summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Hook BPSW into BN_is_prime_fasttest_ex()tb2022-07-131-3/+13
| | | | ok jsing
* Link bn_bpsw.c to buildtb2022-07-131-2/+2
| | | | ok jsing
* Implement the Baillie-PSW primality testtb2022-07-132-1/+423
| | | | | | | | | | | | | | | | | | | | | | | | | | | It has long been known that pure Miller-Rabin primality tests are insufficient. "Prime and Prejudice: Primality Testing Under Adversarial Conditions" https://eprint.iacr.org/2018/749 points out severe flaws in many widely used libraries. In particular, they exhibited a method to generate 2048-bit composites that bypass the default OpenSSL (and hence LibreSSL) primality test with a probability of 1/16 (!). As a remedy, the authors recommend switching to using BPSW wherever possible. This possibility has always been there, but someone had to sit down and actually implement a properly licensed piece of code. Fortunately, espie suggested to Martin Grenouilloux to do precisely this after asking us whether we would be interested. Of course we were! After a good first implementation from Martin and a lot of back and forth, we came up with the present version. This implementation is ~50% slower than the current default Miller-Rabin test, but that is a small price to pay given the improvements. Thanks to Martin Grenouilloux <martin.grenouilloux () lse ! epita ! fr> for this awesome work, to espie without whom it wouldn't have happened, and to djm for pointing us at this problem a long time back. ok jsing
* Link bn_isqrt.c to buildtb2022-07-131-1/+2
| | | | ok jsing
* Integer square root and perfect square testtb2022-07-132-1/+241
| | | | | | | | | | | | | | This adds an implementation of the integer square root using a variant of Newton's method with adaptive precision. The implementation is based on a pure Python description of cpython's math.isqrt(). This algorithm is proven to be correct with a tricky but very neat loop invariant: https://github.com/mdickinson/snippets/blob/master/proofs/isqrt/src/isqrt.lean Using this algorithm instead of Newton method, implement Algorithm 1.7.3 (square test) from H. Cohen, "A course in computational algebraic number theory" to detect perfect squares. ok jsing
* Unbreak the tree, after the previous commit.jsing2022-07-121-2/+1
|
* Move BN_lsw() to bn_lcl.h so that other code can use it.tb2022-07-122-5/+5
| | | | ok jsing
* Remove mkerr.pl remnants from LibreSSLkn2022-07-1261-1249/+59
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Sync cert.pem with certdata.txt from the NSS release branch. OK tb@ bcook@sthen2022-07-111-382/+849
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remove (expired): /O=Cybertrust, Inc/CN=Cybertrust Global Root /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign remove: /C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC /C=GB/O=Trustis Limited/OU=Trustis FPS Root CA add new root (existing CAs): /C=TW/O=Chunghwa Telecom Co., Ltd./CN=HiPKI Root CA - G1 /C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 1 2020 /C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 1 2020 /C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS ECC Root CA 2021 /C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS RSA Root CA 2021 /C=US/O=Internet Security Research Group/CN=ISRG Root X2 /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2 add (new CAs): /C=TN/O=Agence Nationale de Certification Electronique/CN=TunTrust Root CA /serialNumber=G63287510/C=ES/O=ANF Autoridad de Certificacion/OU=ANF CA Raiz/CN=ANF Secure Server Root CA /C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum EC-384 CA /C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum Trusted Root CA /C=AT/O=e-commerce monitoring GmbH/CN=GLOBALTRUST 2020 /C=CN/O=iTrusChina Co.,Ltd./CN=vTrus ECC Root CA /C=CN/O=iTrusChina Co.,Ltd./CN=vTrus Root CA /C=FI/O=Telia Finland Oyj/CN=Telia Root CA v2 replace with another cert with same CN (SHA1 vs SHA256): /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
* fix NULL return adding missing semicolonbcook2022-07-111-2/+2
| | | | ok tb@
* In dsa.h rev. 1.38, tb@ provided DSA_meth_get0_name(3)schwarze2022-07-101-8/+55
| | | | | | and DSA_meth_set1_name(3). Merge the documentation from the OpenSSL 1.1.1 branch, which is still under a free license, significantly tweaked by me.
