summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2024-11-06EC_GROUP_set_seed(): flip order of seed and len null checksTheo Buehler
requested by jsing
2024-11-06Treat the curls in EC_GROUP_dup() with a flatironTheo Buehler
This was about as unreadable as four lines of code doing a trivial thing can get... ok jsing
2024-11-06Clean up EC_GROUP_copy()Theo Buehler
Switch from artistic free reinterpretations of public API in the same file to calling the real thing if possible. This means that we need to copy the group's coefficients first instead of last, so that we can call EC_GROUP_set_generator() to set - yes - all three of generator, order, and cofactor of the group. However, we may not have a generator yet since for some reason it is an optional field and some code relies on that. In that case simply copy over order and cofactor and punt on sanity checking for now (since this API never did that anyway). Finally set the seed using EC_GROUP_set_seed() instead of using a custom reimplementation. ok jsing
2024-11-06Switch EC_GROUP_new() to calloc()Theo Buehler
Use a single cleanup path, use calloc rather than setting several members to 0/NULL. This has the side effect that finished can be called even when init() wasn't called, but this isn't an issue with our EC_GROUP_METHODs. ok jsing
2024-11-06Toss tedu's cleanse into crypto_memory.cTheo Buehler
2024-11-06add an empty line between license and #include linesTheo Buehler
2024-11-06Rename malloc-wrapper.c to crypto_memory.cTheo Buehler
Apparently it's important that five trivial one-line wrappers remain in a file with the ISC license. So instead of cleaning the root directory of our favorite pigsty further by squashing all the useless legacy garbage into a single file, rename the oddly-named malloc-wrapper.c into crypto_memory.c. discussed with beck, jsing
2024-11-05Rename cpt_err.c into crypto_err.cTheo Buehler
It is a bit sad, because cpt is such an apt abbreviation for crypto that everybody immediately understands. discussed with jsing
2024-11-05Relocate FIPS stubs to crpyto_legacy.cTheo Buehler
discussed with jsing
2024-11-05CRYPTO_mem_ctrl() is also relocated to crypto_legacy.cTheo Buehler
discussed with jsing
2024-11-05Move OPENSSL_cleanse() to crypto_legacy()Theo Buehler
The correct spelling is explicit_bzero() and it doesn't need its own file. discussed with jsing
2024-11-05Fold cversion.c into crypto_legacy.cTheo Buehler
discussed with jsing
2024-11-05Rename cryptlib.c into crypto_legacy.cTheo Buehler
discussed with jsing
2024-11-05crypto_local.h: add comment to #endifTheo Buehler
2024-11-05Move cryptlib.h to crypto_local.hTheo Buehler
discussed with jsing
2024-11-05EC_POINT_is_at_infinity() returns a booleanTheo Buehler
This may have been different at some point in the past, but it may also have been a confusion with EC_POINT_is_on_curve() which, like any great API with a name implying a boolean return, actually has three possible return values. ok jsing
2024-11-05cryptlib.h: adjust header guard for upcoming surgeryTheo Buehler
It is gross that an internal detail leaked into a public header, but, hey, it's openssl. No hack is too terrible to appear in this library. opensslconf.h needs major pruning but the day that happens is not today. ok jsing
2024-11-04Ignore extra groups that don't fit in the buffer passed to getgrouplist(3)Jeremie Courreges-Anglas
Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents an admin from adding a user to more groups. With that tweak we'll keep on ignoring them instead of potentially reading past the buffer passed to getgrouplist(3). That behavior is explicitely described in initgroups(3). ok millert@ gilles@
