openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Remove unused Elliptic Curve code.	jsing	2023-01-14	1	-1191/+0
\| \| \| \| \| \| \| \| \| \| \| \| \|	For various reasons, the ecp_nistp* and ecp_nistz* code is unused. While ecp_nistp* was being compiled, it is disabled due to OPENSSL_NO_EC_NISTP_64_GCC_128 being defined. On the other hand, ecp_nistz* was not even being built. We will bring in new versions or alternative versions of such code, if we end up enabling it in the future. For now it is just causing complexity (and grep noise) while trying to improve the EC code. Discussed with tb@
*	Make internal header file names consistent	tb	2022-11-26	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Libcrypto currently has a mess of _lcl.h, _locl.h, and _local.h names used for internal headers. Move all these headers we inherited from OpenSSL to _local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
*	Change bn_expand()/bn_wexpand() to indicate failure/success via 0/1.	jsing	2022-11-24	1	-2/+2
\| \| \| \| \| \| \| \| \|	Currently bn_expand()/bn_wexpand() return a BIGNUM *, however none of the callers use this (and many already treat it as a true/false value). Change these functions to return 0 on failure and 1 on success, revising callers that test against NULL in the process. ok tb@
*	whitespace	tb	2022-11-19	1	-2/+2
\|
*	static const, not const static	jsg	2022-08-29	1	-3/+3
\| \| \| \| \| \| \| \| \|	c99 6.11.5: "The placement of a storage-class specifier other than at the beginning of the declaration specifiers in a declaration is an obsolescent feature." ok miod@ tb@
*	Prepare to provide EC_GROUP_order_bits()	tb	2021-09-08	1	-1/+2
\| \| \| \|	ok jsing
*	Provide EC_POINT_{g,s}et_Jprojective_coordinates for internal use	tb	2021-04-20	1	-5/+5
\| \| \| \|	ok jsing
*	Prepare to provide EC_POINT_{g,s}et_affine_coordinates	tb	2021-04-20	1	-2/+2
\| \| \| \| \| \|	Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b ok jsing
*	Implement coordinate blinding for EC_POINT.	tb	2018-11-05	1	-2/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Based on OpenSSL commit 875ba8b21ecc65ad9a6bdc66971e50 by Billy Brumley, Sohaib ul Hassan and Nicola Tuveri. ok beck jsing commit 875ba8b21ecc65ad9a6bdc66971e50461660fcbb Author: Sohaib ul Hassan <soh.19.hassan@gmail.com> Date: Sat Jun 16 17:07:40 2018 +0300 Implement coordinate blinding for EC_POINT This commit implements coordinate blinding, i.e., it randomizes the representative of an elliptic curve point in its equivalence class, for prime curves implemented through EC_GFp_simple_method, EC_GFp_mont_method, and EC_GFp_nist_method. This commit is derived from the patch https://marc.info/?l=openssl-dev&m=131194808413635 by Billy Brumley. Coordinate blinding is a generally useful side-channel countermeasure and is (mostly) free. The function itself takes a few field multiplicationss, but is usually only necessary at the beginning of a scalar multiplication (as implemented in the patch). When used this way, it makes the values that variables take (i.e., field elements in an algorithm state) unpredictable. For instance, this mitigates chosen EC point side-channel attacks for settings such as ECDH and EC private key decryption, for the aforementioned curves. For EC_METHODs using different coordinate representations this commit does nothing, but the corresponding coordinate blinding function can be easily added in the future to extend these changes to such curves. Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com> Co-authored-by: Billy Brumley <bbrumley@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6526)
*	recommit label indentation part of the backout; clearly unrelated to the	tb	2018-07-15	1	-4/+4
\| \| \| \|	breakage.
*	back out ecc constant time changes	jsg	2018-07-15	1	-4/+4
\| \| \| \| \| \| \| \|	after the constant time commits various regress tests started failing on sparc64 ssh t9, libcrypto ec ecdh ecdsa and trying to ssh out resulted in 'invalid elliptic curve value' ok tb@
*	Indent labels by a space so they don't obliterate function names in diffs.	tb	2018-07-10	1	-4/+4
\|
*	use freezero() instead of memset/explicit_bzero + free. Substantially	deraadt	2017-05-02	1	-5/+3
\| \| \| \| \| \| \| \| \| \|	reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
*	Send the function codes from the error functions to the bit bucket,	beck	2017-01-29	1	-26/+17
\| \| \| \| \| \|	as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
*	Add assembler code for the nist 256-bit GFp curve, written initially by	miod	2016-11-04	1	-0/+1200
	Intel. Obtained from BoringSSL, with some integration work borrowed from OpenSSL 1.0.2; assembler code for arm and sparc64 borrowed from OpenSSL 1.1.0. None of this code is enabled in libcrypto yet. ok beck@ jsing@