openbsd/src/lib/libcrypto/ecdh, branch OPENBSD_6_4

openbsd/src/lib/libcrypto/ecdh, branch OPENBSD_6_4_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_6_4_BASE 2018-09-02T17:20:31+00:00 Elliptic curve arithmetic only makes sense between points that belong to 2018-09-02T17:20:31+00:00 tb 2018-09-02T17:20:31+00:00 urn:sha1:32c49c1b2869018c729137c06e57058c5894a964 the same curve. Some Wycheproof tests violate this assumption, making ECDH_compute_key() compute and return garbage. Check that pub_key lies on the curve of the private key so that the calculations make sense. Most paths that get here have this checked (in particular those from OpenSSH and libssl), but one might get here after using d2i_* or manual computation. discussed with & ok jsing; "good catch!" markus make ENGINE_finish() succeed on NULL and simplify callers as in 2018-04-14T07:09:21+00:00 tb 2018-04-14T07:09:21+00:00 urn:sha1:0c5418014797b1fadca3f270eb2f140fd6f5bdf8 OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi use freezero() instead of memset/explicit_bzero + free. Substantially 2017-05-02T03:59:45+00:00 deraadt 2017-05-02T03:59:45+00:00 urn:sha1:5904cc0e04409fde39a97e6580535da34eeb4291 reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck Send the function codes from the error functions to the bit bucket, 2017-01-29T17:49:23+00:00 beck 2017-01-29T17:49:23+00:00 urn:sha1:d1f47bd292f36094480caa49ada36b99a69c59b0 as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ Explicitly export a list of symbols from libcrypto. 2016-12-21T15:49:29+00:00 jsing 2016-12-21T15:49:29+00:00 urn:sha1:18adabd97858ed28289c9dc31e8042c515840be4 Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@ avoid void * pointer arithmetic 2015-09-18T13:04:41+00:00 bcook 2015-09-18T13:04:41+00:00 urn:sha1:37c8df6550e439b42f5fb474dba7fa754f0a7296 ok miod@ Only check for key truncation if no KDF function is being used. 2015-09-13T14:11:57+00:00 jsing 2015-09-13T14:11:57+00:00 urn:sha1:21065ac59f691ebe78ff667cdd49bd181cd5bff6 ok beck@ miod@ Merge ech_ossl.c into ech_key.c - not much point having one file with a 2015-09-13T12:27:14+00:00 jsing 2015-09-13T12:27:14+00:00 urn:sha1:7aad11835631635218a8c6cff256232a97116994 four line function and a tonne of license text. ok beck@ Provide ECDH_size(). 2015-09-13T12:03:07+00:00 jsing 2015-09-13T12:03:07+00:00 urn:sha1:f9b8c74b09c8ac16a97e5d121db753ba170861ce "jajaja" miod@ Check ECDH output buffer length and avoid truncation. 2015-09-13T11:49:44+00:00 jsing 2015-09-13T11:49:44+00:00 urn:sha1:aa9790509fcdc9b7899a04af0eddf1b611899d0f Currently, if you call ECDH_compute_key() it will silently truncate the resulting key if the output buffer is less than the key size. Instead, detect this condition and return an error. If the buffer provided is larger than the key length, zero the remainder. ok beck@ miod@ "+ shivers"