* Make ASN1_{INTEGER,ENUMERATED}_get() return 0 on NULL againtb2022-07-092-2/+6
| | | | | | | | This is the documented behavior which got lost in the recent rewrite. Mismatch of documentation and reality pointed out by schwarze ok jsing
* Document ASN1_INTEGER_get_uint64(3), ASN1_INTEGER_get_int64(3),schwarze2022-07-091-6/+90
| | | | | | | | | | | ASN1_INTEGER_set_uint64(3), ASN1_INTEGER_set_int64(3), ASN1_ENUMERATED_get_int64(3), and ASN1_ENUMERATED_set_int64(3) recently provided by tb@. Even though Dr. Steven Henson also documented these functions in OpenSSL, the text over there is excessively verbose, repetitive, very badly ordered, and incomplete, so i chose to instead write this patch from scratch, also adding some precision in a few places.
* Sync bs_cbb.c with libssl.tb2022-07-071-1/+4
| | | | ok jsing
* Update Symbols.listtb2022-07-071-0/+21
| | | | ok jsing
* bump minor after symbol additiontb2022-07-071-1/+1
|
* Expose new API in headers.tb2022-07-077-31/+7
| | | | | | | These are mostly security-level related, but there are also ASN1_TIME and ASN_INTEGER functions here, as well as some missing accessors. ok jsing
* Add missing X509_V_ERR_ strings using the ones from OpenSSL.tb2022-07-051-1/+17
| | | | | | | The well-known masters of consistency of course use strings that don't match the names of the errors. ok jsing
* The OpenSSL API is called ASN1_TIME_set_string_X509() (uppercase x)tb2022-07-042-4/+4
|
* Bump to LibreSSL 3.6.0tb2022-07-041-3/+3
|
* Sync with changes in dsa_meth.ctb2022-07-042-11/+12
| | | | pointed out by jsing
* Prepare to provide DSA_meth_{get0,set1}_name()tb2022-07-043-8/+35
| | | | | | | | Also follow OpenSSL by making the name non-const to avoid ugly casting. Used by OpenSC's pkcs11-helper, as reported by Fabrice Fontaine in https://github.com/libressl-portable/openbsd/issues/130 ok jsing sthen
* Prepare to provide X509_VERIFY_PARAM_get_time()tb2022-07-042-2/+9
| | | | ok jsing sthen
* Update instructions for using curl's mk-ca-bundle script.sthen2022-07-031-4/+4
|
* Use ASN1_INTEGER to parse/build (Z)LONG_itjsing2022-07-021-69/+67
| | | | | | | Rather than having yet another (broken) ASN.1 INTEGER content builder and parser, use {c2i,i2c}_ASN1_INTEGER(). ok beck@
* Remove references to openssl/obj_mac.hjsing2022-07-023-12/+11
| | | | Consumers should include openssl/objects.h instead.
