summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Teach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3tb2024-01-271-1/+21
| | | | | | | | This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3 signature algorithms. With this diff, ECDSA certificates and CMS products using ECDSA with SHA-3 can be generated using the openssl command line tool. ok jsing
* Rework tls13_legacy_shutdown() to match the legacy stack behaviour.jsing2024-01-271-18/+19
| | | | | | | | Respect the ssl->shutdown flags rather than what has actually happened, return -1 for all EOF errors and completely ignore the return value when attempting to read a close-notify from the wire. ok tb@
* Make tls13_legacy_return_code() static.jsing2024-01-272-4/+3
|
* Add message callbacks for alerts in the TLSv1.3 stack.jsing2024-01-273-10/+49
| | | | | | | | This will make it easier to regress test shutdown behaviour in the TLSv1.3 stack. Additionally, `openssl -msg` now shows alerts for TLSv1.3 connections. ok tb@
* Allocate a fixed NID for the acmeIdentifer OIDtb2024-01-271-0/+1
| | | | ok job jsing
* Add data for the RFC 8737 acmeIdentifiertb2024-01-271-0/+1
| | | | | | | This teaches the object database OID, long and short names for the ACME identifier X.509v3 extension defined in RFC 8737. ok job jsing
* Plug a few leaks and perform some other code hygienetb2024-01-251-34/+59
| | | | | | Closing this directory now until the daily Coverity run throws a hissy fit. ok jsing
* This table no longer needs to be sortedtb2024-01-251-5/+1
|
* p12_npas.c: hoist some helpers from the bottom to the top in reverse ordertb2024-01-251-64/+53
|
* p12_npas.c: maclen -> mac_lentb2024-01-251-4/+4
|
* p12_npas.c: Use slightly less awkward variable namestb2024-01-251-21/+21
|
* Fix various NULL dereferences in PKCS #12tb2024-01-255-15/+37
| | | | | | | | | | The PKCS #7 ContentInfo has a mandatory contentType, but the content itself is OPTIONAL. Various unpacking API assumed presence of the content type is enough to access members of the content, resulting in crashes. Reported by Bahaa Naamneh on libressl-security, many thanks ok jsing
* Merge PKCS12_newpass() and newpass_p12()tb2024-01-251-37/+20
| | | | | | | | With the previous refactoring, newpass_p12() became simple enough that it doesn't require a separate function anymore. Merge the public API into it and move it below (most of) the things it calls. ok jsing
* Ditch another noop from OPENSSL_cleanup()tb2024-01-251-2/+1
|
* Remove the custom X509v3 extensions stacktb2024-01-251-105/+42
| | | | | | | | | | | | | | | This is essentially unused. The only consumer, www/kore,-acme is in the process of being fixed. It is also incomplete: in particular, the verifier doesn't learn about extensions added to the list, making the entire exercise rather pointless. So let's ditch that crap. This was the last consumer of the horror that is OBJ_bsearch_(). The even worse OBJ_bsearch_ex_() is still being "used" by M2Crypto... This prepares the removal of X509V3_EXT_{add{,_list,_alias},cleanup}(). and removes another piece of thread-unsafe global state. ok jsing
* Rename pkcs12_repack_safe() into pkcs12_repack_authsafes()tb2024-01-251-3/+3
| | | | discussed with jsing
* Rework newpass_p12() a bit moretb2024-01-251-34/+49
| | | | | | | | | Split the bottom half that repacks the authsafes into a helper function. This simplifies the curly exit path and makes it clearer what is being done. PKCS12_pack_authsafes() is a very inconvenient API and there are some extra dances needed due to it. ok jsing
* newpass_p12(): factor for loop body into helperstb2024-01-251-35/+72
| | | | | | | | | | Since newpass_bags() and sk_PKCS7_push() could be shared between two otherwise entirely unrelated code paths, it was decided to dedup the code in about the ugliest possible way. Untangle the spaghetti and split the code paths into helper functions, so we can easily error check and avoid a bunch of leaks. ok jsing
* Fix a memleak and a double free in newpass_p12()tb2024-01-251-6/+8
| | | | | | | | If the allocation of newsafes fails, asafes is leaked. And if the ASN1_OCTET_STRING_new() after the freeing of asafes fails, asafes is freed a second time. ok jsing
* Avoid a four-byte overread in gcm_ghash_4bit_mmx() on i386tb2024-01-241-1/+1
| | | | | | | This is a variant of the same logic error fixed in ghash-x86_64.pl r1.6. The code path is only reachable on machines without FXSR or PCLMUL. ok jsing
* Stop fiddling with hash table internals from lhash doall callers.jsing2024-01-243-12/+6
| | | | | | | | It is now safe to call delete from an lhash doall callback - stop fiddling wit hash table internals from lhash doall callers that previously has to workaround this themselves. ok tb@
