openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2018-07-17	some more style fixes	tb	1	-19/+19

2018-07-17	Add missing $OpenBSD$ markers.	tb	41	-22/+42

2018-07-17	remove unused, empty file	tb	1	-0/+0

2018-07-17	Replace getprogname() to argv[0] in bnaddsub	inoguchi	1	-3/+2
	ok tb@
2018-07-16	Document behavior change of EC_POINTs_mul() again.	tb	1	-4/+22

2018-07-16	Recommit Billy Brumley's ECC constant time patch with a fix for sparc64	tb	6	-47/+341
	from Nicola Tuveri (who spotted the omission of ecp_nist.c from the PR). discussed with jsing tested by jsg
2018-07-15	re-commit the removal of the EC_POINTs_mul() regression tests with num > 1	tb	1	-161/+27

2018-07-15	recommit label indentation part of the backout; clearly unrelated to the	tb	19	-91/+93
	breakage.
2018-07-15	$OpenBSD$	tb	1	-0/+1

2018-07-15	Also revert regression tests so that EC_POINTs_mul() with longer vectors	tb	1	-26/+160
	gets exercised again.
2018-07-15	back out ecc constant time changes	jsg	21	-448/+137
	after the constant time commits various regress tests started failing on sparc64 ssh t9, libcrypto ec ecdh ecdsa and trying to ssh out resulted in 'invalid elliptic curve value' ok tb@
2018-07-13	openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET	cheloha	4	-15/+15
	Much more apt than the current operation names. Names suggested by jca@ ages ago. ok jca, jsing
2018-07-13	Eliminate the weird condition in the BN_swap_ct() API that at most one bit	tb	1	-3/+3
	be set in condition. This makes the constant time bit-twiddling a bit trickier, but it's not too bad. Thanks to halex for an extensive rubber ducking session over a non-spicy spicy tabouleh falafel.. ok jsing, kn
2018-07-11	Sync comment	kn	1	-3/+5
	Makes it a tad easier to read through and compare with BN_swap_ct(). OK tb
2018-07-11	Document behavior change of EC_POINTs_mul(3) from EC constant time changes.	tb	1	-4/+22
	ok beck on earlier version, markup help from Schwarze.
2018-07-11	Turn yesterday's optimistic ! in an XXX comment into a more cautious ?	tb	1	-2/+2

2018-07-11	Update EC regression tests.	tb	1	-160/+26
	Part of https://github.com/libressl-portable/openbsd/pull/94 from Billy Brumley and his team. ok jsing
2018-07-10	Indent labels by a space so they don't obliterate function names in diffs.	tb	19	-91/+93

2018-07-10	ECC constant time scalar multiplication support. First step in overhauling	tb	5	-46/+337
	the EC module. From Billy Brumley and his team, via https://github.com/libressl-portable/openbsd/pull/94 With tweaks from jsing and me. ok jsing
2018-07-10	Provide BN_swap_ct(), a constant time function that conditionally swaps	tb	2	-2/+53
	two bignums. It's saner and substantially less ugly than the existing public BN_constantime_swap() function and will be used in forthcoming work on constant time ECC code. From Billy Brumley and his team. Thanks! ok jsing
2018-07-10	Factor out a bit of ugly code that truncates the digest to the order_bits	tb	1	-32/+32
	leftmost bits of a longer digest, according to FIPS 183-6, 6.4. Eliminate a microoptimization that only converts the relevant part of the digest to a bignum. ok beck, jsing
2018-07-10	$OpenBSD$	tb	2	-1/+2

2018-07-10	Now that all *_free() functions are NULL safe, we can generate the	tb	5	-239/+123
	freenull test from Symbols.list. Suggested by jsing, discussed with beck and bluhm.
2018-07-10	+addsub	tb	1	-1/+2

2018-07-10	Add simple regression tests for BN_{,u}{add,sub}(3). With input from jca	tb	2	-0/+248

