summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add NID for signingCertificateV2kn2022-07-162-0/+2
| | | | | | https://oidref.com/1.2.840.113549.1.9.16.2.47 OK tb
* Avoid direct X509 structure accesskn2022-07-162-12/+12
| | | | | | | Cherry-picked from OpenSSL commit a8d8e06b0ac06c421fd11cc1772126dcb98f79ae. This reduces upcoming TS changes. OK jsing tb
* Zap duplicate ERR_load_TS_strings() prototypekn2022-07-161-3/+1
| | | | | | It's defined again (more appropiately) further down above the error codes. OK jsing tb
* Expand the comment explaining the for loop with bn_lucas_step() a bit.tb2022-07-151-3/+3
|
* Comment for factorization of n - 1 = k * 2^s in bn_miller_rabin_base_2()tb2022-07-151-1/+2
|
* Rename is_perfect_square to out_perfect in prototype to matchtb2022-07-151-2/+2
| | | | the code in bn_isqrt.c.
* Zap trailing whitespacetb2022-07-141-4/+4
|
* add .Xr links to SSL_CTX_set_security_level(3)schwarze2022-07-135-15/+20
|
* add a few .Xr links to new manual pagesschwarze2022-07-1311-24/+36
|
* In dsa.h rev. 1.34 (14 Jan 2022), tb@ provided DSA_bits(3).schwarze2022-07-131-10/+51
| | | | | | | Document it from scratch. While here, merge a few details from the OpenSSL 1.1.1 branch, which is still under a free license, into the documentation of DSA_size(3).
* In x509_vfy.h rev. 1.54, tb@ provided X509_VERIFY_PARAM_get_time(3)schwarze2022-07-131-3/+44
| | | | | | and X509_VERIFY_PARAM_set_auth_level(3). Document them. For the latter, i included a few sentences from the OpenSSL 1.1.1 branch, which is still under a free license.
* link three new manual pages to the buildschwarze2022-07-131-1/+4
|
* Start documenting our new pet octopus, SSL_CTX_set_security_level(3).schwarze2022-07-132-1/+161
| | | | | | | Or should we call it a centipede? Feedback and OK on a previous version from jsing@ and from our chief myriapodologist, tb@.
* Cast int64_t to uint64_t before negating.jsing2022-07-131-3/+7
| | | | | | | | | Avoid undefined behaviour/integer overflow by casting an int64_t to uint64_t before negating. Fixes oss-fuzz #49043 ok tb@
* Write documentation for EVP_PKEY_check(3), EVP_PKEY_public_check(3),schwarze2022-07-135-44/+504
| | | | | | | | | | | | EVP_PKEY_param_check(3), and EVP_PKEY_security_bits(3) from scratch. Move the documentation of EVP_PKEY_size(3) and EVP_PKEY_bits(3) to the new manual page EVP_PKEY_size(3). Merge the documentation of the related function pointers from the OpenSSL 1.1.1 branch, which is still under a free license. OK tb@ on the new page EVP_PKEY_size(3).
* Simplify computation of max_pub_key = dh->p - 1.tb2022-07-131-4/+2
| | | | ok jsing
* New manual page written from scratch;schwarze2022-07-131-0/+137
| | | | | tb@ recently added these functions to libcrypto and also provided feedback on my first draft of this page.
* Remove #ifndef around the definition of OPENSSL_TLS_SECURITY_LEVEL.tb2022-07-131-3/+1
| | | | | | | | We do not intend to make this a compile-time option. Reminded by schwarze who asked about it ok jsing
* On May 4 14:19:08 2006 UTC, while fixing a security issue, djm@schwarze2022-07-131-11/+64
| | | | | | | | | provided the new public function DH_check_pub_key(3) in <openssl/dh.h>. Sorry for being a bit tardy in documenting the new function. Then again, OpenSSL doesn't document it either, yet. While here, drop a HISTORY entry about a constant that was renamed in OpenSSL 0.9.5. That's no longer relevant.