2024-11-04getgrouplist(3): always return the total number of groups foundJeremie Courreges-Anglas
In case there is not enough storage to store all the groups found, our implementation returned the size passed in *ngroups. This isn't very useful and is different from other implementations. Back in 1999 the NetBSD implementation was changed to return the actual number of groups found; that lets callers allocate a properly sized array, a behavior was later copied by FreeBSD and glibc. So align our implementation. The documentation doesn't need a change. ok millert@ gilles@
2024-11-04crypto_local.h is empty, so cryptlib.c doesn't need it right now.Theo Buehler
2024-11-04Rewrite EC_POINT_new() and EC_POINT_dup()Theo Buehler
Like most of the code in this file that hasn't been overhauled, these are just terrible. As jsing points out, we will need to ensure that finish() works on a not fully initialized point. That's currently safe. ok jsing
2024-11-03affine coordinates: the intention was to move the check, not to copy it...Theo Buehler
So... zap the now redundant check. Should have been committed along with ec_lib.c -r1.77
2024-11-03Move point at infinity check to API boundaryTheo Buehler
Since we only consider standard affine coordinates, the point at infinity must be excluded. Check at the API boundary that the point isn't the point at infinity rather than hiding this check somewhere in a method. ok jsing
2024-11-02d2i_ECPKParameters(): unify return statement with rest of fileTheo Buehler
2024-11-02ec_convert: remove _OCT also from the macro namesTheo Buehler
2024-11-02Fix includes in ec_lib and ecp_smplTheo Buehler
2024-11-02Merge compressed coordinate setting back into ecp_smpl and ec_libTheo Buehler
The reason these were in separate files was FIPS. Not our problem.
2024-11-02Assert assumption on CRYPTO_THREADIDTheo Buehler
This type has been opaque for a while, and nobody should be able to call this function with id != NULL. If they do, we want to know and it should be noisy. suggested by/ok jsing
2024-11-02Rewrite/clean up ec_GFp_simple_set_compressed_coordinates()Theo Buehler
The biggest change here is that the computation is now performed in the Montgomery domain if we have a Montgomery curve. This avoids constant checking whether need to use plain field operations or whether we can use curve-specific ones. Use a few better variable names and stop attempting to figure out whether the operation failed due to an error in BN_mod_sqrt() or a bad point. All in all this only shaves off 10 lines, but it is astounding what a few tweaks can do to code that looked like Rome in 455 AD. with/ok jsing
2024-11-02Bye bye CRYPTO_THREADIDTheo Buehler
After we ripped it out of RSA blinding and finally the error stack, it can go play in the attic with ENGINE and all the other abominations from this particular keyboard. ok jsing
2024-11-02Inline last uses of CRYPTO_THREADID in err/Theo Buehler
This is another Thorpian obfuscation scheme hiding nasty casts of pthread_t to unsigned long and comparing them. We can do this in a less underhanded way by calling the portable functions directly. ok jsing
2024-11-02sort includesTheo Buehler
2024-11-01More include sweeping in cms.Theo Buehler
2024-11-01Fix includes in cms_env.cTheo Buehler
2024-11-01Drop some pointless parenthesesTheo Buehler
2024-11-01Only include cryptlib.h where it's neededTheo Buehler
Clean up the other includes while there.
