summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* bn_test: use BN_RECP_CTX_create() rather than _new()/_set()tb2025-01-211-5/+3
|
* Move BN_RECP_CTX to the heaptb2025-01-213-67/+48
| | | | | | | | | | | | | | This introduces a BN_RECP_CTX_create() function that allocates and populates the BN_RECP_CTX in a single call, without taking an unused BN_CTX argument. At the same time, make the N and Nr members BIGNUMs on the heap which are allocated by BN_RECP_CTX_create() and freed by BN_RECP_CTX_free() and remove the unnecessary flags argument. Garbage collect the now unused BN_RECP_CTX_{new,init,set}(). ok jsing
* crypto.h: zap some offensive whitespacetb2025-01-201-2/+2
|
* Annotate why EVP_PKEY_CTX_ctrl_str() will stay for a whiletb2025-01-201-1/+6
|
* openssl x509: zap extra whitespace in usagetb2025-01-191-2/+2
|
* appstest: remove the two tests exercising -C minimallytb2025-01-191-3/+3
|
* Remove -C option from "apps"tb2025-01-196-436/+12
| | | | | | | | As far as I can tell, this way of generating "C code" was only used to add stuff to pretty regress and even prettier speed "app" and otherwise it just served to make the library maintainer's lives even more miserable. ok jsing
* md_test: switch from 2<<28 to 1<<29tb2025-01-191-2/+2
| | | | discussed with jsing
* Improve bit counter handling in MD5.jsing2025-01-193-19/+18
| | | | | | | | | | | | | | | | Like most hashes, MD5 needs to keep count of the number of bits in the message being processed. However, rather than using a 64 bit counter this is implemented using two 32 bit values (which is exposed in the public API). Even with this hurdle, we can still use 64 bit math and let the compiler figure out how to best handle the situation (hopefully avoiding compiler warnings on 16 bit platforms in the process!). On amd64 this code now requires two instructions, instead of the previous five. While here remove a comment that is excessively visible and no longer completely accurate (and if you're going to redefine types like MD5_WORD you kinda need to know what you're doing). ok tb@ (who's going to miss the dear diary style comments)
* ecparam: remove GF2m remnanttb2025-01-191-14/+4
| | | | | | | | This removes the last in-tree dependency on EC_METHOD_get_field_type() and EC_GROUP_method_of() and removes some dead code which would generate code that wouldn't compile if it was reachable. ok jsing
* Add regress coverage that checks the MD5 message bit counter handling.jsing2025-01-191-1/+66
|
* Simplify tls1_check_ec_key()tb2025-01-181-7/+7
| | | | | | | It doesn't need to have optional arguments anymore, so we can pass in values and don't need NULL checks and dereferencing. ok jsing
* Rename grp to group like almost everywhere elsetb2025-01-181-4/+4
|
* Remove parentheses in return statementstb2025-01-181-14/+14
| | | | ok cc + sha256
* Remove two pointless NULL checkstb2025-01-181-8/+1
| | | | | The only caller ensures that the EC_KEY is not NULL and passes the address of comp_id on its stack, so neither will be NULL.
* Drop field determination dancetb2025-01-181-9/+2
| | | | | | | | | If we get here, we're in a server and have managed to load the cert. The public key is therefore a point on a built-in curve, and we know the group is defined over some prime field. Now it is just a matter of figuring out whether we support the group in libssl. ok jsing
* Stop pretending we support arbirary explicit groupstb2025-01-181-3/+2
| | | | ok jsing
* Remove SSL_DES and SSL_IDEA remnantstb2025-01-182-6/+2
| | | | ok jsing
* SSL_CTX_set_cipher_list: stop mentioning ancient cipherstb2025-01-181-11/+1
| | | | | | Support was removed nearly a decade ago. No need to mention this anymore. ok jsing
* Remove last uses of SSL_aDSStb2025-01-182-14/+2
| | | | ok jsing
* ssl_seclevel: remove comment pertaining to DSA certstb2025-01-181-6/+1
| | | | ok jsing
* Stop mentioning DSA/DSStb2025-01-186-23/+16
| | | | | | | | Support for this went away in 2017, but a few things still mentioned DSA in various contexts. Replace DSA with ECDSA where appropriate and otherwise delete this. It won't work. ok jsing
* Use name instead of register.jsing2025-01-181-3/+3
|
* ssl_local.h: does not need to include dsa.htb2025-01-171-2/+1
|
* rsa_pmeth: unify strcmp return checkstb2025-01-171-12/+10
| | | | ok jsing
* Replace the remaining group->meth->field_{mul,sqr}tb2025-01-171-13/+13
| | | | These somehow escaped a prior pass.
