinkles NULL checks wherever they can.
ok beck joshua
|
| |
|
|
|
|
|
|
| |
References:
https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
OK tb@
|
| |
|
|
|
|
|
|
| |
References:
https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
OK tb@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This replaces usage of EVP_CIPHER_CTX_init() with EVEP_CIPHER_CTX_new(),
and EVP_CIPHER_CTX_cleanup() with EVP_CIPHER_CTX_reset().
This also replaces usage of malloc with calloc, and free with freezero.
ok tb@
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
| |
These are only used by the EVP_PBE routines and will become internal in
the next major bump.
|
| | |
|
| | |
|
| |
|
|
| |
This has been a noop since forever and will be removed in the next bump.
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3
signature algorithms. With this diff, ECDSA certificates and CMS products
using ECDSA with SHA-3 can be generated using the openssl command line tool.
ok jsing
|
| |
|
|
| |
ok job jsing
|
| |
|
|
|
|
|
| |
This teaches the object database OID, long and short names for the
ACME identifier X.509v3 extension defined in RFC 8737.
ok job jsing
|
| |
|
|
|
|
| |
Closing this directory now until the daily Coverity run throws a hissy fit.
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The PKCS #7 ContentInfo has a mandatory contentType, but the content itself
is OPTIONAL. Various unpacking API assumed presence of the content type is
enough to access members of the content, resulting in crashes.
Reported by Bahaa Naamneh on libressl-security, many thanks
ok jsing
|
| |
|
|
|
|
|
|
| |
With the previous refactoring, newpass_p12() became simple enough that it
doesn't require a separate function anymore. Merge the public API into it
and move it below (most of) the things it calls.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is essentially unused. The only consumer, www/kore,-acme is in the
process of being fixed. It is also incomplete: in particular, the verifier
doesn't learn about extensions added to the list, making the entire
exercise rather pointless. So let's ditch that crap.
This was the last consumer of the horror that is OBJ_bsearch_().
The even worse OBJ_bsearch_ex_() is still being "used" by M2Crypto...
This prepares the removal of X509V3_EXT_{add{,_list,_alias},cleanup}().
and removes another piece of thread-unsafe global state.
ok jsing
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
|
|
|
| |
Split the bottom half that repacks the authsafes into a helper function.
This simplifies the curly exit path and makes it clearer what is being
done. PKCS12_pack_authsafes() is a very inconvenient API and there are
some extra dances needed due to it.
ok jsing
|
