| Age | Commit message (Collapse) | Author |
|---|
|
ok beck jsing
|
|
I ranted enough about this recently. PKCS#12. Microsoft. 'nuff said.
ok beck jsing
|
|
Another bunch of const correctness fixes for global tables. These are
used to map ns cert types, key usage types and CRL reasons to strings
and vice versa. By the looks of it, nobody ever figured out how to use
this (need I mention that it's convoluted?).
ok beck jsing
|
|
With this another family of global tables becomes const as it should
always have been.
ok beck jsing
|
|
LibreSSL no longer supports non-standard OIDs for use in the extensions
attribute of CSRs. The API that enabled that (and nobody used of course)
can now go.
ok beck jsing
|
|
Nothing needs to reach into this structure, which is part of
certificates. So hide its innards.
ok beck jsing
|
|
Someone thought it would be a good idea to append non-standard trust
information to the certs in the trust store. This API is used to
inspect that depending on the intended purpose of the cert. Only
M2Crypto thought it necessary to expose this. It was adjusted.
ok beck jsing
|
|
Another unused bit of legacy API...
ok beck jsing
|
|
No longer used, never really needed.
ok beck jsing
|
|
These have always been unused, but the db_meth abstraction hid that
very well. Bye.
ok beck jsing
|
|
This internalizes a particularly scary layer of conf used for X.509
extensions. Again unused public API...
ok beck jsing
|
|
Thankfully sthen removed the out-of-support PHP versions 7.4 and 8.0,
which were the last users of this API, which in turn permitted much of
this conf rampage. Now the stub can join its guts in the attic.
ok beck jsing
|
|
Fortunately all projects who want to configure their extensions using
a dangerous string DSL/API figured out the fact that one was supposed to
be using the nconf version of these (the hint is the 'n', as in new).
ok beck jsing
|
|
This became obsolete with the automatic library initialization. Now it
is time for it to become an internal API.
ok beck jsing
|
|
This translation device from old to new conf guts will need to stay
for a while. However, it's only needed internally.
ok beck jsing
|
|
This is the next layer of unused cruft that can now go. The code lovingly
called it 'the "CONF classic" functions'. No tear was shed. Don't worry,
we still have the "New CONF" functions!
ok beck jsing
|
|
This permits another single-use-no-longer-public API to join the party
in the bit bucket.
ok beck jsing
|
|
The only project I'm aware of that ever used this was rust-openssl
and they did so for no good reason. So remove this API, the crate's
code is already adjusted accordingly.
ok beck jsing
|
|
ok beck jsing
|
|
While not all of this is strictly needed, it was simply incorrect. This
way another global which was modifiable for no good reason becomes const.
ok beck jsing
|
|
Now that we no longer need to hang a poor man's ctype substitute off
the conf structure, we can get rid of the otherwise unused meth_data
member. This allows us to const correct CONF_type_default. Hopefully
we can remove it soon.
ok beck jsing
|
|
Undocumented and entirely unused. Gets rid of a big, modifiable, global
table.
ok beck jsing
|
|
This makes the _CONF_* layer of the conf module internal and gets rid
of the entirely unused conf_api.h.
ok beck jsing
|
|
imodules are called imodules because they contain Information about
modules that have been Initialized. Which one of these two I it is
is anyone's best guess. Why anything outside of libcrypto would ever
possibly care will also remain a mystery.
Remove the old way of adding a conf module, user data, stop allowing
to set a method (it's opaque now, remember?) and drop a couple bits
more from the public api interface.
ok beck jsing
|
|
Much of conf is designed in such a way that you really have to reach into
its structs. This one piece can be hidden. It might even be removed soon.
ok beck jsing
|
|
It's time to start removing some horrors from the conf/ garbage. If the
current top layer wasn't terrible enough, you could always slap another
one on top of it and it would then be truly marvellous.
ok beck jsing
|
|
This API turned out to be a really bad idea. OpenSSL 3 extended it, with
the result that basically every key type had its own DoS issues fixed in
a recent security release. We eschewed these by having some upper bounds
that kick in when keys get insanely large.
