summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove a stray spacetb2022-05-161-2/+2
|
* Avoid use of uninitialized in ASN1_STRING_to_UTF8()tb2022-05-161-4/+3
| | | | | | | | | | | | A long standing failure to initialize a struct on the stack fully was exposed by a recent refactoring. Fortunately, the uninitialized 'flag' member is only used to decide whether or not to call freezero(NULL, 0), so it is completely harmless. This is a first trivial fix, a better version will be landed separately with regress. Reported by Steffen Jaeckel, GH #760 ok beck
* Rewrite asn1_item_ex_d2i_sequence() using CBS and readable variable names.jsing2022-05-161-131/+113
| | | | | | Now that combine no longer exists, we can also free and reallocate. ok tb@
* Fix d2i_ASN1_OBJECT()tb2022-05-131-2/+2
| | | | | | | | | Due to a confusion of two CBS, the API would incorrectly advance the *der_in pointer, resulting in a DER parse failure. Issue reported by Aram Sargsyan ok jsing
* Call the ASN1_OP_D2I_PRE callback after ASN1_item_ex_new().jsing2022-05-121-10/+8
| | | | | | | | In asn1_item_ex_d2i_choice(), only call the ASN1_OP_D2I_PRE callback after allocation has occurred via ASN1_item_ex_new(). This matches the sequence handling code and the documentation. Discussed with tb@
* Small readability tweak suggested by jsingtb2022-05-121-1/+3
|
* Rewrite and fix X509v3_asid_subset()tb2022-05-121-12/+30
| | | | | | | | | | | | X509v3_asid_subset() assumes that both asnum and rdi are present while they are both marked OPTIONAL in RFC 3779, 3.2.3. It will crash if either one is missing. In RPKI land RDI is a MUST NOT use (e.g, RFC 6487, 4.8.11), so this API is currently useless (and seemingly unused). Pick apart an ugly logical pipeline and implement this check in a readable fashion. ok jsing
* Rename asn1_enc_free() to asn1_enc_cleanup().jsing2022-05-123-6/+6
| | | | | | | This function does not actually free an ASN1_ENCODING, which are embedded in a struct. Name suggested by tb@
* Rewrite asn1_item_ex_d2i_choice() using CBS.jsing2022-05-121-73/+54
| | | | | | Now that combine no longer exists, we can also free and reallocate. ok tb@
* Rewrite asn1_enc_save() using CBS.jsing2022-05-123-46/+69
| | | | | | Rework and clean up other asn1_enc_* related functions while here. ok tb@
* Use freezero() with ASN1_ENCODING.jsing2022-05-121-3/+3
| | | | | | | | While ASN1_ENCODING is currently only used with types that should only contain public information, we assume that ASN.1 may contain sensitive information, hence use freezero() here instead of free(). ok deraadt@ tb@
* Remove ASN1_AFLG_BROKEN.jsing2022-05-122-19/+3
| | | | | | | | This workaround was used by ASN1_BROKEN_SEQUENCE, which existed for NETSCAPE_ENCRYPTED_PKEY. Remove the workaround since the only consumer has already been removed. ok tb@
* Add a BUGS section to describe the problem of potential lies andtb2022-05-101-2/+17
| | | | | | indicating a workaround. input/ok jsing
* X509_check_ca() has 5 return values but still can't failtb2022-05-101-3/+1
| | | | | | | | | | | | | | | The values 0, 1, 3, 4, 5 all have some meaning, none of which is failure. If caching of X509v3 extensions fails, returning X509_V_ERR_UNSPECIFIED, i.e., 1 is a bad idea since that means the cert is a CA with appropriate basic constraints. Revert to OpenSSL behavior which is to ignore failure to cache extensions at the risk of reporting lies. Since no return value can indicate failure, we can't fix this in X509_check_ca() itself. Application code will have to call (and check) the magic X509_check_purpose(x, -1, -1) to ensure extensions are cached, then X509_check_ca() can't lie. ok jsing
* Rewrite asn1_item_ex_d2i() using CBS.jsing2022-05-101-58/+125
| | | | | | | | This requires a few wrappers to call into some non-CBS functions, however we can now remove the asn1_d2i_ex_primitive() wrapper as there are no longer any non-CBS callers. ok tb@
* Remove ASN.1 combining.jsing2022-05-105-82/+37
| | | | | | | | This was an option used to combine ASN.1 into a single structure, which was only ever used by DSAPublicKey and X509_ATTRIBUTE. Since they no longer use it we can mop this up and simplify all of the related code. ok tb@
* Simplify X509_ATTRIBUTE ASN.1 encoding.jsing2022-05-096-101/+34
| | | | | | | | | | | For some unknown historical reason, X509_ATTRIBUTE allows for a single ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF. Simplify encoding and remove support for single values - this is similar to OpenSSL e20b57270dec. This removes the last use of COMBINE in the ASN.1 decoder. ok tb@
* Remove openssl/cterr.h and inline it in openssl/ct.htb2022-05-084-133/+58
| | | | ok jsing
* Sort alphabetically so that future omissions will be easier to spot.tb2022-05-071-35/+35
| | | | discussed with jsing
* Split asn1_item_ex_d2i() into three.jsing2022-05-071-223/+287
| | | | | | | | Factor out the handling of CHOICE and SEQUENCE into their own functions. This reduces complexity, reduces indentation and will allow for further clean up. ok beck@ tb@
* zap stray tabtb2022-05-071-2/+2
|
* KNF nitstb2022-05-071-7/+7
