summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Finish migrating to one source file per line.joshua2022-11-101-17/+78
| | | | ok jsing@ tb@
* In asn1.h rev. 1.65, beck@ provided ASN1_TIME_set_string_X509(3),schwarze2022-11-101-11/+139
| | | | | | | | | ASN1_TIME_normalize(3), ASN1_TIME_to_tm(3), ASN1_TIME_cmp_time_t(3), and ASN1_TIME_compare(3). Merge documentation from the OpenSSL 1.1.1 branch, which is still under a free license, with tweaks by me in several respects to match our implementation, and also using some feedback from beck@. OK beck@.
* Allow explicit cert trusts or distrusts for EKU anybeck2022-11-101-4/+6
| | | | | | | | | This matches the current OpenSSL behaviour introduced in their commit: commit 0daccd4dc1f1ac62181738a91714f35472e50f3c Date: Thu Jan 28 03:01:45 2016 -0500 ok jsing@ tb@
* Implement EVP interfaces for Ed25519 and X25519.jsing2022-11-108-7/+902
| | | | ok beck@ tb@
* Map objects for ED25519 to Ed25519.jsing2022-11-101-1/+7
| | | | | | | OpenSSL used ED25519, even though the RFCs use Ed25519 - as such, we get to provide both. ok tb@
* Continue migrating to one source file per line.joshua2022-11-101-30/+121
| | | | ok jsing@ tb@
* Provide digestsign/digestverify hooks for EVP_PKEY_METHOD.jsing2022-11-104-4/+32
| | | | | | These are needed for EVP implementations of Ed25519 and X25519. ok beck@ tb@
* Continue migrating to one source file per line.joshua2022-11-101-37/+163
| | | | ok jsing@ tb@
* Port EVP raw key API from OpenSSL.jsing2022-11-104-5/+116
| | | | | | This will be needed to deal with Curve25519 based keys. ok beck@ tb@
* Port ASN1_buf_print() from OpenSSL 1.1.jsing2022-11-102-2/+34
| | | | | | This is needed to print byte array based keys, such as Ed25519 and X25519. ok beck@ tb@
* Continue migrating to one source file per line.joshua2022-11-101-26/+110
| | | | ok jsing@ tb@
* Fix a few more leaks in *_print() functions.tobhe2022-11-102-14/+28
| | | | ok jsing@
* Move bn_prime.h to the public domain.tb2022-11-101-57/+4
| | | | | | It's entirely trivial. ok beck
* Start migrating to one source file per line.joshua2022-11-091-18/+83
| | | | ok jsing@ tb@
* Move table in bn_primes.h to a .c file and get rid of prime_ttb2022-11-095-335/+292
| | | | | | | This way we deduplicate two inclusions of the same big table and eliminate lots of stupid casts. input and ok many
* Fix up indentation for EVP_PKEY_* defines.jsing2022-11-091-19/+19
|
* Revise CBS_strdup() documentation.jsing2022-11-091-6/+4
| | | | | | | CBS_strdup() now internally checks if the data contains NUL, failing if it does. Prompted by beck@
* Clean up EVP_PKEY_METHOD related tables and code.jsing2022-11-091-56/+41
| | | | | | | This is effectively the same as done for EVP_PKEY_ASN1_METHOD, although this table only has nine entries. ok tb@
* Clean up EVP_PKEY_ASN1_METHOD related tables and code.jsing2022-11-091-87/+52
| | | | | | | | | | | Rather than messing around with an OBJ_bsearch() for a table that contains 16 entries (and a stack find for any application added methods), simply do a reverse linear scan. This maintains the application method first behaviour, while removing a chunk of code. While here rename some variables and do some style clean up. ok tb@
* Make X25519_public_from_private() internally reachable.jsing2022-11-092-5/+8
|
* Rename public_value to public_key for consistency.jsing2022-11-091-9/+9
| | | | ok tb@
* Rework ED25519 API.jsing2022-11-093-45/+40
| | | | | | | | | | | BoringSSL implemented a compound private key, which includes a copy of the public key as a performance optimisation for signing. However, this does not readily match with how EVP works, makes the ED25519 API inconsistent with the X25519 API, diverges from th RFC and does not align with the OpenSSL API. Instead, the caller can readily compute the public key and pass this in to the signing process. ok tb@
* Sort EVP_PKEY_METHOD externs.jsing2022-11-091-5/+10
|
* Sort EVP_PKEY_ASN1_METHOD externs.jsing2022-11-091-6/+6
|
* Inline use of bn_is_prime_bpsw()tb2022-11-091-24/+20
| | | | | | | | | Instead of using the BN_is_prime_fasttime_ex() API, use a direct call to bn_is_prime_bpsw(). This increases readability and simplifies error handling. Also put a division by two to the natural place now that we no longer need to do Miller-Rabin rounds. ok beck jsing
* Next pass of bn_prime.c cleanuptb2022-11-091-39/+29
| | | | | | | Garbage collect a few pointless variables and remove a loop that wasn't really a loop. Simplify BN_CTX handling and drop some stupid comments. ok jsing miod
* Drop some dead codetb2022-11-091-136/+1
| | | | ok jsing
* Fix possible memory leak in BN_mpi2bn() if BN_bin2bn() fails.tobhe2022-11-091-3/+7
| | | | | | found with CodeChecker feedback from millert@ ok tb@
* In case lh_OBJ_NAME_insert returns NULL due to a failed malloc, onpmbuhl2022-11-081-1/+2
| | | | | | is leaked in OBJ_NAME_add. ok tb Found by CodeChecker.
