| #
15073478 |
| 29-Nov-2024 |
tb <tb@openbsd.org> |
Remove X9.42 DH rudiments
In the unlikely event that we should ever decide to implement this after
a quarter century of not needing it, we can readily put this back. Until
then this is dead weight.
Remove X9.42 DH rudiments
In the unlikely event that we should ever decide to implement this after
a quarter century of not needing it, we can readily put this back. Until
then this is dead weight.
prompted by a question by djm
ok jsing
show more ...
|
| #
13c70bae |
| 30-Aug-2024 |
tb <tb@openbsd.org> |
Garbage collect the DH_check*_ex() API
This was only needed by the EVP_PKEY_*check() API, which was defanged. So
this silly garbage can now go: it translated flags to errors on the error
stack so th
Garbage collect the DH_check*_ex() API
This was only needed by the EVP_PKEY_*check() API, which was defanged. So
this silly garbage can now go: it translated flags to errors on the error
stack so that openssl *check could print ugly errors while DoS-ing the
user.
ok beck
show more ...
|
| #
2da88a04 |
| 24-Jul-2023 |
tb <tb@openbsd.org> |
Fix a minibug in DH_check()
Or in the flag, don't overwrite the already set ones.
ok jsing
|
| #
d6d0b2f3 |
| 08-Jul-2023 |
beck <beck@openbsd.org> |
Hide symbols in dh
ok tb@
|
| #
c9675a23 |
| 26-Nov-2022 |
tb <tb@openbsd.org> |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
show more ...
|
| #
4ce274f7 |
| 13-Jul-2022 |
tb <tb@openbsd.org> |
Simplify computation of max_pub_key = dh->p - 1.
ok jsing
|
| #
ef053c5d |
| 10-Jan-2022 |
tb <tb@openbsd.org> |
Provide DH_check*_ex and many error codes
DH_check{,_pub_key}_ex() wrap their non-ex versions to translate
the flags argument of the original functions into OpenSSL errors.
For this almost a dozen n
Provide DH_check*_ex and many error codes
DH_check{,_pub_key}_ex() wrap their non-ex versions to translate
the flags argument of the original functions into OpenSSL errors.
For this almost a dozen new error codes need to be added.
DH_params_check{,_ex}() is a new version of DH_check that only
performs a cheap subset of the checks.
They are needed to implement EVP_PKEY_{public,param}_check()
(observe the consistent naming) although the actual implementation
of EVP_PKEY_param_check() chose to use DH_check_ex().
As far as I can tell, the only raison d'être of the _ex functions
and error codes is to spew them to stderr in a couple of openssl(1)
commands. This couldn't have been solved differently...
These functions will not be exposed publicly.
ok inoguchi jsing
show more ...
|
| #
a69386be |
| 07-Jan-2022 |
tb <tb@openbsd.org> |
Add an essentially empty dh_local.h and include it in the files where
it will be needed in the upcoming bump.
discussed with jsing
|
| #
adfe9e36 |
| 05-Dec-2021 |
tb <tb@openbsd.org> |
Simplify DH_check_params a bit.
It makes no sense to allocate an entire BN_CTX if we only use it to
get a single BIGNUM, from which we subtract 1 to compare it to g.
We can just use a plain BIGNUM a
Simplify DH_check_params a bit.
It makes no sense to allocate an entire BN_CTX if we only use it to
get a single BIGNUM, from which we subtract 1 to compare it to g.
We can just use a plain BIGNUM and delete a bunch of lines.
ok inoguchi jsing
show more ...
|
| #
79207923 |
| 29-Nov-2021 |
tb <tb@openbsd.org> |
Clean up DH_check_pub_key() and ensure that y^q (mod p) == 1.
This aligns our behavior with OpenSSL 1.1.1 which includes a mitigation
for small subgroup attacks. This did not affect LibreSSL since w
Clean up DH_check_pub_key() and ensure that y^q (mod p) == 1.
This aligns our behavior with OpenSSL 1.1.1 which includes a mitigation
for small subgroup attacks. This did not affect LibreSSL since we do
not support X9.42 style parameter files or RFC 5114.
The meat of this commit is from Matt Caswell, OpenSSL b128abc3
ok inoguchi jsing
show more ...
|
| #
0cbf20e4 |
| 29-Nov-2021 |
tb <tb@openbsd.org> |
Increase number of iterations in Miller-Rabin checks for DH.
BN_prime_checks is only to be used for random input. Here, the
input isn't random, so increase the number of checks. According
to https:/
Increase number of iterations in Miller-Rabin checks for DH.