|
* Rewrite asn1_d2i_ex_primitive() with CBS.jsing2022-05-071-72/+86
| | | | ok tb@
* Refactor asn1_ex_c2i()jsing2022-05-071-39/+59
| | | | | | | | | | | | | | | The asn1_ex_c2i() function currently handles the V_ASN1_ANY case inline, which means there multiple special cases, with pointer fudging and restoring. Instead, split asn1_ex_c2i() into three functions - one that only handles storage into a primitive type (asn1_ex_c2i_primitive()), one that handles the V_ASN1_ANY case (asn1_ex_c2i_any()) and calls asn1_ex_c2i_primitive() with the correct pointer and an asn1_ex_c2i() that handles the custom functions case, before dispatching to asn1_ex_c2i_any() or asn1_ex_c2i_primitive(), as appropriate. This results in cleaner and simpler code. With input from and ok tb@
* Avoid strict aliasing violations in BN_nist_mod_*()jsing2022-05-071-86/+137
| | | | | | | | | | | | | | | | | | | | | | | The optimised code path switches from processing data via unsigned long to processing data via unsigned int, which requires type punning. This is currently attempted via a union (for one case), however this fails since a pointer to a union member is passed to another function (these unions were added to "fix strict-aliasing compiler warning" - it would seem the warnings stopped but the undefined behaviour remained). The second case does not use a union and simply casts from one type to another. Undefined behaviour is currently triggered when compiling with clang 14 using -03 and -fstrict-aliasing, while disabling assembly (in order to use this C code). The resulting binary produces incorrect results. Avoid strict aliasing violations by copying from an unsigned long array to an unsigned int array, then copying back the result. Any sensible compiler will omit the copies, while avoiding undefined behaviour that would result from unsafe type punning via pointer type casting. Thanks to Guido Vranken for reporting the issue and testing the fix. ok tb@
* Add missing ERR_load_{COMP,CT,KDF}_strings()tb2022-05-061-1/+11
| | | | ok beck
* Also check EVP_PKEY_CTX_new_id() return in example code. Letting thistb2022-05-061-2/+4
| | | | | be caught by the error check of EVP_PKEY_derive_init() is a dubious pattern.
* Install EVP_PKEY_CTX_set_hkdf_md.3tb2022-05-061-1/+2
|
* Document the EVP HKDF APItb2022-05-061-0/+251
| | | | | | Manual from OpenSSL 1.1.1o with minimal tweaks. input/ok schwarze
* Simplify: freezero() is NULL safe; assign + test in one go, as usual.tb2022-05-051-11/+5
| | | | ok jsing
* Avoid malloc(0) in EVP_PKEY_CTX_set1_hkdf_key()tb2022-05-051-2/+2
| | | | ok jsing
* Securely wipe the entire HKDF_PKEY_CTX instead of only taking care oftb2022-05-051-5/+3
| | | | | | a piece of the embedded info array. ok jsing
* Use size_t for ASN.1 lengths.jsing2022-05-054-16/+20
| | | | | | | | Change asn1_get_length_cbs() and asn1_get_object_cbs() to handle and return a length as a size_t rather than a uint32_t. This makes it simpler and less error prone in the callers. Suggested by and ok tb@
* Fix HMAC() with NULL keytb2022-05-051-2/+7
| | | | | | | | | | | | | | | | | If a NULL key is passed to HMAC_Init_ex(), it tries to reuse the previous key. This makes no sense inside HMAC() since the HMAC_CTX has no key set yet. This is hit by HKDF() with NULL salt() via the EVP API and results in a few Wycheproof test failures. If key is NULL, use a zero length dummy key. This was not hit from wycheproof.go since we pass a []byte with a single NUL from Go. Matches OpenSSL if key is NULL and key_len is 0. If key_len != 0, OpenSSL will still fail by passing a NULL key which makes no sense, so set key_len to 0 instead. ok beck jsing
* Fix argument order in HKDF and HKDF_extract().tb2022-05-051-5/+5
|
* Add hkdf_pkey_meth to the standard_methods[]tb2022-05-051-1/+3
| | | | ok beck jsing
* Link kdf/ to the buildtb2022-05-051-1/+7
| | | | ok beck jsing
* Provide EVP_PKEY_HKDF alias for NID_hkdftb2022-05-051-1/+2
| | | | ok beck jsing
* Provide KDFerr() and KDFerror() macrostb2022-05-051-1/+4
| | | | ok beck jsing
* Provide versions of EVP_PKEY_CTX_{str,hex}2ctrl() for internal use.tb2022-05-052-2/+38
| | | | ok beck jsing
* Ditch #defines for tls1_prf and scrypt. Drop unused errors and massagetb2022-05-052-95/+8
| | | | | | some const. ok beck jsing
* Translate from OpenSSL's HKDF API to BoringSSL API.tb2022-05-051-8/+7
| | | | ok beck jsing
* Remove function codes from errors, i.e., KDFerr(A, B) -> KDFerror(B)tb2022-05-051-5/+5
| | | | ok beck jsing
* Fix typo in previous.tb2022-05-051-2/+2
|
* Inline OPENSSL_memdup() using malloc() + memcpy()tb2022-05-051-3/+5
| | | | ok beck jsing
* Translate OPENSSL_{cleanse,clear_free,free,zalloc}() to libc API.tb2022-05-051-11/+11
| | | | ok beck jsing
* Adjust includes for LibreSSLtb2022-05-051-4/+7
| | | | ok beck jsing
* Use C99 initializres for hkdf_pkey_methtb2022-05-051-26/+10
| | | | ok beck jsing
* Remove OpenSSL versions of HKDF*().tb2022-05-051-117/+1
| | | | ok beck jsing
* Fix includes of the removed kdferr.htb2022-05-052-4/+3
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 23:44:36 +0000