| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the callback cannot safely delete entries as it could lead to
contraction of the hash table, which in turn could lead to doall skipping
entries (and that typically leads to memory leaks). The recommended
workaround is to reach in and fiddle with the hash table internals in
order to prevent contraction, call the doall function and then restore
the internals that were changed.
Rather than just improving our documentation, actually make it safe to
delete entries from an lhash doall callback by pausing contractions prior
to starting the callback loop, then restoring the down load factor and
triggering contraction once completed. This means that callers no longer
need access to change hash table internals in order to achieve this same
behaviour.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The assembly code for gcm_ghash_4bit() reads one too many times from Xi,
resulting in a four byte overread. Prevent this by not loading the next
value in the final iteration of the loop. If another full iteration is
required the next Xi value will be loaded at the top of the outer_loop.
Many thanks to Douglas Gliner <Douglas.Gliner at sony dot com> for finding
and reporting this issue, along with a detailed reproducer.
Same diff from deraadt@
ok tb@
|
| |
|
|
|
|
|
|
| |
consistant regarding bcrypt,a instead of blowfish,a. "blowfish"
is a historical alias which we don't need to document as firmly
as "bcrypt".
report about difficult manual page discovery from ataraxia937
ok millert
|
| |
|
|
| |
add a back reference from CMS_get0_SignerInfos(3).
|
| | |
|
| |
|
|
|
|
| |
These functions change signed & unsigned attributes of a CMS SignerInfo object
With & OK tb@
|
| |
|
|
| |
OBJ_NAME_do_all()
|
| |
|
|
|
|
| |
Previously, calling any of the mktemp(3) family would pull in
lstat(2), open(2) and mkdir(2). Now, only the necessary system
calls will be reachable from the binary. OK deraadt@ guenther@
|
| |
|
|
| |
OK deraadt@
|
| | |
|
| |
|
|
|
|
|
| |
This tests and codifies the behaviour of SSL_shutdown() with respect to
SSL_quiet_shutdown() and SSL_set_shutdown(). For now, only the legacy stack
(TLSv1.2) is tested, as there are currently some subtle differences with
the TLSv1.3 stack.
|
| | |
|
| |
|
|
|
|
|
|
| |
EVP_CIPHER_type() will never return NID_gost89_cnt since it has no
associated ASN1_OBJECT. Switching to EVP_CIPHER_nid() has a slight
chance of working. Do that before beck applies the flensing knife.
ok beck
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509_check_trust() is of course used by the verifier. Unfortunately
M2Crypto exposes it. The only other part of the X509_TRUST API that
are still needed are the X509_TRUST_* macros in x509.h, as they are
used via *_set_trust and indirectly via the purpose stuff. The rest
will be removed.
X509_TRUST_add() was defanged recently, in particular it no longer
hangs strdup()'ed strings off the global struct. Nothing ever cleaned
these up. TRUST_cleanup() attempted to do so, but since it checked
the dynamic/dynamic strings flags in the wrong order, that cleanup
call ended up doing nothing, so that code was removed at some point.
As a consequence, the struct can now be made const. Use a CTASSERT()
to ensure size assumptions on X509_TRUST_COUNT, X509_TRUST_MAX, and
X509_TRUST_MIN hold true.
Remove the global variable underlying X509_TRUST_set_default()'s
functionality and move its accessor down to all the other functions
that will be deleted.
Inline a few things in X509_check_trust(), so we can excise the
internals of X509_TRUST_get0(), X509_TRUST_get_by_id(). Since the
default trust function can no longer be changed, call obj_trust()
directly.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Both check_defer() and the global variable obj_cleanup_defer were removed
from the public API two years ago. Now they were removed from the internals
as well, simplifying the cleanup process greatly. We no longer need them
to have a chance to understand the cleanup process. Also remove references
to EVP_cleanup() since this has long been deprecated and now it doesn't
clean up things anymore.
|
| |
|
|
|
|
| |
Said bug was fixed in OpenSSL 1.0.0, released 14 years ago. It is of course
unsurprising that you may accidentally increment the refcount if your idiom
for decrementing it is CRYPTO_add(&bio-references, -1, CRYPTO_LOCK_BIO)).
