| Age | Commit message (Collapse) | Author |
|---|
|
suggestion from tb@
|
|
CID 21653
ok jsing@ millert@ tb@
|
|
input from tb@
|
|
CID 24893
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 24839
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 24778
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 24812
ok jsing@ millert@ tb@
|
|
It returns 1 on success and 0 for failure, never negative value.
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 21665 24835
comment from jsing@ and tb@
ok jsing@ millert@ tb@
|
|
CID 24869
ok jsing@ millert@ tb@
|
|
This adds the SM2 algorithm defined in the Chinese standards
GB/T 32918.1-2016, GB/T 32918.2-2016, GB/T 32918.3-2016,
GB/T 32918.4-2016 and GB/T 32918.5-2017.
This is an ISC licensed implementation contributed by Ribose.inc, based
on the same code that was contributed to OpenSSL by Jack Lloyd. The port
to LibreSSL was done by Ronald Tse and Nickolay Olshevsky.
Github PR #105
I made quite a few cleanup passes on this, but more is needed, some
of which will happen in-tree before this is linked to the build.
ok deraadt inoguchi (a long time ago), jsing
|
|
freeing of what they return despite being get0 functions: the stack
of X509s that they return must be freed with sk_X509_free(). The get0
thus probably refers to the individual certs, but not to the stack
itself.
The libcrypto and libssl APIs never cease to amaze with new traps.
ok inoguchi
|
|
CID 345137
ok jsing@ tb@
|
|
ok tb@
|
|
|
|
|
|
|
|
This function has a weird dance of allocating an ASN1_STRING in an
inner scope and assigning it to a void pointer in an outer scope for
passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error.
This can be simplified and streamlined.
ok inoguchi
|
|
asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be
overrun since ASN1_get_object advances pointer to the first content octet.
In case invalid ASN1 Boolean data, it has length but no content, I thought
this could be happen.
Adding check p with tot (diff below) will avoid this failure.
Reported by oss-fuzz 43633 and 43648(later)
ok tb@
|
|
and Symbol addition and removal in libcrypto.
|
|
ok inoguchi
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
This removes OBJ_bsearch_ex_() from the exported symbols and makes
OBJ_bsearch_() semi-private. It is still used in libssl.
While here, remove some hideous unused macros
ok inoguchi jsing
|
|
This moves {d2i,i2d}_ASN1_BOOLEAN() to internal only. They are unused,
but help us testing the encoding.
ok jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
This provides support for new-style BIO callbacks in
BIO_{read,write,gets,puts}() and a helper function to
work out whether it should call the new or the old
style callback. It also adds a few typedefs and minor
code cleanup as well as the BIO_{get,set}_callback_ex()
from jsing, ok tb
|
|
This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding
public API EVP_{dss,dss1,ecdsa}().
This is basically the following OpenSSL commit. The mentioned change in
RSA is already present in rsa/rsa_pmeth.c.
ok inoguchi jsing
commit 7f572e958b13041056f377a62d3219633cfb1e8a
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Wed Dec 2 13:57:04 2015 +0000
Remove legacy sign/verify from EVP_MD.
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.
Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.
Remove now obsolete EVP_dss1() and EVP_ecdsa().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c
|
|
Move the struct internals to rsa_locl.h and provide a missing
typedef in ossl_typ.h.
ok inoguchi jsing
|
|
This adds a little order to this pig sty.
ok inoguchi jsing
|
|
We can't make ECDSA_METHOD opaque since it is still used in smtpd(8)
ok inoguchi jsing
|
|
This was obtained by porting the OpenSSL commit below and then using
expand_crypto_asn1.go to unroll the new ASN.1 macros - actually the
ones from 987157f6f63 which fixed the omission of dsa_cb() in the
first commit.
ok inoguchi jsing
commit ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Thu Mar 26 14:35:49 2015 +0000
Simplify DSA public key handling.
DSA public keys could exist in two forms: a single Integer type or a
SEQUENCE containing the parameters and public key with a field called
"write_params" deciding which form to use. These forms are non standard
and were only used by functions containing "DSAPublicKey" in the name.
Simplify code to only use the parameter form and encode the public key
component directly in the DSA public key method.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
This moves DSA_SIG, DSA and DSA_METHOD to dsa_locl.h.
ok inoguchi jsing
|
|
This moves the struct internals for DH and DH_METHOD to dh_local.h.
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
This moves COMP_CTX and COMP_METHOD to comp_local.h and provides
missing typedefs in ossl_typ.h.
ok inoguchi jsing
|
|
Move BIO, BIO_METHOD and BIO_F_BUFFER_CTX to bio_local.h and provide
BIO typedef in ossl_typ.h.
ok inoguchi jsing
|
|
This is unused and was removed in OpenSSL 5b70372d when it was
replaced with an ASN.1 ADB callback (which we don't support).
ok inoguchi jsing
|
|
This follows OpenSSL commit 26f2412d.
ok inoguchi jsing
|
|
This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites, so we need to keep them...
All this was removed as part of OpenSSL commit 0bc2f365.
ok inoguchi jsing
|
|
Move the struct declaration to asn1_locl.h and add a forward
declaration to ossl_typ.h. This makes struct visibility in the
asn1 headers match OpenSSL.
ok inoguchi jsing
|
|
In OpenSSL commit 32fd54a9a3 HMAC_CTX_cleanup() was integrated into
HMAC_CTX_init(), then HMAC_CTX_init() was renamed to HMAC_CTX_reset()
in dc0099e1.
LibreSSL retained them for API compatibility with OpenSSL 1.0.
Not many things use them anymore. In fact, some projects that didn't
want to modify their code for OpenSSL 1.1 API compatibility used the
removed functions to wrap the OpenSSL 1.1 API. We had to patch some
of these and this will now no longer be necessary.
Also remove HMAC_cleanup(). Nothing uses this.
ok inoguchi jsing
|