2024-11-01Clean up PPC CPU capabilities and Montgomery code.Joel Sing
ppc64-mont.pl (which produces bn_mul_mont_fpu64()) is unused on both powerpc and powerpc64, so remove it. ppccap.c doesn't actually contain anything to do with CPU capabilities - it just provides a bn_mul_mont() that calls bn_mul_mont_int() (which ppc-mont.pl generates). Change ppc-mont.pl to generate bn_mul_mont() directly and remove ppccap.c. ok tb@
2024-11-01Update cert.pem, ok sthenTheo Buehler
New: CommScope /C=US/O=CommScope/CN=CommScope Public Trust ECC Root-01 /C=US/O=CommScope/CN=CommScope Public Trust ECC Root-02 /C=US/O=CommScope/CN=CommScope Public Trust RSA Root-01 /C=US/O=CommScope/CN=CommScope Public Trust RSA Root-02 Cybertrust Japan Co., Ltd. /C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA12 /C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA14 /C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA15 Deutsche Telekom Security GmbH /C=DE/O=Deutsche Telekom Security GmbH/CN=Telekom Security TLS ECC Root 2020 /C=DE/O=Deutsche Telekom Security GmbH/CN=Telekom Security TLS RSA Root 2023 Firmaprofesional SA /C=ES/O=Firmaprofesional SA/2.5.4.97=VATES-A62634068/CN=FIRMAPROFESIONAL CA ROOT-A WEB TrustAsia Technologies, Inc. /C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G3 /C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G4 Added to existing: /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA CYBER Root CA Deleted: e-commerce monitoring GmbH /C=AT/O=e-commerce monitoring GmbH/CN=GLOBALTRUST 2020
2024-11-01regen cert.pem after sort order change in format-pem.plTheo Buehler
ok sthen
2024-11-01Don't lowercase cert subjects when sorting; combined with perl foreach overStuart Henderson
a hash returning entries in random order, the order of "COMODO CA Limited" and "Comodo CA Limited" was switching randomly. This results in a bigger change of sort order now, but means that future changes will then be in a repeatable order. ok tb@
2024-11-01KNFTheo Buehler
2024-11-01Move point_conversion_t conversion to API boundaryTheo Buehler
EC_POINT_oct2point() is the only API that needs detailed knowledge about this incomplete enum. [Arguably, the setters for the EC_KEY and EC_GROUP member of that type would also need to be able to validate what's being set, but they can't since they can't fail.] Anyway. Add a helper that lets EC_POINT_oct2point() translate that enum to its internal representation at the API boundary and add a check that ensures that we only encode the point at infinity as the point at infinity. ok jsing
2024-11-01Garbage collect field_div() member.Theo Buehler
It was only used by EC2M.
2024-11-01sortTheo Buehler
2024-10-31Drop the _oct from the function prefixesTheo Buehler
With the functions living in ec_convert now, the oct makes little sense. And ec_oct_oct2point() was too much for poor jsing to bear. requested by jsing
2024-10-31Retire the oct2point and point2oct EC_METHOD membersTheo Buehler
Both our remaining EC_METHODs use the methods that used to be called ec_GFp_simple_{oct2point,point2oct}() so there's no need for the function pointer indirection. Make the public API call them directly. ok jsing
2024-10-31Clean up the mess in i2d_EC_PRIVATEKEY()Theo Buehler
Use a few local variables to make the checks at the start slightly less unappealing. Use those to simplify the conditionals a bit and avoid a particularly silly exit code. ok is set unless ret is 0, so what do you think 'return (ok ? ret : 0);' returns? By the way, ret < 0 is an error as well. While most of the stuff in this file could use a lot more cleanup, I think the first layer of cockroaches has been exterminated and there's even some faint golden glimmer between the turds. Let's shelve the biohazard warnings for now. ok jsing
2024-10-31Clean up o2i_ECPublicKey()Theo Buehler
a is a stupid name for an EC_key, so is ret. Pull apart the tests at the start and check the length for negativity (long is always the wrong type). Switch to ec_point_from_octets() and let it determine the point conversion form rather than having yet another copy of the same ugly stanza. Set the form on the key using EC_KEY_set_conv_form() (which also affects the group on the key, so this is a slight change of behavior). Why on earth this function returns the EC_KEY passed in, I'll never know. ok jsing
2024-10-31Rewrite i2o_ECPublicKey()Theo Buehler
Turn the function into single exit and use ec_point_to_octets() to avoid the point2oct dance. Ensure that the buf_len size_t doesn't get truncated by the int return. While we could avoid an allocation in case out == NULL, we don't do so. In case out != NULL and *out != NULL this API assumes *out has sufficient room, copies the result into it and advances *out past it. This is just asking for trouble (of course, i2d has the same misfeature). Don't use this if you can help it. Unfortunately, OpenSSH couldn't help it in at least one spot (that one's on BoringSSL's allocator not returning an allocated pointer that you can pass to free). We had to do it lest people run RedHat patches of dubious quality. For: FIPS the monkey must be pleased at all cost. ok jsing
2024-10-31ecp_oct.c no longer needs bytestring and stdintTheo Buehler