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
After removing the last caller of EVP_PKEY_meth_find() from libssl, none
of these is used. And with EVP_PKEY_meth_new() gone, there will no longer
be a way to get your hands onto an EVP_PKEY_METHOD that is writable, so
none of the silent failures (because they're void functions) should matter
in the few weeks until we bump.
ok jsing
|
| |
|
|
| |
... and another file without license disappears.
|
| |
|
|
| |
They will await their removal in the next major bump.
|
| |
|
|
|
| |
First to move is EVP_cleanup(), which should probably be moved to an
evp_lib.c if such a file is reinstated.
|
| |
|
|
|
| |
With check_defer() gone, this is never set to anything but 0, so the two
conditional branches it is still involved in are dead code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This was a mechanism to ensure that OBJ_cleanup() doesn't remove the
ASN1_OBJECT associated with a custom cipher or digest (that was added
with EVP_add_{cipher,digest}(), while the latter is still referenced
in the OBJ_NAME table.
It had the effect that OBJ_cleanup() wasn't actually called ever from
OPENSSL_cleanup() (it is only called if you load the OID conf module).
Oh, and of course it was once part of the public API. I fixed that two
years ago, almost exactly to the day. Still mentioned in OBJ_create.3.
|
| |
|
|
|
|
|
|
|
|
| |
This makes them noops. They are used in the wild for adding ciphers
that are always added by the library init code. This is a historic
leftover.
This removes the last (and only ever) calls to check_defer().
ok jsing
|
| |
|
|
|
|
|
| |
OBJ_NAME_add() is a noop now, so remove all calls and simplify the
remainder of these two functions a bit.
Intermediate step to a larger diff that was ok jsing
|
| |
|
|
| |
This is a noop now, so no need to call it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With one exception, none of this is used anymore. All of it will be removed
in the next major bump.
The exception is OBJ_NAME_add(). scurity/xca ran into issues with their
cert renewal logic because RSA certs had a way of mapping the signature
algorithms to a hash, but a similar mechanism wasn't available for ECDSA
certs. So xca uses EVP_add_digest_alias() to have corresponding aliases
for ECDSA. This is a macro wrapping OBJ_NAME_add().
xca now has better logic using the more appropriate OBJ_find_sigid_algs()
(which wasn't available back then). We will still add the alias entries
that xca still adds ourselves to make sure there are no unexpected side
effects. They make sense anyway.
The diff will hopefully land in a few days. If your life depends on ECDSA
cert renewal in xca please hold off on updating to a new snap.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
These serve no purpose anymore (and really haven't for many years) but
will have to be kept since there's a number of software that still uses
them because many years ago they had to.
Relocate the stubs to crypto_init.c since library initialization's what
they were there for.
ok jsing
|
| |
|
|
|
|
|
| |
Instead of a hashtable lookup do a bsearch() over the static table.
This needs about the same number of strcmp and is a lot simpler.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements the do_all API by simple loops over the tables of
digests and ciphers. Since some ciphers are only available on some
platforms, we need to skip them if necessary. We use loops in each
of the functions rather the convoluted way of reducing some of the
loops to others.
Since the tables are sorted, as ensured by regress, both do_all() and
do_all_sorted() walk the lists in order. In particular, we no longer
need to allocate to be able to sort hash tables by name on the fly in a
void function that may end up doing nothing because allocation failed.
We still need to do an unchecked OPENSSL_init_crypto() call. But that's
what prayer and clean living are there for (as beck put it).
