summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
9 daysec_lib: zap a useless commentTheo Buehler
9 daysMinor simplifications in ec_cmp()Theo Buehler
9 daysRewrite EC_GROUP_cmp()Theo Buehler
Use better variable names (cf. https://jmilne.org/math/tips.html#4) and avoid the weird style of assigning to r (what does r stand for anyway?) and short circuiting subsequent tests using if (r || ...). Also, do not reuse the variables for order and cofactor that were previously used for the curve coefficients. ok jsing
9 daysSimplify signature of ec_wNAF_mul()Theo Buehler
The only caller passes in num = 1 and is itself called in a path that ensures that the multiplier of the generator is != NULL. Consequently we don't need to deal with an array of points and an array of scalars so rename them accordingly. In addition, the change implies that numblocks and num_scalar are now always 1, so inline this information and take a first step towards disentangling this gordian knot. ok jsing
9 daysProvide a SHA-256 assembly implementation for amd64 using SHA-NI.Joel Sing
This provides a SHA-256 assembly implementation for amd64, which uses the Intel SHA Extensions (aka SHA New Instructions or SHA-NI). This provides a 3-5x performance gain on some Intel CPUs and many AMD CPUs. ok tb@
9 daysRemove sha512-x86_64.pl.Joel Sing
Now that we have replacement SHA-256 and SHA-512 assembly implementations for amd64, sha512-x86_64.pl can go the way of the dodo.
9 daysProvide a replacement assembly implementation for SHA-512 on amd64.Joel Sing
Replace the perlasm generated SHA-512 assembly with a more readable version and the same C wrapper introduced for SHA-256. As for SHA-256, on a modern CPU the performance is largely the same. ok tb@
10 daysAdd CPU capability detection for the Intel SHA extensions (aka SHA-NI).Joel Sing
This also provides a crypto_cpu_caps_amd64 variable that can be checked for CRYPTO_CPU_CAPS_AMD64_SHA. ok tb@
10 daysSpecify size for K256 symbol.Joel Sing
Missing sizes spotted by guenther@
10 daysMerge ec_kmeth into ec_keyTheo Buehler
10 daysShuffle the global default_ec_key_meth down a few linesTheo Buehler
10 daysMove the default EC_KEY_METHOD to the end of the fileTheo Buehler
10 daysUse a better curve and a better hash for the ECDSA_do_sign() exampleTheo Buehler
(Many examples in this directory are really bad. This is no exception.)
11 daysec_mult: fix includesTheo Buehler
11 daysEC_KEY_copy() don't leave stale private keys in placeTheo Buehler
As most other objects, EC_KEYs can be as sparsely and invalidly populated as imagination permits and the competent designers of EC_KEY_copy() chose to just copy over what's available (yeah, what kind of copy is that?) and leave in place what happens to be there. In particular, if the dest EC key was used with a different group and has a private key, but the source key doesn't, the dest private key remains intact, as invalid, incompatible and unusable as it may be. Fix this by clearing said private key. ok jsing
11 daysx509_policy.c: point at RFC 9618Theo Buehler
12 dayseck_prn: some more air to breatheTheo Buehler
12 dayseck_prn: fix includesTheo Buehler
12 daysec_prn: use pkey rather than pk for an EC_KEYTheo Buehler
12 dayseck_prn: use group rather than x for an EC_GROUPTheo Buehler
12 dayseck_prn: use ec_key rather than x for an EC_KEYTheo Buehler
12 dayseck_prn: consistently use bio for a BIO rather than b and bp randomlyTheo Buehler
12 dayseck_prn: sprinkle some empty lines and drop some parens for consistencyTheo Buehler
12 dayseck_prn: shuffle printing functions into a better orderTheo Buehler
12 daysAES_{decrypt,encrypt}() don't return void internal functionTheo Buehler
"A return statement with an expression shall not appear in a function whose return type is void." ok deraadt miod
13 daysThe subject of a certificate is not optionalTheo Buehler
A certificate must have a subject, so X509_get_subject_name() cannot return NULL on a correctly parsed certificate, even if the subject is empty (which is allowed). So if X509_get_subject_name() returns NULL, error instead of silently ignoring it in tls_check_common_name(). This is currently no issue. Where it matters, the match against the common name will fail later, so we fail closed anyway. ok jsing
13 daysUpdate libexpat to version 2.6.4.Alexander Bluhm
Relevant for OpenBSD are security fix #915, other changes #905 #902 #904 #317 #918 #914. Major library bump is necessary as new error constant has been added to a public header file. CVE-2024-50602 OK matthieu@ tb@ deraadt@
13 daysLink the new manual page EVP_PKEY_new_CMAC_key(3) to the buildIngo Schwarze
and purge the superseded information from the algorithm-independent page EVP_PKEY_new(3).
