summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix X509_ALGOR_set0() usage in rsa_alg_set_oaep_padding()tb2023-11-091-4/+6
| | | | | | | | | | | Replace X509_ALGOR_set0() with X509_ALGOR_set0_by_nid(). This way there is no missing error checking for OBJ_nid2obj() and no nested functions. Slightly more importantly, this plugs two long standing potential leaks in this function (or previously rsa_cms_encrypt()) due to missing error checking: in the unlikely event that X509_ALGOR_set0() failed, astr/ostr would leak. ok jsing
* Use X509_ALGOR_set0_by_nid() in rsa_mgf1md_to_maskGenAlgorithm()tb2023-11-091-5/+2
| | | | ok jsing
* More minor cleanup in rsa_alg_set_oaep_padding()tb2023-11-081-4/+3
| | | | | Test and assign one more instance replace a useless comment by an empty line.
* Prepare further fixes of X509_ALGOR_set0() misusetb2023-11-081-8/+7
| | | | | | | | In rsa_alg_set_oaep_padding() rename los to ostr for consistency with astr, make it have function scope, free ostr in the error path and assume X509_ALGOR_set0() success. ok jca
* zap a stray spacetb2023-11-081-2/+2
|
* Rename os into astr in rsa_alg_set_oaep_padding()tb2023-11-081-6/+6
|
* Rename pkctx to pkey_ctx in rsa_alg_set_oaep_padding() and rsa_cms_encrypt()tb2023-11-081-9/+9
|
* Some simple cosmetics in rsa_alg_set_oaep_padding()tb2023-11-081-4/+8
| | | | | | | Rename rv into ret and split it on its own line, move labellen a bit down add some empty lines. To match style elsewhere. Most of this was requested by jsing
* Split OAEP padding handling into a helper functiontb2023-11-081-53/+59
| | | | | | | | This matches what is done for PKCS#1 1.5 and PSS. This function needs a lot of work still, but it's easier to do that without having to tiptoe around a lot of other garbage. ok jsing
* Move CMS_RecipientInfo_ktri_get0_algs() down a few lines and fix itstb2023-11-071-3/+6
| | | | error check
* Move CMS_RecipientInfo_get0_pkey_ctx() to first use of pkctxtb2023-11-071-3/+3
|
* Inline rsa_ctx_to_pss_string()tb2023-11-071-16/+6
| | | | | | After previous refactoring, rsa_all_set_pss_padding() is the last remaining caller of the weirdly named and ugly rsa_all_set_pss_padding(). This can be handled in a few simple lines now that this mess has slightly cleaner code.
* Rename pkctx to pkey_ctx in rsa_{cms,item}_sign()tb2023-11-071-26/+26
|
* Trivial cleanup in rsa_cms_sign()tb2023-11-071-5/+5
| | | | | Check and assign the EVP_PKEY_CTX and move the extraction of the algorithm identifier from the signer info a few lines down.
* Rework RSA_PKCS1_PSS_PADDING handling in rsa_item_sign()tb2023-11-071-14/+4
| | | | | | | | | | The current convoluted mess can be handled with two calls to the new rsa_alg_set_pss_padding() helper. Not that this would be obvious at all. This fixes two more leaks in case of X509_ALGOR_set0() failure. ok jsing
* Add a helper to set RSASSA-PSS padding parameterstb2023-11-071-10/+29
| | | | | | | | | | | | This sets the AlgorithmIdentifier's algorithm to id-RSASSA-PSS with appropriate RSASSA-PSS parameters. This pulls a chunk of code out of rsa_cms_sign() and rewrites it with proper error checking, thereby fixing a long-standing leak. This helper can also be used in rsa_item_sign(), but that part is a bit special, and will therefore be commmitted separately. ok jsing
* Add a helper to set RSA PKCS #1 v1.5 padding OIDtb2023-11-071-12/+15
| | | | | | | | This removes a few duplicated and unchecked X509_ALGOR_set0() calls and factors them into a helper function that sets the AlgorithmIdentifier on the recipient info or signer info to rsaEncryption with null parameters. ok jsing
* Fix a few bizarre line wraps in x509.htb2023-11-021-8/+5
|
* Use X509_ALGOR_set0_by_nid() in X509_ALGOR_set_evp_md()tb2023-11-011-6/+6
| | | | ok jsing
* Add X509_ALGOR_set0_by_nid()tb2023-11-012-2/+33
