summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove ASN1_time_clamp_notafter() prototypetb2024-02-231-3/+1
| | | | | There is now a prototype in x509_internal.h, so no need to repeat that here.
* x509_asid: NULL out min/max on extract_min_max() failuretb2024-02-201-1/+3
| | | | requested by/ok jsing
* x509_asid: fix some KNF botchestb2024-02-191-37/+19
| | | | | | | | When this file was brought into KNF, a few things became particularly ugly. This makes {a,b}{,_{min,max}} have function scope in canonize/is_canonical, which removes unfortunate line wraps and some other silliness. ok job
* pk7_attr.c: tidy includestb2024-02-191-6/+4
|
* Update ASN1_TIME_set(3)tb2024-02-181-5/+44
| | | | | | | Document OPENSSL_{posix_to_tm,tm_to_posix}() and fix the documentation of OPENSSL_{gmtime,timegm}(). ok jsing
* Add posix_time.h from BoringSSLtb2024-02-188-60/+160
| | | | | | | | | | | | | | | | This is prepares to expose some internal API as OPENSSL_tm_to_posix() and OPENSSL_posix_to_tm(). They will be used in libtls and ocspcheck(8) to get rid of the portability nightmare that is timegm(). Also fix the location of OPENSSL_gmtime() and OPENSSL_timegm() (this API is not yet exposed). The former is from OpenSSL and surprisingly lives in crypto.h, not asn1.h, and the latter is BoringSSL API and lives in the new posix_time.h. Initial diff from beck, this pulls in further upstream work after review feedback. ok jsing
* Align EVP_CIPHER_CTX_init() and _legacy_clear()tb2024-02-181-2/+2
|
* Hide EVP_{CIPHER,MD}_CTX_init() from internalstb2024-02-181-1/+5
| | | | ok jsing
* Use EVP_MD_CTX_legacy_clear() internallytb2024-02-1812-33/+33
| | | | ok jsing
* Use EVP_CIPHER_CTX_legacy_clear() internallytb2024-02-185-13/+13
| | | | ok jsing
* Add EVP_MD_CTX_legacy_clear()tb2024-02-182-2/+9
| | | | | | | | | This is analogous to EVP_CIPHER_CTX_legacy_clear() and will serve as an internal replacement for EVP_MD_CTX_init() until the conversion to heap allocated ctx is completed. This way EVP_MD_CTX_init() can be changed to match the OpenSSL 1.1 API. ok jsing
* Add EVP_CIPHER_CTX_legacy_clear()tb2024-02-182-2/+10
| | | | | | | | | | | | | | OpenSSL 1.1 made EVP_CIPHER_CTX_init() an alias of EVP_CIPHER_CTX_reset(). In particular, it changed signature and it would no longer leak internal state if used on an already used ctx. On the other hand, it can't be used for ctx on the stack. libcrypto still has a few ctx on the stack which will be converted to heap allocated contexts at some point. Until this is completed, we will use EVP_CIPHER_CTX_legacy_clear() internally, so that the public API can be changed to match OpenSSL 1.1. ok jsing
* Use calloc() instead of malloc() in BIO_new().jsing2024-02-171-16/+5
| | | | ok tb@
* Inline and disable BIO_set().jsing2024-02-161-21/+19
| | | | | | | | BIO_set() is a dangerous function that cannot be used safely. Thankfully, the only consumer is BIO_new(), hence inline the functionality and disable the BIO_set() function (for complete removal in the near future). ok tb@
* Use 'bio' more consistently for function arguments.jsing2024-02-161-58/+61
| | | | | | | | Rather than 'a' or 'b', use 'bio' more consistently - there are still some more complex cases that have been left alone for now. Also use fewer parentheses. No change to generated assembly other than line numbers.
