summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dh (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Avoid leak in error path of dh_priv_decodeinoguchi2020-01-041-1/+2
| | | | ok jsing@ tb@
* Fix BN_is_prime_* calls in libcrypto, the API returns -1 on error.tb2019-01-201-5/+12
| | | | | | | From BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, jsing
* Missing initialization for pub_key. CID 184303.tb2018-11-121-2/+2
| | | | ok bcook
* Initialize priv_key and pub_key on first use instead of at the top.tb2018-11-091-6/+4
| | | | | | While there, eliminate a flag that was only used once. ok beck jsing mestre
* unrevert the use of bn_rand_interval().tb2018-11-061-6/+9
| | | | ok beck jsing
* revert use of bn_rand_interval due to failures with ECDHE and TLStb2018-11-061-9/+6
|
* Make use of bn_rand_interval() where appropriate.tb2018-11-051-6/+9
| | | | ok beck jsing
* Eliminate a few "} else" branches, a few unneeded NULL checks beforetb2018-11-051-16/+12
| | | | | | freeing and indent nearby labels. ok beck jsing
* Remove two unnecessary BN_FLG_CONSTTIME dances: BN_mod_exp_ct() alreadytb2018-11-051-12/+4
| | | | | | takes care of this internally. ok beck jsing
* Add consts to EVP_PKEY_asn1_set_private()tb2018-08-241-2/+2
| | | | | | | | | Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
* After removing support for broken PKCS#8 formats (it was high time),tb2018-08-241-2/+2
| | | | | | | | we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there. tested in a bulk by sthen ok jsing
* zap stray tabsthen2018-06-121-2/+2
|
* Reject excessively large primes in DH key generation. Problem reportedsthen2018-06-121-1/+6
| | | | | | | | | | | by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457) and based on his diff. suggestions from tb@, ok tb@ jsing@ "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack."
* Remove incorrect NULL checks in DH_set0_key().tb2018-05-021-5/+1
| | | | | | Reported by Ondřej Surý, LibreSSL-portable issue #92. ok inoguchi, jsing
* Convert a handful of X509_*() functions to take const as in OpenSSL.tb2018-05-011-5/+5
| | | | | tested in a bulk by sthen ok jsing
* make ENGINE_finish() succeed on NULL and simplify callers as intb2018-04-141-10/+6
| | | | | | | | | | | OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
* Provide DH_get0_engine().jsing2018-02-222-2/+9
|
* Fix bogus check. Spotted by brynet, thanks.tb2018-02-201-2/+4
|
* Provide DH_set_length()tb2018-02-202-2/+12
| | | | ok jsing
* Provide DH_bits()tb2018-02-202-2/+9
| | | | ok jsing
* Provide DH_{clear,set,test}_flags().tb2018-02-202-2/+23
| | | | ok jsing
* Provide {DH,DSA}_set0_key(). Requested by sthen.tb2018-02-182-2/+22
| | | | ok jsing
* Provide DH_set0_pqg.tb2018-02-182-2/+25
| | | | ok jsing
* Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),tb2018-02-172-2/+26
| | | | | | EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key(). ok jsing
* Send the function codes from the error functions to the bit bucket,beck2017-01-297-55/+38
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Make explicit _ct and _nonct versions of bn_mod_exp funcitons thatbeck2017-01-211-2/+4
| | | | | | | | | | | | matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
* Expand ASN1_ITEM_rptr macro - no change in generated assembly.jsing2016-12-301-2/+2
|
* Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* withjsing2016-11-042-8/+30
| | | | | | ASN1_item_{d2i,i2d}_* equivalents. ok guenther@ miod@
* call BN_init on temporaries to avoid use-before-set warningsbcook2016-07-071-1/+2
| | | | ok beck@
* On systems where we do not have BN_ULLONG defined (most 64-bit systems),bcook2016-07-051-1/+5
| | | | | | | | | | | | | | BN_mod_word() can return incorrect results if the supplied modulus is too big, so we need to fall back to BN_div_word. Now that BN_mod_word may fail, handle errors properly update the man page. Thanks to Brian Smith for pointing out these fixes from BoringSSL: https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89 https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be ok beck@
* Remove flags for disabling constant-time operations.bcook2016-06-302-34/+12
| | | | | | | | This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally constant-time. Based on the original patch by César Pereid. ok beck@
* Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making thejsing2015-02-141-6/+42
| | | | | | | | | data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Enable building with -DOPENSSL_NO_DEPRECATED.doug2015-02-111-1/+2
| | | | | | | | | | | | | | | If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
* Expand the -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_(const_)?fname macros so thatjsing2015-02-101-2/+14
| | | | | | | | the code is visible and functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* BN_CTX_get() can fail - consistently check its return value.jsing2015-02-092-6/+7
| | | | | | | | | | | | | | | There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@
* This is neither code not proper documentation.miod2015-02-097-157/+0
|
* Delete a lot of #if 0 code in libressl.doug2015-02-072-16/+2
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* Avoid a double-free in an error path.doug2015-01-081-1/+2
| | | | ok jsing@ beck@
* None of these need to include <openssl/rand.h>jsing2014-10-181-2/+1
|
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-124-30/+17
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-119-26/+31
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-103-4/+12
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-101-2/+4
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* ASN1_STRING_free can handle NULL, so callers don't need to check. ok miodtedu2014-07-091-7/+4
|
* Simplify error path of DH_check_pub_key()miod2014-07-091-8/+4
|
* KNFmiod2014-07-099-567/+599
|
* remove unused, private version strings except SSL_version_strbcook2014-07-091-3/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* simplify and unobfuscate a variable to fix a mem leak.tedu2014-06-301-6/+9
| | | | original diff by logan
* replace atoi() calls with strtol(). Follow the idiomatic pattern in ourderaadt2014-06-121-12/+30
| | | | | | | | | manual page strictly. Return -2 if the strings are not strict numbers. The numbers remain in the range of "int". Range checking for these parameters is done later in the pkey_*_ctl() functions, or sometimes in functions much further downstream... but not always!!! ok millert miod mikeb
* tags as requested by miod and teduderaadt2014-06-1211-9/+11
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 22:55:22 +0000