* Make it safe to delete entries from an lhash doall callback.jsing2024-01-242-13/+19
| | | | | | | | | | | | | | | | | | Currently, the callback cannot safely delete entries as it could lead to contraction of the hash table, which in turn could lead to doall skipping entries (and that typically leads to memory leaks). The recommended workaround is to reach in and fiddle with the hash table internals in order to prevent contraction, call the doall function and then restore the internals that were changed. Rather than just improving our documentation, actually make it safe to delete entries from an lhash doall callback by pausing contractions prior to starting the callback loop, then restoring the down load factor and triggering contraction once completed. This means that callers no longer need access to change hash table internals in order to achieve this same behaviour. ok tb@
* Avoid a four byte overread in gcm_ghash_4bit() on amd64.jsing2024-01-241-1/+1
| | | | | | | | | | | | | | The assembly code for gcm_ghash_4bit() reads one too many times from Xi, resulting in a four byte overread. Prevent this by not loading the next value in the final iteration of the loop. If another full iteration is required the next Xi value will be loaded at the top of the outer_loop. Many thanks to Douglas Gliner <Douglas.Gliner at sony dot com> for finding and reporting this issue, along with a detailed reproducer. Same diff from deraadt@ ok tb@
* make login.conf(5) and crypt_newhash(3) and the underlying codederaadt2024-01-221-2/+2
| | | | | | | | consistant regarding bcrypt,a instead of blowfish,a. "blowfish" is a historical alias which we don't need to document as firmly as "bcrypt". report about difficult manual page discovery from ataraxia937 ok millert
* Link CMS_signed_add1_attr(3) to tree structure of crypto(3) manuals andtb2024-01-223-5/+8
| | | | add a back reference from CMS_get0_SignerInfos(3).
* Simplify history section to match what other manuals dotb2024-01-221-23/+2
|
* Document various CMS_{signed,unsigned}_* functionsjob2024-01-222-1/+393
| | | | | | These functions change signed & unsigned attributes of a CMS SignerInfo object With & OK tb@
* Make our mktemp(3) callback-driven and split into multiple files.millert2024-01-195-130/+195
| | | | | | Previously, calling any of the mktemp(3) family would pull in lstat(2), open(2) and mkdir(2). Now, only the necessary system calls will be reachable from the binary. OK deraadt@ guenther@
* Move mktemp.c to stdlib where it belongs.millert2024-01-193-4/+582
| | | | OK deraadt@
* Switch from EVP_CIPHER_type() to EVP_CIPHER_nid()tb2024-01-181-2/+2
| | | | | | | | EVP_CIPHER_type() will never return NID_gost89_cnt since it has no associated ASN1_OBJECT. Switching to EVP_CIPHER_nid() has a slight chance of working. Do that before beck applies the flensing knife. ok beck
* Tidy a few more includes in cms/tb2024-01-144-8/+13
|
* Prepare for removing most of the X509_TRUST APItb2024-01-131-41/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | X509_check_trust() is of course used by the verifier. Unfortunately M2Crypto exposes it. The only other part of the X509_TRUST API that are still needed are the X509_TRUST_* macros in x509.h, as they are used via *_set_trust and indirectly via the purpose stuff. The rest will be removed. X509_TRUST_add() was defanged recently, in particular it no longer hangs strdup()'ed strings off the global struct. Nothing ever cleaned these up. TRUST_cleanup() attempted to do so, but since it checked the dynamic/dynamic strings flags in the wrong order, that cleanup call ended up doing nothing, so that code was removed at some point. As a consequence, the struct can now be made const. Use a CTASSERT() to ensure size assumptions on X509_TRUST_COUNT, X509_TRUST_MAX, and X509_TRUST_MIN hold true. Remove the global variable underlying X509_TRUST_set_default()'s functionality and move its accessor down to all the other functions that will be deleted. Inline a few things in X509_check_trust(), so we can excise the internals of X509_TRUST_get0(), X509_TRUST_get_by_id(). Since the default trust function can no longer be changed, call obj_trust() directly. ok jsing
* Remove check{,obj_cleanup}_defer documentationtb2024-01-131-66/+3
| | | | | | | | | Both check_defer() and the global variable obj_cleanup_defer were removed from the public API two years ago. Now they were removed from the internals as well, simplifying the cleanup process greatly. We no longer need them to have a chance to understand the cleanup process. Also remove references to EVP_cleanup() since this has long been deprecated and now it doesn't clean up things anymore.