The OBJ_NAME API is completely misnamed. It has little to do with objects
and a lot to do with EVP. Therefore we implement what will remain from
its saner replacement in the evp directory, i.e., evp_names.c.
ok jsing
|
| |
|
|
|
|
|
|
| |
This is the corresponding commit for digests and their aliases. It
only adds a table to be used in upcoming commits. What was said
about ciphers applies mutatis mutandis to digests.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This arranges the data provided by dynamic library initialization
in a static table and will help avoid gross code with missing error
checking and other defects on every use of the library. This table
isn't pretty due to various naming inconsistecies accumulated over
the decades. It will significantly simplify the implementation of
API such as EVP_get_cipherbyname() and EVP_CIPHER_do_all().
All the table does is map strings to ciphers, typically used on the
openssl(1) command line or in code it's the mechanism that underlies
the map from NID_chacha20 to the data returned by EVP_chacha20().
It's of course more complicated because it just had to be stupid.
This is one of the places where the use of bsearch() is justified.
The price to pay for the simplification is that adding custom aliases
and custom ciphers to this table will no longer be supported. It is
one significant user of the LHASH madness. That's just another piece
of the awful "toolkit aspect"-guided misdesign that contributes to
making this codebase so terrible.
A corresponding table for the digests will be added in the next
commit.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This abomination of an API will be removed. Remove the hairy details of
its internals and make the documentation of X509_STORE_CTX_set_trust(3)
and X509_STORE_CTX_set_purpose(3) independent of it.
Neither of these two remaining APIs can be recommended. Once set, trust
and purpose are sticky. Setting the trust to a different (valid) value
will indicate success but leave the value unchanged. I suppose it means
the new trust value was successfully ignored. Also, setting the trust to
X509_TRUST_DEFAULT can succeed or fail depending on which OpenSSL
derivative you use. Setting the purpose will also set the trust (unless
it is already set). Setting some purposes may or may not fail depending
on the OpenSSL lib.
The only way you have a chance of knowing what will be set is by calling
only one of these functions directly after X509_STORE_CTX_init(). This
isn't really safe either because in some versions the user can override
the values stored in a global table by writing directly to it.
The actual contributions here are rather minimal. State more explicitly
that 0 is invalid (but results in success being returned), document the
error values to be accurate across implementations and call out some of
the nonsense in a CAVEATS section.
Many thanks to schwarze for the very helpful review with lots of input.
ok schwarze
|
| | |
|
| |
|
|
|
|
|
|
| |
The -set_issuer, -set_subject, and -force_pubkey features can be used to
'rechain' PKIs, for more information see https://labs.apnic.net/nro-ta/
and https://blog.apnic.net/2023/12/14/models-of-trust-for-the-rpki/
OK tb@
|
| |
|
|
|
| |
This is a minimal test for an API that will be removed in a subsequent
commit.
|
| | |
|
| |
|
|
|
| |
Now they are next to the trstandard[] table and listed in the order they
appear in the table.
|
| | |
|
| |
|
|
|
| |
Hoist obj_trust() to the top and move the static default_trust() next
to its setter.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Split the two codepaths in x509_vfy_purpose_inherit() into its two callers.
What remains is gross, but at least a reader has a chance of following all
this nonsense without leaving a significant amount of hair behind.
In short, purpose and trust are only overridden if they're not already
set. Otherwise silently ignore valid purpose and trust identifiers that
were passed in and succeed. Error on almost all invalid trust or purpose
ids, except 0, because... well... who knows, really?
ok jsing
|
| |
|
|
|
|
| |
It's more explicit and not that much longer.
ok jsing
|
| |
|
|
| |
from jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
The callback-based printing needs to die. But first BIO_set() will die.
We have a FILE *. We have fprintf(). No need to use a static BIO to dump
error codes to said stream.
This basically undoes an unrelated change of "Move crpytlib.h prior bio.h"
from 19 years ago (OpenSSL 25a66ee3). Except we don't cast and check len.
ok jsing (who had a nearly identical diff)
|
