summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Simplify and unify missing_parameters() for DH and DSAtb2023-08-122-11/+8
| | | | ok jsing
* Now that the DH is sensibly called dh instead of a, we can also renametb2023-08-121-10/+10
| | | | | abuf, alen and aout to names that make sense, such as buf, buf_len and secret_len.
* a is a silly name for a DHtb2023-08-121-14/+14
|
* Use printf for consistencytb2023-08-121-5/+5
|
* Check that {DH,DSA}_get0_engine() returns NULL if OPENSSL_NO_ENGINE istb2023-08-122-2/+16
| | | | defined.
* Convert {DH,DSA}_new_method() to using calloc()tb2023-08-122-83/+54
| | | | | | | | | | | | | | | Due to OPENSSL_NO_ENGINE the engine member of dh and dsa is currently uninitialized. As a consequence, {DH,DSA}_get0_engine() will return a garbage pointer, which is particularly bad because the only reason we kept them in the first place is that they are used by some software... A side effect of freeing with {DH,DSA}_free() instead of a hand-rolled version is that we may call ->meth->finish() before ->meth->init() was called. We need a NULL check for ->meth to be on the safe side in case we should need to bring ENGINE back. with nits from djm ok deraadt djm
* Add regress coverage for DH and for DSA parameterstb2023-08-111-2/+267
|
* Merge various improvements from the OpenSSL 1.1 branch,schwarze2023-08-111-13/+148
| | | | | | | | | | | | | | which is still under a free license. * document EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags * document EVP_MD_flags, EVP_MD_CTX_md_data * document EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx * correct arg type of EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type * more information about EVP_MD_CTX_ctrl * add missing <string.h> and correct one variable type below EXAMPLES * two orthographic improvements with a few wording tweaks by me
* Stop including md32_common.h.jsing2023-08-111-15/+1
| | | | | Now that we're no longer dependent on md32_common.h, stop including it. Remove various defines that only existed for md32_common.h usage.
* Demacro sha256.jsing2023-08-111-49/+114
| | | | | | | | | | | | | | Replace macros with static inline functions, as well as writing out the variable rotations instead of trying to outsmart the compiler. Also pull the message schedule update up and complete it prior to commencement of the round. Also use rotate right, rather than transposed rotate left. Overall this is more readable and more closely follows the specification. On some platforms (e.g. aarch64) there is no noteable change in performance, while on others there is a significant improvement (more than 25% on arm). ok miod@ tb@
* Improve variable names in {dh,dsa}_{pub,priv}_{de,en}code()tb2023-08-112-114/+114
| | | | | | | | Use aint for the ASN1_INTEGER holding the key and astr for the ASN1_STRING holding the parameters. This frees up key and params for their DER encoded versions, matching the naming we use elsewhere much more closely. ok jsing
* Use params{,_len} in {dh,dsa}_params_{en,de}code()tb2023-08-112-10/+10
|
* Use key/key_len in old_dsa_priv_{en,de}code()tb2023-08-111-5/+5
| | | | ok jsing
* Add back an empty line that I didn't really want to removetb2023-08-111-1/+2
|
* Align dh and dsa decoding functions with encodingtb2023-08-112-142/+173
| | | | | | | | | This adds some missing error checks and fixes and unifies error codes which were (as usual) all over the place or just plain nonsense. Use an auxiliary variable for d2i invocations even though it is not really needed here. ok jsing
* Rename env_md{,_ctx}_st to evp_md{,_ctx}_sttb2023-08-112-6/+6
| | | | | | | | | | | | | | As everyone knows (and who doesn't know will immediately guess), EVP is short for envelope. Most structs backing the public EVP_* types are called evp_*. For the EVP_MD and EVP_MD_CTX types, someone used env_md_st and env_md_ctx_st, which, as jsing pointed out, may or may not be related to a much less obvious abbreviation of envelope. It could also simply have been for reasons of inconsistency. Be all that as it may: rename these structs to use the evp_* namespace to match all the other EVP types, as well as upstream. ok jsing
* Use EVP_MD in HKDF() and HKDF_extract() prototypestb2023-08-111-5/+5
| | | | | | | | Switch these prototypes to be like all other code and use the EVP_MD type rather than the internal name of the struct. This also makes the function definitions match the prototypes. ok jsing
* Move EC_KEY and EC_KEY_METHOD typedefs to ossl_typ.htb2023-08-112-5/+5
| | | | ok jsing
* Convert {dh,dsa}_{pub,priv}_encode() to single exittb2023-08-102-84/+94
| | | | | | | Use the same variable names throughout these functions and unify them some more. ok jsing
* Add the missing ".Nm X509_STORE_CTX_check_issued_fn" to the NAME sectionschwarze2023-08-101-2/+4
| | | | | | | such that `man X509_STORE_CTX_check_issued_fn` works. While here, add a Copyright notice for Job Snijders because he added a significant amount of text to this file in March 2023. OK job@
* Clean up {dh,dsa}_pub_encode()tb2023-08-102-46/+54
| | | | | | | This brings these two messy functions into more usual shape. There is a lot more that can be done in here. It is a step in the right direction. ok jsing
* Fix a leak in rsa_pub_encode()tb2023-08-101-12/+19
| | | | | | | | rsa_param_encode() allocates the PSS parameters in an ASN1_STRING which is leaked if any error occurs later in rsa_pub_encode(). Convert the rest of the code to follow our ordinary idioms more closely. ok jsing
* In x509_vfy.h rev. 1.60 and rev. 1.62 (April 2023), tb@ providedschwarze2023-08-101-26/+51
| | | | | X509_STORE_CTX_get1_certs(3) and X509_STORE_CTX_get1_crls(3). Document them and mark their aliases as deprecated.
