A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_3_BASE 2023-03-15T06:34:07+00:00 2023-03-15T06:34:07+00:00 tb 2023-03-15T06:34:07+00:00 urn:sha1:40ffd290cb3438bcc29da70c71f6aa0d745b108a This is required behavior of the EVP_DigestSign() API, but seemingly almost nothing uses this. Well, turns out ldns does. Reported by Stephane. Helpful comments by sthen. ok jsing 2023-03-08T07:15:42+00:00 jsing 2023-03-08T07:15:42+00:00 urn:sha1:a98c7e8eda3eab639164bc30a686dde5afead101 Thanks to Mark Patruck for reporting. 2023-03-08T06:47:30+00:00 jsing 2023-03-08T06:47:30+00:00 urn:sha1:4b15066232b0315d89bd6b06997313243d49cf7a 2023-03-08T05:45:31+00:00 jsing 2023-03-08T05:45:31+00:00 urn:sha1:948c28a26f1877b33103e7640006ebcd45dd4375 Rather than sometimes clearing, turn the free functions into ones that always clear (as we've done elsewhere). Turn the EC_GROUP_clear_free() and EC_POINT_clear_free() functions into wrappers that call the *_free() version. Do similar for the EC_METHOD implementations, removing the group_clear_finish() and point_clear_finish() hooks in the process. ok tb@ 2023-03-08T05:35:51+00:00 jsing 2023-03-08T05:35:51+00:00 urn:sha1:3be8a86f4ba429fee41aff51d19115163d2a66b1 Currently, if compiled without OPENSSL_BN_ASM_MONT, EC_GROUP_new_curve_GFp() tries to use EC_GFp_nist_method(), falling back to EC_GFp_mont_method() if it is not a NIST curve (if OPENSSL_BN_ASM_MONT is defined we use EC_GFp_mont_method() unconditionally). Now that we have a reasonable non-assembly Montgomery implementation, the performance of EC_GFp_nist_method() is either similar or slower than EC_GFp_mont_method() (the exception being P-521, however if you're using that you're not doing it for performance reasons anyway). The EC_GFp_nist_method() uses rather scary BN NIST code (which would probably already be removed, if not for the BN and EC public APIs), it uses code paths that are currently less constant time, and there is additional overhead in checking to see if the curve is actually supported. Stop trying to use EC_GFp_nist_method() and unconditionally use EC_GFp_mont_method() in all cases. While here, factor out the common setup code and call it from both EC_GROUP_new_curve_GFp() and EC_GROUP_new_curve_GF2m(). ok beck@ tb@ 2023-03-08T04:50:27+00:00 jsing 2023-03-08T04:50:27+00:00 urn:sha1:c1e53bad96443f0f9eea47910c725fb8cb5636ac The EC code has an amazing array of function pointer hooks, such that a method can hook into almost any operation... and then there is the EC_FLAGS_DEFAULT_OCT flag, which adds a bunch of complex code and #ifdef so you can avoid setting three of those function pointers! Remove EC_FLAGS_DEFAULT_OCT, the now unused flags field from EC_METHOD, along with the various code that was wrapped in EC_FLAGS_DEFAULT_OCT, setting the three function pointers that need to be set in each of the EC_METHODs. ok beck@ tb@ 2023-03-07T09:27:10+00:00 jsing 2023-03-07T09:27:10+00:00 urn:sha1:19dfe7f484e5739359ee8c102d879d125df916ad BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly instead. ok tb@ 2023-03-07T07:01:35+00:00 tb 2023-03-07T07:01:35+00:00 urn:sha1:e67f9e65948ede08383b3f3e867520b37c8f7553 This should have been included in a previous diff/commit... 2023-03-07T05:54:40+00:00 jsing 2023-03-07T05:54:40+00:00 urn:sha1:d92645e4cc1bfb53f3218199eb21c2e876dbd098 Most of the implemeentation functions for EC_GFp_simple_method() are reused by other code, hence they cannot be made static. However, this keeps the pattern consistent. ok tb@ 2023-03-07T05:50:59+00:00 jsing 2023-03-07T05:50:59+00:00 urn:sha1:9aae699938e6684ed47cd6d37a031e3100587c47 Move the EC_METHOD to the bottom of the file, which allows implementation functions to become static. Remove unneeded prototypes. ok tb@