* Do not make tables static so we can access them from regress.tb2022-07-131-5/+5
|
* Enable BPSW primality test.tb2022-07-131-1/+3
| | | | ok jsing
* Hook BPSW into BN_is_prime_fasttest_ex()tb2022-07-131-3/+13
| | | | ok jsing
* Link bn_bpsw.c to buildtb2022-07-131-2/+2
| | | | ok jsing
* Implement the Baillie-PSW primality testtb2022-07-132-1/+423
| | | | | | | | | | | | | | | | | | | | | | | | | | | It has long been known that pure Miller-Rabin primality tests are insufficient. "Prime and Prejudice: Primality Testing Under Adversarial Conditions" https://eprint.iacr.org/2018/749 points out severe flaws in many widely used libraries. In particular, they exhibited a method to generate 2048-bit composites that bypass the default OpenSSL (and hence LibreSSL) primality test with a probability of 1/16 (!). As a remedy, the authors recommend switching to using BPSW wherever possible. This possibility has always been there, but someone had to sit down and actually implement a properly licensed piece of code. Fortunately, espie suggested to Martin Grenouilloux to do precisely this after asking us whether we would be interested. Of course we were! After a good first implementation from Martin and a lot of back and forth, we came up with the present version. This implementation is ~50% slower than the current default Miller-Rabin test, but that is a small price to pay given the improvements. Thanks to Martin Grenouilloux <martin.grenouilloux () lse ! epita ! fr> for this awesome work, to espie without whom it wouldn't have happened, and to djm for pointing us at this problem a long time back. ok jsing
* Link bn_isqrt.c to buildtb2022-07-131-1/+2
| | | | ok jsing
* Integer square root and perfect square testtb2022-07-132-1/+241
| | | | | | | | | | | | | | This adds an implementation of the integer square root using a variant of Newton's method with adaptive precision. The implementation is based on a pure Python description of cpython's math.isqrt(). This algorithm is proven to be correct with a tricky but very neat loop invariant: https://github.com/mdickinson/snippets/blob/master/proofs/isqrt/src/isqrt.lean Using this algorithm instead of Newton method, implement Algorithm 1.7.3 (square test) from H. Cohen, "A course in computational algebraic number theory" to detect perfect squares. ok jsing
* Unbreak the tree, after the previous commit.jsing2022-07-121-2/+1
|
* Move BN_lsw() to bn_lcl.h so that other code can use it.tb2022-07-122-5/+5
| | | | ok jsing
* Remove mkerr.pl remnants from LibreSSLkn2022-07-1263-1261/+61
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Sync cert.pem with certdata.txt from the NSS release branch. OK tb@ bcook@sthen2022-07-111-382/+849
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remove (expired): /O=Cybertrust, Inc/CN=Cybertrust Global Root /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign remove: /C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC /C=GB/O=Trustis Limited/OU=Trustis FPS Root CA add new root (existing CAs): /C=TW/O=Chunghwa Telecom Co., Ltd./CN=HiPKI Root CA - G1 /C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 1 2020 /C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 1 2020 /C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS ECC Root CA 2021 /C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS RSA Root CA 2021 /C=US/O=Internet Security Research Group/CN=ISRG Root X2 /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2 add (new CAs): /C=TN/O=Agence Nationale de Certification Electronique/CN=TunTrust Root CA /serialNumber=G63287510/C=ES/O=ANF Autoridad de Certificacion/OU=ANF CA Raiz/CN=ANF Secure Server Root CA /C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum EC-384 CA /C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum Trusted Root CA /C=AT/O=e-commerce monitoring GmbH/CN=GLOBALTRUST 2020 /C=CN/O=iTrusChina Co.,Ltd./CN=vTrus ECC Root CA /C=CN/O=iTrusChina Co.,Ltd./CN=vTrus Root CA /C=FI/O=Telia Finland Oyj/CN=Telia Root CA v2 replace with another cert with same CN (SHA1 vs SHA256): /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
* fix NULL return adding missing semicolonbcook2022-07-111-2/+2
| | | | ok tb@
* Annotate the security callback and the security ex_data as deliberatelytb2022-07-101-3/+3
| | | | not exposed in the public API.
* In dsa.h rev. 1.38, tb@ provided DSA_meth_get0_name(3)schwarze2022-07-101-8/+55
| | | | | | and DSA_meth_set1_name(3). Merge the documentation from the OpenSSL 1.1.1 branch, which is still under a free license, significantly tweaked by me.
* Make ASN1_{INTEGER,ENUMERATED}_get() return 0 on NULL againtb2022-07-092-2/+6
| | | | | | | | This is the documented behavior which got lost in the recent rewrite. Mismatch of documentation and reality pointed out by schwarze ok jsing
* Document ASN1_INTEGER_get_uint64(3), ASN1_INTEGER_get_int64(3),schwarze2022-07-091-6/+90
| | | | | | | | | | | ASN1_INTEGER_set_uint64(3), ASN1_INTEGER_set_int64(3), ASN1_ENUMERATED_get_int64(3), and ASN1_ENUMERATED_set_int64(3) recently provided by tb@. Even though Dr. Steven Henson also documented these functions in OpenSSL, the text over there is excessively verbose, repetitive, very badly ordered, and incomplete, so i chose to instead write this patch from scratch, also adding some precision in a few places.
* sorttb2022-07-071-1/+1
|
* Sync bs_cbb.c with libssl.tb2022-07-071-1/+4
| | | | ok jsing
* Make CBB_finish() fail if *out_data is not NULLtb2022-07-071-1/+4
| | | | | | | Contrary to CBS_stow(), CBB_finish() will leak, so ensure we fail if *out_data is populated. Discussed with & ok jsing
* Initialize hkdf_label to NULL.tb2022-07-071-2/+2
| | | | | | Needed for an upcoming diff adding a NULL check to CBB_finish(). ok jsing
* Use a local bits variable to avoid ugly line break due to nested functiontb2022-07-071-6/+16
| | | | | | calls. ok jsing
* Bump libtls minor after libcrypto and libssl minor bumptb2022-07-071-1/+1
|
* Unifdef LIBRESSL_HAS_SECURITY_LEVEL and remove some workaroundstb2022-07-073-35/+4
| | | | | | | that are no longer needed now that libcrypto exposes the necessary security-bits API. ok jsing
* Bump minor after symbol additiontb2022-07-071-1/+1
|
* Update Symbols.listtb2022-07-072-0/+25
| | | | ok jsing
* Expose security level symbols and error codes in the headers.tb2022-07-072-6/+2
| | | | ok jsing
* bump minor after symbol additiontb2022-07-071-1/+1
|
* Expose new API in headers.tb2022-07-077-31/+7
| | | | | | | These are mostly security-level related, but there are also ASN1_TIME and ASN_INTEGER functions here, as well as some missing accessors. ok jsing
* Add missing X509_V_ERR_ strings using the ones from OpenSSL.tb2022-07-051-1/+17
| | | | | | | The well-known masters of consistency of course use strings that don't match the names of the errors. ok jsing
* Use secop instead of op everywheretb2022-07-051-15/+15
|
* Pull setting of is_ee out of the function calls to appease scan-buildtb2022-07-051-3/+5
|