* Remove now unnecessary 'do {} while (0);' and move variable declaration.jsing2023-08-101-5/+2
| | | | No functional change.
* Expand HASH_MAKE_STRING.jsing2023-08-101-13/+13
| | | | No change to generated assembly.
* Remove MD32_XARRAY remnants.jsing2023-08-101-4/+1
|
* Reorder functions.jsing2023-08-101-119/+119
| | | | No functional change.
* Implement MD5_{Update,Transform,Final}() directly in md5.c.jsing2023-08-101-1/+103
| | | | | | | | Copy the update, transform and final functions from md32_common.h, manually expanding the macros for MD5. This will allow for further clean up to occur. No change in generated assembly.
* Tidy includes.jsing2023-08-102-8/+3
|
* Mop up the last MD32_XARRAY.jsing2023-08-101-197/+187
| | | | | | | MD32_XARRAY was added as a workaround for a broken HP C compiler (circa 1999). Clean it up to simplify the code. No change in generated assembly.
* Inline the remaining 10 lines from rmdconst.h.jsing2023-08-102-75/+12
| | | | Discussed with tb@
* Inline X variables definitions.jsing2023-08-102-345/+175
| | | | | | | | | Inline the WL and WR defines, which only add yet another layer of abstraction and make the code harder to follow. No change to generated assembly. Discussed with tb@
* Inline shift values.jsing2023-08-102-330/+170
| | | | | | | | Inline the SL and SR defines, which only makes the code harder to follow. No change to generated assembly. Discussed with tb@
* Apply some more style(9).jsing2023-08-101-170/+171
| | | | No change in generated assembly.
* Various fixes in {dh,dsa}_priv_encode()tb2023-08-102-40/+48
| | | | | | | | | | Avoid creating an ASN1_STRING with negative length, set type, data and length via ASN1_STRING_type_new() and ASN1_STRING_set0() instead of doing this manually. Check return value for i2d_ASN1_INTEGER() and use an intermediate ASN1_OBJECT instead of nested function calls. Finally, clear sensitive data with freezero(). ok jsing
* rsa_priv_encode: plug leak on PKCS8_pkey_set0() failuretb2023-08-101-15/+19
| | | | | | Change the code to use safer idioms and avoid nested function calls. ok jsing
* Improve byte order handling in gcm128.jsing2023-08-101-329/+44
| | | | | | Replace a pile of byte order handling mess with htobe*() and be*toh(). ok tb@
* Remove MD32_REG_T.jsing2023-08-106-48/+16
| | | | | | | | | This is a hack that is only enabled on a handful of 64 bit platforms, as a workaround for poor compiler optimisation. If you're running an archiac compiler on an archiac architecture, then you can deal with slightly lower performance. ok tb@
* Add the forgotten .In lineschwarze2023-08-091-3/+4
| | | | and fix a typo: s/content objects/content octets/.
* In objects.h rev. 1.14 and 1.15 (Jan 2022), tb@ providedschwarze2023-08-091-5/+65
| | | | | OBJ_get0_data(3) and OBJ_length(3). Document them. Feedback and OK tb@.
* Rework BN_BLINDING to use pthread_t directlytb2023-08-093-28/+18
| | | | | | | | | | Instead of CRYPTO_THREADID, which passes pthread_via through unsigned long, we can use pthread_self() and pthread_equal() directly. This commit keeps using the awkward 'local' nomenclature as that is used throughout the rsa code. This will be changed after the blinding code will have been fully merged into rsa_blinding.c. ok jsing
* Merge remainder of rsa_crpt.c into rsa_eay.ctb2023-08-093-130/+55
| | | | | Most of these are one line wrappers around methods implemented in rsa_eay.c by default.
* Move RSA blinding API from rsa_crpt.c to rsa_blinding.ctb2023-08-092-102/+102
|
* Move RSA_blinding_{on,off}() to the bottom of the filetb2023-08-091-29/+29
|
* Move bn_blind.c to rsa_blinding.ctb2023-08-094-13/+14
| | | | discussed with jsing
* Make declaration and definition of BN_BLINDING_new() match.tb2023-08-092-4/+4
| | | | Also, make mod const.
* Merge BN_BLINDING_create_param() into BN_BLINDING_new()tb2023-08-093-33/+16
|
* Set up the blinding factors on first usetb2023-08-091-27/+14
| | | | | | | Only call BN_BLINDING_setup() from BN_BLINDING_update(). This allows another simplification of the counter logic. ok jsing
* Remove retry loop in BN_BLINDING_setup()tb2023-08-091-24/+5
| | | | | | | If we generate a non-invertible blinding, we have accidentally factored the modulus. This won't happen, so get rid of this ugly complication. ok jsing
* Compute a square using BN_mod_sqr() instead of BN_mod_mul()tb2023-08-091-3/+3
| | | | ok jsing