| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
If the blinding is non-NULL, Ai is set on it, so no need to check for
that. Also, we can get away with a single call to BN_mod_mul().
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
Both the function return type and the function name are so long
that for displaying the function prototype,
a line break is needed after the function return type.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Pass e and mod into BN_BLINDING_new() for now and unconditionally allocate
A and Ai. This way non-NULL blindings always have these four members set.
This allows removing several unnecessary checks in the update, convert and
parameter creation code paths.
Fix exit BN_BLINDING_create_param() so as to signal errors to the caller
if a non-NULL blinding was passed. This fixes a long standing bug.
ok jsing
|
| |
|
|
|
|
|
| |
Make this look a bit more like other code we cleaned up avoiding nesting
and unnecessary else branches.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
This was a workaround due to the historically non-constant time scalar
multiplication in the EC code. Since Brumley and Tuveri implemented the
Montgomery ladder, this is no longer useful and should have been removed
a long time ago, as it now does more harm than good.
Keep the preallocations as they still help hiding some timing info.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
tb@ removed the following macros from the public API:
_DECLARE_OBJ_BSEARCH_CMP_FN
DECLARE_OBJ_BSEARCH_CMP_FN DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN
IMPLEMENT_OBJ_BSEARCH_CMP_FN IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN
OBJ_bsearch OBJ_bsearch_ex
In objects.h rev. 1.20 (Nov 11, 2022), jsing@ unifdef'ed USE_OBJ_MAC.
Stop marking these names as intentionally undocumented.
|
| |
|
|
|
|
|
|
| |
In bn.h rev. 1.75 (July 31, 2023), tb@ removed it from the public API.
While here, stop marking BN_prime_checks as obsolete.
In BN_generate_prime.3 rev. 1.23 (May 11, 2023), tb@ documented
the constant BN_prime_checks in that manual page.
|
| |
|
|
|
| |
In bio.h rev. 1.59 (July 28, 2023), tb@ removed the last four functions
that took function pointers of this type from the public API.
|
| |
|
|
|
| |
In asn1.h rev. 1.80 (July 28, 2023), tb@ removed the last three
functions that were using this data type from the public API.
|
| |
|
|
| |
fixed in bio_lib.c r1.47 as confirmed by ASAN.
|
| |
|
|
|
|
|
|
| |
If CRYPTO_dup_ex_data() fails, the new_bio is leaked. If an error occurs
after the first iteration, all members of the new chain except the head
are leaked.
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Exception needed since the test expects an unexpected_message alert, while
we throw a decode_error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().
Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.
ok jsing
|
| |
|
|
|
|
| |
This test was never particularly useful. An upcoming API change for
the internal bn_rand_interval() API would require some adjustments.
It's not worth it.
|
| |
|
|
| |
ok jsing miod
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
Nothing sets this, so remove it along with BN_BLINDING_NO_{UPDATE,RECREATE}
and some checks that are always true.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
The mod member of BN_BLINDING hasn't been /* just a reference */ since
the branch prediction mitigations in OpenSSL bd31fb21 from March 2007.
|
| | |
|
| |
|
|
|
|
|
| |
The public symbols were removed. Some prototypes and in the case of DES
even the implementation remained.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
Due to some historic accident, HAVE_FUNOPEN was grouped with DSO_DLFCN
and HAVE_DLFCN_H inside !defined(NOPIC). While the two DLFCN bits belong
there, HAVE_FUNOPEN doesn't.
ok jsing, millert agrees
|
| |
|
|
| |
build tested by miod
|
| | |
|
| |
|
|
|
| |
Some *_options() prototypes were left behind in headers. I will remove
them after my amd64 ports bulk completes.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
These headers are now reduced to #include <openssl/ec.h> and are provided
for compatiblity only. There's no point in using them. At the same time
garbage collect the last uses of OPENSSL_NO_{ECDSA,ECDH} in our tree.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
By API misdesign, it cannot be opaque. The incorrect documentation was
added as a part of a huge commit with a lot of churn. CRYPTO_EX_DATA
typically lives as an embedded struct of an opaque struct, but it can
also be used by applications, for example to initialize libssl.
documentation error pointed out by jsing
|
| |
|
|
|
| |
public symbol removed in April
ok tb@
|
| |
|
|
| |
CID 463174
|
| | |
|
| | |
|
| | |
|
