Age | Commit message (Collapse) | Author |
|
This was only needed by the EVP_PKEY_*check() API, which was defanged. So
this silly garbage can now go: it translated flags to errors on the error
stack so that openssl *check could print ugly errors while DoS-ing the
user.
ok beck
|
|
This disables the EVP_PKEY_*check() API and makes it fail (more precisely
indicate lack of support) on all key types.
This is an intermediate step to full removal.
Removal is ok beck jsing
|
|
|
|
These constitute the bulk of the remaining global mutable state in
libcrypto. This commit moves most of them into data.rel.ro, leaving
out ERR_str_{functs,libraries,reasons} (which require a slightly
different approach) and SYS_str_reasons which is populated on startup.
The main observation is that if ERR_load_strings() is called with a 0 lib
argument, the ERR_STRING_DATA argument is not actually modified. We could
use this fact to cast away const on the caller side and be done with it.
We can make this cleaner by adding a helper ERR_load_const_strings() which
explicitly avoids the assignment to str->error overriding the error code
already set in the table.
In order for this to work, we need to sprinkle some const in err/err.c.
CMS called ERR_load_strings() with non-0 lib argument, but this didn't
actually modify the error data since it ored in the value already stored
in the table.
Annoyingly, we need to cast const away once, namely in the call to
lh_insert() in int_err_set_item(). Fixing this would require changing
the public API and is going to be tricky since it requires that the
LHASH_DOALL_FN_* types adjust.
ok jsing
|
|
|
|
|
|
|
|
no functional change
|
|
ok jsing
|
|
No need for a variety of r, d, ...
|
|
No need for an inconsistently named local variable and a ternary operator.
ok jsing
|
|
Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias.
As such it resolves to an underlying ASN.1 method (in one step).
This information can be stored in a base_method pointer in allusion
to the pkey_base_id, which is the name for the nid (aka pkey_id aka
type) of the underlying method.
For an ASN.1 method, the base method is itself, so the base method
is set as a pointer to itself. For an alias it is of course a pointer
to the underlying method. Then obviously ameth->pkey_base_id is the
same as ameth->base_method->pkey_id, so rework all ASN.1 methods to
follow that.
ok jsing
|
|
|
|
Similar to pkey_rsa_paramgen() this function does some strange dances
with the pkey_gencb and initialization plus missing error checks. Fix
all that and use the idiom established in previous commits.
ok jsing
|
|
Single exit, fix error checking and hold on to the DH by keeping a
reference. In other words, switch from EVP_PKEY_assign() to using
EVP_PKEY_set1_DH() and free unconditionally in the error path.
ok jsing
|
|
This removes the remaining ENGINE members from various internal structs
and functions. Any ENGINE passed into a public API is now completely
ignored functions returning an ENGINE always return NULL.
ok jsing
|
|
This is mechanical apart from a few manual edits to avoid doubled empty
lines.
ok jsing
|
|
|
|
|
|
While it isn't the case for the default implementations, custom DH and DSA
methods could conceivably populate private and public keys, which in turn
would result in leaks in the pub/priv decode methods.
ok jsing
|
|
ok jsing
|
|
Due to OPENSSL_NO_ENGINE the engine member of dh and dsa is currently
uninitialized. As a consequence, {DH,DSA}_get0_engine() will return a
garbage pointer, which is particularly bad because the only reason we
kept them in the first place is that they are used by some software...
A side effect of freeing with {DH,DSA}_free() instead of a hand-rolled
version is that we may call ->meth->finish() before ->meth->init() was
called. We need a NULL check for ->meth to be on the safe side in case
we should need to bring ENGINE back.
with nits from djm
ok deraadt djm
|
|
Use aint for the ASN1_INTEGER holding the key and astr for the ASN1_STRING
holding the parameters. This frees up key and params for their DER encoded
versions, matching the naming we use elsewhere much more closely.
ok jsing
|
|
|
|
This adds some missing error checks and fixes and unifies error codes
which were (as usual) all over the place or just plain nonsense. Use
an auxiliary variable for d2i invocations even though it is not really
needed here.
ok jsing
|
|
Use the same variable names throughout these functions and unify them
some more.
ok jsing
|
|
This brings these two messy functions into more usual shape. There is a
lot more that can be done in here. It is a step in the right direction.
ok jsing
|
|
Avoid creating an ASN1_STRING with negative length, set type, data
and length via ASN1_STRING_type_new() and ASN1_STRING_set0() instead
of doing this manually. Check return value for i2d_ASN1_INTEGER()
and use an intermediate ASN1_OBJECT instead of nested function calls.
Finally, clear sensitive data with freezero().
ok jsing
|
|
Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().
Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.
ok jsing
|
|
Or in the flag, don't overwrite the already set ones.
ok jsing
|
|
ok tb@
|
|
This removes lots of silly buffers and will allow us to make this API
go away.
ok jsing
|
|
Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.
Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.
ok jsing
|
|
|
|
|
|
As usual with the fp suffix, the former wraps the latter with a file BIO.
There is no reason for this function to be in a separate file.
|
|
|
|
|
|
(experts disagree whether they ever did)
|
|
discussed with jsing
|
|
Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.
ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.
Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.
Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.
ok beck jsing
|
|
BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly
instead.
ok tb@
|
|
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
|
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
|
ok jsing
|
|
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
|
These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.
ok jsing
|
|
This also provides a pkey_security_bits member to the PKEY ASN.1 methods
and a corresponding setter EVP_PKEY_asn1_set_security_bits().
ok beck jsing
|
|
ok beck jsing
|
|
CID 24812
ok jsing@ millert@ tb@
|