summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Test and assign for EC_KEY_get0_private_key()tb2023-07-011-3/+2
|
* Add a missing NULL check for grouptb2023-07-011-2/+3
| | | | ok jsing
* Reference commit needed in the next major bumptb2023-07-011-2/+2
|
* Simplify handling of rettb2023-07-011-6/+6
| | | | ok jsing
* Use BN_bn2binpad() instead of handrolling ittb2023-07-011-5/+3
| | | | | | | | | | As ugly as the BN_bn2binpad() internals are, what it does is quite handy with all sorts of EC stuff. So use it here too and eliminate some ugly manual pointer zeroing and offsets. Also switch len and buflen from size_t to int to remove an iffy cast: both are set by functions that return a non-negative int. ok jsing
* Remove unused y from ECDH key computationtb2023-07-011-5/+5
| | | | ok jsing
* crypto.h: move the error stuff to the endtb2023-07-011-21/+21
| | | | | | The other public headers have function and reason codes at the end because the error header was inlined. This was also the case here, too, until the automatic library initialization was appended.
* Simplify ASN1_bn_print() usage in ec/tb2023-07-012-30/+20
| | | | | | | ASN1_bn_print() doesn't print anything if the BIGNUM passed in is NULL. Also simplify the handling of the point conversion form of the generator. ok jsing
* whitespacetb2023-06-301-2/+2
|
* Recommit "Allow to ask for deeper callers for leak reports usingotto2023-06-302-12/+71
| | | | | | | malloc options" Now only enabled for platforms where it's know to work and written as a inline functions instead of a macro.
* Drop the no longer necessary -DLIBRESSL_CRYPTO_INTERNALtb2023-06-291-2/+2
| | | | ok miod
* Move check_defer() and obj_cleanup_defer to evp/names.ctb2023-06-292-7/+5
| | | | | | | | | | These formerly public symbols are the last things hidden by LIBRESSL_CRYPTO_INTERNAL. Most of their use is in evp/names.c Unfortunately, check_defer() needs to know about NUM_NIDS, so its implementation needs to remain in obj_dat.c, the only file that can include obj_dat.h due to NID tables. ok miod
* Adjust EC_GROUP_get_basis_type() documentationtb2023-06-281-64/+8
| | | | | | | After the GF2m removal, this function always returns 0, so adjust the documentation and remove EC_GROUP_get_{trinomial,pentanomial}_basis() that were left behind. Also add a tiny grammar tweak in the HISTORY section.
* Zap stray spacetb2023-06-271-2/+2
|
* Switch from get_rfc*() to BN_get_rfc*()tb2023-06-271-7/+7
| | | | | | | | The existence of the public get_rfc*() API is a historic curiosity that may soon be corrected. We inherited its use and it survived in libssl until now. Switch to the better named BN_get_rfc*() wrappers. ok jsing
* Remove some dead code from ECPKParameters_print()tb2023-06-271-31/+6
| | | | | | | This code is unreachable since binary curve support was removed. There is a lot more to clean up in here... ok jsing
* Remove the now unused poly[] from EC_GROUPtb2023-06-271-15/+2
| | | | | | | This was needed for defining the multiplication over binary fields. Since that code is gone, this is no longer needed. ok jsing
* Simplify EC_GROUP_get_basis_type()tb2023-06-271-18/+2
| | | | | | | | The remaining EC_METHODs in libcrypto all have a field type of NID_X9_62_prime_field, so this function always returns 0. Make that more obvious. ok jsing
* Adjust EVP_PKEY_CTRL_HKDF_KEY to OpenSSL's semanticstb2023-06-261-2/+9
| | | | | | | | | | | | For some reason there is no NULL check on setting the HKDF key for p2 like in the other cases in the switch, instead OpenSSL fail in memdup, nulling out the key but leaving he key_len at the old value. This looks accidental but our behavior makes some haproxy regress tests segfault. So mimic weird OpenSSL semantics but in addition set the key_len to 0. Reported by Ilya Shipitsin ok jsing
* Add missing RCS markertb2023-06-251-0/+1
|
* Remove unneeded bn_local.h and drop a NULL checktb2023-06-251-5/+3
|
* Move ECDSA_size() to ecs_ossl.c to match what was done in ecdhtb2023-06-252-34/+34
|
* With ech_local.h gone, we no longer need to -I ecdhtb2023-06-251-2/+1
|
* Remove ech_local.htb2023-06-251-65/+0
|
* Stop including ech_local.htb2023-06-253-5/+5
|
* Remove prototypes for EC_KEY_{get,insert}_key_method_data()tb2023-06-251-8/+1
| | | | These were accidentally left behind in a previous commit.
* Move ecdh_KDF_X9_63() to ec_local.htb2023-06-252-8/+8
| | | | | In anticipation of merging ecdh/ and ecdsa/ into ec/, move the last remaining thing in ech_local.h where it will soon belong.
* Move ECDH_size() to ech_key.ctb2023-06-252-8/+8
| | | | | This way the public ECDH API that will remain in libcrypto is in one file and the public ECDH API that will go is in the other one.
* Move the ecdh_method struct declaration to ech_lib.ctb2023-06-252-11/+10
| | | | No other file uses this anymore
* Move ECDH_OpenSSL() ECDSA_OpenSSL() to *_lib.ctb2023-06-254-28/+28
| | | | | | Now that they no longer use static methods, they can move where they belong. Also make the static method const, as it should have been all along.
