| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
This was a workaround due to the historically non-constant time scalar
multiplication in the EC code. Since Brumley and Tuveri implemented the
Montgomery ladder, this is no longer useful and should have been removed
a long time ago, as it now does more harm than good.
Keep the preallocations as they still help hiding some timing info.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
tb@ removed the following macros from the public API:
_DECLARE_OBJ_BSEARCH_CMP_FN
DECLARE_OBJ_BSEARCH_CMP_FN DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN
IMPLEMENT_OBJ_BSEARCH_CMP_FN IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN
OBJ_bsearch OBJ_bsearch_ex
In objects.h rev. 1.20 (Nov 11, 2022), jsing@ unifdef'ed USE_OBJ_MAC.
Stop marking these names as intentionally undocumented.
|
| |
|
|
|
|
|
|
| |
In bn.h rev. 1.75 (July 31, 2023), tb@ removed it from the public API.
While here, stop marking BN_prime_checks as obsolete.
In BN_generate_prime.3 rev. 1.23 (May 11, 2023), tb@ documented
the constant BN_prime_checks in that manual page.
|
| |
|
|
|
| |
In bio.h rev. 1.59 (July 28, 2023), tb@ removed the last four functions
that took function pointers of this type from the public API.
|
| |
|
|
|
| |
In asn1.h rev. 1.80 (July 28, 2023), tb@ removed the last three
functions that were using this data type from the public API.
|
| |
|
|
| |
fixed in bio_lib.c r1.47 as confirmed by ASAN.
|
| |
|
|
|
|
|
|
| |
If CRYPTO_dup_ex_data() fails, the new_bio is leaked. If an error occurs
after the first iteration, all members of the new chain except the head
are leaked.
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Exception needed since the test expects an unexpected_message alert, while
we throw a decode_error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().
Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.
ok jsing
|
| |
|
|
|
|
| |
This test was never particularly useful. An upcoming API change for
the internal bn_rand_interval() API would require some adjustments.
It's not worth it.
|
| |
|
|
| |
ok jsing miod
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
Nothing sets this, so remove it along with BN_BLINDING_NO_{UPDATE,RECREATE}
and some checks that are always true.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
The mod member of BN_BLINDING hasn't been /* just a reference */ since
the branch prediction mitigations in OpenSSL bd31fb21 from March 2007.
|
| | |
|
| |
|
|
|
|
|
| |
The public symbols were removed. Some prototypes and in the case of DES
even the implementation remained.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
Due to some historic accident, HAVE_FUNOPEN was grouped with DSO_DLFCN
and HAVE_DLFCN_H inside !defined(NOPIC). While the two DLFCN bits belong
there, HAVE_FUNOPEN doesn't.
ok jsing, millert agrees
|
| |
|
|
| |
build tested by miod
|
| | |
|
| |
|
|
|
| |
Some *_options() prototypes were left behind in headers. I will remove
them after my amd64 ports bulk completes.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
These headers are now reduced to #include <openssl/ec.h> and are provided
for compatiblity only. There's no point in using them. At the same time
garbage collect the last uses of OPENSSL_NO_{ECDSA,ECDH} in our tree.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
By API misdesign, it cannot be opaque. The incorrect documentation was
added as a part of a huge commit with a lot of churn. CRYPTO_EX_DATA
typically lives as an embedded struct of an opaque struct, but it can
also be used by applications, for example to initialize libssl.
documentation error pointed out by jsing
|
| |
|
|
|
| |
public symbol removed in April
ok tb@
|
| |
|
|
| |
CID 463174
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Various, ancient ciphers exposed some of their innards via an _options()
API. Apart from openssl version/speed, only some lua thingie in nmap ever
looked at these. Go figure.
hppa testing by miod, i386 testing by sthen. Thanks!
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This removes ASN1_BIT_STRING_name_print(), ASN1_BIT_STRING_{num,set}_asc().
Before trust was properly handled using OIDs, there was a period where it
used bit strings. The actual interfaces used in openssl x509 were removed,
but the functions they wrapped remained unused for the next 24 years.
ok jsing
|
| |
|
|
|
|
|
|
| |
This was added with the TS code for no discernible reason. I could not
find a single consumer. In the unlikely event that you need this, it is
easy enough to write a better version of it yourself.
ok jsing
|
| |
|
|
|
|
|
| |
Add accessors for the syntax versions of ContentInfo and SignerInfo.
These will be used soon in rpki-client for some more compliance checks.
ok job jsing
|
| |
|
|
|
|
|
| |
The nid_triple stack is no more. Its type never was part of the public API.
Why its stack macros were will remain a mystery.
ok jsing
|
| |
|
|
|
|
|
|
| |
Another bit of unused extensibility that was responsible for a lot
of complexity until recently. This removes the remaining stubs from
the public API.
ok jsing
|
| |
|
|
|
|
|
| |
Ever wondered how many entries populate the various err hashes?
Me neither. Remove this garbage.
ok jsing
|
