| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
Check X509_ALGOR_cmp() explicitly against 0 and add an explanatory comment
referring to the relevant RFC 5280 sections.
ok beck kenjiro
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When fixing CVE-2014-8275 in commit 684400ce, Henson added a check
that the AlgorithmIdentifier in the certificate's signature matches
the one in the tbsCertificate. A corresponding check for CRLs was
missed. BoringSSL added such a check in 2022, so this should be fine
for us to do as well even though OpenSSL still doesn't have it. The
only caller will set an error on the stack, so we don't do it here.
There's no obvious check that X509_REQ_verify() could do.
ok beck kenjiro
|
| | |
|
| |
|
|
|
| |
These annoying and careless inconsistencies were introduced when const
was sprinkled everywhere without rhyme or reason.
|
| | |
|
| |
|
|
| |
fixes in particular ./check_complete.pl pkcs7
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are safe to call concurrently and they don't modify the memory
region pointed to by the pkey - they only bump the refcount of the
key hanging off of it. The returned "legacy" key has to be handled with
care in threaded constexts, so it is handed back as non-const. This also
matches what EVP_PKEY_get0() always had.
This way our signature is identical to BoringSSL's and doesn't cause
compiler warnings in code that overuses const because one of the many
API incoherencies added by OpenSSL 3 was to turn get0 into a function
that takes and returns const while leaving get1 as it was.
dlg agrees
ok kenjiro
|
| |
|
|
|
| |
These have been taking a const pkey ever since they were added in
OpenSSL 1.0.0.
|
| |
|
|
|
|
|
|
|
| |
While EVP_CIPHER_CTX_ctrl() can return a negative value this can't
actually happen currently as all ciphers with EVP_CIPH_CTRL_INIT set
normalize the EVP_CTRL_INIT return value to boolean in their ctrl()
methods. Still, this check looks weird in grep, so align it.
ok beck kenjiro
|
| |
|
|
| |
ok job kenjiro
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
issuerUID and subjectUID are a curiosity introduced in X.509v2 before
extensions were a thing. Their purpose is to help distinguishing certs
with identical subject. They are rarely used and are MUST NOT use in
the CA/BF baseline requirements. They do occasionally show up in test
certificates and it is confusing that openssl x509 silently ignores
them. Their encoding also makes them relatively hard to spot in the
output of asn1 parsing tools.
The output is identical to OpenSSL < 3 and BoringSSL, but due to some
weird tweaks added leading up to OpenSSL 3 their output is no longer
compatible with that. It is not entirely correct anyway. Since it is
a (not further specified) bit string, you shouldn't be ignoring its
unused bits...
The X509_FLAG_NO_IDS flag has no effect for CSRs.
discussed with beck
ok job kenjiro (on an earlier version)
|
| | |
|
| |
|
|
|
|
|
|
| |
Provide an assembly implementation of SHA-1 for aarch64 using the ARM
Cryptographic Extension (CE). This results in around a 2x speed up for
larger block sizes.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Provide gcm128_amd64.c and gcm128_i386.c, which contain the appropriate
gcm128 initialisation and CPU feature tests for the respective platform.
This allows for all of the #define spagetti to be removed from gcm128.c
and removes one of the two remaining consumers of crypto_cpu_caps_ia32().
ok tb@
|
| |
|
|
|
|
|
|
| |
Since we always initialise the gmult/ghash function pointers, use the same
implementaion of gcm_mul() and gcm_ghash(), regardless of the actual
underlying implementation.
ok tb@
|
| | |
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Like CTR, the mode implementation for GCM has two variants - rather than
using multiple variants (one for AES-NI, another for non-AES-NI),
consistently use CRYPTO_gcm128_{en,de}crypt_ctr32() with the
aes_ctr32_encrypt_internal() function added for CTR mode.
This lets us remove the AES-NI specific code, AES-NI specific EVP_CIPHER
methods and the ctr function pointer from EVP_AES_GCM_CTX.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mode implementation for CTR has two variants - one takes the block
function, while the other takes a "ctr32" function. The latter is expected
to handle the lower 32 bits of the IV/counter, but is not expected to
handle overflow. The AES-NI implementation for CTR currently uses the
second variant.
Provide aes_ctr32_encrypt_internal() as a function that can be replaced on
a machine dependent basis, along with an aes_ctr32_encrypt_generic()
function that provides the default implementation and can be used as a
fallback. Wire up the AES-NI version for amd64 and i386, change
AES_ctr128_encrypt() to use CRYPTO_ctr128_encrypt_ctr32() (which calls
aes_ctr32_encrypt_internal()) and remove the various AES-NI specific
EVP_CIPHER methods for CTR.