2018-07-09	Move a detail on tls_connect(3) to its documentation and be a bit more	tb	1	-5/+7
	explicit about the servername argument of tls_connect_servername(3). input & ok jsing, input & ok schwarze on earlier version
2018-07-09	wording tweak for tls_init() from jsing	tb	1	-4/+4
	ok jsing, schwarze
2018-07-09	sync with const changes in x509.h r1.68.	tb	1	-4/+4

2018-07-09	sync with const changes in evp.h r1.64.	tb	1	-3/+3

2018-07-09	sync with const changes in bio.h r1.44.	tb	1	-3/+3

2018-07-09	sync with const changes in bio.h r1.45.	tb	1	-10/+10

2018-07-08	import the relevant parts of a new ASN1_INTEGER_get(3) manual page	schwarze	2	-1/+240
	from OpenSSL, fixing many bugs and polishing many details
2018-07-08	Simplify and shorten the description of tls_init(3),	schwarze	1	-4/+4
	fixing an awkward wording noticed by tb@. OK tb@
2018-06-16	This code is already painful enough to look at. Putting the braces at the	tb	1	-74/+64
	right spot helps this a bit. Other whitespace and typo fixes while there.
2018-06-16	Tiny tweak to the blinding comment.	tb	1	-2/+4

2018-06-15	Basic cleanup. Handle the possibly NULL ctx_in in ecdsa_sign_setup() with	tb	1	-67/+62
	the usual idiom. All the allocations are now handled inside conditionals as is usually done in this part of the tree. Turn a few comments into actual sentences and remove a few self-evident ones. Change outdated or cryptic comments into more helpful annotations. In ecdsa_do_verify(), start calculating only after properly truncating the message digest. More consistent variable names: prefer 'order_bits' and 'point' over 'i' and 'tmp_point'. ok jsing
2018-06-15	Clean up some whitespace and polish a few comments. Reduces noise in	tb	1	-24/+21
	an upcoming diff.
2018-06-14	Use a blinding value when generating an ECDSA signature, in order to	tb	1	-14/+65
	reduce the possibility of a side-channel attack leaking the private key. Suggested by Keegan Ryan at NCC Group. With input from and ok jsing
2018-06-14	Use a blinding value when generating a DSA signature, in order to reduce	jsing	1	-9/+39
	the possibility of a side-channel attack leaking the private key. Suggested by Keegan Ryan at NCC Group. With input from and ok tb@
2018-06-14	Clarify the digest truncation comment in DSA signature generation.	jsing	1	-3/+4
	Requested by and ok tb@
2018-06-14	Pull up the code that converts the digest to a BIGNUM - this only needs	jsing	1	-10/+10
	to occur once and not be repeated if the signature generation has to be repeated. ok tb@
2018-06-14	Fix a potential leak/incorrect return value in DSA signature generation.	jsing	1	-4/+6
	In the very unlikely case where we have to repeat the signature generation, the DSA_SIG return value has already been allocated. This will either result in a leak when we allocate again on the next iteration, or it will give a false success (with missing signature values) if any error occurs on the next iteration. ok tb@
2018-06-14	Call DSA_SIG_new() instead of hand rolling the same.	jsing	1	-5/+2
	ok beck@ tb@
2018-06-14	DSA_SIG_new() amounts to a single calloc() call.	jsing	1	-10/+3
	ok beck@ tb@
2018-06-13	style(9), comments and whitespace.	jsing	1	-30/+32

2018-06-13	Avoid a timing side-channel leak when generating DSA and ECDSA signatures.	jsing	2	-7/+4
	This is caused by an attempt to do fast modular arithmetic, which introduces branches that leak information regarding secret values. Issue identified and reported by Keegan Ryan of NCC Group. ok beck@ tb@
2018-06-12	zap stray tab	sthen	1	-2/+2

2018-06-12	Reject excessively large primes in DH key generation. Problem reported	sthen	1	-1/+6
	by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457) and based on his diff. suggestions from tb@, ok tb@ jsing@ "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack."
2018-06-10	fix odd whitespace	tb	1	-3/+3

2018-06-10	Remove a handrolled GOST_le2bn().	jsing	1	-8/+4
	From Dmitry Eremin-Solenikov <dbaryshkov at gmail dot com>.