* Replace obj_mac.h with object.htb2022-06-306-15/+17
| | | | Pointed out by and ok jsing
* whitespace nittb2022-06-301-2/+2
|
* Refactor asn1 time parsing to use CBS - enforce valid times in ASN.1 parsing.beck2022-06-293-68/+155
| | | | | | | | While we're here enforce valid days for months and leap years. Inspired by same in boringssl. ok jsing@
* Negate unsigned then cast to signed.jsing2022-06-281-2/+2
| | | | | | | | | Avoid undefined behaviour by negating the unsigned value, before casting to int64_t, rather than casting to int64_t then negating. Fixes oss-fuzz #48499 ok tb@
* Take away bogus error assignment before callback call.beck2022-06-281-2/+1
| | | | | | | | | | | | | Keep the depth which was needed. This went an error too far, and broke openssl-ruby's callback and error code sensitivity in it's tests. With this removed, both my newly committed regress to verify the same error codes and depths in the callback, and openssl-ruby's tests pass again. ok tb@
* Fix the legacy verifier callback behaviour for untrusted certs.beck2022-06-281-17/+44
| | | | | | | | | | | | | | | | | | The verifier callback is used by mutt to do a form of certificate pinning where the callback gets fired and depending on a cert saved to a file will decide to accept an untrusted cert. This corrects two problems that affected this. The callback was not getting the correct depth and chain for the error where mutt would save the certificate in the first place, and then the callback was not getting fired to allow it to override the failing certificate validation. thanks to Avon Robertson <avon.r@xtra.co.nz> for the report and sthen@ for analysis. "The callback is not an API, it's a gordian knot - tb@" ok jsing@
* Correct misleading comment for URI parsingbeck2022-06-271-4/+10
| | | | ok jsing@
* Add function to free all of the issuer cache.beck2022-06-271-13/+39
| | | | ok jsing@
* Allow security_level to mestastasize into the verifiertb2022-06-274-4/+156
| | | | | | | | The tentacles are everywhere. This checks that all certs in a chain have keys and signature algorithms matching the requirements of the security_level configured in the verify parameters. ok beck jsing
* Prepare to provide X509_VERIFY_PARAM_set_auth_level()tb2022-06-273-2/+12
| | | | | | | | For some unknown reason this needed a different name than security_level, both internally and in the public API. Obviously it is exactly the same garbage. ok beck jsing
* Add new time manipulation funcitons that OpenSSL has exposed thatbeck2022-06-273-24/+86
| | | | | | | | the world seems to be using. Symbols.list changes and exposure to wait for minor bump ok jsing@ jca@
* Prepare to provide EVP_PKEY_security_bits()tb2022-06-278-8/+75
| | | | | | | This also provides a pkey_security_bits member to the PKEY ASN.1 methods and a corresponding setter EVP_PKEY_asn1_set_security_bits(). ok beck jsing
* Prepare to provide DH_security_bits()tb2022-06-272-2/+18
| | | | ok beck jsing
* Prepare to provide RSA_security_bits()tb2022-06-272-2/+12
| | | | ok beck jsing
* Prepare to provide DSA_security_bits()tb2022-06-272-2/+14
| | | | ok beck jsing
* Prepare to provide BN_security_bits()tb2022-06-272-2/+37
| | | | ok beck jsing
* Provide and use long_{get,set}()jsing2022-06-261-11/+35
| | | | | | | | | Apparently at some point a LONG_it was misaligned - provide and use long_{get,set}() so that we always memcpy() rather than doing it some times but not others. While here provide long_clear() rather than abusing and reusing long_free(). ok tb@
* Fix URI name constraints, allow for URI's with no host part.beck2022-06-261-3/+12
| | | | | | | | | | | Such uri's must be parsed and allowed, but then should fail if a name constraint is present. Adds regress testing for this same case. fixes https://github.com/libressl-portable/openbsd/issues/131 ok tb@
* whitespacetb2022-06-261-2/+2
|
* Move leaf certificate checks to the last thing after chain validation.beck2022-06-251-19/+32
| | | | | | | | While seemingly illogical and not what is done in Go's validator, this mimics OpenSSL's behavior so that callback overrides for the expiry of a certificate will not "sticky" override a failure to build a chain. ok jsing@
* Use ints for boolean values.jsing2022-06-251-31/+31
| | | | | | | Switch to using ints for boolean values and use 0 or 1 for constructed, rather than using 0 the ASN.1 tag encoded value (1 << 5). ok tb@
* Reuse ASN1_INTEGER functions for ASN1_ENUMERATED_{get,set}()jsing2022-06-252-56/+59
| | | | | | | Instead of having a separate get/set implementation, reuse the ASN1_INTEGER code. Also prepare to provide ASN1_ENUMERATED_{get,set}_int64(). ok beck@ tb@
* Rewrite ASN1_INTEGER_{get,set}() using CBS/CBBjsing2022-06-254-65/+197
| | | | | | In the process, prepare to provide ASN1_INTEGER_{get,set}_{u,}int64(). ok beck@ tb@
* Simplify ASN1_INTEGER_cmp()jsing2022-06-251-16/+9
| | | | ok beck@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-23 06:49:17 +0000