| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
There is no reason for this to call EVP_CIPHER_meth_new(), as the flags
will be copied a line later anyway. Simplify this.
Requested by jsing
|
| |
|
|
|
|
|
| |
OPENSSL_zalloc() -> calloc(), OPENSSL_free() -> free() and a few assorted
cosmetic tweaks to match our style better.
ok jsing
|
| |
|
|
|
|
|
| |
As usual, this will be guarded by LIBRESSL_INTERNAL || LIBRESSL_NEXT_API
until the next bump.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This partially reverts jsing's OpenBSD commit b8185953, but without adding
back the error check that potentialy results in dumb leaks. No cleanup()
method in the wild returns anything but 1. Since that's the signature in
the EVP_CIPHER_meth_* API, we have no choice...
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
Nothing interesting uses them. There's a Debian SSH-1 module and
corresponding ncrack bits. That's not reason enough to have this
garbage.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reinstates the original license on this file. Don't bother bumping
the copyright year. Nothing interesting has happened in here since the
initial commit.
(There was one interesting commit though: "Don't care openssl_zmalloc()",
which is interesting due to the lack of care, not because it's copyright
worthy)
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
This is the file as of OpenSSL 1.1.1 commit 82dfb986. Call the file
cipher_method_lib.c since the short names in this directory are hard
enough to read. This is a first step towards providing the poorly
named EVP_CIPHER_meth_* API which is needed by some projects because
of EVP_CIPHER opacity.
ok jsing
|
| |
|
|
|
|
|
|
| |
Rename BN_from_montgomery_word() to bn_montgomery_reduce() and rewrite it
to be simpler and clearer, moving further towards constant time in the
process. Clean up BN_from_montgomery() in the process.
ok tb@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
freeing; ok tb@
|
| |
|
|
|
|
| |
macOS aarch64 assembly dialect treats ; as comment instead of a newline
ok tb@, jsing@
|
| |
|
|
|
|
|
| |
By introducing X509_get0_uids(), one can add RPKI profile compliance
checks to conform the absence of the issuerUID and subjectUID.
OK tb@ jsing@
|
| |
|
|
|
|
|
| |
Remedy a case of twitching eyes caused by seeing "Doing ... rsa's for 10s".
If this breaks someone's script, so be it.
ok jsing sthen
|
| |
|
|
| |
ok miod
|
| |
|
|
|
|
|
|
| |
Here we need .rdata with some alignment goo. Fortunately, this was already
present for .pdata and .xdata, so the change is easy. Also, this is a code
path that doesn't affect OpenBSD at all.
ok jsing miod
|
| |
|
|
| |
Requested by tb@
|
| |
|
|
|
|
|
|
| |
Now that bn_sub() handles word arrays with potentially different lengths,
we no longer need bn_sub_part_words() - call bn_sub() instead. This allows
us to entirely remove the unnecessarily complex bn_sub_part_words() code.
ok tb@
|
| |
|
|
|
|
|
|
| |
Rather than working on BIGNUMs, change bn_add()/bn_sub() to operate on word
arrays that potentially differ in length. This matches the behaviour of
s2n-bignum's bignum_add() and bignum_sub().
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL commit 4d524040bc8 changed BN_MONT_CTX_set() so that it computed
a 64 bit N^-1 on both BN_BITS2 == 32 and BN_BITS2 == 64 platforms. However,
the way in which this was done was to duplicate half the code and wrap it
in #ifdef.
Rewrite this code to use a single code path on all platforms, with #ifdef
being limited to setting an additional word in the temporary N and storing
the result on BN_BITS2 == 32 platforms. Also remove stack based BIGNUM in
favour of using the already present BN_CTX.
ok tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
It does not make sense to use code that is slower, currently broken and
prevents the use of assembly Montgomery implementations.
This is the result of `unifdef -m -DMONT_WORD`, followed by some manual
clean up and the removal of the Ni bignum from BN_MONT_CTX (which was only
used in the non-MONT_WORD case).
ok miod@ tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
Rewrite and simplify BN_MONT_CTX_set_locked - in particular, only hold the
lock for a short period of time, rather than holding a write lock for a
module across an expensive operation.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Use calloc() rather than malloc() with manual initialisation of all struct
members to zero, use memset() instead of manually initialising all struct
members to zero, use consistent naming, use BN_free() instead of
BN_clear_free() (since it is the same thing).
ok tb@
|
| | |
|
| |
|
|
|
|
| |
No code outside of bn_mont.c needs access to it.
ok tb@
|
| | |
|
| |
|
|
|
|
|
| |
No, I'm not trying to overwhelm you... however, we really no longer need
this clutter.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use bignum primitives rather than the current mess of macros.The sqr_add_c
macro gets replaced with bn_mulw_addtw(), while the sqr_add_c2 macro gets
replaced with bn_mul2_mulw_addtw().
The variables in the comba functions have also been reordered, so that the
patterns are easier to understand - the compiler can take care of
optimising the inputs and outputs to avoid register moves.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
The BN_num_bits_word() function is a hot path, being called more than
80 million times during a libcrypto regress run. The word_clz()
implementation uses five instructions to do the same as the generic code
that uses more than 60 instructions.
Discussed with tb@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This keeps the naming consistent with the other bignum primitives that have
been recently introduced. Also, use 1/0 intead of h/l (e.g. a1 instead of
ah), as this keeps consistency with other primitives and allows for naming
that works with double word, triple word and quadruple word inputs/outputs.
Discussed with tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h
fix suggested by & ok jsing
|
| |
|
|
|
|
|
| |
This removes the effectively duplicate BN_LLONG version of bn_add_words()
and simplifies the code considerably.
ok tb@
|
| | |
|
| | |
|
| |
|
|
|
|
| |
There were only three versions of each one...
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use bignum primitives rather than the current mess of macros, which also
allows us to remove the essentially duplicate versions of
bn_mul_words() and bn_mul_add_words() for BN_LLONG.
The "mul" macro gets replaced by bn_mulw_addw(), "mul_add" with
bn_mulw_addw_addw() and "mul_add_c" with bn_mulw_addtw() (where 'w'
indicates single word input and 'tw' indicates triple word input).
The variables in the comba functions have also been reordered, so that the
patterns are easier to understand - the compiler can take care of
optimising the inputs and outputs to avoid register moves.
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
These use a consistent naming scheme and are implemented using
bitwise/constant time style operations, which should generally be safe on
all platforms (until a compiler decides to optimise and use branches).
More optimised versions can be provided for a given architecture.
ok tb@
|
