| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
We have no tls 1.0 or 1.1 or methods for them.
These "in theory" will make things that check the openssl #ifdef
soup for all the floating eyeballs make the correct decisions, or
if they do not they at least can not blame us.
ok tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok beck@, tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok beck@
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
An empty array cannot be initialized and it is an incomplete type, so the
sizeof() operator can't be applied to it. Therefore initialize it with a
zero byte and replace sizeof() use with lengths.
Slightly tweaked version of a patch by inoguchi in portable.
Discussed with bcook, beck, kettenis
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing@
|
| | |
|
| |
|
|
|
|
| |
Move some trivial ones to ECerror().
discussed with jsing
|
| |
|
|
|
|
| |
method of indicating that the function does not return.
ok tb@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
discussed with jsing
|
| | |
|
| | |
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The caller can provide an r which will be added to the ECDSA_SIG unchecked.
This can happen via ECDSA_{,do_}sign_ex() or ECDSA_sign_setup() or else via
a custom sign_sig() handler. Therefore add a check that it is in the bounds
required.
Since k was long thrown away, there's no way to check kinv, so it needs to
be trusted. Misdesigned APIs that will output garbage everywhere...
ok jsing
|
| |
|
|
|
|
|
|
| |
Use variable names that correspond more closely to the standard. Use an
additional variable for s^-1 for readability. Annotate the code with
the corresponding steps from FIPS 186-5.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
This pushes a few variables no longer needed in ossl_ecdsa_sign_sig() into
ecdsa_compute_s() separating API logic and pure computation a bit more.
ok beck
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Make it take an EC_KEY instead of a group order in preparation for further
cleanup. Rename m into e to match the standard better. Also buy some vowels
for jsing.
ok beck jsing
|
| |
|
|
|
|
|
|
| |
Removing -tls1 moved some tests from the legacy stack to the TLSv1.3 stack.
On a HRR, the alpn callback would be called twice and allocate the global
twice, thereby leaking. So free it up front.
Joint suffering with bcook and beck
|
| |
|
|
|
|
|
|
| |
ossl_ecdsa_sign_sig() is already complicated enough. The math bit is
entirely self contained and does not need to obfuscate control flow
and logic.
with feedback from and ok jsing
|
| |
|
|
|
|
|
|
| |
The only reason ckinv exists is to be able to avoid a copy. This copy
leaks some timing info, that will be mitigated in a subsequent step.
It is an unused or at least uncommonly used codepath.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
If the caller supplied both kinv and r, we don't loop but rather throw
an undocumented error code that no one uses, which is intended to tell
the caller to run ECDSA_sign_setup() and try again.
Use a boolean that indicates this situation so that the logic becomes
a bit more transparent.
ok jsing
|
| | |
|
| |
|
|
|
|
| |
Fixes -DNAMESPACE
ok tb@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
requested by jsing
|
| |
|
|
|
|
|
|
| |
This is confusing, as both sides involved should be unsigned. The ec
code is undecided on whether the group order can be negative. It should
never be, so lets see what happen with this slightly stricter check.
discussed with jsing
|
| |
|
|
|
|
|
| |
The checks whether r and s lie in the interval [1, order) were a bit
uglier than necessary. Clean this up.
ok beck jsing
|
| | |
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