BN_prime_checks is only to be used for random input. Here, the
input isn't random, so increase the number of checks. According
to https://eprint.iacr.org/2019/032, 64 rounds is suitable.
From Jake Massimo, OpenSSL 1.1.1, af6ce3b4
ok inoguchi jsing
show more ...
|
| #
2cad8c6e |
| 29-Nov-2021 |
tb <tb@openbsd.org> |
Synchronize DH_check() mostly with OpenSSL 1.1.1 with some
simplifications and readability tweaks. This ensures in
particular that dh->q is suitable if present.
Based on work by Stephen Henson and
Synchronize DH_check() mostly with OpenSSL 1.1.1 with some
simplifications and readability tweaks. This ensures in
particular that dh->q is suitable if present.
Based on work by Stephen Henson and Bernd Edlinger in OpenSSL.
Issues with the current implementation found via regression
tests in py-cryptography.
ok inoguchi jsing
show more ...
|
| #
aacfb2c7 |
| 29-Nov-2021 |
tb <tb@openbsd.org> |
Provide a version of DH_check_params() for internal use.
Based on the version in OpenSSL 1.1.1l with minor tweaks.
ok inoguchi jsing
|
| #
9af159c9 |
| 20-Jan-2019 |
tb <tb@openbsd.org> |
Fix BN_is_prime_* calls in libcrypto, the API returns -1 on error.
From BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.
ok djm, jsing
|
| #
c17ab57a |
| 05-Jul-2016 |
bcook <bcook@openbsd.org> |
On systems where we do not have BN_ULLONG defined (most 64-bit systems),
BN_mod_word() can return incorrect results if the supplied modulus is
too big, so we need to fall back to BN_div_word.
Now th
On systems where we do not have BN_ULLONG defined (most 64-bit systems),
BN_mod_word() can return incorrect results if the supplied modulus is
too big, so we need to fall back to BN_div_word.
Now that BN_mod_word may fail, handle errors properly update the man page.
Thanks to Brian Smith for pointing out these fixes from BoringSSL:
https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89
https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be
ok beck@
show more ...
|
| #
700744f6 |
| 07-Feb-2015 |
doug <doug@openbsd.org> |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't
strictly deletion
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't
strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3
3d47c1d331fdc7574d2275cda1a630ccdb624b08
dfb56425b68314b2b57e17c82c1df42e7a015132
c8fa2356a00cbaada8963f739e5570298311a060
f16a64d11f55c01f56baa62ebf1dec7f8fe718cb
9ccc00ef6ea65567622e40c49aca43f2c6d79cdb
02a938c953b3e1ced71d9a832de1618f907eb96d
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
d6fbb194095312f4722c81c9362dbd0de66cb656
6f1a93ad111c7dfe36a09a976c4c009079b19ea1
1a5adcfb5edfe23908b350f8757df405b0f5f71f
8de24b792743d11e1d5a0dcd336a49368750c577
a2b18e657ea1a932d125154f4e13ab2258796d90
8e964419603d2478dfb391c66e7ccb2dcc9776b4
32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
show more ...
|
| #
6d04a7b1 |
| 12-Jul-2014 |
miod <miod@openbsd.org> |
if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.
review & ok deraadt@
|
| #
b6ab114e |
| 11-Jul-2014 |
jsing <jsing@openbsd.org> |
Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need t
Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
show more ...
|
| #
82d7f427 |
| 09-Jul-2014 |
miod <miod@openbsd.org> |
Simplify error path of DH_check_pub_key()
|
| #
5b87c283 |
| 09-Jul-2014 |
miod <miod@openbsd.org> |
KNF
|
| #
c3d6a26a |
| 12-Jun-2014 |
deraadt <deraadt@openbsd.org> |
tags as requested by miod and tedu
|
| #
0a5d6ede |
| 01-Oct-2010 |
djm <djm@openbsd.org> |
resolve conflicts, fix local changes
|
| #
e6841c1d |
| 09-Jan-2009 |
djm <djm@openbsd.org> |
resolve conflicts
|
| #
4fcf65c5 |
| 06-Sep-2008 |
djm <djm@openbsd.org> |
resolve conflicts
|
| #
3f6aedb7 |
| 04-May-2006 |
djm <djm@openbsd.org> |
backport checks for degenerate Diffie-Hellman public exponents from
OpenSSL-0.9.8a, where they were added without a corresponding patch to
0.9.7 or an advisory! ok theo@ markus@
|