summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec/ec_local.h (unfollow)
Commit message (Collapse)AuthorFilesLines
2025-06-07Spelling, discussed with jsingtb1-1/+1
2025-06-07tls13_ctx_new(): fix calloc() incantationtb1-2/+2
Switch argument order and use sizeof(*ctx) rather than sizeof(struct ...). ok jsg
2025-06-07Fix weird calloc() argument ordertb1-5/+5
ok jsg
2025-06-07do_PVK_body: Unconditionally free enctmptb1-3/+3
enctmp is only allocated if saltlen > 0, so there is no harm in checking for that, but it's also pointless. Unconfuses smatch who thinks there might be a memory leak: pem/pvkfmt.c:808 do_PVK_body() warn: possible memory leak of 'enctmp' found by jsg
2025-06-07Fix smatch warning in asn1_primitive_print()tb1-2/+2
Remove unnecessary and inconsistent NULL check for 'it', which the only caller, asn1_item_print_ctx(), already dereferenced. found by jsg ok kenjiro
2025-06-07KNF for variations of get_cipher_by_name()tb3-6/+9
2025-06-07openssl.1: update defaults for cms and smimetb1-4/+4
2025-06-07openssl smime: switch default encryption from 40-bit RC2 to AES-256tb1-11/+5
The old default is still available with rc2-40. https://github.com/pyca/cryptography/issues/12949 https://github.com/libressl/portable/issues/1168 ok kenjiro
2025-06-07openssl cms: switch default encryption from triple DES to AES-256tb1-11/+5
The old default is still available with "des3" https://github.com/pyca/cryptography/issues/12949 https://github.com/libressl/portable/issues/1168 ok kenjiro
2025-06-07crypto_ex_data: fix allocation size of classes_newtb1-2/+2
classes_new is an array of pointers to struct crypto_ex_data, not an array of struct crypto_ex_data_index, so this overallocated by 240 or 480 bytes on ILP32 or LP64, respectively. found by jsg using smatch ok jsing
2025-06-06Fix EVP_DecryptFinal() for CCM cipherstb1-5/+10
There is an old trap that you must not call EVP_*Final() when using AES-CCM. While encrypting this happens to be a noop and succeeds, but when decrypting, the call fails. This behavior changed in OpenSSL and BoringSSL, making the trap even worse since we now fail when the others succeed. This is an adaptation of OpenSSL commit 197421b1 to fix this. See also https://github.com/sfackler/rust-openssl/pull/1805#issuecomment-2734788336 ok beck kenjiro
2025-06-05pkcs7.h: drop two spaces before a tabtb1-3/+3
2025-06-05Rename the header guard of des.h with HEADER_DES_Htb14-16/+16
libdes is dead, Jim. Only its successors continue to haunt us. discussed with jsing
2025-06-05Remove preprocessor branching on HEADER_DES_Htb13-13/+13
This was the header guard for des_old.h introduced in 2002 and removed in 2014. The header guard for des.h is HEADER_NEW_DES_H for the sake of inconsistency (ostensibly due to backward compat concerns with libdes). ok jsing
2025-06-05opensslconf.h: remove md2 leftoverstb13-52/+0
md2.h left on Apr 15, 2014, along with jpake and seed. In particular, HEADER_MD2_H is never defined. These bits have been dead ever since. ok jsing
2025-06-04libtls: add basic regress for ALPNtb1-1/+138
This currently only tests the behavior for successful protocol negotiations since the test expects all handshakes to complete.
2025-06-04libtls: abort handshake on no ALPN protcol overlaptb1-2/+2
RFC 7301, section 3.2: In the event that the server supports no protocols that the client advertises, then the server SHALL respond with a fatal "no_application_protocol" alert. This change makes tlsext_alpn_server_process() send the alert rather than pretending no callback was present. ok jsing
2025-06-04Revert 1.144 of lib/libc/stdlib/malloc.3. It was changed by accidentyasuoka1-12/+3
by my previous commit.
2025-06-03Now our fflush() comply POSIX-2008. test_fflush is expected "pass".yasuoka2-6/+3
And switch test___freadahead to use another version that uses fflush().
2025-06-03Again. Make exit(), fclose(), fflush(), and freopen() comply withyasuoka2-9/+17
POSIX-2008 requirements for setting the underlying file position when flushing read-mode streams, and make an fseek()-after-fflush() not change the underlying file position. This commit fixes some minor problems of the previous. previous diff from guenther Much testing, review, assistence form tb@ ok tb@ millert@ for the previous ok asou
2025-06-03parse_test_file: add a missing call to finish in last cleanuptb1-1/+4
2025-06-03parse_test_file: add missing error checks for init()tb1-3/+5
2025-06-03Use timingsafe_memcmp when comparing authenticatorskenjiro3-9/+9
Replace memcmp() with timingsafe_memcmp() for authentication tag comparison in AES-CCM, GCM, PKCS12 and AES key unwrap code paths to ensure constant-time behavior and avoid potential timing side channels. This aligns with OpenSSL 1e4a355. ok tb@
2025-06-03Add non-EVP tests for AES CFB128 and OFB128 modeskenjiro1-8/+112
Extend aes_test.c to include non-EVP tests for AES CFB128 and OFB128 modes using AES_cfb128_encrypt() and AES_ofb128_encrypt(). These additions improve test coverage by exercising the low-level interfaces with the same vectors used in the EVP-based tests. ok tb@
2025-06-02bn_gcd: fix wacky indentation found by smatchtb1-3/+5
via/ok jsg
2025-06-02correct indentation, no functional changejsg8-25/+28
found with smatch, ok tb@
2025-06-02Inline EVP_CIPHER_[gs]et_asn1_iv() in their last callerstb1-27/+15
ok kenjiro
2025-06-01Fix resource leaks in ec_points_make_affine()tb1-1/+4
Add missing BN_CTX_end() and free prod_Z. CID 552848 (for prod_Z)
2025-05-31openssl-ruby/Makefile: zap trailing whitespace added in previoustb1-2/+2
2025-05-31explicit_bzero test: don't redefine __SANITIZE_ADDRESS__tb1-1/+3
Silences an annoying warning when running tests with ASAN.