* ecp_methods: remove p = group->p indirectiontb2025-01-171-37/+34
| | | | | | | This helped a bit with readability when we needed to do &group->p, but now that's no longer needed. discussed with jsing
* ecp_methods: rework field_{mul,sqr}() handlingtb2025-01-171-93/+83
| | | | | | | | Add wrapper functions that call the methods so that we can get rid of inconsistent use of ugly function pointers with massively overlong lines and other ways of reaching into the methods. ok jsing
* Fix two incorrect strtonum() conversionstb2025-01-171-3/+13
| | | | | | | | | | | | | | | | The atoi() would also accept the magic negative values and old openssl releases would expose these as arguments to -pkeyopt rsa_pss_saltlen:-1 in the openssl pkeyutl "app". While modern openssl switched to having readable alternatives to these, the oseid component of opensc would use the old syntax until yesterday. Still, this is our bug and we need to keep accepting the magic values as such, so do so. Everything below -3 will be rejected by the RSA_ctrl() handler later. Debugged by Doug Engert in https://github.com/OpenSC/OpenSC/issues/3317 ok jsing op
* dh_ameth: explcitly -> explicitlytb2025-01-171-2/+2
|
* asn_mime: deteched -> detached + a knf nittb2025-01-171-2/+3
|
* Interop tests for openssl 3.3 and 3.4, retire 3.2, 1.1 (and 3.1 remnants)tb2025-01-1512-191/+130
| | | | | | OpenSSL 1.1 and 3.2 will be removed from the ports tree, so test the two remaining versions. Unfortunately, this requires a lot more manual massaging than there should be.
* Default to eopenssl33 for other_openssl_bintb2025-01-151-2/+2
| | | | | OpenSSL 1.1 is dead and will soon be removed from the ports tree. At the same time OpenSSL 3.3 will become the default openssl.
* Fix another awful comment in ec_point_cmp()tb2025-01-111-4/+3
|
* Align vertical backslashes in a macrotb2025-01-111-2/+2
|
* ec_point_cmp: tidy up an ugly commenttb2025-01-111-7/+5
|
* ec_key_gen() is unused outside ec_key.c, so make it statictb2025-01-112-4/+3
|
* Move EC_KEY_METHOD_DYNAMIC next to the two methods using ittb2025-01-112-4/+4
| | | | | Only EC_KEY_METHOD_{new,free}() need to know about this flag, so make that more obvious.
* Remove a weird commenttb2025-01-111-5/+1
|
* Rename the is_on_curve() method to point_is_on_curve()tb2025-01-113-12/+13
| | | | | Rename ec_is_on_curve() to ec_point_is_on_curve() and ec_cmp() to ec_point_cmp().
* Move is_on_curve() and (point) cmp() uptb2025-01-112-201/+201
| | | | | These were in the middle of the methods responsible for curve operations, which makes little sense.
* Move compressed coordinate setting into public APItb2025-01-113-108/+83
| | | | | | | | Now that it is method-agnostic, we can remove the method and move the implementation to the body of the public API function. And another method goes away. We're soon down to the ones we really need. discussed with jsing
* Rework ec_point_set_compressed_coordinates()tb2025-01-111-18/+14
| | | | | | | | | | While this is nicely done, it is a bit too clever. We can do the calculation in the normal domain rather than the Montgomery domain and this way the method becomes method agnostic. This will be a bit slower but since a couple of field operations are nothing compared to the cost of BN_mod_sqrt() this isn't a concern. ok jsing
* Move ec_points_make_affine() to the right placetb2025-01-111-135/+135
| | | | discussed with jsing
* Move the EC_POINTs API into the garbage bintb2025-01-111-20/+20
|
* Neuter the EC_POINTs_* APItb2025-01-114-77/+16
| | | | | | | | | | | | | | EC_POINTs_mul() was only ever used by Ruby and they stopped doing so for LibreSSL when we incorporated the constant time multiplication work of Brumley et al and restricted the length of the points array to 1, making this API effectively useless. The only real reason you want to have an API to calculate \sum n_i P_i is for ECDSA where you want m * G + n * P. Whether something like his needs to be in the public API is doubtful. EC_POINTs_make_affine() is an implementation detail of EC_POINTs_mul(). As such it never really belonged into the public API. ok jsing
* Remove a pointless check about Z == 1tb2025-01-111-7/+1
| | | | ok jsing
* Inline ec_point_make_affine() in the public APItb2025-01-113-44/+22
| | | | | | | | | | Whatever the EC_METHOD, this will always be equivalent to getting and setting the affine coordinates, so this needs no dedicated method. Also, this is a function that makes no real sense since a caller should never need to care about this... As always, our favorite language bindings thought they might have users who care. This time it's Ruby and Perl. ok jsing
* Remove seven pairs of unnecessary parenthesestb2025-01-111-5/+5
| | | | ok millert operator(7)
* When describing v3 crypt, be specific as to which machine was simulated.jsg2025-01-091-3/+3
| | | | feedback jmc@ ok deraadt@ schwarze@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 06:08:59 +0000