Initially added on tobhe's request who fortunately never used it in iked,
this was picked up only by ruby/openssl (one of the rare projects doing
proper configure checks rather than branching on VERSION defines) and of
course xca, since it uses everything it can. So it was easy to get rid of
this again.
ok beck jsing
|
|
This was only needed by the EVP_PKEY_*check() API, which was defanged. So
this silly garbage can now go: it translated flags to errors on the error
stack so that openssl *check could print ugly errors while DoS-ing the
user.
ok beck
|
|
|
|
|
|
|
|
|
|
Sadly, it's going to go away before ever having become the default.
|
|
This disables the EVP_PKEY_*check() API and makes it fail (more precisely
indicate lack of support) on all key types.
This is an intermediate step to full removal.
Removal is ok beck jsing
|
|
|
|
ok jsing
|
|
Nothing touches db_meth in ports. Thus only way a db_meth can be set is
now as a side effect X509V3_set_conf() in which case the db is an NCONF
database and the db_meth will be a thin wrapper of NCONF_get_section().
Make that explicit in the implementation, remove the guts of the unused
X509V3_get_string() and X509V3_string_free(), turn X509V3_section_free()
into a noop and replace several checks for ctx->db, ctx->db->meth, ...
with a simple ctx->db != NULL check.
ok beck jsing
|
|
functions for removal
|
|
Another legacy turd that was only used by PHP 7.4 and 8.0.
ok beck jsing
|
|
|
|
These legacy interfaces were only used by PHP 7.4 and 8.0 and they will
be removed in an upcoming bump.
ok beck jsing
|
|
A comment saying /* Maybe more here */ in a public also goes (yuck).
Of course the promise was fulfilled by OpenSSL 3.
ok beck jsing
|
|
If an auth_level (i.e., security_level, but not quite, because Viktor) was
set on the X509_VERIFY_PARAM in the X509_STORE_CTX, the verifier would
reject RSA-PSS or EdDSA certificates for insufficient security bits due to
incorrect use of OBJ_find_sigid_algs() (this was also a bug in the initial
security level implementation in OpenSSL 1.1).
Using X509_get_signature_info() fixes this while preserving behavior for
all other algorithms.
Reported by Steffen Ullrich as one of multiple issues with RSA-PSS.
ok jsing
|
|
Loosely based on the OpenSSL 1.1 documentation but extended quite a bit to
explain what the flags mean and what info they do (and do not) convey. With
the usual valuable feedback from jmc.
ok jmc
|
|
This is a slightly strange combination of OBJ_find_sigid_algs() and the
security level API necessary because OBJ_find_sigid_algs() on its own
isn't smart enough for the special needs of RSA-PSS and EdDSA.
The API extracts the hash's NID and the pubkey's NID from the certificate's
signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA
for retrieving the corresponding information. This isn't entirely free
for RSA-PSS, but for now we don't cache this information.
The security bits calculation is a bit hand-wavy, but that's something
that comes along with this sort of numerology.
ok jsing
|
|
There are currently very few differences between the rsa_asn1_meth for
plain RSA and the rsa_pss_asn1_meth for RSA-PSS apart from the obviously
necessary differnces for base_method, pkey_id, pem_str and info (and the
fact that RSA has support for legacy private key encoding). This had the
lucky side effect that it didn't really matter which ameth one ended up
using after OBJ_find_sigid_algs().
With the upcoming support for X509_get_signature_infO() for RSA-PSS, this
needs to change as for RSA-PSS we need to decode the PSS parameters for
extracting the "security level", whereas for RSA we can just use the hash
length. Thus, for RSA-PSS switch pkey_id from the incorrect rsaEncryption
to rassaPss.
ok jsing
PS: OBJ_find_sigid_algs() manual is no longer entirely correct, but this
has been the case since we added Ed25519 support to obj_xref.
|
|
less likely.
ok jsing
|
|
Use proper NULL checks, set hashAlgorithm with X509_ALGOR_set0_by_nid(),
and avoid a silly digerr label.
ok jsing
|
|
ok jsing
|
|
For a certificate serial number between LONG_MAX and ULONG_MAX, the call to
ASN1_INTEGER_get() fails and leaves an error on the stack because the check
bs->length <= sizeof(long) doesn't quite do what it's supposed to do (bs is
probably for bitstring, although the more common reading would be adequate,
too.)
Fix this by checking for non-negativity and using ASN1_INTEGER_get_uint64()
and add a lengthy comment to explain the nonsense per beck's request.
discussed with jsing
ok beck
|
