summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Simplify DH_check_params a bit.tb2021-12-051-12/+4
| | | | | | | | It makes no sense to allocate an entire BN_CTX if we only use it to get a single BIGNUM, from which we subtract 1 to compare it to g. We can just use a plain BIGNUM and delete a bunch of lines. ok inoguchi jsing
* Add initial regress for CT.jsing2021-12-054-1/+415
| | | | This provides test coverage for SCT encoding/decoding.
* Add RCS markerstb2021-12-0513-0/+13
|
* gross trailing whitespacetb2021-12-041-16/+16
|
* List subdirectories as a simple list. Avoids a source of many mergetb2021-12-041-6/+8
| | | | | | conflicts in my work on making much of libcrypto opaque. discussed with jsing
* Annotate the structs to be moved to bn_lcl.h in the next bumptb2021-12-041-1/+5
| | | | ok inoguchi jsing
* Use BN_is_negative(p) instead of p->neg in one place.tb2021-12-041-2/+2
|
* Add #include "bn_lcl.h" to the files that will soon need it.tb2021-12-0415-15/+36
| | | | ok inoguchi jsing
* Implement the BN_to_montgomery() macro as a functiontb2021-12-042-2/+13
| | | | ok inoguchi jsing
* Implement the BN_is_negative macro as a functiontb2021-12-042-2/+13
| | | | ok inoguchi jsing
* Provide function implementations for various BN_* macrostb2021-12-042-4/+54
| | | | | | | | BN_abs_is_word, BN_is_{zero,one,word,odd}, BN_one, BN_zero_ex are now implemented as functions for internal use. They will be exposed publicly to replace the macros reaching into BIGNUM in the next bump. ok inoguchi jsing
* Provide replacement functions for the BN_{get,set,with}_flags() macros.tb2021-12-042-2/+34
| | | | ok inoguchi jsing
* Provide replacement functions for the BN_GENCB_set{,_old}() macrostb2021-12-042-3/+33
| | | | | | | | The function implementations are necessary to make BIGNUM opaque. They will be used in libcrypto internally until they will replace the macro implementations with the next bump. ok inoguchi jsing
* Consolidate {d2i,i2d}_{pr,pu}.cjsing2021-12-045-184/+43
| | | | | | | | | | | | Currently there are two files for private key ASN.1 (d2i_pr.c, i2d_pr.c) and two files for public key ASN.1 (d2i_pu.c, i2d_pu.c). All of the other ASN.1 code has d2i and i2d in the same per-object file. Consolidate d2i_pr.c/i2d_pr.c into a_pkey.c and consolidate d2i_pu.c/i2d_pu.c into a_pubkey.c before making any further changes to this code. ok tb@
* Clean up and refactor server side DHE key exchange.jsing2021-12-044-120/+116
| | | | | | | | | | | | Provide ssl_kex_generate_dhe_params_auto() which handles DHE key generation based on parameters determined by the specified key bits. Convert the existing DHE auto parameter selection code into a function that just tells us how many key bits to use. Untangle and rework the server side DHE key exchange to use the ssl_kex_* functions. ok inoguchi@ tb@
* Move the minimum DHE key size check into ssl_kex_peer_params_dhe()jsing2021-12-043-14/+19
| | | | ok inoguchi@ tb@
* Check DH public key in ssl_kex_peer_public_dhe().jsing2021-12-043-8/+22
| | | | | | | Call DH_check_pub_key() after decoding the peer public key - this will be needed for the server DHE key exchange, but also benefits the client. ok inoguchi@ tb@
* Free cert, key and ocsp_staple on exit of do_keypair_test().tb2021-12-041-1/+4
| | | | Reported by Ilya Shipitsine, discussed with jsing
* Convert main into single exit to appease asan.tb2021-12-041-22/+33
|
* Explicitly free EVP_MD_CTX to appease asan. Reported by Ilya Shipitsin.tb2021-12-041-10/+16
|
* Add regress for ECPKParameters ASN.1 encoding/decoding.jsing2021-12-042-2/+210
|
* Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function.jsing2021-12-031-32/+26
| | | | | | | | | | Call the replacement asn1_tlc_invalidate() since it does not actually clear the ASN1_TLC. While here, name the ASN1_TLC variables consistently as ctx, remove a pointless comment and simplify ASN1_item_d2i() slightly. ok inoguchi@ tb@
* Group and sort includes.jsing2021-12-031-3/+3
|
* Call asn1_item_ex_d2i() directly from ASN1_item_d2i()jsing2021-12-031-2/+5
| | | | | | | ASN1_item_ex_d2i() is just a wrapper around the internal asn1_item_ex_d2i() function, so call asn1_item_ex_d2i() directly. ok inoguchi@ tb@
* Convert ASN1_PCTX_new() to calloc().jsing2021-12-031-10/+6
| | | | | | | Rather than using malloc() and then initialising all struct members to zero values, use calloc(). ok schwarze@ tb@
* Use calloc() for X509_CRL_METHOD_new() instead of malloc().jsing2021-12-031-3/+4
| | | | | | | This ensures that if any members are added to this struct, they will be initialised. ok schwarze@ tb@
* Rewrite ASN1_STRING_cmp().jsing2021-12-031-11/+8
| | | | | | This removes nested ifs and uses more sensible variable names. ok schwarze@ tb@
* Convert ASN1_STRING_type_new() to calloc().jsing2021-12-031-10/+7
