summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Trade a pair of extra braces for a missing empty linetb2023-07-031-3/+3
|
* Simplify allocation checkstb2023-07-021-11/+11
| | | | | | | | | | Instead of attempting to allocate a few times and only then check all the returned pointers for NULL, allocate and check one after the othre. This is easier on the eyes and what we usually do. Prompted by a report by Ilya Shipitsin ok beck
* Clean up dynamic tables in OPENSSL_cleanup()tb2023-07-021-1/+10
| | | | | | | | | This is not currently done in OpenSSL, but it looks more like something that was mised rather than desired behavior. There are some thread safety issues here, but those are rife in this codebase anyway (although I heard claims on some versions of this lib being "fully threadsafe"). no objection jsing
* Disable TLS 1.0 and TLS 1.1 in libsslbeck2023-07-029-161/+106
| | | | | | | | | | | | Their time has long since past, and they should not be used. This change restricts ssl to versions 1.2 and 1.3, and changes the regression tests to understand we no longer speak the legacy protocols. For the moment the magical "golden" byte for byte comparison tests of raw handshake values are disabled util jsing fixes them. ok jsing@ tb@
* Convert some tables to C99 initializerstb2023-07-023-42/+249
| | | | ok & "happy pirate day" beck
* Fix return values of ecx methodstb2023-07-021-5/+5
| | | | | | | | | It is hard to get your return values right if you choose them to be a random subset of {-2, ..., 3}. The item_verify() and the digestverify() methods don't return 0 on error, but -1. Here 0 means "failed to verify", obviously. ok jsing
* Demacro SHA-512.jsing2023-07-021-54/+112
| | | | | | | | | | | | | | | Use static inline functions instead of macros to implement SHA-512. At the same time, make two key changes - firstly, rather than trying to outsmart the compiler and shuffle variables around, write the algorithm the way it is documented and actually swap the variable contents. Secondly, instead of interleaving the message schedule update and the round, do the full message schedule update first, then process the round. Overall, we get safer and more readable code. Additionally, the compiler can generate smaller and faster code (with a gain of 5-10% across a range of architectures). ok beck@ tb@
* Fix typo in previoustb2023-07-021-2/+2
|
* Use asprintf() to avoid repetition in string constantstb2023-07-021-6/+13
| | | | | | ... since ASN1_bn_print() is stupid. ok jsing
* Split ECPKParameters_print()tb2023-07-021-121/+150
| | | | | | | | | This function has two entirely independent parts, so instead of a huge if/else just use two functions. In ecpk_print_explicity parameters() do some additional boring cleanup such as switching to actually using the local BN_CTX and shuffling things into a slightly more sensible order. ok jsing
* Switch sign_sig() and sign_setup() to using BN_CTXtb2023-07-021-47/+73
| | | | | | | | | | | Both these functions use a BN_CTX internally to deal with the EC API that usually requires one. However, they don't actually make use of it. Get the BIGNUMs from the BN_CTX instead, which simplifies the cleanup. Also defer allocation of the ECDSA_SIG to the very end. Instead of using its internal r and s, use two local r and s variables and transfer those to the ECDSA_SIG on success. ok beck jsing
* Revert hunk accidentally committed in r1.39tb2023-07-021-11/+1
|
* Rework handling of the out_kinv and out_r pointerstb2023-07-021-8/+15
| | | | suggested by jsing
* Replace bn_sqr_words() with bn_sqr_add_words().jsing2023-07-021-35/+23
| | | | | | | | | | | | | | In order to implement efficient squaring, we compute the sum of products (omitting the squares), double the sum of products and then finally compute and add in the squares. However, for reasons unknown the final calculation was implemented as two separate steps. Replace bn_sqr_words() with bn_sqr_add_words() such that we do the computation in one step, avoid the need for temporary BN and remove needless overhead. This gives us a performance gain across most architectures (even with the loss of sse2 on i386, for example). ok tb@
* Rename ctx_in into in_ctx, kinvp into out_kinv and rp into out_rtb2023-07-021-12/+13
|
* Rename a few variables from X to xtb2023-07-021-14/+14
|
* Simplify things by switching to bn_rand_interval()tb2023-07-021-22/+19
| | | | | | | | This avoids some silly dances in ECDSA signature generation by replacing them with a single API call. Also garbage collect the now unnecessary range. ok beck jsing
* Unconditionally zero the ECDH keytb2023-07-021-6/+3
| | | | | | | While memset() is quite expensive, we can afford zeroing a few extra bytes to make this code more readable. ok beck jsing
* Teach openssl ca about Ed25519 certificatestb2023-07-021-18/+27
| | | | | | | This adds a few logic curlies to end up setting the EVP_MD to EVP_md_null() as required by the API. This way ASN1_item_sign() now knows how to behave. "ok = (rv == 2);" beck
* Teach openssl req about EdDSA certstb2023-07-021-1/+8
| | | | | | | After a few things in libcrypto were adjusted, this diff makes issuing certificate requests with Ed25519 work. ok beck
* Remove the ability to do tls 1.0 and 1.1 from libtls.beck2023-07-027-44/+31
| | | | | | | | With this change any requests from configurations to request versions of tls before tls 1.2 will use tls 1.2. This prepares us to deprecate tls 1.0 and tls 1.1 support from libssl. ok tb@
* ECDSA_size(): move order a few lines downtb2023-07-021-2/+2
|
* Invert method checks to avoid stupid line breakstb2023-07-021-22/+26
|
* Move the EC_POINT a bit down and a * to the right placetb2023-07-021-3/+3
|
* ech_key.c: Fix includestb2023-07-021-3/+4
| | | | | We need stdint.h for uintptr_t, stdlib.h for malloc, ec.h for various things, but there's no need for objects. or sha.h.
