| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a straightforward conversion because I'm not going to start a
cleanup here. Explain why this is not using X509_ALGOR_set_md(). See
below.
ok jca
Let me include a beautiful note from RFC 5754 in its entirety:
NOTE: There are two possible encodings for the AlgorithmIdentifier
parameters field associated with these object identifiers. The two
alternatives arise from the loss of the OPTIONAL associated with the
algorithm identifier parameters when the 1988 syntax for
AlgorithmIdentifier was translated into the 1997 syntax. Later, the
OPTIONAL was recovered via a defect report, but by then many people
thought that algorithm parameters were mandatory. Because of this
history, some implementations encode parameters as a NULL element
while others omit them entirely. The correct encoding is to omit the
parameters field; however, when some uses of these algorithms were
defined, it was done using the NULL parameters rather than absent
parameters. For example, PKCS#1 [RFC3447] requires that the padding
used for RSA signatures (EMSA-PKCS1-v1_5) MUST use SHA2
AlgorithmIdentifiers with NULL parameters (to clarify, the
requirement "MUST generate SHA2 AlgorithmIdentifiers with absent
parameters" in the previous paragraph does not apply to this
padding).
|
| |
|
|
| |
ok jca
|
| |
|
|
| |
ok jca
|
| |
|
|
|
|
|
|
|
|
|
| |
Replace X509_ALGOR_set0() with X509_ALGOR_set0_by_nid(). This way there
is no missing error checking for OBJ_nid2obj() and no nested functions.
Slightly more importantly, this plugs two long standing potential leaks
in this function (or previously rsa_cms_encrypt()) due to missing error
checking: in the unlikely event that X509_ALGOR_set0() failed, astr/ostr
would leak.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
Test and assign one more instance replace a useless comment by an empty
line.
|
| |
|
|
|
|
|
|
| |
In rsa_alg_set_oaep_padding() rename los to ostr for consistency with
astr, make it have function scope, free ostr in the error path and assume
X509_ALGOR_set0() success.
ok jca
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Rename rv into ret and split it on its own line, move labellen a bit down
add some empty lines. To match style elsewhere.
Most of this was requested by jsing
|
| |
|
|
|
|
|
|
| |
This matches what is done for PKCS#1 1.5 and PSS. This function needs a
lot of work still, but it's easier to do that without having to tiptoe
around a lot of other garbage.
ok jsing
|
| |
|
|
| |
error check
|
| | |
|
| |
|
|
|
|
| |
After previous refactoring, rsa_all_set_pss_padding() is the last remaining
caller of the weirdly named and ugly rsa_all_set_pss_padding(). This can be
handled in a few simple lines now that this mess has slightly cleaner code.
|
| | |
|
| |
|
|
|
| |
Check and assign the EVP_PKEY_CTX and move the extraction of the algorithm
identifier from the signer info a few lines down.
|
| |
|
|
|
|
|
|
|
|
| |
The current convoluted mess can be handled with two calls to the new
rsa_alg_set_pss_padding() helper. Not that this would be obvious at
all.
This fixes two more leaks in case of X509_ALGOR_set0() failure.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This sets the AlgorithmIdentifier's algorithm to id-RSASSA-PSS with
appropriate RSASSA-PSS parameters. This pulls a chunk of code out of
rsa_cms_sign() and rewrites it with proper error checking, thereby
fixing a long-standing leak.
This helper can also be used in rsa_item_sign(), but that part is a
bit special, and will therefore be commmitted separately.
ok jsing
|
| |
|
|
|
|
|
|
| |
This removes a few duplicated and unchecked X509_ALGOR_set0() calls and
factors them into a helper function that sets the AlgorithmIdentifier on
the recipient info or signer info to rsaEncryption with null parameters.
ok jsing
|
| |
|
|
| |
not real problems)
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
X509_ALGOR_set0() is annoyingly unergonomic since it takes an ASN1_OBJECT
rather than a nid. This means that almost all callers call OBJ_obj2nid()
and they often do this inline without error checking so that the resulting
X509_ALGOR object is corrupted and may lead to incorrect encodings.
Provide an internal alternative X509_ALGOR_set0_by_nid() that takes a nid
instead of an ASN1_OBJECT and performs proper error checking. This will be
used to convert callers of X509_ALGOR_set0() in the library.
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
Otherwise, the prototypes for timespec_get() and aligned_alloc()
are not visible. OK guenther@
|
| |
|
|
|
|
|
|
| |
If the topmost cert is invalid, this should result in a validation failure.
Do the same dance as elsewhere permitting the verify callback to intercept
the error but ensuring that we throw an error.
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This streamlines the code to use safer idioms, do proper error checking
and be slightly less convoluted. Sprinkle a few references to RFC 8017
and explain better what we are doing and why. Clarify ownership and use
more consistent style.
This removes the last internal use of X509_ALGOR_set_md().
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
OpenSSL has the 20 in the long and short names, so add aliases to the
existing names to make things work. In particular, EVP_get_cipherbyname()
will now return EVP_chacha20() for both 'ChaCha20' and 'chacha20'.
Found by Facundo Tuesca when trying to add LibreSSL support for ChaCha20 in
https://github.com/pyca/cryptography/pull/9209
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
the 0x0 call sites for leak reports. Also display more info on
detected write of free chunks: print the info about where the chunk
was allocated, and for the preceding chunk as well.
ok asou@
|
| | |
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
| |
This matches what other pages use. Also rewrite the definition of the
modular inverse to be less ugly.
|
| |
|
|
|
|
| |
If they ever had any meaning, that's long been lost.
Requested by jsing
|
| |
|
|
| |
This is basically the same fix as the one applied in BN_mod_exp_simple().
|
| |
|
|
|
|
| |
Reported and reminded by Guido Vranken in OpenSSL issue #21110
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function was the unfortunate protagonist in a series of tragic merge
errors resulting in only a short stint of a year and nine months between
OpenSSL 0.9.8j and 1.0.0a actually present in OpenBSD. Then it said good
bye for good, but somehow a prototype came back with 1.0.1g, a famous
version released when there were slightly more pressing things to be
taken care of than a function supporting a config knob whose only purpose
was to turn off fips mode or to error.
from schwarze
PS: The mechanism that it was supposed to provide is still documented in
openssl.cnf(5). I am going remove the relevant bit at some point, but not
today.
|
| |
|
|
|
|
|
|
|
|
| |
Contrary to X509_ALGOR_set_md() this allows for error checking. Avoid
local complications by freeing in the exit path and use a const version
of X509_ALGOR for walking a STACK_OF() to avoid a bad free.
Clean up includes
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Our internal version allows for error checking and this avoids a silent
failure leading to corruption later on.
Clean up includes while there.
ok jsing
|
| | |
|
| |
|
|
|
| |
The old description was vague, but strictly speaking a lie, so make it
more precise and turn the lie into a truth.
|
