| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
| |
https://oidref.com/1.2.840.113549.1.9.16.2.47
OK tb
|
|
|
|
|
|
|
| |
Cherry-picked from OpenSSL commit a8d8e06b0ac06c421fd11cc1772126dcb98f79ae.
This reduces upcoming TS changes.
OK jsing tb
|
|
|
|
|
|
| |
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
| |
|
| |
|
|
|
|
| |
the code in bn_isqrt.c.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Document it from scratch.
While here, merge a few details from the OpenSSL 1.1.1 branch, which
is still under a free license, into the documentation of DSA_size(3).
|
|
|
|
|
|
| |
and X509_VERIFY_PARAM_set_auth_level(3). Document them.
For the latter, i included a few sentences from the OpenSSL 1.1.1
branch, which is still under a free license.
|
| |
|
|
|
|
|
|
|
| |
Or should we call it a centipede?
Feedback and OK on a previous version from jsing@
and from our chief myriapodologist, tb@.
|
|
|
|
|
|
|
|
|
| |
Avoid undefined behaviour/integer overflow by casting an int64_t to
uint64_t before negating.
Fixes oss-fuzz #49043
ok tb@
|
|
|
|
|
|
|
|
|
|
|
|
| |
EVP_PKEY_param_check(3), and EVP_PKEY_security_bits(3) from scratch.
Move the documentation of EVP_PKEY_size(3) and EVP_PKEY_bits(3)
to the new manual page EVP_PKEY_size(3).
Merge the documentation of the related function pointers
from the OpenSSL 1.1.1 branch, which is still under a free license.
OK tb@ on the new page EVP_PKEY_size(3).
|
|
|
|
| |
ok jsing
|
|
|
|
|
| |
tb@ recently added these functions to libcrypto
and also provided feedback on my first draft of this page.
|
|
|
|
|
|
|
|
| |
We do not intend to make this a compile-time option.
Reminded by schwarze who asked about it
ok jsing
|
|
|
|
|
|
|
|
|
| |
provided the new public function DH_check_pub_key(3) in <openssl/dh.h>.
Sorry for being a bit tardy in documenting the new function.
Then again, OpenSSL doesn't document it either, yet.
While here, drop a HISTORY entry about a constant that
was renamed in OpenSSL 0.9.5. That's no longer relevant.
|
| |
|
|
|
|
| |
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It has long been known that pure Miller-Rabin primality tests are
insufficient. "Prime and Prejudice: Primality Testing Under Adversarial
Conditions" https://eprint.iacr.org/2018/749 points out severe flaws
in many widely used libraries. In particular, they exhibited a method to
generate 2048-bit composites that bypass the default OpenSSL (and hence
LibreSSL) primality test with a probability of 1/16 (!).
As a remedy, the authors recommend switching to using BPSW wherever
possible. This possibility has always been there, but someone had to
sit down and actually implement a properly licensed piece of code.
Fortunately, espie suggested to Martin Grenouilloux to do precisely this
after asking us whether we would be interested. Of course we were!
After a good first implementation from Martin and a lot of back and
forth, we came up with the present version.
This implementation is ~50% slower than the current default Miller-Rabin
test, but that is a small price to pay given the improvements.
Thanks to Martin Grenouilloux <martin.grenouilloux () lse ! epita ! fr>
for this awesome work, to espie without whom it wouldn't have happened,
and to djm for pointing us at this problem a long time back.
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds an implementation of the integer square root using a variant
of Newton's method with adaptive precision. The implementation is based
on a pure Python description of cpython's math.isqrt(). This algorithm
is proven to be correct with a tricky but very neat loop invariant:
https://github.com/mdickinson/snippets/blob/master/proofs/isqrt/src/isqrt.lean
Using this algorithm instead of Newton method, implement Algorithm 1.7.3
(square test) from H. Cohen, "A course in computational algebraic number
theory" to detect perfect squares.
ok jsing
|
| |
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
remove (expired):
/O=Cybertrust, Inc/CN=Cybertrust Global Root
/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
remove:
/C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC
/C=GB/O=Trustis Limited/OU=Trustis FPS Root CA
add new root (existing CAs):
/C=TW/O=Chunghwa Telecom Co., Ltd./CN=HiPKI Root CA - G1
/C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 1 2020
/C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 1 2020
/C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS ECC Root CA 2021
/C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS RSA Root CA 2021
/C=US/O=Internet Security Research Group/CN=ISRG Root X2
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2
add (new CAs):
/C=TN/O=Agence Nationale de Certification Electronique/CN=TunTrust Root CA
/serialNumber=G63287510/C=ES/O=ANF Autoridad de Certificacion/OU=ANF CA Raiz/CN=ANF Secure Server Root CA
/C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum EC-384 CA
/C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum Trusted Root CA
/C=AT/O=e-commerce monitoring GmbH/CN=GLOBALTRUST 2020
/C=CN/O=iTrusChina Co.,Ltd./CN=vTrus ECC Root CA
/C=CN/O=iTrusChina Co.,Ltd./CN=vTrus Root CA
/C=FI/O=Telia Finland Oyj/CN=Telia Root CA v2
replace with another cert with same CN (SHA1 vs SHA256):
/C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
|
|
|
|
| |
ok tb@
|
|
|
|
| |
not exposed in the public API.
|
|
|
|
|
|
| |
and DSA_meth_set1_name(3).
Merge the documentation from the OpenSSL 1.1.1 branch, which
is still under a free license, significantly tweaked by me.
|
|
|
|
|
|
|
|
| |
This is the documented behavior which got lost in the recent rewrite.
Mismatch of documentation and reality pointed out by schwarze
ok jsing
|
|
|
|
|
|
|
|
|
|
|
| |
ASN1_INTEGER_set_uint64(3), ASN1_INTEGER_set_int64(3),
ASN1_ENUMERATED_get_int64(3), and ASN1_ENUMERATED_set_int64(3)
recently provided by tb@.
Even though Dr. Steven Henson also documented these functions in OpenSSL,
the text over there is excessively verbose, repetitive, very badly ordered,
and incomplete, so i chose to instead write this patch from scratch,
also adding some precision in a few places.
|
| |
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
| |
Contrary to CBS_stow(), CBB_finish() will leak, so ensure we fail if
*out_data is populated.
Discussed with & ok jsing
|
|
|
|
|
|
| |
Needed for an upcoming diff adding a NULL check to CBB_finish().
ok jsing
|
|
|
|
|
|
| |
calls.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
that are no longer needed now that libcrypto exposes the necessary
security-bits API.
ok jsing
|
| |
|
|
|
|
| |
ok jsing
|
|
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.
ok jsing
|
|
|
|
|
|
|
| |
The well-known masters of consistency of course use strings that don't
match the names of the errors.
ok jsing
|
| |
|
| |
|