Callers of AES_ctr128_encrypt() will now use AES-NI, if available.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
MAXKB was added in OpenSSL commit deb2c1a1 and appears to have never been
used, while MAXKC (originally RIJNDAEL_MAXKC) stopped being used in that
same commit. MAXNR is also unused - AES_MAXNR exists in the public
header.
ok tb@
|
| |
|
|
|
|
| |
Manually counting letters in const strings is ... suboptimal.
ok beck jsing
|
| |
|
|
|
|
| |
These now end up in aesni_encrypt() via AES_encrypt(), when appropriate.
ok tb@
|
| |
|
|
|
|
| |
These now end up in aesni_encrypt() via AES_encrypt(), when appropriate.
ok tb@
|
| |
|
|
|
|
|
| |
These now end up in aesni_cbc_encrypt() via AES_cbc_encrypt(), when
appropriate.
ok tb@
|
| |
|
|
| |
avoids unnecessary diff in output between runs
|
| |
|
|
| |
ok beck
|
| |
|
|
|
|
|
|
| |
The various methods can now use the regular init key functions, since the
call to AES_set_{en,de}crypt_key() will be routed to the AES-NI
implementation, if supported.
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
Currently, the AES-NI code is only integrated into EVP - add code to
integrate AES-NI into AES. Rename the assembly provided functions and
provide C versions for the original names, which check for AES-NI support
and dispatch to the appropriate function. This means that the AES_* public
API will now use AES-NI, if available.
ok tb@
|
| |
|
|
|
|
| |
This indicates if AES-NI is available via CRYPTO_CPU_CAPS_I386_AES.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
This was changed a bit more than two years ago.
|
| |
|
|
|
|
|
| |
10% of our manual pages using this macro employed useless quoting anyway.
Remove these quotes such that they do not incite fear, uncertainty,
and doubt in developers who happen to look at these pages.
jmc@ and tb@ agree with the direction.
|
| |
|
|
|
|
|
|
| |
claiming that the "add" functions add anything. Indicate that they
are mostly NOOPs nowadays, but without being overly specific.
Also, more explicitly discourage abusing OpenSSL_add_all_algorithms(3)
for loadiing a configuration file.
Guidance and OK tb@.
|
| | |
|
| |
|
|
|
| |
are no longer public, so delete their manual pages.
OK tb@
|
| |
|
|
|
|
|
| |
descriptions of CMS_REUSE_DIGEST, PKCS7_REUSE_DIGEST, SMIME_BINARY,
and SMIME_CRLFEOL and some improved wordings from that former page to
SMIME_write_CMS(3) and SMIME_write_PKCS7(3), with some further polishing.
Feedback and OK tb@.
|
| | |
|
| |
|
|
|
|
| |
and since SMIME_write_ASN1(3) is no longer public,
replace the .Xr to it with some other pointers.
OK tb@
|
| |
|
|
|
|
| |
so link to SMIME_read_CMS(3), SMIME_read_PKCS7(3), SMIME_write_CMS(3),
and/or SMIME_write_PKCS7(3) instead;
OK tb@
|
| |
|
|
|
|
| |
so link to SMIME_read_CMS(3) or SMIME_read_PKCS7(3) instead,
and sprinkle a few other .Xrs that may be helpful;
OK tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In bf_local.h r1.2, openssl/opensslconf.h was pulled out of the
HEADER_BF_LOCL_H header guard, so BF_PTR was never defined from
opensslfeatures.h. Thus, alpha, mips64, sparc64 haven't used the
path that is supposedly optimized for them. On the M3k the speed
gain of bf-cbc with BF_PTR is roughly 5%, so not really great.
This is blowfish, so I don't think we want to carry complications
for alpha and mips64 only.
ok jsing kenjiro
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of the constants here are only defined if a specific header is in
scope. So move the machine-independent macros to those headers and lose
the header guards. Most of these should actually be typedefs but let's
change this when we're bumping the major since this technically has ABI
impact.
IDEA_INT RC2_INT and RC4_INT are always unsigned int
DES_LONG is always unsigned int except on i386
This preserves the existing situation on OpenBSD. If you're using
portable on i386 with a compiler that does not define __i386__,
there's an ABI break.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The OPENSSL_IA32_SSE2 flag controls whether a number of the perlasm
scripts generate additional implementations that use SSE2 functionality.
In all cases except ghash, the code checks OPENSSL_ia32cap_P for SSE2
support, before trying to run SSE2 code. For ghash it generates a CLMUL
based implementation in addition to different MMX version (one MMX
version hides behind OPENSSL_IA32_SSE2, the other does not), however this
does not appear to actually use SSE2. We also disable AES-NI on i386 if
OPENSSL_IA32_SSE2.
On OpenBSD, we've always defined OPENSSL_IA32_SSE2 so this is effectively
a no-op. The only change is that we now check MMX rather than SSE2 for the
ghash MMX implementation.
ok bcook@ beck@
|
