A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_8_BASE 2025-05-10T05:54:39+00:00 2025-05-10T05:54:39+00:00 tb 2025-05-10T05:54:39+00:00 urn:sha1:41e8f99dd1625a9f0c80ce9d4383e95b18e85709 ok jsing 2024-04-15T15:49:37+00:00 tb 2024-04-15T15:49:37+00:00 urn:sha1:3c5f500379f0c27b65b2a2e1beef801967ef2838 ok jsing 2023-08-08T13:09:28+00:00 tb 2023-08-08T13:09:28+00:00 urn:sha1:409280fb4ae64371e28c3111dba6a52b1f295a56 This was a workaround due to the historically non-constant time scalar multiplication in the EC code. Since Brumley and Tuveri implemented the Montgomery ladder, this is no longer useful and should have been removed a long time ago, as it now does more harm than good. Keep the preallocations as they still help hiding some timing info. ok jsing 2023-08-03T18:53:56+00:00 tb 2023-08-03T18:53:56+00:00 urn:sha1:44ff07e01874ea8be0c72bf9d20cb7f13b76cca8 Provide bn_rand_in_range() which is a slightly tweaked version of what was previously called bn_rand_range(). The way bn_rand_range() is called in libcrypto, the lower bound is always expressible as a word. In fact, most of the time it is 1, the DH code uses a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in the Tonelli-Shanks implementation where we use 32. Converting these lower bounds to BIGNUMs on the call site is annoying so let bn_rand_interval() do that internally and route that through bn_rand_in_range(). This way we can avoid using BN_sub_word(). Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the only caller that uses actual BIGNUMs as lower bounds. ok jsing 2023-07-28T15:50:33+00:00 tb 2023-07-28T15:50:33+00:00 urn:sha1:dee6ca6302cdbd5982c40288832f1fbe51d045d5 These headers are now reduced to #include <openssl/ec.h> and are provided for compatiblity only. There's no point in using them. At the same time garbage collect the last uses of OPENSSL_NO_{ECDSA,ECDH} in our tree. ok jsing 2023-07-28T09:18:10+00:00 tb 2023-07-28T09:18:10+00:00 urn:sha1:f82b526c76ed6b20c6a9efccc58da9c265c1ba89 2023-07-28T09:16:17+00:00 tb 2023-07-28T09:16:17+00:00 urn:sha1:bf7ee0210d0d1420ed787a79eda0c974f8d15f17 Move the remaining ECDSA API into ec.h to match OpenSSL 1.1's interface better. In particular, the EC_KEY sign and verify method accessors are moved to the right header. Whether the rest of the ECDSA stuff belongs there is debatable, but that was upstream's choice. ok jsing 2023-07-28T09:08:31+00:00 tb 2023-07-28T09:08:31+00:00 urn:sha1:8a9904a7f31aeb68336f4a9f6ba9e8ab8ecc7f11 After smtpd (in base) and libtls finally switched from ECDSA_METHOD to EC_KEY_METHOD, much of the ECDSA_METHOD code was neutered. Remove the remaining public API as well as numerous tentacles into ENGINE. ok jsing 2023-07-28T09:01:25+00:00 tb 2023-07-28T09:01:25+00:00 urn:sha1:92f3766713986fcccdc079df784442dcfde4921c These error codes have been unused for a while, so the public API loading them is pointless. ok jsing 2023-07-28T08:57:46+00:00 tb 2023-07-28T08:57:46+00:00 urn:sha1:e9620d02140d013d9a99c424c98a0b4840e3d18f It is hard to remember that ECDSA_do_{sign,verify}() call ecdsa_sign_sig(). Especially since the distinction to ECDSA_{sign,verify}() isn't clear from the names. To add to the confusion, the public API is ordered differently than the methods they call. So in this case it seems tidier to place the public API next to the methods. ok jsing