| Age | Commit message (Collapse) | Author |
|---|
|
this code was slicing up large mallocs with sys/param.h ALIGN(). such a
scheme loses the many overflow/damage checking benefits of malloc per object.
Change the code to track independent allocations, rather than slicing.
ok gnezdo claudio
|
|
|
|
It makes no sense to allocate an entire BN_CTX if we only use it to
get a single BIGNUM, from which we subtract 1 to compare it to g.
We can just use a plain BIGNUM and delete a bunch of lines.
ok inoguchi jsing
|
|
|
|
conflicts in my work on making much of libcrypto opaque.
discussed with jsing
|
|
ok inoguchi jsing
|
|
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
BN_abs_is_word, BN_is_{zero,one,word,odd}, BN_one, BN_zero_ex are
now implemented as functions for internal use. They will be exposed
publicly to replace the macros reaching into BIGNUM in the next bump.
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
The function implementations are necessary to make BIGNUM opaque.
They will be used in libcrypto internally until they will replace
the macro implementations with the next bump.
ok inoguchi jsing
|
|
Currently there are two files for private key ASN.1 (d2i_pr.c, i2d_pr.c)
and two files for public key ASN.1 (d2i_pu.c, i2d_pu.c). All of the other
ASN.1 code has d2i and i2d in the same per-object file.
Consolidate d2i_pr.c/i2d_pr.c into a_pkey.c and consolidate
d2i_pu.c/i2d_pu.c into a_pubkey.c before making any further changes to
this code.
ok tb@
|
|
Provide ssl_kex_generate_dhe_params_auto() which handles DHE key generation
based on parameters determined by the specified key bits. Convert the
existing DHE auto parameter selection code into a function that just tells
us how many key bits to use.
Untangle and rework the server side DHE key exchange to use the ssl_kex_*
functions.
ok inoguchi@ tb@
|
|
ok inoguchi@ tb@
|
|
Call DH_check_pub_key() after decoding the peer public key - this will be
needed for the server DHE key exchange, but also benefits the client.
ok inoguchi@ tb@
|
|
Call the replacement asn1_tlc_invalidate() since it does not actually
clear the ASN1_TLC.
While here, name the ASN1_TLC variables consistently as ctx, remove a
pointless comment and simplify ASN1_item_d2i() slightly.
ok inoguchi@ tb@
|
|
|
|
ASN1_item_ex_d2i() is just a wrapper around the internal asn1_item_ex_d2i()
function, so call asn1_item_ex_d2i() directly.
ok inoguchi@ tb@
|
|
Rather than using malloc() and then initialising all struct members to zero
values, use calloc().
ok schwarze@ tb@
|
|
This ensures that if any members are added to this struct, they will be
initialised.
ok schwarze@ tb@
|
|
This removes nested ifs and uses more sensible variable names.
ok schwarze@ tb@
|
|
Rather than using malloc() and then initialising all struct members, use
calloc() and only initialise the single non-zero value member.
ok schwarze@ tb@
|
|
Rather than using malloc() and then initialising all struct members, use
calloc() and only initialise the single non-zero value member.
ok schwarze@ tb@
|
|
These functions previously used the old ASN1_{d2i,i2d}_{bio,fp}()
interfaces.
ok inoguchi@ tb@
|
|
almost all members to 0. Just set the two things that need setting.
ok jsing
|
|
It is very easy to forget to copy over newly added methods. Everyone
working in this corner has run into this. Instead, preserve what needs
preserving and use a struct copy, so all methods get copied from src
to dest.
tweak/ok jsing
|
|
The "lim" variable needs to be a size_t to match nmemb, otherwise we
get undefined behavior when nmemb exceeds INT_MAX.
Prompted by a blog post by Joshua Bloch:
https://ai.googleblog.com/2006/06/extra-extra-read-all-about-it-nearly.html
Fixed by Chris Torek a long time ago:
https://svnweb.freebsd.org/csrg/lib/libc/stdlib/bsearch.c?revision=51742&view=markup
ok millert@
|
|
needed for MAXCOMLEN either
|
|
variant that made a header file mistake.
ok jsg
|
|
(pretty much MAXCOMLEN for struct process or struct core), and remove
sys/vnode.h where not needed
|
|
|
|
|
|
the other libraries, so we have to build those first.
Initial report and diff from uaa@
ok anton@ deraadt@ millert@
|
|
ok schwarze
|
|
|
|
|
|
|
|
This commit adds generic EVP_CTRL_AEAD_{SET,GET}_TAG and _SET_IVLEN
defines and aliases the GCM and CCM versions to those.
This is the publicly visible part of OpenSSL's e640fa02005.
ok inoguchi jsing
|
|
sk is commonly used for a STACK_OF(), so call the shared key simply key.
ok jsing
|
|
If we can provide an EC key that is used, then it is by definition
non-ephemeral.
ok tb@
|
|
for DSA key generation.
From Kurt Roeckx, OpenSSL 74ee3796
ok bcook inoguchi jsing
|
|
This aligns our behavior with OpenSSL 1.1.1 which includes a mitigation
for small subgroup attacks. This did not affect LibreSSL since we do
not support X9.42 style parameter files or RFC 5114.
The meat of this commit is from Matt Caswell, OpenSSL b128abc3
ok inoguchi jsing
|
|
BN_prime_checks is only to be used for random input. Here, the
input isn't random, so increase the number of checks. According
to https://eprint.iacr.org/2019/032, 64 rounds is suitable.
From Jake Massimo, OpenSSL 1.1.1, af6ce3b4
ok inoguchi jsing
|
|
simplifications and readability tweaks. This ensures in
particular that dh->q is suitable if present.
Based on work by Stephen Henson and Bernd Edlinger in OpenSSL.
Issues with the current implementation found via regression
tests in py-cryptography.
ok inoguchi jsing
|
|
Based on the version in OpenSSL 1.1.1l with minor tweaks.
ok inoguchi jsing
|
|
that will be used in subsequent commits.
ok inoguchi jsing
|
|
Assign the result of BN_dup() and BN_bn2bin() to local BIGNUMs, then
set the factors and pubkey on the dh using DH_set0_{pqg,key}().
A second pass will be done during the upcoming bump.
ok jsing
|
|
ok jsing
|
