| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
BN_abs_is_word, BN_is_{zero,one,word,odd}, BN_one, BN_zero_ex are
now implemented as functions for internal use. They will be exposed
publicly to replace the macros reaching into BIGNUM in the next bump.
ok inoguchi jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
The function implementations are necessary to make BIGNUM opaque.
They will be used in libcrypto internally until they will replace
the macro implementations with the next bump.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently there are two files for private key ASN.1 (d2i_pr.c, i2d_pr.c)
and two files for public key ASN.1 (d2i_pu.c, i2d_pu.c). All of the other
ASN.1 code has d2i and i2d in the same per-object file.
Consolidate d2i_pr.c/i2d_pr.c into a_pkey.c and consolidate
d2i_pu.c/i2d_pu.c into a_pubkey.c before making any further changes to
this code.
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
Call the replacement asn1_tlc_invalidate() since it does not actually
clear the ASN1_TLC.
While here, name the ASN1_TLC variables consistently as ctx, remove a
pointless comment and simplify ASN1_item_d2i() slightly.
ok inoguchi@ tb@
|
| | |
|
| |
|
|
|
|
|
| |
ASN1_item_ex_d2i() is just a wrapper around the internal asn1_item_ex_d2i()
function, so call asn1_item_ex_d2i() directly.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
Rather than using malloc() and then initialising all struct members to zero
values, use calloc().
ok schwarze@ tb@
|
| |
|
|
|
|
|
| |
This ensures that if any members are added to this struct, they will be
initialised.
ok schwarze@ tb@
|
| |
|
|
|
|
| |
This removes nested ifs and uses more sensible variable names.
ok schwarze@ tb@
|
| |
|
|
|
|
|
| |
Rather than using malloc() and then initialising all struct members, use
calloc() and only initialise the single non-zero value member.
ok schwarze@ tb@
|
| |
|
|
|
|
|
| |
Rather than using malloc() and then initialising all struct members, use
calloc() and only initialise the single non-zero value member.
ok schwarze@ tb@
|
| |
|
|
|
|
|
| |
These functions previously used the old ASN1_{d2i,i2d}_{bio,fp}()
interfaces.
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
almost all members to 0. Just set the two things that need setting.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
It is very easy to forget to copy over newly added methods. Everyone
working in this corner has run into this. Instead, preserve what needs
preserving and use a struct copy, so all methods get copied from src
to dest.
tweak/ok jsing
|
| | |
|
| |
|
|
| |
ok schwarze
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This commit adds generic EVP_CTRL_AEAD_{SET,GET}_TAG and _SET_IVLEN
defines and aliases the GCM and CCM versions to those.
This is the publicly visible part of OpenSSL's e640fa02005.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
for DSA key generation.
From Kurt Roeckx, OpenSSL 74ee3796
ok bcook inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
| |
This aligns our behavior with OpenSSL 1.1.1 which includes a mitigation
for small subgroup attacks. This did not affect LibreSSL since we do
not support X9.42 style parameter files or RFC 5114.
The meat of this commit is from Matt Caswell, OpenSSL b128abc3
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
| |
BN_prime_checks is only to be used for random input. Here, the
input isn't random, so increase the number of checks. According
to https://eprint.iacr.org/2019/032, 64 rounds is suitable.
From Jake Massimo, OpenSSL 1.1.1, af6ce3b4
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
simplifications and readability tweaks. This ensures in
particular that dh->q is suitable if present.
Based on work by Stephen Henson and Bernd Edlinger in OpenSSL.
Issues with the current implementation found via regression
tests in py-cryptography.
ok inoguchi jsing
|
| |
|
|
|
|
| |
Based on the version in OpenSSL 1.1.1l with minor tweaks.
ok inoguchi jsing
|
| |
|
|
|
|
| |
that will be used in subsequent commits.
ok inoguchi jsing
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
| |
While here,
* call the function arguments "content_length" rather than just
"length" to make it less likely that the reader confuses them with
the total length returned by ASN1_object_size(3);
* state that only the short form is supported for content_length <= 127;
* add the missing STANDARDS section.
|
| |
|
|
| |
as intentionally undocumented
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
initializing five of the fields in BIO_ASN1_BUF_CTX (prefix,
prefix_free, suffix, suffix_free, ex_arg), inviting a segfault in
a subsequent call from the application program to BIO_write(3)
because subroutines of that function assume that the function
pointers are either NULL or valid.
Fix this by using the less error-prone calloc(3) idiom.
While here, inline asn1_bio_init() at the only call site
in asn1_bio_new() to simplify the code and make it easier to read.
Bug found and initial patch by me,
this version (with inlining) by and OK tb@.
|
| |
|
|
| |
ok schwarze@
|
| |
|
|
| |
replace the BUGS section with a shorter CAVEATS section
|
| |
|
|
|
|
|
|
|
|
| |
If EVP_PKEY_copy_parameters(3) fails - among other reasons, this
may happen when out of memory - the pkey argument and/or the chain
argument will not contain all the desired parameters after returning.
Consequently, report the failure to the caller rather than silently
ignoring it.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
by using X509_get0_pubkey(3) instead of X509_get_pubkey(3);
no functional change.
OK tb@
This is similar to the relevant part of the follwoing commit
from the OpenSSL 1.1.1 branch, which is still under a free licence,
but without the bug that commit introduced into this function in OpenSSL:
commit c01ff880d47392b82cce2f93ac4a9bb8c68f8cc7
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Mon Dec 14 13:13:32 2015 +0000
|
| |
|
|
|
|
|
|
|
|
|
| |
While here, also improve the rest of the page:
* add missing BIO_TYPE_* constants
* describe BIO_TYPE_START
* better function argument names
* more precision in the descriptions and regarding the RETURN VALUES
* lots of wording improvements
* improve the coding style below EXAMPLES
* delete a BUGS section describing cretaceous behaviour
|
| |
|
|
|
|
|
|
| |
OCSP_BASICRESP bs contains no certificates.
From David von Oheimb (OpenSSL 121738d1)
ok beck
|
| |
|
|
|
|
| |
need for EVP_PKEY_free().
ok beck
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Our ASN1_GENERALIZEDTIME_set() doesn't accept time strings with
fractional seconds, so don't feed it milliseconds, but only seconds.
Ensures that openssl x509 -text prints timestamps instead of skipping
them.
ok beck jsing
|
| |
|
|
|
|
|
|
| |
This way, CT extensions in certs will be parsed by the new CT code
when they are encountered. This gets rid of a lot of gibberish when
looking at a cert with 'openssl x509 -text -noout -in server.pem'
ok beck jsing
|
| |
|
|
|
|
| |
from <Malgorzata dot Olszowka at stunnel dot org>
via OpenSSL commit 256989ce in the OpenSSL 1.1.1 branch,
which is still under a free license
|
| | |
|
| |
|
|
|
|
| |
certificte chain. This would happen when the verification callback was
in use, instructing the verifier to continue unconditionally. This could
lead to incorrect decisions being made in software.
|
| |
|
|
|
|
| |
Do not expose it yet, this will wait for an upcoming bump
ok tb@
|
| | |
|
| |
|
|
|
|
| |
not yet available.
ok schwarze
|