| | | | | | | | | | | | | X509_ALGOR_set0() is annoyingly unergonomic since it takes an ASN1_OBJECT rather than a nid. This means that almost all callers call OBJ_obj2nid() and they often do this inline without error checking so that the resulting X509_ALGOR object is corrupted and may lead to incorrect encodings. Provide an internal alternative X509_ALGOR_set0_by_nid() that takes a nid instead of an ASN1_OBJECT and performs proper error checking. This will be used to convert callers of X509_ALGOR_set0() in the library. ok jsing
* Explain the weird order of doing things in X509_ALGOR_set0()tb2023-11-011-1/+2
|
* Rename ptype and pval to parameter_type and parameter_valuetb2023-11-011-7/+9
| | | | ok jsing
* Unindent X509_ALGOR_set0_parameter()tb2023-11-011-8/+11
| | | | ok jsing
* Split X509_ALGOR_set0_parameter() out of X509_ALGOR_set0()tb2023-11-011-6/+15
| | | | ok jsing
* Split X509_ALGOR_set0_obj() out of X509_ALGOR_set0()tb2023-11-011-3/+12
| | | | ok jsing
* Fix an error exit in X509v3_addr_validate_path()tb2023-10-291-3/+6
| | | | | | | | If the topmost cert is invalid, this should result in a validation failure. Do the same dance as elsewhere permitting the verify callback to intercept the error but ensuring that we throw an error. ok jsing
* Tidy includestb2023-10-261-2/+2
|
* Hide X509_ALGOR_set_md() for LIBRESSL_INTERNALtb2023-10-261-1/+3
|
* Rework the MD setting in the RSA ASN.1 methodtb2023-10-261-45/+95
| | | | | | | | | | | This streamlines the code to use safer idioms, do proper error checking and be slightly less convoluted. Sprinkle a few references to RFC 8017 and explain better what we are doing and why. Clarify ownership and use more consistent style. This removes the last internal use of X509_ALGOR_set_md(). ok jsing
* Add chacha aliases for OpenSSL compatibilitytb2023-10-241-1/+3
| | | | | | | | | | | OpenSSL has the 20 in the long and short names, so add aliases to the existing names to make things work. In particular, EVP_get_cipherbyname() will now return EVP_chacha20() for both 'ChaCha20' and 'chacha20'. Found by Facundo Tuesca when trying to add LibreSSL support for ChaCha20 in https://github.com/pyca/cryptography/pull/9209 ok jsing
* Remove mention of alg_section. This never worked in LibreSSL.tb2023-10-211-3/+2
|
* style tweak: avoid double conjunction to make it read betterschwarze2023-10-211-4/+4
| | | | OK tb@
* Rename the modulus from n into mtb2023-10-191-9/+12
| | | | | This matches what other pages use. Also rewrite the definition of the modular inverse to be less ugly.
* Garbage collect weird /* 1 */ and /* 2 */ commentstb2023-10-191-7/+7
| | | | | | If they ever had any meaning, that's long been lost. Requested by jsing
* Fix aliasing of result and exponent in the internal BN_mod_exp_recp()tb2023-10-191-12/+19
| | | | This is basically the same fix as the one applied in BN_mod_exp_simple().
* Fix aliasing of result with exponent or modulus in BN_mod_exp_simple()tb2023-10-191-10/+22
| | | | | | Reported and reminded by Guido Vranken in OpenSSL issue #21110 ok jsing
* Remove EVP_add_alg_module() prototypetb2023-10-181-3/+1
| | | | | | | | | | | | | | | | This function was the unfortunate protagonist in a series of tragic merge errors resulting in only a short stint of a year and nine months between OpenSSL 0.9.8j and 1.0.0a actually present in OpenBSD. Then it said good bye for good, but somehow a prototype came back with 1.0.1g, a famous version released when there were slightly more pressing things to be taken care of than a function supporting a config knob whose only purpose was to turn off fips mode or to error. from schwarze PS: The mechanism that it was supposed to provide is still documented in openssl.cnf(5). I am going remove the relevant bit at some point, but not today.
