openbsd/src/lib/libcrypto/ecdsa, branch libressl-v3.7.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.7.0 2022-11-26T17:23:18+00:00 Make header guards of internal headers consistent 2022-11-26T17:23:18+00:00 tb 2022-11-26T17:23:18+00:00 urn:sha1:3a1908508efa61f3f77ac8036694af2f920df947 Not all of them, only those that didn't leak into a public header... Yes. Make internal header file names consistent 2022-11-26T16:08:57+00:00 tb 2022-11-26T16:08:57+00:00 urn:sha1:81d98bf600a381a625eb11b39a725b08c0ba547f Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook Stop using CBIGNUM_it internal to libcrypto. 2022-09-03T16:01:23+00:00 jsing 2022-09-03T16:01:23+00:00 urn:sha1:2b62b98b944c0df9fbd9e41e33ea96b45b98e84b CBIGNUM_it is supposed to be the "clear bignum" or "secure" bignum - that is one which zeros its memory after use and ensures that the constant time flags are set... in LibreSSL we always do both of these things for BIGNUMs, so just use BIGNUM_it instead. ok tb@ Rework DSA_size() and ECDSA_size() 2022-08-31T13:01:01+00:00 tb 2022-08-31T13:01:01+00:00 urn:sha1:5a012dc99251d6861841dbe500e21ff7a4f63ccc DSA_size() and ECDSA_size() have a very special hack. They fudge up an ASN1_INTEGER with a size which is typically > 100 bytes, backed by a buffer of size 4. This was "fine", however, since they set buf[0] = 0xff, where the craziness that was i2c_ASN1_INTEGER() only looks at the first octet (one may then ask why a buffer of size 4 was necessary...). This changed with the rewrite of i2c_ASN1_INTEGER(), which doesn't respect this particular hack and rightly assumes that it is fed an actual ASN1_INTEGER... Instead, create an appropriate signature and use i2d to determine its size. Fixes an out-of-bounds read flagged by ASAN and oss-fuzz. ok jsing Remove mkerr.pl remnants from LibreSSL 2022-07-12T14:42:50+00:00 kn 2022-07-12T14:42:50+00:00 urn:sha1:89e42d5857196a8071fbafb5565388d0e20ec32b This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb Replace obj_mac.h with object.h 2022-06-30T11:14:47+00:00 tb 2022-06-30T11:14:47+00:00 urn:sha1:b9750dad90805ab9064b083f792c0c680759708a Pointed out by and ok jsing Avoid infinite loop for custom curves of order 1 2022-04-07T17:37:25+00:00 tb 2022-04-07T17:37:25+00:00 urn:sha1:1061feec63ce8eec5e559ca2697b80bc73044484 If a private key encoded with EC parameters happens to have order 1 and is used for ECDSA signatures, this causes an infinite loop since a random integer x in the interval [0,1) will be 0, so do ... while (x == 0); will loop indefinitely. Found and reported with a reproducer by Hanno Boeck. Helpful comments and analysis from David Benjamin. ok beck jsing sort includes as usual 2022-01-27T20:31:21+00:00 tb 2022-01-27T20:31:21+00:00 urn:sha1:deee88ee0cd8767dc6fd02a8e0977c94dab95b6e Do not depend on engine.h pulling in err.h and evp.h 2022-01-27T20:30:29+00:00 tb 2022-01-27T20:30:29+00:00 urn:sha1:b5eac41199b40cfe298ade9db0b352a6fb470240 Fix check for BN_mod_inverse_ct return value 2022-01-20T11:12:14+00:00 inoguchi 2022-01-20T11:12:14+00:00 urn:sha1:1ca471b8e14d63d9b7059b86938ef989ff0857db ok jsing@ millert@ tb@