| Age | Commit message (Collapse) | Author |
|---|
|
jsing rightly points out that this has nothing to do with ASN.1, but
ec_lib.c has no EC_KEY knowledge otherwise (it's about groups and points)
and moving it to ec_key.c is also not satisfactory since the weird
d2i/i2d for ECParameters don't belong there either.
no objection from jsing
|
|
Replace the aarch64 CPU detection code with a version that parses ISAR0,
avoiding signal handling and SIGILL. This gets ISAR0 via sysctl(), but this
can be adapted to other mechanisms for other platforms (or alternatively
the same can be achieved via HWCAP).
This now follows the same naming/design as used by amd64 and i386, hence
define HAVE_CRYPTO_CPU_CAPS_INIT for aarch64.
ok kettenis@ tb@
|
|
|
|
CID 514612
|
|
|
|
|
|
the important manual page EVP_EncryptInit(3). Belatedly adjust some
cross references.
|
|
requested by jsing
|
|
This was about as unreadable as four lines of code doing a trivial thing
can get...
ok jsing
|
|
Switch from artistic free reinterpretations of public API in the same file
to calling the real thing if possible.
This means that we need to copy the group's coefficients first instead of
last, so that we can call EC_GROUP_set_generator() to set - yes - all three
of generator, order, and cofactor of the group.
However, we may not have a generator yet since for some reason it is an
optional field and some code relies on that. In that case simply copy over
order and cofactor and punt on sanity checking for now (since this API
never did that anyway).
Finally set the seed using EC_GROUP_set_seed() instead of using a custom
reimplementation.
ok jsing
|
|
Use a single cleanup path, use calloc rather than setting several members
to 0/NULL. This has the side effect that finished can be called even when
init() wasn't called, but this isn't an issue with our EC_GROUP_METHODs.
ok jsing
|
|
|
|
|
|
Apparently it's important that five trivial one-line wrappers remain in a
file with the ISC license. So instead of cleaning the root directory of our
favorite pigsty further by squashing all the useless legacy garbage into a
single file, rename the oddly-named malloc-wrapper.c into crypto_memory.c.
discussed with beck, jsing
|
|
It is a bit sad, because cpt is such an apt abbreviation for crypto that
everybody immediately understands.
discussed with jsing
|
|
discussed with jsing
|
|
discussed with jsing
|
|
The correct spelling is explicit_bzero() and it doesn't need its own file.
discussed with jsing
|
|
discussed with jsing
|
|
discussed with jsing
|
|
|
|
discussed with jsing
|
|
This may have been different at some point in the past, but it may also
have been a confusion with EC_POINT_is_on_curve() which, like any great
API with a name implying a boolean return, actually has three possible
return values.
ok jsing
|
|
It is gross that an internal detail leaked into a public header, but,
hey, it's openssl. No hack is too terrible to appear in this library.
opensslconf.h needs major pruning but the day that happens is not today.
ok jsing
|
|
Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents
an admin from adding a user to more groups. With that tweak we'll keep
on ignoring them instead of potentially reading past the buffer passed to
getgrouplist(3). That behavior is explicitely described in initgroups(3).
ok millert@ gilles@
|
|
In case there is not enough storage to store all the groups found, our
implementation returned the size passed in *ngroups. This isn't very
useful and is different from other implementations. Back in 1999 the
NetBSD implementation was changed to return the actual number of groups
found; that lets callers allocate a properly sized array, a behavior was
later copied by FreeBSD and glibc. So align our implementation. The
documentation doesn't need a change.
ok millert@ gilles@
|
|
|
|
Like most of the code in this file that hasn't been overhauled, these are
just terrible. As jsing points out, we will need to ensure that finish()
works on a not fully initialized point. That's currently safe.
ok jsing
|
|
So... zap the now redundant check. Should have been committed along with
ec_lib.c -r1.77
|
|
Since we only consider standard affine coordinates, the point at infinity
must be excluded. Check at the API boundary that the point isn't the point
at infinity rather than hiding this check somewhere in a method.
ok jsing
|
|
|
|
|
|
|
|
The reason these were in separate files was FIPS. Not our problem.
|
|
This type has been opaque for a while, and nobody should be able to call
this function with id != NULL. If they do, we want to know and it should
be noisy.
suggested by/ok jsing
|
|
The biggest change here is that the computation is now performed in the
Montgomery domain if we have a Montgomery curve. This avoids constant
checking whether need to use plain field operations or whether we can
use curve-specific ones.
Use a few better variable names and stop attempting to figure out whether
the operation failed due to an error in BN_mod_sqrt() or a bad point. All
in all this only shaves off 10 lines, but it is astounding what a few tweaks
can do to code that looked like Rome in 455 AD.
with/ok jsing
|
|
After we ripped it out of RSA blinding and finally the error stack, it
can go play in the attic with ENGINE and all the other abominations from
this particular keyboard.
ok jsing
|
|
This is another Thorpian obfuscation scheme hiding nasty casts of
pthread_t to unsigned long and comparing them. We can do this in
a less underhanded way by calling the portable functions directly.
ok jsing
|
|
|
|
|
|
|
|
|
|
Clean up the other includes while there.
|
|
ppc64-mont.pl (which produces bn_mul_mont_fpu64()) is unused on both
powerpc and powerpc64, so remove it. ppccap.c doesn't actually contain
anything to do with CPU capabilities - it just provides a bn_mul_mont()
that calls bn_mul_mont_int() (which ppc-mont.pl generates). Change
ppc-mont.pl to generate bn_mul_mont() directly and remove ppccap.c.
ok tb@
|
|
New:
CommScope
/C=US/O=CommScope/CN=CommScope Public Trust ECC Root-01
/C=US/O=CommScope/CN=CommScope Public Trust ECC Root-02
/C=US/O=CommScope/CN=CommScope Public Trust RSA Root-01
/C=US/O=CommScope/CN=CommScope Public Trust RSA Root-02
Cybertrust Japan Co., Ltd.
/C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA12
/C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA14
/C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA15
Deutsche Telekom Security GmbH
/C=DE/O=Deutsche Telekom Security GmbH/CN=Telekom Security TLS ECC Root 2020
/C=DE/O=Deutsche Telekom Security GmbH/CN=Telekom Security TLS RSA Root 2023
Firmaprofesional SA
/C=ES/O=Firmaprofesional SA/2.5.4.97=VATES-A62634068/CN=FIRMAPROFESIONAL CA ROOT-A WEB
TrustAsia Technologies, Inc.
/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G3
/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G4
Added to existing:
/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA CYBER Root CA
Deleted:
e-commerce monitoring GmbH
/C=AT/O=e-commerce monitoring GmbH/CN=GLOBALTRUST 2020
|
|
ok sthen
|
|
a hash returning entries in random order, the order of "COMODO CA Limited"
and "Comodo CA Limited" was switching randomly.
This results in a bigger change of sort order now, but means that future
changes will then be in a repeatable order.
ok tb@
|
|
|
|
EC_POINT_oct2point() is the only API that needs detailed knowledge about
this incomplete enum. [Arguably, the setters for the EC_KEY and EC_GROUP
member of that type would also need to be able to validate what's being
set, but they can't since they can't fail.] Anyway. Add a helper that lets
EC_POINT_oct2point() translate that enum to its internal representation
at the API boundary and add a check that ensures that we only encode the
point at infinity as the point at infinity.
ok jsing
|
|
It was only used by EC2M.
|
