summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authortb <>2023-04-16 08:55:44 +0000
committertb <>2023-04-16 08:55:44 +0000
commitb0586cdb4979567771d97bea702186303fc94d64 (patch)
treec3f5d9c9754bc9c7b25d9b9fb6c87a1d9fea872a /src/lib
parent8d0392a8969eba0e55a21ac340c52b1492dbe912 (diff)
downloadopenbsd-b0586cdb4979567771d97bea702186303fc94d64.tar.gz
openbsd-b0586cdb4979567771d97bea702186303fc94d64.tar.bz2
openbsd-b0586cdb4979567771d97bea702186303fc94d64.zip
Mark public bn_nist and ec_nist API for removal
The faster nist code is rife with problematic C. While this is generally considered to be a pleonasm nowadays, here it specifically refers to aliasing issues and other flavors of undefined behavior. With compilers and standardization committees becoming seemingly more determined about making C even more unusable than it already is, this code has resulted in miscompilations and generally is a target rich environment for fuzzers to feast on. We're better off without it. Go look while it's still there. It's some of the very worst we have to offer. ok jsing
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libcrypto/bn/bn.h4
-rw-r--r--src/lib/libcrypto/ec/ec.h4
2 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index ba6c25ba0a..d6f77288c1 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn.h,v 1.57 2022/12/17 15:56:25 jsing Exp $ */ 1/* $OpenBSD: bn.h,v 1.58 2023/04/16 08:55:44 tb Exp $ */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -612,6 +612,7 @@ int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
612 612
613#endif 613#endif
614 614
615#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
615/* faster mod functions for the 'NIST primes' 616/* faster mod functions for the 'NIST primes'
616 * 0 <= a < p^2 */ 617 * 0 <= a < p^2 */
617int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); 618int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
@@ -625,6 +626,7 @@ const BIGNUM *BN_get0_nist_prime_224(void);
625const BIGNUM *BN_get0_nist_prime_256(void); 626const BIGNUM *BN_get0_nist_prime_256(void);
626const BIGNUM *BN_get0_nist_prime_384(void); 627const BIGNUM *BN_get0_nist_prime_384(void);
627const BIGNUM *BN_get0_nist_prime_521(void); 628const BIGNUM *BN_get0_nist_prime_521(void);
629#endif
628 630
629/* Primes from RFC 2409 */ 631/* Primes from RFC 2409 */
630BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); 632BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
index 2e674c424f..f0f2d8cf0c 100644
--- a/src/lib/libcrypto/ec/ec.h
+++ b/src/lib/libcrypto/ec/ec.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec.h,v 1.32 2023/04/16 08:36:13 tb Exp $ */ 1/* $OpenBSD: ec.h,v 1.33 2023/04/16 08:55:44 tb Exp $ */
2/* 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project. 3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */ 4 */
@@ -145,10 +145,12 @@ const EC_METHOD *EC_GFp_simple_method(void);
145 */ 145 */
146const EC_METHOD *EC_GFp_mont_method(void); 146const EC_METHOD *EC_GFp_mont_method(void);
147 147
148#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
148/** Returns GFp methods using optimized methods for NIST recommended curves 149/** Returns GFp methods using optimized methods for NIST recommended curves
149 * \return EC_METHOD object 150 * \return EC_METHOD object
150 */ 151 */
151const EC_METHOD *EC_GFp_nist_method(void); 152const EC_METHOD *EC_GFp_nist_method(void);
153#endif
152 154
153#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 155#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
154/** Returns 64-bit optimized methods for nistp224 156/** Returns 64-bit optimized methods for nistp224
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-24 21:29:55 +0000