openbsd/src/lib/libcrypto/dh, branch libressl-v2.6.5

openbsd/src/lib/libcrypto/dh, branch libressl-v2.6.5 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.6.5 2018-06-13T15:12:39+00:00 MFC: Reject excessively large primes in DH key generation. Problem reported 2018-06-13T15:12:39+00:00 jsing 2018-06-13T15:12:39+00:00 urn:sha1:cde85534cd4cb4877990e54db3067beb84ee7681 by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457) and based on his diff. suggestions from tb@, ok tb@ jsing@ Original commit by sthen@ Send the function codes from the error functions to the bit bucket, 2017-01-29T17:49:23+00:00 beck 2017-01-29T17:49:23+00:00 urn:sha1:d1f47bd292f36094480caa49ada36b99a69c59b0 as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ Make explicit _ct and _nonct versions of bn_mod_exp funcitons that 2017-01-21T09:38:59+00:00 beck 2017-01-21T09:38:59+00:00 urn:sha1:a0a595cda97de2b217b0582cfa601ee4c746bfce matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@ Expand ASN1_ITEM_rptr macro - no change in generated assembly. 2016-12-30T15:28:42+00:00 jsing 2016-12-30T15:28:42+00:00 urn:sha1:9abb4e3e6af169bb9250abceb9ac5f988efd027d Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* with 2016-11-04T18:35:30+00:00 jsing 2016-11-04T18:35:30+00:00 urn:sha1:1f8672c818cfdd9f4dd34f5ab1bdc1bbf575321d ASN1_item_{d2i,i2d}_* equivalents. ok guenther@ miod@ call BN_init on temporaries to avoid use-before-set warnings 2016-07-07T11:53:12+00:00 bcook 2016-07-07T11:53:12+00:00 urn:sha1:db57abec05ccea8ab13e008bbc745b4c3a07cd3d ok beck@ On systems where we do not have BN_ULLONG defined (most 64-bit systems), 2016-07-05T02:54:35+00:00 bcook 2016-07-05T02:54:35+00:00 urn:sha1:29ecf1f5b4cb5a580dcac440216b7127a56e3f84 BN_mod_word() can return incorrect results if the supplied modulus is too big, so we need to fall back to BN_div_word. Now that BN_mod_word may fail, handle errors properly update the man page. Thanks to Brian Smith for pointing out these fixes from BoringSSL: https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89 https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be ok beck@ Remove flags for disabling constant-time operations. 2016-06-30T02:02:06+00:00 bcook 2016-06-30T02:02:06+00:00 urn:sha1:3ce2fddbbb0fbded19721d5da476dfdfecb1e48b This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally constant-time. Based on the original patch by César Pereid. ok beck@ Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making the 2015-02-14T15:06:55+00:00 jsing 2015-02-14T15:06:55+00:00 urn:sha1:50c0f75baaf19556bde13d9ac8eeac270daa913b data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@ Enable building with -DOPENSSL_NO_DEPRECATED. 2015-02-11T03:19:37+00:00 doug 2015-02-11T03:19:37+00:00 urn:sha1:e816a1ec1d4411707051912b945e8eab7a5a94e8 If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@