| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to be able to make pkcs12/ opaque, we need an entire family of
accessors. These are in a particularly nasty tangle since this was done
in about a dozen steps while sprinkling const, renaming functions, etc.
The public API also adds backward compat macros for functions that were
in the tree for half a day and then renamed. Of course some of them got
picked up by some ports.
Some of the gruesome hacks in here will go away with the next bump, but
that doesn't mean that the pkcs12 directory will be prettier afterward.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
As a first step towards untangling and cleaning up the EVP AES code, expand
the BLOCK_CIPHER_* macros. In particular, rather than having two sets of
macros - one that is used if AESNI is being compiled in and one if it is
not, condition on #ifdef AESNI_CAPABLE in the expanded code.
ok tb@
|
| |
|
|
|
|
|
| |
Shuffle variables around for consistency, also ensuring appropriate and
consistent initialisation.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
When PEM_write{,_bio}() were documented by Rich Salz and Richard Levitte,
it was incorrectly stated that the header argument is allowed to be NULL.
This was never true. Instead of fixing the documentation, it was decided
that the API needs a fix, so pull in a variant of OpenSSL 3b9082c8.
ok jsing
|
| |
|
|
|
|
|
| |
Also move the _bignum_nist_p_.*_sqr static BIGNUMs out of individual
functions.
ok tb@
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current AES-NI x86_64 assembly does some strange, although valid
things, such as making internal function calls without creating stack
frames. In this case, the return address lands in the red zone (which it
allows for when making use of the stack) and everything works as expected.
However, this trips a false positive in valgrind, which seems to think that
any data saved on the stack prior to the internal function call is now
"undefined" once the function returns.
Avoid this by actually using stack frames - this brings in most of
6a40ebe86b4 from OpenSSL, omitting the unnecessary explicit stack alignment
(which was apparently added so this code could be used in the Linux kernel
with an incorrectly aligned stack).
Valgrind issue reported by Steffen Jaeckel (@sjaeckel), found via
libstrophe unit tests.
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
The current code simply shoves the unvalidated ASN.1 bytes into a BIGNUM on
the hope that other things will detect issues (such as negative values
being flipped to positive). Instead of doing this, decode and validate the
ASN.1 data using ASN1_INTEGER, then convert it to a BIGNUM. Similarly, for
encoding convert from BIGNUM to ASN1_INTEGER and use ASN1_INTEGER encoding.
ok tb@
|
| |
|
|
|
|
| |
Also tidy up bn_new() while here.
ok tb@
|
| |
|
|
| |
Requested by & ok jsing
|
| |
|
|
| |
Requested by and ok jsing
|
| |
|
|
|
| |
a shortcut bypassing expensive computation, so change goto err to
goto done. Bug introduced in last refactoring before commit.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Input length < 0 is an error and input length == 0 can result in
strange effects in some ciphers, except in CCM mode, which is extra
special.
Based on OpenSSL 420cb707 by Matt Caswell and Richard Levitte
found by & ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
Do not leak the extension that was deleted from the stack.
via OpenSSL c3efe5c9.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This was removed shortly after the fork since TS is not 2038-ready
and since there were no consumers of this API. Now there are consumers
and they add it themselves if it's missing from libcrypto. This will no
longer be possible with opaque TS structs, so begrudgingly add it back.
ok jsing kn
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The setters make no sense since they do not free the old members and
return what was passed in instead of returning the old struct member
so that the caller has a chance of freeing them. This has the side
effect that calling a setter a second time will likely result in a leak.
TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but
the other three setters were missed since discussing the contributor's
CLA was more important. Also missed was that adding frees will result in
double frees: careful consumers like openssl/ruby have workarounds for
the strange existing semantics.
Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the
public API with a typo.
A good illustration of the amount of thought and care that went into
the OpenSSL 1.1 API by both the implementers and the reviewers.
Amazing job overall.