* Use X509_ALGOR_set_evp_md() in CMS_add1_signer()tb2023-10-181-16/+24
| | | | | | | | | | Contrary to X509_ALGOR_set_md() this allows for error checking. Avoid local complications by freeing in the exit path and use a const version of X509_ALGOR for walking a STACK_OF() to avoid a bad free. Clean up includes ok jsing
* cms_DigestedData_create() use X509_ALGOR_set_evp_md()tb2023-10-181-6/+8
| | | | | | | | | Our internal version allows for error checking and this avoids a silent failure leading to corruption later on. Clean up includes while there. ok jsing
* Tweak previous by using the argument name, not its typetb2023-10-131-2/+2
|
* Improve the description of X509_ALGOR_dup(3)tb2023-10-131-5/+11
| | | | | The old description was vague, but strictly speaking a lie, so make it more precise and turn the lie into a truth.
* Some housekeeping in x_algortb2023-10-111-3/+5
| | | | | | Fix includes and zap an empty line. ok jsing
* Rewrite X509_ALGOR_set0()tb2023-10-111-17/+13
| | | | | | | | | | | | | | | | | | | | The current implementation is a complete mess. There are three cases: 1) ptype == V_ASN1_UNDEF: parameter must be freed and set to NULL. 2) ptype == 0: existing non-NULL parameters are left untouched, NULL parameters are replaced with ASN1_TYPE_new()'s wacky defaults. 3) otherwise allocate new parameters if needed and set them to ptype/pval. In all three cases free the algorithm and set it to aobj. The challenge now is to implement this using nine if statements and one else clause... We can do better. This preserves existing behavior. There would be cleaner implementations possible, but they would change behavior. There are many callers in the ecosystem that do not error check X509_ALGOR_set0() since OpenSSL failed to do so. So this was carefully rewritten to leave alg in a consisten state so that unchecking callers don't encounter corrupted algs. ok jsing
* Ensure that out_value is initialized even if out_type is NULLtb2023-10-111-1/+5
| | | | | | This fixes the printf in the x509_algor regress. ok jsing
* Rewrite X509_ALGOR_get0()tb2023-10-111-13/+19
| | | | | | | | Make the logic slightly less convoluted. Preserve the behavior that *ppval remains unset if pptype == NULL for now. However, ensure that *ppval is set to NULL if pptype is V_ASN1_UNDER. ok jsing
* Add internal version of X509_ALGOR_set_md()tb2023-10-112-7/+17
| | | | | | | | | | | | | | | | | | | X509_ALGOR_set_md() is a void function that cannot easily be error checked. The caller has to jump through hoops to make sure this function doesn't fail. Prepare replacing this internally with X509_ALGOR_set_evp_md(), which allows error checking. There is one slight change of behavior: if the EVP_MD object passed in does not have an OID known to the library, then this new API fails. It is unclear what the library should do with such an object and people who use EVP_MD_meth_new() need to know what they are doing anyway and they are better off teaching the lib about the OID if they're going to be messing with certs. Oh, and the prototype is in x509_local.h because the rest of this API is in x509.h despite being implemented in asn1/. ok jsing
* Clean up X509_ALGOR_cmp()tb2023-10-111-10/+10
| | | | | | | This is currently written in what is likely the most stupid way possible. Rewrite this function in a more straightforward way. ok jsing
* I forgot that we now have ASN1_INTEGER_set_uint64()tb2023-10-111-13/+6
|
* Be more precise about X509_ALGOR_get0()tb2023-10-111-11/+26
|
* Improve X509_ALGOR_new(3) documentationtb2023-10-101-14/+33
| | | | | | | | | | | | | | | The previous wording was misleading since the result of X509_ALGOR_new() is not actually an empty X509_ALGOR object. Rather, it contains the undefined ASN1_OBJECT returned by OBJ_nid2obj(NID_undef). Therefore using X509_ALGOR_get0(3) for error checking X509_ALGOR_set_md() is not trivial. So: change the initial paragraph into a general intro referring to the OpenSSL API needed to interface with X509_ALGOR and write a new paragraph documenting X509_ALGOR_new(3) and drop the incorrect suggestion of an error check. Notably there's now a reference to the OBJ_nid2obj() family without which one cannot really use X509_ALGOR_* for anything at all. With and ok schwarze
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-08 15:11:40 +0000