* Document that small allocations are initially junked with 0xdf nowotto2023-07-011-3/+3
|
* Reverse polarity to avoid an overlong linetb2023-07-011-5/+6
|
* Reword comment to fit on a single linetb2023-07-011-5/+2
|
* tmp is a silly name for a point on an elliptic curvetb2023-07-011-6/+6
|
* Garbage collect the now unused lentb2023-07-011-5/+3
|
* Test and assign for EC_KEY_get0_private_key()tb2023-07-011-3/+2
|
* Add a missing NULL check for grouptb2023-07-011-2/+3
| | | | ok jsing
* Reference commit needed in the next major bumptb2023-07-011-2/+2
|
* Simplify handling of rettb2023-07-011-6/+6
| | | | ok jsing
* Use BN_bn2binpad() instead of handrolling ittb2023-07-011-5/+3
| | | | | | | | | | As ugly as the BN_bn2binpad() internals are, what it does is quite handy with all sorts of EC stuff. So use it here too and eliminate some ugly manual pointer zeroing and offsets. Also switch len and buflen from size_t to int to remove an iffy cast: both are set by functions that return a non-negative int. ok jsing
* Remove unused y from ECDH key computationtb2023-07-011-5/+5
| | | | ok jsing
* crypto.h: move the error stuff to the endtb2023-07-011-21/+21
| | | | | | The other public headers have function and reason codes at the end because the error header was inlined. This was also the case here, too, until the automatic library initialization was appended.
* Simplify ASN1_bn_print() usage in ec/tb2023-07-012-30/+20
| | | | | | | ASN1_bn_print() doesn't print anything if the BIGNUM passed in is NULL. Also simplify the handling of the point conversion form of the generator. ok jsing
* whitespacetb2023-06-301-2/+2
|
* Recommit "Allow to ask for deeper callers for leak reports usingotto2023-06-302-12/+71
| | | | | | | malloc options" Now only enabled for platforms where it's know to work and written as a inline functions instead of a macro.
* Drop the no longer necessary -DLIBRESSL_CRYPTO_INTERNALtb2023-06-291-2/+2
| | | | ok miod
* Move check_defer() and obj_cleanup_defer to evp/names.ctb2023-06-292-7/+5
| | | | | | | | | | These formerly public symbols are the last things hidden by LIBRESSL_CRYPTO_INTERNAL. Most of their use is in evp/names.c Unfortunately, check_defer() needs to know about NUM_NIDS, so its implementation needs to remain in obj_dat.c, the only file that can include obj_dat.h due to NID tables. ok miod
* Adjust EC_GROUP_get_basis_type() documentationtb2023-06-281-64/+8
| | | | | | | After the GF2m removal, this function always returns 0, so adjust the documentation and remove EC_GROUP_get_{trinomial,pentanomial}_basis() that were left behind. Also add a tiny grammar tweak in the HISTORY section.
* Zap stray spacetb2023-06-271-2/+2
|
* Switch from get_rfc*() to BN_get_rfc*()tb2023-06-271-7/+7
| | | | | | | | The existence of the public get_rfc*() API is a historic curiosity that may soon be corrected. We inherited its use and it survived in libssl until now. Switch to the better named BN_get_rfc*() wrappers. ok jsing
* Remove some dead code from ECPKParameters_print()tb2023-06-271-31/+6
| | | | | | | This code is unreachable since binary curve support was removed. There is a lot more to clean up in here... ok jsing
* Remove the now unused poly[] from EC_GROUPtb2023-06-271-15/+2
| | | | | | | This was needed for defining the multiplication over binary fields. Since that code is gone, this is no longer needed. ok jsing
* Simplify EC_GROUP_get_basis_type()tb2023-06-271-18/+2
| | | | | | | | The remaining EC_METHODs in libcrypto all have a field type of NID_X9_62_prime_field, so this function always returns 0. Make that more obvious. ok jsing
* Adjust EVP_PKEY_CTRL_HKDF_KEY to OpenSSL's semanticstb2023-06-261-2/+9
| | | | | | | | | | | | For some reason there is no NULL check on setting the HKDF key for p2 like in the other cases in the switch, instead OpenSSL fail in memdup, nulling out the key but leaving he key_len at the old value. This looks accidental but our behavior makes some haproxy regress tests segfault. So mimic weird OpenSSL semantics but in addition set the key_len to 0. Reported by Ilya Shipitsin ok jsing
* Add missing RCS markertb2023-06-251-0/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-26 03:45:43 +0000