* Rename out to err to conform with standard naming scheme.tobhe2022-11-081-4/+4
|
* Fix leak of pk if EVP_PKEY_set1_DSA() fails.tobhe2022-11-081-5/+9
| | | | | Found with CodeChecker ok jsing@
* Refactor/split ED25519_keypair.jsing2022-11-082-16/+24
| | | | | | This brings in ED25519_keypair_from_seed() from BoringSSL commit c034e2d3ce16, which ED25519_keypair then wraps. This reduces differences between us and BoringSSL.
* Change function argument to reduce differences with BoringSSL.jsing2022-11-081-2/+2
|
* Remove pointless loops.jsing2022-11-081-13/+1
| | | | From BoringSSL 997c706d43504.
* Avoid signed integer overflow in i2c_ASN1_BIT_STRING()tb2022-11-081-5/+9
| | | | | | | | | If the length of the bitstring is INT_MAX, adding 1 to it is undefined behavior, so error out before doing so. Based on BoringSSL eeb3333f by davidben ok beck joshua
* Add missing $OpenBSD$beck2022-11-081-0/+1
|
* Fix leak of pk if EVP_PKEY_set1_RSA() fails.tobhe2022-11-081-5/+9
| | | | | Found with CodeChecker feedback and ok tb@
* Replace the old OpenSSL julian date stuff with BoringSSL'sbeck2022-11-087-326/+289
| | | | | | | | | | | | OpenSSL dealt with time conversion using a classical julian day scheme. BoringSSL got rid of it and uses only a julian style calculation for seconds since the POSIX time epoch. This changes libressl to use the seconds calculation exculusively instead of a mix of the julian day based conversions and the system time conversions to and from time_t to tm. ok tb@ jsing@
* White space KNF, no code change:schwarze2022-11-071-15/+12
| | | | | | | - line breaking and indentation in three struct declarations - removal of trailing whitespace Found while working on /usr/src/regress/lib/libcrypto/man/check_complete.pl . OK tb@
* Document that OPENSSL_free() is required in some circumstancestb2022-11-061-2/+6
| | | | | | | | | | BoringSSL uses the common trick of storing malloc metadata in a prefix and then returning a pointer with an offset. Therefore callers must not call free() but OPENSSL_free(). Reported by dropk1ck via tobhe ok beck jsing
* Enable Ed25519 internal to libcrypto.jsing2022-11-062-15/+44
| | | | Based on a diff from tb@
* Remove useless ancient files.jsing2022-11-064-74/+0
| | | | ok beck@ tb@
* Add EVP_chacha20_poly1305()tb2022-10-211-1/+4
| | | | | | Omission reported by jca. ok jca jsing
* Store errors that result from leaf certificate verification.jsing2022-10-171-8/+12
| | | | | | | | | | | | | | | In the case that a verification callback is installed that tells the verifier to continue when a certificate is invalid (e.g. expired), any error resulting from the leaf certificate verification is not stored and made available post verification, resulting in an incorrect error being returned. Also perform leaf certificate verification prior to adding the chain, which avoids a potential memory leak (as noted by tb@). Issue reported by Ilya Shipitsin, who encountered haproxy regress failures. ok tb@
* Avoid potential divide by zero in BIO_dump_indent_cb()jsing2022-10-171-8/+7
| | | | | | | | | | | | | Passing an indent value of 67 results in DUMP_WIDTH_LESS_IDENT returning a value of zero, which is promptly used for division. Likewise, passing a value larger than 67 results in a negative value being returned. Prevent this by limiting indent to 64 (which matches OpenSSL's current behaviour), as well as ensuring that dump_width is > 0. Should fix oss-fuzz #52464 and #52467. ok miod@ tb@
* Unbreak ASN.1 indefinite length encoding.jsing2022-10-171-4/+4
| | | | | | | | | | | In r1.25 of tasn_enc.c a check was added to ensure that asn1_ex_i2c() returned the same value on both calls, however in the ndef case the len variable gets changed between calls. Keep a copy of the original value to test against. Issue reported by niklas, who encountered a test failure in rust-openssl. ok miod@ tb@
* Fix path of mentioned regress testtb2022-10-111-2/+2
|
* Remove PKCS12_MAKE_{,SH}KEYBAG from Symbols.listtb2022-09-191-2/+0
| | | | | | | | | | | | | | These functions were renamed in the last bump #define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf #define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt They don't appear in the compiled library itself, so no further bump required. Fixes libressl-portable/portable#791 Found the hard way by vollkommenheit ok deraadt jsing
* Add OID for RPKI signedTAL objectsjob2022-09-152-0/+2
| | | | | | | | | IANA made a permanent registration in the SMI Security for S/MIME CMS Content Type registry at https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 for signed objects conforming to draft-ietf-sidrops-signed-tal. OK tb@
* Use LONG_MAX as the limit for ciphers with long based APIs.jsing2022-09-156-169/+120
| | | | | | | | | | | These ciphers have long based APIs, while EVP has a size_t based API. The intent of these loops is to handle sizes that are bigger than LONG_MAX. Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX rounded down to a large block size, ensuring that it is a block size multiple. Revert the recently added overflow checks now that this is handled more appropriately. ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-25 18:36:49 +0000