| #
fbadb84b |
| 09-May-2024 |
tb <tb@openbsd.org> |
Make the DH_METHOD static const
|
| #
f5e89b37 |
| 09-May-2024 |
tb <tb@openbsd.org> |
Move public API and DH_METHOD to the bottom of the file
no functional change
|
| #
12347e81 |
| 03-Aug-2023 |
tb <tb@openbsd.org> |
Make the bn_rand_interval() API a bit more ergonomic
Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called
Make the bn_rand_interval() API a bit more ergonomic
Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().
Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.
ok jsing
show more ...
|
| #
d6d0b2f3 |
| 08-Jul-2023 |
beck <beck@openbsd.org> |
Hide symbols in dh
ok tb@
|
| #
c9675a23 |
| 26-Nov-2022 |
tb <tb@openbsd.org> |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
show more ...
|
| #
a69386be |
| 07-Jan-2022 |
tb <tb@openbsd.org> |
Add an essentially empty dh_local.h and include it in the files where
it will be needed in the upcoming bump.
discussed with jsing
|
| #
f03cf33c |
| 12-Nov-2018 |
tb <tb@openbsd.org> |
Missing initialization for pub_key. CID 184303.
ok bcook
|
| #
4435d402 |
| 09-Nov-2018 |
tb <tb@openbsd.org> |
Initialize priv_key and pub_key on first use instead of at the top.
While there, eliminate a flag that was only used once.
ok beck jsing mestre
|
| #
8a144a0f |
| 06-Nov-2018 |
tb <tb@openbsd.org> |
unrevert the use of bn_rand_interval().
ok beck jsing
|
| #
a5fe48f9 |
| 06-Nov-2018 |
tb <tb@openbsd.org> |
revert use of bn_rand_interval due to failures with ECDHE and TLS
|
| #
99212bcc |
| 05-Nov-2018 |
tb <tb@openbsd.org> |
Make use of bn_rand_interval() where appropriate.
ok beck jsing
|
| #
eb7398b7 |
| 05-Nov-2018 |
tb <tb@openbsd.org> |
Eliminate a few "} else" branches, a few unneeded NULL checks before
freeing and indent nearby labels.
ok beck jsing
|
| #
a5369e1a |
| 05-Nov-2018 |
tb <tb@openbsd.org> |
Remove two unnecessary BN_FLG_CONSTTIME dances: BN_mod_exp_ct() already
takes care of this internally.
ok beck jsing
|
| #
eedff511 |
| 12-Jun-2018 |
sthen <sthen@openbsd.org> |
zap stray tab
|
| #
54293529 |
| 12-Jun-2018 |
sthen <sthen@openbsd.org> |
Reject excessively large primes in DH key generation. Problem reported
by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457)
and based on his diff. suggestions from tb@, ok tb@
Reject excessively large primes in DH key generation. Problem reported
by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457)
and based on his diff. suggestions from tb@, ok tb@ jsing@
"During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a key
for this prime resulting in a hang until the client has finished. This could be
exploited in a Denial Of Service attack."
show more ...
|
| #
5067ae9f |
| 29-Jan-2017 |
beck <beck@openbsd.org> |
Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| #
3a88f7af |
| 21-Jan-2017 |
beck <beck@openbsd.org> |
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that
matter for constant time, and make the public interface only used
external to the library.
This moves us to a model where the impor
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that
matter for constant time, and make the public interface only used
external to the library.
This moves us to a model where the important things are constant time
versions unless you ask for them not to be, rather than the opposite.
I'll continue with this method by method.
Add regress tests for same.
ok jsing@
show more ...
|
| #
546813aa |
| 07-Jul-2016 |
bcook <bcook@openbsd.org> |
call BN_init on temporaries to avoid use-before-set warnings
ok beck@
|
| #
1b2bbd6a |
| 30-Jun-2016 |
bcook <bcook@openbsd.org> |
Remove flags for disabling constant-time operations.
This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unc
Remove flags for disabling constant-time operations.
This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.
Based on the original patch by César Pereid. ok beck@
show more ...
|
| #
aa389b8c |
| 09-Feb-2015 |
jsing <jsing@openbsd.org> |
BN_CTX_get() can fail - consistently check its return value.
There are currently cases where the return from each call is checked,
the return from only the last call is checked and cases where it is
BN_CTX_get() can fail - consistently check its return value.
There are currently cases where the return from each call is checked,
the return from only the last call is checked and cases where it is not
checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will
continue to return NULL. However, in order to be consistent check each
call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom -
these will be handled separately.
ok beck@ doug@
show more ...
|
| #
03a67d2e |
| 18-Oct-2014 |
jsing <jsing@openbsd.org> |
None of these need to include <openssl/rand.h>
|
| #
6d04a7b1 |
| 12-Jul-2014 |
miod <miod@openbsd.org> |
if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.
review & ok deraadt@
|
| #
b6ab114e |
| 11-Jul-2014 |
jsing <jsing@openbsd.org> |
Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need t
Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
show more ...
|
| #
5b87c283 |
| 09-Jul-2014 |
miod <miod@openbsd.org> |
KNF
|
| #
c3d6a26a |
| 12-Jun-2014 |
deraadt <deraadt@openbsd.org> |
tags as requested by miod and tedu
|