summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/gost (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Unhook and remove GOST and STREEBOGtb2024-03-0217-6164/+0
| | | | | | | | | | | | This stops compiling the GOST source. The current implementation is low quality and got in the way, especially in libssl. While we would be open for GOST support, it needs to be significantly better than what we have had and it also needs a maintainer. Add OPENSSL_NO_GOST to opensslfeatures and stop installing gost.h. Some code wrapped in #ifndef OPENSSL_NO_GOST will be removed later. ok jsing
* Replace .pkey_base_id with a .base_method pointertb2024-01-042-6/+6
| | | | | | | | | | | | | | | | Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias. As such it resolves to an underlying ASN.1 method (in one step). This information can be stored in a base_method pointer in allusion to the pkey_base_id, which is the name for the nid (aka pkey_id aka type) of the underlying method. For an ASN.1 method, the base method is itself, so the base method is set as a pointer to itself. For an alias it is of course a pointer to the underlying method. Then obviously ameth->pkey_base_id is the same as ameth->base_method->pkey_id, so rework all ASN.1 methods to follow that. ok jsing
* Split ameth arrays into individual methodstb2024-01-041-41/+41
| | | | | | | | | | | | For some reason DSA, GOST, and RSA had their ASN.1 methods stored in an array. This is clumsy and the only benefit is that one saves a few externs in p_lib.c. They were also arranged by ascending NID because of bsearch() madness. Split them up and arrange the methods by name, which is much saner and simpler. ok jsing
* Replace EVP_KEY_assign_GOST() calls with EVP_PKEY_set_type()tb2023-12-281-3/+7
| | | | | | | | | | Calling EVP_KEY_assign_GOST(pkey, NULL) has the same effect as calling EVP_PKEY_set_type(pkey, EVP_PKEY_GOSTR01). The only difference is that the latter form allows for error checking while the former won't let you do that. Add comments explaining what we're actually doing: freeing and zeroing the pkey->pkey union. ok jsing
* Fix another EVP_PKEY_assign_GOST() calltb2023-12-281-2/+4
| | | | | | | | | Again this can't actually fail, but if it did, things would leak. Call GOST_KEY_free() in the error path. ok jsing CID 471706 (false positive)
* Clean up pkey_gost_mac_keygen()tb2023-12-281-8/+15
| | | | | | | | | | Make this function single exit, check and assign and finally error check EVP_PKEY_assign(). This can't actually fail currently, but if it did, things would leak. Free the key data with freezero. ok jsing CID 471704 (false positive)
* Stop including ecdsa.h and ecdh.h internallytb2023-07-282-4/+2
| | | | | | | | These headers are now reduced to #include <openssl/ec.h> and are provided for compatiblity only. There's no point in using them. At the same time garbage collect the last uses of OPENSSL_NO_{ECDSA,ECDH} in our tree. ok jsing
* Fix two EC_POINT_is_on_curve() checkstb2023-07-241-2/+2
| | | | | | | This API can fail for various reasons, in which case it returns -1, so you need to check if (EC_POINT_is_on_curve_checks(...) <= 0). ok miod
* Hide symbols in gost.beck2023-07-087-5/+47
| | | | ok tb@ after some puking in his mouth.
* Rename ecs_local.h into ecdsa_local.htb2023-07-052-4/+4
|
* Call BN_free() instead of BN_clear_free().jsing2023-03-071-5/+5
| | | | | | | BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly instead. ok tb@
* gost: add missing BN_CTX_{start,end}() pairtb2023-01-151-1/+4
| | | | | | | | | | The new BN_CTX code enforces that the context be started before a BIGNUM can be obtained from it via BN_CTX_get(), tests for ssl/interop and the openssl app broke, implying missing test coverage in libcrypto itself. Add the obviously missing bits. reported by anton ok jsing
* BN_one() can fail, check its return value.jsing2022-12-011-5/+9
| | | | ok tb@
* Make header guards of internal headers consistenttb2022-11-261-4/+4
| | | | | Not all of them, only those that didn't leak into a public header... Yes.
