| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
This will simplify review/upcoming changes.
No functional change.
|
| |
|
|
| |
This is the result of `unifdef -m -U BN_COUNT'.
|
| |
|
|
|
|
|
|
|
|
| |
The new BN_CTX code enforces that the context be started before a BIGNUM
can be obtained from it via BN_CTX_get(), tests for ssl/interop and the
openssl app broke, implying missing test coverage in libcrypto itself.
Add the obviously missing bits.
reported by anton
ok jsing
|
| |
|
|
|
| |
on amd64. no pic handling is neccessary since amd64 has full reach.
ok kettenis
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For various reasons, the ecp_nistp* and ecp_nistz* code is unused. While
ecp_nistp* was being compiled, it is disabled due to
OPENSSL_NO_EC_NISTP_64_GCC_128 being defined. On the other hand,
ecp_nistz* was not even being built.
We will bring in new versions or alternative versions of such code, if we
end up enabling it in the future. For now it is just causing complexity
(and grep noise) while trying to improve the EC code.
Discussed with tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current BN_CTX implementation is an incredibly overengineered piece of
code, which even includes its own debug system.
Rewrite BN_CTX from scratch, simplifying things things considerably by
having a "stack" of BIGNUM pointers and a matching array of group
assignments. This means that BN_CTX_start() and BN_CTX_end() effectively
do not fail. Unlike the previous implementation, if a failure occurs
nothing will work and the BN_CTX must be freed/recreated, instead of
trying to pick up at the point where the failure occurred (which does
not make sense given its intended usage).
Additionally, it has long been documented that BN_CTX_start() must be
called before BN_CTX_get() can be used, however the previous implementation
did not actually enforce this. Now that missing BN_CTX_start() and
BN_CTX_end() calls have been added to DSA and EC, we can actually make
this a hard requirement.
ok tb@
|
| |
|
|
|
|
|
|
| |
We have a function called recallocarray() - make use of it rather than
handrolling a version of it. Also have bn_expand() call bn_wexpand(),
which avoids some duplication.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
If we have a BN_CTX available, make use of it rather than calling BN_new().
Always allocate a new priv_key and pub_key, rather than having complex
reuse dances on entry and exit. Add missing BN_CTX_start()/BN_CTX_end()
calls.
ok tb@
|
| |
|
|
|
|
|
| |
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.
ok kettenis@
|
| |
|
|
|
|
|
| |
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.
ok jsing@ kettenis@
|
| |
|
|
|
|
|
|
|
|
| |
If an ASN.1 BIT STRING a of length > 0 contains only zero bytes in a->data,
this old code would end up reading from a->data[-1]. This may or may not
crash. Luckily, anton observed two openssl-ruby regress test failures in
the last few days, which could eventually be traced back to this (after a
lot of painful digging due to coredumps not working properly).
ok jsing
|
| |
|
|
|
|
|
|
| |
temporarily force sparc64 libcrypto to be built --no-execute-only because
perlasm is still putting tables (intended to be rodata) into text.
This will help dynamic executables, but static executables won't be
saved by this. But this is temporary because we hope the perlasm problem
is fixed soon.
|
| |
|
|
|
|
|
|
| |
perlasm is still putting tables (intended to be rodata) into text.
This will help dynamic executables, but static executables won't be
saved by this. But this is temporary because we hope the perlasm problem
is fixed soon.
ok miod
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks
before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls
BN_free() instead of BN_clear_free() (which does the same thing).
Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the
BN_CTX that is already available.
ok tb@
|
| |
|
|
|
|
|
| |
Rather than having complicated "attempt to reuse" dances, always allocate
priv_key/pub_key, then free and assign on success.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, BN_lshift1() and BN_rshift1() are separate implementations
that are intended to be faster since the shift is known (and only one bit
crosses a word boundary). However, with the rewrite of BN_lshift() and
BN_rshift(), they are either slower or only minimally faster (depending
on architecture).