* Remove mention of a refcount bugtb2024-01-131-18/+1
| | | | | | Said bug was fixed in OpenSSL 1.0.0, released 14 years ago. It is of course unsurprising that you may accidentally increment the refcount if your idiom for decrementing it is CRYPTO_add(&bio-references, -1, CRYPTO_LOCK_BIO)).
* BIO_f_ssl.3: Remove explicit library initializationtb2024-01-131-8/+2
|
* Remove calls to OpenSSL_add_all_{ciphers,digests}()tb2024-01-131-3/+1
|
* Move errno.h inclusion where it belongstb2024-01-131-3/+2
|
* Clean up EVP_MD_CTX_init() usage in ASN1_item_sign()joshua2024-01-131-8/+15
| | | | ok tb@
* Prepare to remove the EVP_PKEY_meth_* APItb2024-01-131-89/+50
| | | | | | | | | | After removing the last caller of EVP_PKEY_meth_find() from libssl, none of these is used. And with EVP_PKEY_meth_new() gone, there will no longer be a way to get your hands onto an EVP_PKEY_METHOD that is writable, so none of the silent failures (because they're void functions) should matter in the few weeks until we bump. ok jsing
* The OBJ_NAME API joins the party in evp_names.ctb2024-01-133-54/+51
| | | | ... and another file without license disappears.
* Move EVP_add_{cipher,digest}() to the trashcantb2024-01-133-80/+18
| | | | They will await their removal in the next major bump.
* Open a garbage bin at the bottom of evp_names.ctb2024-01-132-7/+13
| | | | | First to move is EVP_cleanup(), which should probably be moved to an evp_lib.c if such a file is reinstated.
* Remove obj_cleanup_defertb2024-01-132-19/+2
| | | | | With check_defer() gone, this is never set to anything but 0, so the two conditional branches it is still involved in are dead code.
* Garbage collect check_defer()tb2024-01-132-10/+2
| | | | | | | | | | | | | This was a mechanism to ensure that OBJ_cleanup() doesn't remove the ASN1_OBJECT associated with a custom cipher or digest (that was added with EVP_add_{cipher,digest}(), while the latter is still referenced in the OBJ_NAME table. It had the effect that OBJ_cleanup() wasn't actually called ever from OPENSSL_cleanup() (it is only called if you load the OID conf module). Oh, and of course it was once part of the public API. I fixed that two years ago, almost exactly to the day. Still mentioned in OBJ_create.3.
* Neuter EVP_add_{cipher,digest}()tb2024-01-131-11/+1
| | | | | | | | | | This makes them noops. They are used in the wild for adding ciphers that are always added by the library init code. This is a historic leftover. This removes the last (and only ever) calls to check_defer(). ok jsing
* Remove most of EVP_add_{cipher,digest}() internalstb2024-01-131-30/+6
| | | | | | | OBJ_NAME_add() is a noop now, so remove all calls and simplify the remainder of these two functions a bit. Intermediate step to a larger diff that was ok jsing
* Remove OBJ_NAME_cleanup() calls from EVP_cleanup()tb2024-01-131-8/+1
| | | | This is a noop now, so no need to call it.
* Remove the guts of the OBJ_NAME APItb2024-01-131-244/+11
| | | | | | | | | | | | | | | | | | | | | With one exception, none of this is used anymore. All of it will be removed in the next major bump. The exception is OBJ_NAME_add(). scurity/xca ran into issues with their cert renewal logic because RSA certs had a way of mapping the signature algorithms to a hash, but a similar mechanism wasn't available for ECDSA certs. So xca uses EVP_add_digest_alias() to have corresponding aliases for ECDSA. This is a macro wrapping OBJ_NAME_add(). xca now has better logic using the more appropriate OBJ_find_sigid_algs() (which wasn't available back then). We will still add the alias entries that xca still adds ourselves to make sure there are no unexpected side effects. They make sense anyway. The diff will hopefully land in a few days. If your life depends on ECDSA cert renewal in xca please hold off on updating to a new snap. ok jsing
* Stub out {OpenSSL,OPENSSL}_add*tb2024-01-133-334/+23
| | | | | | | | | | | These serve no purpose anymore (and really haven't for many years) but will have to be kept since there's a number of software that still uses them because many years ago they had to. Relocate the stubs to crypto_init.c since library initialization's what they were there for. ok jsing
* Reimplement EVP_get_{cipher,digest}byname()tb2024-01-132-20/+47
| | | | | | | Instead of a hashtable lookup do a bsearch() over the static table. This needs about the same number of strcmp and is a lot simpler. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 21:41:55 +0000