summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* ECDHerror() and ECDSAerror will go awaytb2023-07-052-45/+45
| | | | | | Move some trivial ones to ECerror(). discussed with jsing
* Adjust the public declaration of OpenSSLDie to use a portablebcook2023-07-051-2/+10
| | | | | | method of indicating that the function does not return. ok tb@
* Drop an incorrect part from a commenttb2023-07-051-2/+2
|
* Missing . in commenttb2023-07-051-2/+2
|
* Fix #includestb2023-07-051-2/+6
|
* Remove local prototypes for public API (?!)tb2023-07-051-6/+1
|
* Improve BN_bn2bin() error check for readabilitytb2023-07-051-2/+2
|
* Merge ECDH code that will stay into ecdh.ctb2023-07-053-125/+65
|
* Move ECDSA_size() to a more sensible place in this filetb2023-07-051-28/+28
|
* Merge ECDSA code that will stay into ecdsa.ctb2023-07-053-160/+97
| | | | discussed with jsing
* Rename ecs_local.h into ecdsa_local.htb2023-07-057-13/+13
|
* Make variables in prototypes match function declarationstb2023-07-051-6/+6
|
* Drop useless ossl_ prefixestb2023-07-058-40/+52
| | | | discussed with jsing
* Avoid outputting invalid signaturestb2023-07-041-1/+11
| | | | | | | | | | | | The caller can provide an r which will be added to the ECDSA_SIG unchecked. This can happen via ECDSA_{,do_}sign_ex() or ECDSA_sign_setup() or else via a custom sign_sig() handler. Therefore add a check that it is in the bounds required. Since k was long thrown away, there's no way to check kinv, so it needs to be trusted. Misdesigned APIs that will output garbage everywhere... ok jsing
* Clean up ECDSA verificationtb2023-07-041-14/+29
| | | | | | | | Use variable names that correspond more closely to the standard. Use an additional variable for s^-1 for readability. Annotate the code with the corresponding steps from FIPS 186-5. ok jsing
* ECDSA signing: annotate code with steps corresponding to FIPS 185-6.tb2023-07-041-3/+25
| | | | ok jsing
* Extract private key and group order in s computationtb2023-07-041-19/+18
| | | | | | | This pushes a few variables no longer needed in ossl_ecdsa_sign_sig() into ecdsa_compute_s() separating API logic and pure computation a bit more. ok beck
* Use key for the EC_KEY everywheretb2023-07-041-39/+38
|
* Some more consistency in variable namestb2023-07-041-15/+15
|
* Normalize ECDSA_SIG to be sig everywheretb2023-07-041-11/+11
|
* Normalize on digest and digest_len rather than dgst dlen dgstlen, etc.tb2023-07-041-28/+34
|
* Rework ecdsa_prepare_digest()tb2023-07-041-35/+35
| | | | | | | | Make it take an EC_KEY instead of a group order in preparation for further cleanup. Rename m into e to match the standard better. Also buy some vowels for jsing. ok beck jsing
* Plug leak in the ssltesttb2023-07-041-1/+2
| | | | | | | | Removing -tls1 moved some tests from the legacy stack to the TLSv1.3 stack. On a HRR, the alpn callback would be called twice and allocate the global twice, thereby leaking. So free it up front. Joint suffering with bcook and beck
* Factor the computation of ECDSA s into a functiontb2023-07-041-69/+88
| | | | | | | | ossl_ecdsa_sign_sig() is already complicated enough. The math bit is entirely self contained and does not need to obfuscate control flow and logic. with feedback from and ok jsing
* sign_sig: drop ckinvtb2023-07-031-5/+7
| | | | | | | | The only reason ckinv exists is to be able to avoid a copy. This copy leaks some timing info, that will be mitigated in a subsequent step. It is an unused or at least uncommonly used codepath. ok jsing
* Rework the logic in ECDSA sign_sig()tb2023-07-031-24/+30
| | | | | | | | | | | If the caller supplied both kinv and r, we don't loop but rather throw an undocumented error code that no one uses, which is intended to tell the caller to run ECDSA_sign_setup() and try again. Use a boolean that indicates this situation so that the logic becomes a bit more transparent. ok jsing
* add regress tests for the remainder of the function provided by our uuid.hjasper2023-07-031-5/+137
|
* Delete some more references to dead policy code.tobhe2023-07-031-12/+1
| | | | | | Fixes -DNAMESPACE ok tb@
* sign_sig: test on assignmenttb2023-07-031-5/+6
|
* sign_setup: split another check into twotb2023-07-031-2/+6
|
* typotobhe2023-07-031-1/+1
|
* Split range checks for ECDSA r and ECDSA stb2023-07-031-3/+8
| | | | requested by jsing
* Switch a couple of test from ucmp to cmptb2023-07-031-4/+4
| | | | | | | | This is confusing, as both sides involved should be unsigned. The ec code is undecided on whether the group order can be negative. It should never be, so lets see what happen with this slightly stricter check. discussed with jsing
* ossl_ecdsa_verify_sig(): simplify range checkstb2023-07-031-6/+4
| | | | | | | The checks whether r and s lie in the interval [1, order) were a bit uglier than necessary. Clean this up. ok beck jsing
* List variables in a somewhat more sensible ordertb2023-07-031-4/+4
|
* In ossl_ecdsa_verify_sig() use BN_CTX more idiomaticallytb2023-07-031-8/+10
| | | | ok beck jsing
* Split a bunch of unrelated checkstb2023-07-031-3/+10
| | | | ok beck jsing
* Make ossl_ecdsa_verify_sig() single exittb2023-07-031-4/+4
| | | | ok beck jsing
* Switch ossl_ecdsa_verify() to timingsafe_memcmp()tb2023-07-031-2/+2
| | | | Requested by jsing
* Streamline ossl_ecdsa_verify()tb2023-07-031-7/+13
| | | | | | | Make it single exit and use API more idiomatically and some other cosmetics. ok beck jsing
* Explicit parameter printing can also use get0_order()tb2023-07-031-5/+6
| | | | ok beck jsing
* Convert ossl_ec_key_gen() and EC_KEY_check_key()tb2023-07-031-23/+6
| | | | | | These also get the EC_GROUP_get0_order() treatment ok beck jsing
* Convert EC_GROUP_check() to EC_GROUP_get0_order()tb2023-07-031-10/+3
| | | | ok beck jsing
* Inline two copies of EC_GROUP_order_bits()tb2023-07-031-22/+6
| | | | | | | This code is way more complicated than it needs to be. Simplify. ec_bits() was particularly stupid. ok beck jsing
* some minor fix up;jmc2023-07-031-5/+5
|
* Bring back no_tls1 and no_tls1_1 as undocumented silently discarded opitonsbeck2023-07-032-8/+20
| | | | | | | | While I'm here, change the no_ssl2 and no_ssl3 options to use OPTION_DISCARD as well instead of continuing to set a no-op option flag. ok jsing@ tb@
* Switch ECDSA code to using EC_GROUP_get0_order()tb2023-07-031-25/+17
| | | | ok jsing
* Provide internal-only EC_GROUP_get0_order()tb2023-07-032-3/+11
| | | | ok jsing
* Remove the tls1.0 and 1.1 related options from the openssl(1) toolkitbeck2023-07-033-159/+20
| | | | ok tb@
* Another empty line did not want to go intb2023-07-031-1/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 19:48:40 +0000