Avoid duplication and turn BN_lshift1()/BN_rshift1() into functions that
call inlined versions of BN_lshift()/BN_rshift(), making BN_lshift() and
BN_rshift() call the same inlined implementation. This results in a single
implementation and BN_lshift1()/BN_rshift1() that out perform the previous
versions (in part due to compiler optimisation).
Now that none of the original code exists, replace the license and
copyright for this file.
ok tb@
|
| |
|
|
|
|
|
|
| |
This improves readability and eliminates special handling for various
cases, making the code cleaner and closer to constant time. Basic
benchmarking shows a performance gain on modern 64 bit architectures.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
All of our BIGNUMs are cleared when we free them - move the code to
BN_free() and have BN_clear_free() call BN_free(), rather than the other
way around.
ok tb@
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
| |
tests for TLSv1.3 since that's not currently handled.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This improves readability and eliminates special handling for various
cases, making the code cleaner and closer to constant time.
Basic benchmarking shows a performance gain on modern 64 bit architectures,
while there is a decrease on legacy 32 bit architectures (i386),
particularly for the zero bit shift case (which is now handled in the
same code path).
ok tb@
|
| | |
|
| | |
|
| |
|
|
| |
32-bit systems.
|
| |
|
|
| |
32-bit systems.
|
| |
|
|
|
|
| |
32-bit platforms; NFCI
ok tb@
|
| |
|
|
| |
any parts of his diff not taken are noted on tech
|
| | |
|
| |
|
|
|
|
|
| |
can be made immutable to provide extra protection. Also init pools
on-demand: only pools that are actually used are initialized.
Tested by many
|
| |
|
|
|
| |
any changes not taken noted on tech, but chiefly here i did not take the
cancelation - cancellation changes;
|
| |
|
|
| |
ok tb
|
| |
|
|
|
|
|
|
|
| |
This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which
does not provide a way to access the tbs sigalg of a CRL. This is needed
in security/pivy.
From Alex Wilson
ok jsing
|
| |
|
|
| |
one wouldn't have triggered a spell checker though)
|
| |
|
|
| |
ok tb
|
| |
|
|
|
|
|
| |
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Requested some time ago by tb@.
According to OpenSSL git history, the original version of this code
appeared in SSLeay 0.9.1b (July 6, 1998). The LICENSE file in that
release states that the Copyright of SSLeay belongs to Eric Young,
and we believe that Eric still maintained SSLeay himself at that time.
We have seen a small number of examples where Eric credited outside
contributors for code that he included in his distribution, including
citing Copyright notices and license headers as appropriate. We
found no such hints regarding this code, so it is reasonable to
assume that he wrote this code himself.
Regarding subsequent changes and additions, i inspected the OpenSSL
git repository.
No code change; only Copyright and license comments are added.
|
| |
|
|
| |
Some code roams the wild still calling them.
|
| |
|
|
|
|
|
| |
Contrary to what bio.h says, it does not *not* retrieve some "IO type",
whatever that is supposed to be, but it is a NOOP, and nothing uses it.
Despite its name, it is unrelated to BIO_f_buffer(3), and please
be careful to not confuse it with BIO_get_buffer_num_lines(3).
|
| |
|
|
|
| |
It exposes absurd functionality, and according to codesearch.debian.net,
it is unused except in openssl(1) s_client/s_server -nbio_test.
|
| |
|
|
| |
feedback and OK tb@
|
| |
|
|
|
|
|
|
|
|
| |
The only real difference between BN_cmp() and BN_ucmp() is that one has
to respect the sign of the BN (although BN_cmp() also gets to deal with
some insanity from accepting NULLs). Rewrite/cleanup BN_ucmp() and turn
BN_cmp() into code that handles differences in sign, before calling
BN_ucmp().
ok tb@
|
| |
|
|
|
|
| |
Also be more consistent with variable naming.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
Remove a comment that tells you not to call a function that internally
calls free, with a stack allocated pointer...
ok tb@
|
| |
|
|
|
|
|
| |
Nothing can be actually using these as the symbols are not exported from
libcrypto... hopefully ui_compat.h can also go away entirely.
ok tb@
|
| | |
|