* Make it explicit that the EC_KEY setters don't check thingstb2024-02-161-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While EC_POINT_set_affine_coordinates() checks that the resulting point is on the elliptic curve, this is only necessary, but not sufficient, to ensure that the point can serve as a valid public key. For example, this does not check for normalized coordinates or exclude that it is zero (the point at infinity). Such checks, and more, are performed by the similarly named EC_KEY_set_public_key_affine_coordinates(). This kind of makes sense from the mathematical standpoint as an elliptic curve point isn't a priori a public key, even if you are not going to use libcrypto for actual mathematics (or anything really) unless you like pain. In a cryptographic library such differences are more of a hazard than a help. This is exacerbated by the fact that EC_KEY_set_public_key() does almost no checking (it only checks that the point's EC_POINT method matches the one of group set of the EC_KEY, which is far from enough). The API expects that you call EC_KEY_check_key() on your own. This is kind of confusing since EC_KEY_set_public_key_affine_coordinates() does that for you. Unfortunately, adding sanity checks to EC_KEY_set_public_key() isn't easy since it's going to penalize those who already check. Caching the result of a check is dangerous and fragile if there are a million ways of fiddling with an EC_KEY. While the elliptic curve code is really bad, its documentation is worse (another thing that applies to OpenSSL in general). Try to help that a little bit by making it more explicit that you are supposed to call EC_KEY_check_key() after using lower-level EC_KEY setters. Also make it clearer that the setters copy the data, they don't take ownership (which isn't obvious from the naming). If OpenSSL 3 got one thing kind of right, it was to deprecate the EC_KEY and EC_POINT APIs. But if you are going to deprecate something, you should either be prepared to remove it or have a reasonable replacement... Found by Guido Vranken using cryptofuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66667 ok jsing
* BIO_dump*() avoid signed integer overflowtb2024-02-151-1/+10
| | | | | | | | | This API returns an int encoding the number of bytes printed. Thus, a dump of a large enough byte string can make this overflow and rely on undefined behavior. With an indent of 64, as little as 26 MB is enough to make this happen. ok jsing
* Document a portability caveat about GeneralizedTime and UTCTimejob2024-02-131-2/+9
| | | | OK tb@
* Remove a useless EVP_MD_CTX_init() calltb2024-02-091-2/+1
| | | | | The hash was just created with EVP_MD_CTX_new(), so we memset a calloced piece of memory to 0.
* Of course libssl also has a few missing voidtb2024-02-042-4/+4
| | | | From Christian Andersen
* Rework the exit path of tls13_handshake_recv_action()tb2024-02-031-12/+14
| | | | | | | | | | | | | If an error occurs in action->recv() for a handshake that needs to downgrade to legacy TLS, the artistic exit path led to hiding the error under TLS13_IO_USE_LEGACY. Rework the exit path to be easier to follow, preserving behavior except that the error can no longer be masked. Detailed analysis and initial diff by Masaru Masuda. Fixes https://github.com/libressl/openbsd/issues/146 ok beck
* Remove last peeking at TLS1_FLAGS_SKIP_CERT_VERIFYtb2024-02-031-7/+1
| | | | | | | This was used for some GOST weirdness. The flag is unused in ports and there is no user in Debian's codesearch. ok beck
* Zap a trailing blank that snuck into ssl3_get_client_hello()tb2024-02-031-2/+2
|
* Remove GOST and STREEBOG support from libssl.beck2024-02-0316-675/+32
| | | | | | | | | | | | | | | | | | This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
* Ignore EVP_MD_CTX_reset() return valuetb2024-02-021-6/+4
| | | | Also drop now unnecessary NULL checks before it.
* Ignore EVP_CIPHER_CTX_reset() return value, it can't failtb2024-02-021-2/+2
|
* Reimplement BIO_dump_indent() with CBS/CBB and BIO_printf()tb2024-02-021-64/+115
| | | | | | | | | | | | | Instead of heaps of unchecked strlcpy/strlcat/snprintf doing hard to follow gymnastics, use a byte string, a somewhat comprehensible computation of the number of bytes to dump per output line and write using checked BIO_printf() directly to the BIO. Longer strings will still overflow the terminal width of 80 and even longer strings will still overflow the return value (undefined behavior). I don't care much about the former but the latter should be fixed in a later pass. ok beck
* Fix the verifier to use the trust storebeck2024-02-011-1/+13
| | | | the trust store is yet another obscure way to add a trust anchor
* Inline EVP_PBE_find() in its last two callerstb2024-02-011-140/+69
| | | | | | | | | | | | | | | | | This API was already cleaned up quite a bit, but it is unused in the ecosystem and the two internal callers can be simplified a lot when inlining the lookups. EVP_PBE_CipherInit() can walk the table of "outer" PBEs and reach into the matching pbe for its cipher_nid, md_nid and keygen(). PKCS5_v2_PBKDF2_keyivgen() uses EVP_PBE_find() as a way to mapping a PRF (given by the nid of an HMAC with some digest) to the digest's nid. This can be done by a simple switch. Move MD5 to the top and GOST to the end in that switch and wrap the latter in OPENSSL_NO_GOST, so it will go away once we define OPENSSL_NO_GOST. ok beck
* Prepare to remove the _cb() and _fp() versions of BIO_dump()tb2024-02-011-33/+30
| | | | | | | | | | | | | apache-httpd uses BIO_dump(), libssl uses BIO_dump_indent(), and the openssl(1) app uses both. Otherwise this is unused. This is horribly bad code even by libcrypto standards. By doing away with the callbacks fixes incorrect error checking for fwrite() but there is a lot more wrong in here. This can be cleaned up in a later pass, the only concern here is to be able to remove the unused variants in the next major bump. ok beck
* Merge OBJ_NAME_do_all*(3) into EVP_CIPHER_do_all(3)tb2024-01-315-63/+96
| | | | | | | This is the only OBJ_NAME API that will remain after the next major bump. The API is misnamed and really is about EVP, so move it to an EVP manual documenting another API doing essentially the same thing. Remove most cross references to OBJ_NAME_*.