We will be stuck with this nonsense for a long time.
ok jsing kn
|
| |
|
|
|
|
|
|
| |
This adds TS_STATUS_get0_{failure_info,text,status}() as well as
TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1)
when we make the structs in ts.h opaque.
ok kn jsing
|
| |
|
|
|
|
|
|
| |
This is Dr Stephen Henson's rewrite avoiding BIGNUM (OpenSSL 54c68d35).
Additionally this pulls in a < vs <= fix by Pauli Dale (OpenSSL 9d868840).
There is also some minor cleanup by myself.
ok jsing
|
| |
|
|
|
|
|
|
| |
Pull up clearing of output parameters before first return
(OpenSSL 524fdd51 by Bernd Edlinger), explicit comparisons
against NULL, '\0', etc.
ok jsing
|
| |
|
|
|
|
| |
OpenSSL b709babb by Richard Levitte
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Also switch to heap-allocated HMAC_CTX and clean a few things up
stylistically.
loosely based on OpenSSL f5cee414 by Shane Lontis
ok jsing
|
| |
|
|
|
|
| |
based on OpenSSL 1b8f1937 by Dmitry Belyavskiy
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move
the ASN.1 function prototypes that we don't want to expose with them.
Include ts_local.h where necessary or where it will be needed soon.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Since there is nothing randomized in bn_is_prime_bpsw(), the concept
of rounds makes no sense. Apply a minimal change for now that avoids
expensive loops that won't change the outcome in case we found a
probable prime.
ok jsing
|
| |
|
|
| |
OK tb
|
| |
|
|
|
|
|
|
|
| |
Based on OpenSSL commit f0ef20bf386b5c37ba5a4ce5c1de9a819bbeffb2
"Added support for ESSCertIDv2".
This makes TS validation work in the new security/libdigidocpp port.
Input OK tb
|
| |
|
|
|
|
|
|
| |
Copy existing ESSCertID macros and s/_ID/&_V2/g.
Guard the new code under LIBRESSL_INTERNAL to defer visibility.
OK tb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).
ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb
|
| |
|
|
|
|
| |
https://oidref.com/1.2.840.113549.1.9.16.2.47
OK tb
|
| |
|
|
|
|
|
| |
Cherry-picked from OpenSSL commit a8d8e06b0ac06c421fd11cc1772126dcb98f79ae.
This reduces upcoming TS changes.
OK jsing tb
|
| |
|
|
|
|
| |
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
| | |
|
| | |
|
| |
|
|
| |
the code in bn_isqrt.c.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Document it from scratch.
While here, merge a few details from the OpenSSL 1.1.1 branch, which
is still under a free license, into the documentation of DSA_size(3).
|
| |
|
|
|
|
| |
and X509_VERIFY_PARAM_set_auth_level(3). Document them.
For the latter, i included a few sentences from the OpenSSL 1.1.1
branch, which is still under a free license.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Avoid undefined behaviour/integer overflow by casting an int64_t to
uint64_t before negating.
Fixes oss-fuzz #49043
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
EVP_PKEY_param_check(3), and EVP_PKEY_security_bits(3) from scratch.
Move the documentation of EVP_PKEY_size(3) and EVP_PKEY_bits(3)
to the new manual page EVP_PKEY_size(3).
Merge the documentation of the related function pointers
from the OpenSSL 1.1.1 branch, which is still under a free license.
OK tb@ on the new page EVP_PKEY_size(3).
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
tb@ recently added these functions to libcrypto
and also provided feedback on my first draft of this page.
|
| |
|
|
|
|
|
|
|
| |
provided the new public function DH_check_pub_key(3) in <openssl/dh.h>.
Sorry for being a bit tardy in documenting the new function.
Then again, OpenSSL doesn't document it either, yet.
While here, drop a HISTORY entry about a constant that
was renamed in OpenSSL 0.9.5. That's no longer relevant.
|
| | |
|
| |
|
|
| |
ok jsing
|
