openbsd/src/lib/libcrypto/ecdh, branch OPENBSD_6_3

openbsd/src/lib/libcrypto/ecdh, branch OPENBSD_6_3_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_6_3_BASE 2017-05-02T03:59:45+00:00 use freezero() instead of memset/explicit_bzero + free. Substantially 2017-05-02T03:59:45+00:00 deraadt 2017-05-02T03:59:45+00:00 urn:sha1:5904cc0e04409fde39a97e6580535da34eeb4291 reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck Send the function codes from the error functions to the bit bucket, 2017-01-29T17:49:23+00:00 beck 2017-01-29T17:49:23+00:00 urn:sha1:d1f47bd292f36094480caa49ada36b99a69c59b0 as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ Explicitly export a list of symbols from libcrypto. 2016-12-21T15:49:29+00:00 jsing 2016-12-21T15:49:29+00:00 urn:sha1:18adabd97858ed28289c9dc31e8042c515840be4 Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@ avoid void * pointer arithmetic 2015-09-18T13:04:41+00:00 bcook 2015-09-18T13:04:41+00:00 urn:sha1:37c8df6550e439b42f5fb474dba7fa754f0a7296 ok miod@ Only check for key truncation if no KDF function is being used. 2015-09-13T14:11:57+00:00 jsing 2015-09-13T14:11:57+00:00 urn:sha1:21065ac59f691ebe78ff667cdd49bd181cd5bff6 ok beck@ miod@ Merge ech_ossl.c into ech_key.c - not much point having one file with a 2015-09-13T12:27:14+00:00 jsing 2015-09-13T12:27:14+00:00 urn:sha1:7aad11835631635218a8c6cff256232a97116994 four line function and a tonne of license text. ok beck@ Provide ECDH_size(). 2015-09-13T12:03:07+00:00 jsing 2015-09-13T12:03:07+00:00 urn:sha1:f9b8c74b09c8ac16a97e5d121db753ba170861ce "jajaja" miod@ Check ECDH output buffer length and avoid truncation. 2015-09-13T11:49:44+00:00 jsing 2015-09-13T11:49:44+00:00 urn:sha1:aa9790509fcdc9b7899a04af0eddf1b611899d0f Currently, if you call ECDH_compute_key() it will silently truncate the resulting key if the output buffer is less than the key size. Instead, detect this condition and return an error. If the buffer provided is larger than the key length, zero the remainder. ok beck@ miod@ "+ shivers" Lob a style(9) grenade in here. 2015-09-13T10:46:20+00:00 jsing 2015-09-13T10:46:20+00:00 urn:sha1:4a2f3c6e5634eea769a3a879763f470b1f98a8a8 Correct spelling of OPENSSL_cleanse. 2015-09-10T15:56:26+00:00 jsing 2015-09-10T15:56:26+00:00 urn:sha1:647569a51c1530d10e75e272f0982682f696caa7 ok miod@