| Age | Commit message (Collapse) | Author |
|---|
|
CID 24869
ok jsing@ millert@ tb@
|
|
asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be
overrun since ASN1_get_object advances pointer to the first content octet.
In case invalid ASN1 Boolean data, it has length but no content, I thought
this could be happen.
Adding check p with tot (diff below) will avoid this failure.
Reported by oss-fuzz 43633 and 43648(later)
ok tb@
|
|
This moves {d2i,i2d}_ASN1_BOOLEAN() to internal only. They are unused,
but help us testing the encoding.
ok jsing
|
|
ok inoguchi jsing
|
|
This provides support for new-style BIO callbacks in
BIO_{read,write,gets,puts}() and a helper function to
work out whether it should call the new or the old
style callback. It also adds a few typedefs and minor
code cleanup as well as the BIO_{get,set}_callback_ex()
from jsing, ok tb
|
|
This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding
public API EVP_{dss,dss1,ecdsa}().
This is basically the following OpenSSL commit. The mentioned change in
RSA is already present in rsa/rsa_pmeth.c.
ok inoguchi jsing
commit 7f572e958b13041056f377a62d3219633cfb1e8a
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Wed Dec 2 13:57:04 2015 +0000
Remove legacy sign/verify from EVP_MD.
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.
Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.
Remove now obsolete EVP_dss1() and EVP_ecdsa().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c
|
|
This is unused and was removed in OpenSSL 5b70372d when it was
replaced with an ASN.1 ADB callback (which we don't support).
ok inoguchi jsing
|
|
This follows OpenSSL commit 26f2412d.
ok inoguchi jsing
|
|
This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites, so we need to keep them...
All this was removed as part of OpenSSL commit 0bc2f365.
ok inoguchi jsing
|
|
Move the struct declaration to asn1_locl.h and add a forward
declaration to ossl_typ.h. This makes struct visibility in the
asn1 headers match OpenSSL.
ok inoguchi jsing
|
|
Suggested by schwarze
ok inoguchi jsing
|
|
These are leftovers of the old ASN.1 stuff. Nothing uses this.
OpenSSL removed them in a469a677.
ok inoguchi jsing
|
|
This implements checking of a public key and of key generation
parameters for DH and EC keys. With the same logic and setters
and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check()
is implemented, instead EVP_PKEY_param_check() calls DH_check_ex()
even though DH_param_check_ex() was added for this purpose.
EVP_PKEY_public_check() for EC curves also checks the private key
if present.
ok inoguchi jsing
|
|
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys
are supported. If a check function is set the EVP_PKEY_METHOD, it will
be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is
used. The default ASN.1 methods wrap RSA_check_key() and
EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method
has const.
Requested by tobhe and used by PHP 8.1.
Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
|
|
|
discussed with jsing
|
|
that will need it in the upcoming bump.
discussed with jsing
|
|
a weird coverity warning.
CID 345121
ok jsing
|
|
Whitespace change only.
|
|
No functional change.
|
|
No functional change.
|
|
No functional change.
|
|
Consolidate various ASN1_item_* functions into asn1_item.c and the
remaining NO_OLD_ASN1 code (not to be confused with the NO_ASN1_OLD code)
into asn1_old.c. This is preferable to having many files, often with one
or two functions per file.
No functional change.
Discussed with tb@
|
|
Where an ASN.1 type has its own file, move the ASN.1 item template and
template related functions into the file.
Discussed with tb@
|
|
No functional change.
|
|
Provide internal asn1_get_identifier_cbs() and asn1_get_length_cbs()
functions that are called from asn1_get_object_cbs(). Convert the existing
ASN1_get_object() function so that it calls asn1_get_object_cbs(), before
mapping the result into the API that it implements.
ok tb@
|
|
No functional change.
|
|
ASN1_item_ex_{d2i,i2d}() instead of ASN1_item_{d2i,i2d}(). Fixes test
failure on sparc64, and hopefully all other architectures.
reported by tobhe
with/ok jsing
|
|
This will allow us to add a new asn1_lib.c while replacing the code that is
in currently in asn1_old_lib.c.
Discussed with tb@
|
|
Rather than having multiple files per type (with minimal code per file),
use one file per type (a_<type>.c).
No functional change.
Discussed with tb@
|
|
|
|
There are currently three different tables in three different files that
contain information about ASN.1 universal class tag types. Range checking
is also implemented in three different places (with different
implementations).
Consolidate all of this into a single table, provide a lookup function that
deals with the range checks and wrappers to deal with specific types.
ok inoguchi@ tb@
|
|
From Stephen Henson, OpenSSL 564df0dd
ok jsing
|
|
Convert these to templated ASN.1, given we already have ASN1_BOOLEAN_it.
ok inoguchi@ tb@
|
|
in particular, NULL is also in <stdlib.h> according to the C99 standard;
"free commit" tb@
|
|
With this we get simpler code, overflow checking and more sensible
memory ownership. Also switch the free_cont case to freezero() since this
could contain secrets.
ok inoguchi@ tb@
|
|
parsing MASK: strings in ASN1_STRING_set_default_mask_asc(3).
Issue noticed by tb@, patch by me, two additional #include lines from tb@.
OK tb@.
|
|
evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
|
|
ok inoguchi schwarze
|
|
from the OpenSSL 1.1.1 branch, which is still under a free license,
mostly this commit:
commit d35c0ff30b31be9fd5dcf3d552a16feb8de464bc
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Fri Oct 19 15:06:31 2012 +0000
fix ASN1_STRING_TABLE_add so it can override existing string table values
This fixes a segfault in ASN1_STRING_TABLE_add(3), which tried to change a
static const entry when called with an nid already in the default table,
and it switches the precedence of the two tables in ASN1_STRING_TABLE_get(3).
In addition, it changes behaviour in the following minor ways:
* Ignore negative minsize and maxsize arguments, not just -1.
* Ignore a zero mask and zero flags.
It's unclear whether these additional changes make the API absolutely
better, but we want compatibility with OpenSSL in these functions.
Tweaks & OK tb@.
|
|
and some style improvements from the OpenSSL 1.1.1 branch,
which is still under a free license.
No functional change.
OK and additional tweaks tb@.
|
|
While here stop assigning a size_t to an int without bounds checks.
ok inoguchi@ tb@
|
|
ok inoguchi@ tb@
|
|
asn1_collect() (and hence collect_data()) is never called without
a BUF_MEM - the only caller that passed NULL was removed in OpenSSL
commit e1cc0671ac5.
ok inoguchi@ tb@
|
|
ok inoguchi jsing
|
|
Currently there are two files for private key ASN.1 (d2i_pr.c, i2d_pr.c)
and two files for public key ASN.1 (d2i_pu.c, i2d_pu.c). All of the other
ASN.1 code has d2i and i2d in the same per-object file.
Consolidate d2i_pr.c/i2d_pr.c into a_pkey.c and consolidate
d2i_pu.c/i2d_pu.c into a_pubkey.c before making any further changes to
this code.
ok tb@
|
|
Call the replacement asn1_tlc_invalidate() since it does not actually
clear the ASN1_TLC.
While here, name the ASN1_TLC variables consistently as ctx, remove a
pointless comment and simplify ASN1_item_d2i() slightly.
ok inoguchi@ tb@
|
|
|
|
ASN1_item_ex_d2i() is just a wrapper around the internal asn1_item_ex_d2i()
function, so call asn1_item_ex_d2i() directly.
ok inoguchi@ tb@
|
|
Rather than using malloc() and then initialising all struct members to zero
values, use calloc().
ok schwarze@ tb@
|