2025-05-31zap weird empty added to tls1_ec_nid2group_id() in previoustb1-2/+1
2025-05-31test.h: include stddef.h for NULL and size_ttb1-1/+2
2025-05-31test.c: drop include of libgen.htb1-2/+1
This no longer uses basenam, so we can drop this header which isn't available on Windows.
2025-05-31Plug leak of bm->buf->datatb1-1/+2
BIO_new(BIO_s_mem()) now allocates this pointer, so we need to free it before assigning to it.
2025-05-31test.c: plug leak of tmp_filetb1-1/+2
2025-05-31Fix attributes in test.htb1-4/+4
The __attribute__ is part of the function declaration, hence drop the incorrect early semicolons. Fixes the build of the md test on sparc64. In file included from /usr/src/regress/lib/libcrypto/md/md_test.c:25: /usr/src/regress/lib/libcrypto/md/../test/test.h:61: warning: empty declaration /usr/src/regress/lib/libcrypto/md/../test/test.h:77: warning: empty declaration /usr/src/regress/lib/libcrypto/md/../test/test.h:114: warning: empty declaration
2025-05-31test.c: avoid NULL-dereferencetb1-2/+3
test_init() calls test_new(NULL, NULL), which leads to a segfault. llvm 16 optimizes this away with -O2, however gcc 4.2.1 on sparc64 doesn't. Fix this by only inheriting the out FILE from the parent if the latter is non-NULL.
2025-05-28limitiation -> limitationjsg1-3/+3
2025-05-27Delete bad advice about abusing malloc_options = "X" as a productionschwarze1-12/+3
feature to terminate the program when out of memory. Application code should always handle failure of library functions properly. So if you want your program to terminate, write something like | p = malloc(...); | if (p == NULL) | err(1, NULL); and don't abuse malloc_options. Direction suggested by otto@ after anton@ pointed out that this very old text still used an outdated data type for malloc_options and potentially failed to define its value at compile time. OK otto@
2025-05-27Make EVP_CIPHER_[gs]et_asn1_iv() local to evp_ciphertb9-153/+174
These formerly public functions have only ever been called from EVP_CIPHER_asn1_to_param() and EVP_CPIHER_param_to_asn1(), either directly if the EVP_CIPH_FLAG_DEFAULT_ASN1 flag is set, or indirectly when set as the .[gs]et_asn1_parameters() method of the EVP_CIPHER. This commit removes their use in .[gs]et_asn1_parameters() dating back to long before the EVP_CIPH_FLAG_DEFAULT_ASN1 was introduced in 2010. This way the only remaining consumer of .[gs]et_asn1_parameters() is RC2. ok jsing
2025-05-26GOST has left the buildingtb1-2/+2
(comment tweak, no code change)
2025-05-25Merge AES-IGE into aes.c.jsing3-121/+66
2025-05-25Simplify AES-IGE and remove code with implementation defined behaviour.jsing1-117/+40
Remove the UNALIGNED_MEMOPS_ARE_FAST from AES-IGE, which can result in implementation defined behaviour on i386/amd64. While we could keep this purely for aligned inputs and outputs, it's probably not that important and can be redone in a simpler form later if we want to do so. ok tb@
2025-05-25Remove bogus alias.jsing1-2/+1
2025-05-25Add test whether fflush() complies POSIX for the handling ofyasuoka1-1/+82
pushed-back wchar_t chars.
2025-05-25Add test for ungetwc().yasuoka2-1/+94
2025-05-25Merge RC2 into a single file.jsing6-548/+301
Discussed with tb@
2025-05-25Provide an EC method that uses homogeneous projective coordinates.jsing3-2/+870
This makes use of EC_FIELD_ELEMENT to perform fixed width constant time operations. Addition and doubling of points makes use of the formulas from "Complete addition formulas for prime order elliptic curves" (https://eprint.iacr.org/2015/1060). These are complete and operate in constant time. Further work will continue in tree. ok tb@
2025-05-25Implement EC field element operations.jsing5-31/+299
Provide EC_FIELD_ELEMENT and EC_FIELD_MODULUS, which allow for operations on fixed width fields in constant time. These can in turn be used to implement Elliptic Curve cryptography for prime fields, without needing to use BN. This will improve the code, reduces timing leaks and enable further optimisation. ok beck@ tb@
2025-05-25openssl speed: clean up time_fjoshua1-79/+76
Rename Time_F to time_f and tidy up implementation and usage. time_f still uses app_timer_{user,real}, which I will clean up in a future commit. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-10 20:03:45 +0000