* Remove now unnecessary NULL check before EVP_CIPHER_CTX_cleanup()tb2024-01-301-3/+2
|
* Make EVP_{CIPHER,MD}_CTX_{cleanup,reset}() NULL-safetb2024-01-302-3/+8
| | | | | | | | We have a bunch of code that relies on this. Surely there is code out there in the wider ecosystem that relies on these being NULL-safe by now since upstream sprinkles NULL checks wherever they can. ok beck joshua
* Restore SSL_shutdown() two step sequence.jsing2024-01-301-1/+3
| | | | | | | | | | | Change SSL_shutdown() such that it will return 0 after sending a close-notify, before potentially returning 1 (indicating that a close-notify has been sent and received) on a subsequent call. Some software depends on this behaviour, even though there are cases where the first call could immediately return 1 (for example, when the peer has already sent a close-notify prior to SSL_shutdown() being called). ok tb@
* Add id-ct-rpkiSignedPrefixList NIDjob2024-01-291-0/+1
| | | | | | | | References: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/ https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@
* Add id-ct-rpkiSignedPrefixList OIDjob2024-01-291-0/+1
| | | | | | | | References: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/ https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@
* Curious to see if explicitly ignoring the return value appeases Coveritytb2024-01-291-2/+2
|
* The KNF script didn't grok LHASH_OF(), STACK_OF()tb2024-01-281-9/+9
|
* Avoid calling EVP_CIPHER_CTX_reset() on a NULL ctxtb2024-01-281-2/+3
|
* Clean up EVP_CIPHER_CTX_init() usage in cmac.cjoshua2024-01-281-25/+33
| | | | | | | | | This replaces usage of EVP_CIPHER_CTX_init() with EVEP_CIPHER_CTX_new(), and EVP_CIPHER_CTX_cleanup() with EVP_CIPHER_CTX_reset(). This also replaces usage of malloc with calloc, and free with freezero. ok tb@
* Clean up EVP_MD_CTX_{init,cleanup}() usage in ASN1_item_verify()joshua2024-01-281-9/+10
| | | | ok tb@
* Dynamic EVP_PKEY_METHODs are a thing from the pasttb2024-01-271-3/+1
|
* Add a few aliases for ECDSA and DSA for security/xcatb2024-01-271-1/+143
| | | | ok jsing
* Use ret instead of rv in a few keyivgen functionstb2024-01-271-11/+11
|
* Fold keyivgen functions into evp_pbe.ctb2024-01-275-599/+387
| | | | | These are only used by the EVP_PBE routines and will become internal in the next major bump.
* Make some comments and some whitespace less uglytb2024-01-271-13/+14
|
* Whitespace tweaktb2024-01-271-2/+4
|
* Throw PKCS5_PBE_add() into the trash bin at the end of evp_pbe.ctb2024-01-272-10/+7
| | | | This has been a noop since forever and will be removed in the next bump.
* Mark the functions at the end of this file for removaltb2024-01-271-1/+5
|
* Support HMAC with SHA-3 as a PBE PRFtb2024-01-271-1/+21
| | | | ok jsing