* Make internal header file names consistenttb2022-11-2614-34/+34
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Remove mkerr.pl remnants from LibreSSLkn2022-07-122-11/+1
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Avoid segfaults in EVP_PKEY_CTX_free()tb2022-03-301-2/+5
| | | | | | | | | | | | | It is possible to call pmeth->cleanup() with an EVP_PKEY_CTX whose data is NULL. If pmeth->init() in int_ctx_new() fails, EVP_PKEY_CTX_free() is called with such a context. This in turn calls pmeth->cleanup(), and thus these cleanup functions must be careful not to use NULL data. Most of them are, but one of GOST's functions and HMAC's aren't. Reported for HMAC by Masaru Masada https://github.com/libressl-portable/openbsd/issues/129 ok bcook jsing
* gost needs to look into ecs_locl.htb2022-01-072-2/+4
|
* Check BIO_indent() return like all the others in this file.tb2021-12-261-2/+3
| | | | CID 345118
* Include evp_locl.h where it will be needed once most structs fromtb2021-12-122-2/+4
| | | | | | evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi
* Switch to <endian.h> from <machine/endian.h> for better portability.bcook2021-11-092-6/+4
| | | | ok tb@
* Prepare to provide EC_POINT_{g,s}et_affine_coordinatestb2021-04-203-11/+10
| | | | | | Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b ok jsing
* Include machine/endian.h in gost2814789.cinoguchi2020-09-121-1/+3
| | | | | | | To pick up __STRICT_ALIGNMENT define, include machine/endian.h. No kidding... deraadt@ ok bcook@ jsing@
* Add a few more errors to help debugging.jsing2020-06-051-6/+16
| | | | | | | | Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux. ok inoguchi@ tb@
* Add support for additional GOST curves.jsing2020-06-051-3/+3
| | | | | | | | | | | | | These GOST curves are defined in RFC 7836 and draft-deremin-rfc4491-bis. Add aliases for 256-bit GOST curves (see draft-smyshlyaev-tls12-gost-suites) and rename the 512-bit curve ids to follow names defined in tc26 OID registry. Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux. ok inoguchi@
* Apply some style(9).jsing2020-06-051-34/+30
|
* Fix incorrect carry operation in 512 bit addition: in the casetb2019-05-091-6/+8
| | | | | | | | | that there is already a carry and Sigma[i-1] == -1, the carry must be kept. From Dmitry Eremin-Solenik. Fixes incorrect Streebog result reported by Guido Vranken.
* Add consts to EVP_PKEY_asn1_set_private()tb2018-08-241-2/+2
| | | | | | | | | Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
* After removing support for broken PKCS#8 formats (it was high time),tb2018-08-241-3/+3
| | | | | | | | we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there. tested in a bulk by sthen ok jsing
* Remove a handrolled GOST_le2bn().jsing2018-06-101-8/+4
| | | | From Dmitry Eremin-Solenikov <dbaryshkov at gmail dot com>.
* Convert a handful of X509_*() functions to take const as in OpenSSL.tb2018-05-011-3/+3
| | | | | tested in a bulk by sthen ok jsing
* use freezero() instead of memset/explicit_bzero + free. Substantiallyderaadt2017-05-021-3/+2
| | | | | | | | | | reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
* Send the function codes from the error functions to the bit bucket,beck2017-01-296-143/+83
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Add ct and nonct versions of BN_mod_inverse for internal usebeck2017-01-211-2/+2
| | | | ok jsing@
* Split out BN_div and BN_mod into ct and nonct versions for Internal use.beck2017-01-211-4/+6
| | | | ok jsing@
* Explicitly export a list of symbols from libcrypto.jsing2016-12-212-2/+10
| | | | | | | | | | | | | | | | Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
* unifdef OPENSSL_NO_CMSjsing2016-10-192-21/+2
|
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-042-7/+27
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Correct spelling of OPENSSL_cleanse.jsing2015-09-104-9/+11
| | | | ok miod@
* Expand ASN.1 template macros - no change in generated assembly.jsing2015-07-241-22/+144
|
* prefer string.h to strings.h ok guenther@ doug@bcook2015-07-201-2/+2
|
* Fix possible 32 byte buffer overrun, found by coverity, CID 78869beck2015-07-151-2/+2
| | | | ok miod@
* Memory leaks upon error. Coverity CID 78874.miod2015-02-141-10/+10
| | | | ok jsing@
* Consistently check the return value from BN_CTX_get() on assignment.jsing2015-02-144-42/+44
| | | | | | | This is the same as the previous larger commit, however it would seem the GOST part got missed. ok beck@ doug@
* Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment.beck2015-02-112-2/+21
|
* get rid of OPENSSL_NO_CMS code we do not use.beck2015-02-112-21/+2
| | | | ok miod@
* Enable building with -DOPENSSL_NO_DEPRECATED.doug2015-02-114-4/+8
| | | | | | | | | | | | | | | If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
* Replace assert() and OPENSSL_assert() calls with proper error return paths.miod2015-02-101-5/+20
| | | | Careful review, feedback & ok doug@ jsing@
* Remove assert() or OPENSSL_assert() of pointers being non-NULL. The policymiod2015-02-101-5/+1
| | | | | for libraries in OpenBSD is to deliberately let NULL pointers cause a SIGSEGV. ok doug@ jsing@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-091-5/+125
| | | | | | | | functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-17 00:25:56 +0000