| | | | | | | Rather than using malloc() and then initialising all struct members, use calloc() and only initialise the single non-zero value member. ok schwarze@ tb@
* Convert ASN1_OBJECT_new() to calloc().jsing2021-12-031-11/+6
| | | | | | | Rather than using malloc() and then initialising all struct members, use calloc() and only initialise the single non-zero value member. ok schwarze@ tb@
* Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated ASN1jsing2021-12-032-222/+430
| | | | | | | These functions previously used the old ASN1_{d2i,i2d}_{bio,fp}() interfaces. ok inoguchi@ tb@
* Use calloc() in EVP_PKEY_meth_new() instead of malloc() and settingtb2021-12-031-29/+2
| | | | | | almost all members to 0. Just set the two things that need setting. ok jsing
* Fix EVP_PKEY_{asn1,meth}_copy once and for alltb2021-12-032-63/+23
| | | | | | | | | It is very easy to forget to copy over newly added methods. Everyone working in this corner has run into this. Instead, preserve what needs preserving and use a struct copy, so all methods get copied from src to dest. tweak/ok jsing
* bsearch(3): support arrays with more than INT_MAX elementscheloha2021-12-021-2/+3
| | | | | | | | | | | | | | | The "lim" variable needs to be a size_t to match nmemb, otherwise we get undefined behavior when nmemb exceeds INT_MAX. Prompted by a blog post by Joshua Bloch: https://ai.googleblog.com/2006/06/extra-extra-read-all-about-it-nearly.html Fixed by Chris Torek a long time ago: https://svnweb.freebsd.org/csrg/lib/libc/stdlib/bsearch.c?revision=51742&view=markup ok millert@
* Tell testers which packages to install right away (and why)kn2021-12-023-3/+7
| | | | | | | Other regress tests do it differently; just fix/thouch those that did not mention any package name at all. This helps grepping logs for SKIPPED to find instructions for the next run.
* Remove dead code.jsing2021-12-011-21/+1
|
* Add missing const qualifiers in a number of BN_* manuals.tb2021-11-308-52/+52
| | | | ok schwarze
* last whitespace diff for now.tb2021-11-301-57/+62
|
* KNF for BF_KEYtb2021-11-301-4/+3
|
* Fix some annoying whitespace inconsistencies.tb2021-11-301-20/+20
|
* Provide EVP_CTRL_AEAD_* defines.tb2021-11-301-7/+10
| | | | | | | | | This commit adds generic EVP_CTRL_AEAD_{SET,GET}_TAG and _SET_IVLEN defines and aliases the GCM and CCM versions to those. This is the publicly visible part of OpenSSL's e640fa02005. ok inoguchi jsing
* Align ssl_kex_derive_ecdhe_ecp() with ssl_kex_derive_dhe()tb2021-11-301-10/+10
| | | | | | sk is commonly used for a STACK_OF(), so call the shared key simply key. ok jsing
* s/ECDHE/ECDH/jsing2021-11-301-3/+3
| | | | | | | If we can provide an EC key that is used, then it is by definition non-ephemeral. ok tb@
* Add regress for {d2i,i2d}_{,DSA_,EC_,RSA_}PUBKEY{,_bio}().jsing2021-11-302-1/+570
|
* Crank the number of rounds of Miller-Rabin from 50 to 64tb2021-11-291-4/+7
| | | | | | | | for DSA key generation. From Kurt Roeckx, OpenSSL 74ee3796 ok bcook inoguchi jsing
* Clean up DH_check_pub_key() and ensure that y^q (mod p) == 1.tb2021-11-291-18/+53
| | | | | | | | | | This aligns our behavior with OpenSSL 1.1.1 which includes a mitigation for small subgroup attacks. This did not affect LibreSSL since we do not support X9.42 style parameter files or RFC 5114. The meat of this commit is from Matt Caswell, OpenSSL b128abc3 ok inoguchi jsing
* Increase number of iterations in Miller-Rabin checks for DH.tb2021-11-291-4/+9
| | | | | | | | | | BN_prime_checks is only to be used for random input. Here, the input isn't random, so increase the number of checks. According to https://eprint.iacr.org/2019/032, 64 rounds is suitable. From Jake Massimo, OpenSSL 1.1.1, af6ce3b4 ok inoguchi jsing
* Synchronize DH_check() mostly with OpenSSL 1.1.1 with sometb2021-11-291-32/+47
| | | | | | | | | | | | simplifications and readability tweaks. This ensures in particular that dh->q is suitable if present. Based on work by Stephen Henson and Bernd Edlinger in OpenSSL. Issues with the current implementation found via regression tests in py-cryptography. ok inoguchi jsing
* Provide a version of DH_check_params() for internal use.tb2021-11-291-1/+43
| | | | | | Based on the version in OpenSSL 1.1.1l with minor tweaks. ok inoguchi jsing
* Provide a number of flags for DH_check and DH_check_pubkeytb2021-11-291-1/+5
| | | | | | that will be used in subsequent commits. ok inoguchi jsing
* First pass of converting ssl_kex.c to opaque DH.tb2021-11-291-30/+58
| | | | | | | | | Assign the result of BN_dup() and BN_bn2bin() to local BIGNUMs, then set the factors and pubkey on the dh using DH_set0_{pqg,key}(). A second pass will be done during the upcoming bump. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 02:23:19 +0000