13 daysDocument EVP_PKEY_new_CMAC_key(3) in sufficient detail such that readersIngo Schwarze
stand a chance of using the API correctly. Admittedly, having so much text below EXAMPLES is somewhat unusual. While all that information is required to use the function correctly, strictly speaking, it is not part of the specification of what EVP_PKEY_new_CMAC_key(3) does, so it woundn't really belong in the DESCRIPTION. Now, designing an API function in such a way that using it correctly requires lots of information about *other* functions and such that all that additional information does not belong into the manual pages of those other functions (both because that would cause distractions in various other manual pages and because it would scatter required information around lots of different pages) is certainly not stellar API design. But we can't help that because these APIs were all originally designed by OpenSSL. Significant feedback and OK tb@.
14 daysAdd comment for crypto_cpu_caps_aarch64.Joel Sing
14 daysUse multipliers for stack offsets and tweak comment.Joel Sing
14 daysCheck the correct variable in cpuid().Joel Sing
14 daysGarbage collect a reference to ecp_mont.c, rewrap commentTheo Buehler
spotted by jsing
14 daysecp_methods.c: rewrap some linesTheo Buehler
14 daysLose the ugly GFp_simple_ and GFp_mont_ infixesTheo Buehler
14 daysMake ec_GFp_simple_* staticTheo Buehler
These functions are no longer shared between multiple files, so they can be static in ecp_methods.c and the long list of prototypes can go away.
14 daysMerge ecp_mont.c into ecp_methods.cTheo Buehler
14 daysKNF nit for end of comment markerTheo Buehler
14 daysRename ecp_smpl.c to ecp_methods.cTheo Buehler
While not the greatest of names, ecp_methods.c is better than ecp_smpl.c. It matches the naming ecx_methods.c and in a subsequent commit it will become the new home of the stuff in ecp_mont.c as well. discussed with jsing
2024-11-12Fix a brainfart that happened to me in 2020:Ingo Schwarze
It is impossible to use EVP_DigestInit_ex(3) for CMAC. Besides, EVP_PKEY_CTX_new_id(3) does not produce an EVP_MD_CTX object. Instead, mention the easiest way to actually get the job done using EVP_PKEY_new_CMAC_key(3) and EVP_DigestSignInit(3). OK tb@
2024-11-10Wrap comment badly mistreated by an autoformatter due to missing /*-Theo Buehler
2024-11-10Garbage collect an unused variableTheo Buehler
2024-11-09Mention the key lengths of some encryption algorithms.Ingo Schwarze
This is relevant because EVP_EncryptInit(3) takes a "key" argument, and users need to consider the size of that argument. While here, also mention whether ciphers are stream ciphers or block ciphers and what the block size is.
2024-11-09libz: sync with upstreamTheo Buehler
fixes a possible redefinition of z_const and adds a range check for MAX_WBITS. ok bluhm
2024-11-08Weed out the last remaining refences to the obsoleteIngo Schwarze
function EVP_MD_CTX_init(3) and talk about EVP_MD_CTX_new(3) instead. This is similar in spirit to OpenSSL commit 25191fff (Dec 1, 2015), but i'm also mentioning EVP_MD_CTX_reset(3), slightly reordering some sentences in a more systematic way, and improving some related wordings to be more precise and read better.
2024-11-08Clean up EC_KEY_dup()Theo Buehler
This calls init() with the default method, so EC_KEY_copy() gets a chance to call finish() if the source's method doesn't match. But no init() call is made in EC_KEY_copy(). Of course the source method's copy() needs to be able to cope. The great news is that ssh uses this. Sigh. ok beck jsing
2024-11-08Sweep over EC_KEY_copy()Theo Buehler
This is a special snowflake. Its logic is such that it only overwrites things on the target that are available in the source. So if the source has no group (yes, that's possible), the destination's group will remain. Even better: if you copy a public key over what was previously a private key, the private scalar will remain. That's almost never going to result in a valid key. If you copy from a larger group to a smaller group the private scalar will most likely be out of range [1, order). Use dup functions instead of reimplementing badly and add a snarky comment courtesy of beck to one of those silly const annotations (there's a small addendum by me). ok beck jsing
2024-11-08Clean up EC_KEY_freeTheo Buehler
r is a silly name for an EC_KEY and it is silly to assign the refcount to a variable i (short for uninspired) when you can check the function return directly. Tweak sizeof in freezero to jsing's liking. ok beck jsing
2024-11-08Clean up EC_KEY_new_by_curve_name()Theo Buehler
Use a better variable name, simpler error handling. This could be simplified further if we decide to have an ec_key_set0_group() that avoids a copy. ok beck jsing
2024-11-08List CMAC_CTX_copy(3) in the SYNOPSIS. It was alreadyIngo Schwarze
mentioned in NAME and described in DESCRIPTION and RETURN VALUES.