* Remove EC_EXTRA_DATAtb2023-06-254-230/+4
| | | | | | | | | | | With the ecdh_check() and ecdsa_check() abominations gone, we can finally get rid of EC_EXTRA_DATA and EC_KEY_{get,insert}_key_method_data(). The EC_EX_DATA_*() handlers, (which fortunately have always had "'package' level visibility") join the ride to the great bit bucket in the sky. Thanks to op for making this possible. ok jsing
* Remove {ecdh,ecdsa}_check() and {ECDH,ECDSA}_DATAtb2023-06-254-223/+4
| | | | | | | This is now unused code. Removing it will free us up to remove some other ugliness in the ec directory. ok jsing
* Remove method wrappers that use {ecdh,ecdsa}_check()tb2023-06-252-73/+14
| | | | | | | | Now that it is no longer possible to set a custom {ECDH,ECDSA}_METHOD, EC_KEY_METHOD can just call the relevant method directly without the need for this extra contortion. ok jsing
* ecdsa_do_sign(): remove useless ecdsa_check() calltb2023-06-251-4/+2
| | | | ok jsing
* Make ECDH and ECDSA ex_data handlers always failtb2023-06-252-26/+8
| | | | | | | | They will be removed in the next major bump. No port uses them. They use code that is in the way of upcoming surgery. Only libtls and smtpd used to use the ECDSA version. ok jsing
* Make {ECDH,ECDSA}_set_method() always failtb2023-06-252-29/+4
| | | | | | | | They will be removed in the next major bump. No port uses them. They use code that is in the way of upcoming surgery. Only libtls used the ECDSA version, but thankfully op cleaned that up. ok jsing
* x509v3.h: unwrap a linetb2023-06-251-3/+2
|
* Adjust/fix X509_check_purpose(3) documentationtb2023-06-251-3/+3
|
* Check for duplicate X.509v3 extension OIDstb2023-06-251-1/+45
| | | | | | | | | | | | | Per RFC 5280, 4.2: A certificate MUST NOT include more than one instance of a particular extension. This implements such a check in x509v3_cache_extensions() by sorting the list of extensions and looking for duplicate neighbors. This sidesteps complications from extensions we do not know about and keeps algorithmic complexity reasonable. If the check fails, EXFLAG_INVALID is set on the certificate, which means that the verifier will not validate it. ok jsing
* Provide additional BN primitives for BN_ULLONG architectures.jsing2023-06-251-21/+79
| | | | | | | | | | | | | | | | | On BN_ULLONG architectures, the C compiler can usually do a decent job of optimising primitives, however it struggles to see through primitive calls due to type narrowing. As such, providing explicit versions of compound primitives can result in the production of more optimal code. For example, on arm the bn_mulw_addw_addw() primitive can be replaced with a single umaal instruction, which provides significant performance gains. Rather than intermingling #ifdef/#else throughout the header, the BN_ULLONG defines are pulled up above the normal functions. This also allows complex compound primitives to be reused. The conditionals have also been changed from BN_LLONG to BN_ULLONG, since that is what really matters. ok tb@
* ech_local.h: remove unused ECDH_FLAG_FIPS_METHODtb2023-06-251-9/+1
|
* ec_local.h: move ec_group_simple_order_bits down a bittb2023-06-251-3/+2
|
* Remove precompute_mult/have_precompute_mult from EC_METHOD.jsing2023-06-242-26/+4
| | | | | | | These are no longer in use - stub EC_GROUP_precompute_mult() and EC_GROUP_have_precompute_mult() to match their existing behaviour. ok tb@
* Mop up EC_GROUP precomp machinery.jsing2023-06-243-252/+10
| | | | | | | | | | | Since there are now no EC implementations that perform pre-computation at the EC_GROUP level, remove all of the precomp machinery, including the extra_data EC_GROUP member. The ec_wNAF_mul() code is horrific - simply cut out the precomp code, rather than trying to rewrite it (that's a project for another day). ok tb@
* Mop up ec_wNAF_{,have_}precompute_mult().jsing2023-06-242-206/+2
| | | | | | | | These were previously called by GF2m code and are no longer used. Also remove ec_pre_comp_new(), since it is only called by ec_wNAF_precompute_mult() and is now unused. ok tb@
* Add conditional around bn_mul_words() call.jsing2023-06-241-2/+4
| | | | | At least one of our bn_mul_words() assembly implementation fails to handle n = 0 correctly... *sigh*
* Assign and test.jsing2023-06-241-3/+2
|
* Check for non-zero length rather than a zero value.jsing2023-06-241-2/+2
| | | | | | This removes a data dependent timing path from BN_sqr(). ok tb@
* Rewrite and simplify bn_sqr()/bn_sqr_normal().jsing2023-06-243-39/+44
| | | | | | | | | Rework bn_sqr()/bn_sqr_normal() so that it is less convoluted and more readable. Instead of recomputing values that the caller has already computed, pass it as an argument. Avoid branching and remove duplication of variables. Consistently use a_len and r_len naming for lengths. ok tb@
* Provide optimised bn_subw() and bn_subw_subw() for arm.jsing2023-06-241-1/+50
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 15:41:25 +0000