| Age | Commit message (Collapse) | Author |
|---|
|
The OPENSSL_cpu_caps() change after the last bump missed a crucial bit:
there is more MD mess in the MI code than anticipated, with the result
that AES is now used without AES-NI on amd64 and i386, hurting machines
that previously greatly benefitted from it.
Temporarily add an internal crypto_cpu_caps_ia32() API that returns the
OPENSSL_ia32cap_P or 0 like OPENSSL_cpu_caps() previously did. This can
be improved after the release.
Regression reported and fix tested by Mark Patruck.
No impact on public ABI or API.
with/ok jsing
PS: Next time my pkg_add feels very slow, I should perhaps not mechanically
blame IEEE 802.11...
|
|
It's just gross. Only used by a popular disk encryption utility on an
all-too-popular OS one or two decades back.
ok beck jsing
|
|
I ranted enough about this recently. PKCS#12. Microsoft. 'nuff said.
ok beck jsing
|
|
This API turned out to be a really bad idea. OpenSSL 3 extended it, with
the result that basically every key type had its own DoS issues fixed in
a recent security release. We eschewed these by having some upper bounds
that kick in when keys get insanely large.
Initially added on tobhe's request who fortunately never used it in iked,
this was picked up only by ruby/openssl (one of the rare projects doing
proper configure checks rather than branching on VERSION defines) and of
course xca, since it uses everything it can. So it was easy to get rid of
this again.
ok beck jsing
|
|
This disables the EVP_PKEY_*check() API and makes it fail (more precisely
indicate lack of support) on all key types.
This is an intermediate step to full removal.
Removal is ok beck jsing
|
|
This is a slightly strange combination of OBJ_find_sigid_algs() and the
security level API necessary because OBJ_find_sigid_algs() on its own
isn't smart enough for the special needs of RSA-PSS and EdDSA.
The API extracts the hash's NID and the pubkey's NID from the certificate's
signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA
for retrieving the corresponding information. This isn't entirely free
for RSA-PSS, but for now we don't cache this information.
The security bits calculation is a bit hand-wavy, but that's something
that comes along with this sort of numerology.
ok jsing
|
|
ok miod
|
|
The last consumer in openssl(1) pkcs12 has been removed, so we no longer
need this function.
ok miod
|
|
|
|
Instead of jumping through many layers that cause headache, we can achieve
the same in an entirely straightforward way without losing clarity.
ok jsing
|
|
There is a single consumer of this entire family of function, namely
the openssl(1) pkcs12 command uses EVP_PKEY_add1_attr_by_NID, so leave
that one intact for now.
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
These constitute the bulk of the remaining global mutable state in
libcrypto. This commit moves most of them into data.rel.ro, leaving
out ERR_str_{functs,libraries,reasons} (which require a slightly
different approach) and SYS_str_reasons which is populated on startup.
The main observation is that if ERR_load_strings() is called with a 0 lib
argument, the ERR_STRING_DATA argument is not actually modified. We could
use this fact to cast away const on the caller side and be done with it.
We can make this cleaner by adding a helper ERR_load_const_strings() which
explicitly avoids the assignment to str->error overriding the error code
already set in the table.
In order for this to work, we need to sprinkle some const in err/err.c.
CMS called ERR_load_strings() with non-0 lib argument, but this didn't
actually modify the error data since it ored in the value already stored
in the table.
Annoyingly, we need to cast const away once, namely in the call to
lh_insert() in int_err_set_item(). Fixing this would require changing
the public API and is going to be tricky since it requires that the
LHASH_DOALL_FN_* types adjust.
ok jsing
|
|
Take the MAC before clobbering the input value on decryption. Fixes hangs
during the QUIC handshake with HAProxy using TLS_CHACHA20_POLY1305_SHA256.
Found, issue pinpointed, and initial fix tested by Lucas Gabriel Vuotto:
Let me take this opportunity to thank the HAProxy team for going out of
their way to keep supporting LibreSSL. It's much appreciated.
See https://github.com/haproxy/haproxy/issues/2569
tweak/ok jsing
|
|
If EVP_PKEY_new() returns NULL, it would be passed to the paramgen() pmeth
which would typically dereference it. This is identical to a recent change
in keygen().
ok jsing
|
|
When I unifdefed GOST support, the tree wasn't fully unlocked, so I didn't
want to touch a public header. All this code is in #ifndef OPENSSL_NO_GOST,
which we define.
ok jsing
|
|
Call a BIO bio rather than bi, a, or b; don't cast when assigning from
or to a (void *). Drop loads of silly redundant parentheses, use better
order of variable declarations.
No change in the generated assembly
|
|
It's unclear whether the functions these support were ever really
used for anything else than kicking off an overenginerred state
machine.
ok jsing
|
|
After a EVP_PKEY_new() failure, a NULL pointer would be passed to the
keygen pmeth, which could result in tears.
ok beck jsing
|
|
use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard around them.
ok tb@
|
|
This picks up most of the remaining public symbols in
x509.h
ok tb@
|
|
largely mechanically done by the guentherizer 9000
ok tb@
|
|
For consitency with everything else.
ok tb@
|
|
The function call can't actually fail, but all other calls check its
return value.
ok joshua jsing
|
|
with jsing
|
|
|
|
EVP_DigestSignFinal
Additionally, this cleans up some more surrounding code.
This is a fixed version of r1.21.
ok tb
|
|
ok tb jsing
|
|
|
|
EVP_DigestSignFinal
Additionally, this cleans up some more surrounding code.
ok tB
|
|
ok jsing tb
|
|
This gets use of the last mention of EVP_CTRL_PBE_PRF_NID outside of evp.h
ok jsing
|
|
ok jsing@
|
|
ok tb@
|
|
ok tb@
|
|
ok joshua jsing
|
|
ok tb@ jsing@
|
|
ok tb@
|
|
ok tb@
|
|
ok tb@
|
|
ok tb@
|
|
Additionally, this tidies up some surrounding code and replaces usage of
free with freezero and malloc with calloc.
ok tb@
|
|
The previous implementation used the now defunct OBJ_NAME_get() which
bailed out when passed a NULL argument. Difference spotted by the
regress tests in ports/net/openvpn (regular openvpn use is fine but
openvpn --show-ciphers/--show-digests crashes).
ok tb@
|
|
noticed/ok beck
|
|
discussed with jsing
|
|
ok beck
|
|
|
|
This stops compiling the GOST source. The current implementation is low
quality and got in the way, especially in libssl. While we would be open
for GOST support, it needs to be significantly better than what we have
had and it also needs a maintainer.
Add OPENSSL_NO_GOST to opensslfeatures and stop installing gost.h.
Some code wrapped in #ifndef OPENSSL_NO_GOST will be removed later.
ok jsing
|
|
These are unused defines that used to add unwanted complications in
EVP_CIPHER_CTX_set_key_lenght().
ok jsing
|
