summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Replace BN_DIV3W with HAVE_BN_DIV_3_WORDS (in bn_arch.h).jsing2023-01-203-6/+8
| | | | ok tb@
* Provide a per machine bn_arch.h.jsing2023-01-2015-1/+338
| | | | | | | This will provide a location for machine specific defines, prototypes and inline functions. ok tb@
* Reorder functions.jsing2023-01-201-344/+344
| | | | No functional change.
* Reorder functions for easier maintenance.jsing2023-01-201-30/+30
| | | | No functional change.
* Remove more unused assembly generation scripts.jsing2023-01-198-696/+0
|
* Remove various unused assembly files and assembly generation scripts.jsing2023-01-1910-7760/+0
| | | | | | These are just creating clutter and cause grep noise. ok miod@
* Bring in a description of bn_words_3_div().jsing2023-01-181-1/+9
| | | | | | This comes from OpenSSL commit 3da2e9c4ee45989a426ff513dc6c6250d1e460de. ok tb@
* Start cleaning up BN_div_internal().jsing2023-01-181-158/+195
| | | | | | | | | | Always provide a bn_div_3_words() function, rather than having deeply nested compiler conditionals. Use readable variable names, clean up formatting and use a single exit path. Tested on various platforms by miod@ ok tb@
* Don't do policy checking unless we were asked to do so.beck2023-01-171-2/+3
| | | | ok tb@
* Remove non-visible and unused OPENSSL_wipe_cpu and OPENSSL_atomic_addmiod2023-01-1712-700/+7
| | | | | | | interfaces, and remove empty assembly OPENSSL_cpuid_setup routines - the default empty C fallback will work as good. ok jsing@
* Move BN_sqr() to the bottom of the file.jsing2023-01-161-85/+85
| | | | | | This will simplify review/upcoming changes. No functional change.
* Mop up debug code that escaped previously.jsing2023-01-163-82/+3
| | | | This is the result of `unifdef -m -U BN_COUNT'.
* gost: add missing BN_CTX_{start,end}() pairtb2023-01-151-1/+4
| | | | | | | | | | The new BN_CTX code enforces that the context be started before a BIGNUM can be obtained from it via BN_CTX_get(), tests for ssl/interop and the openssl app broke, implying missing test coverage in libcrypto itself. Add the obviously missing bits. reported by anton ok jsing
* Move constants out of text segment into rodata to prepare for xonly supportderaadt2023-01-1414-19/+25
| | | | | on amd64. no pic handling is neccessary since amd64 has full reach. ok kettenis
* Remove unused Elliptic Curve code.jsing2023-01-1415-25353/+4
| | | | | | | | | | | | | For various reasons, the ecp_nistp* and ecp_nistz* code is unused. While ecp_nistp* was being compiled, it is disabled due to OPENSSL_NO_EC_NISTP_64_GCC_128 being defined. On the other hand, ecp_nistz* was not even being built. We will bring in new versions or alternative versions of such code, if we end up enabling it in the future. For now it is just causing complexity (and grep noise) while trying to improve the EC code. Discussed with tb@
* Rewrite BN_CTX.jsing2023-01-141-410/+98
| | | | | | | | | | | | | | | | | | | | | The current BN_CTX implementation is an incredibly overengineered piece of code, which even includes its own debug system. Rewrite BN_CTX from scratch, simplifying things things considerably by having a "stack" of BIGNUM pointers and a matching array of group assignments. This means that BN_CTX_start() and BN_CTX_end() effectively do not fail. Unlike the previous implementation, if a failure occurs nothing will work and the BN_CTX must be freed/recreated, instead of trying to pick up at the point where the failure occurred (which does not make sense given its intended usage). Additionally, it has long been documented that BN_CTX_start() must be called before BN_CTX_get() can be used, however the previous implementation did not actually enforce this. Now that missing BN_CTX_start() and BN_CTX_end() calls have been added to DSA and EC, we can actually make this a hard requirement. ok tb@
* Greatly simplify bn_expand_internal().jsing2023-01-141-103/+26
| | | | | | | | We have a function called recallocarray() - make use of it rather than handrolling a version of it. Also have bn_expand() call bn_wexpand(), which avoids some duplication. ok tb@
* Clean up and simplify EC_KEY handling, mostly from a BN_CTX perspective.jsing2023-01-141-59/+80
| | | | | | | | | If we have a BN_CTX available, make use of it rather than calling BN_new(). Always allocate a new priv_key and pub_key, rather than having complex reuse dances on entry and exit. Add missing BN_CTX_start()/BN_CTX_end() calls. ok tb@
* Move all data tables from .text section to .rodata, and update the code tomiod2023-01-138-39/+104
| | | | | | | fetch them correctly when building PIC. Also drop unused data, and remove --no-execute-only from linker flags. ok kettenis@
* Move all data tables from .text section to .rodata, and update the code tomiod2023-01-137-78/+54
| | | | | | | fetch them correctly when building PIC. Also drop unused data, and remove --no-execute-only from linker flags. ok jsing@ kettenis@
* Prevent 1-byte out-of-bounds read in i2c_ASN1_BIT_STRINGtb2023-01-131-2/+4
| | | | | | | | | | If an ASN.1 BIT STRING a of length > 0 contains only zero bytes in a->data, this old code would end up reading from a->data[-1]. This may or may not crash. Luckily, anton observed two openssl-ruby regress test failures in the last few days, which could eventually be traced back to this (after a lot of painful digging due to coredumps not working properly). ok jsing
* based upon inspection of obj/*.S ...deraadt2023-01-111-1/+3
| | | | | | | | temporarily force sparc64 libcrypto to be built --no-execute-only because perlasm is still putting tables (intended to be rodata) into text. This will help dynamic executables, but static executables won't be saved by this. But this is temporary because we hope the perlasm problem is fixed soon.
* temporarily force hppa libcrypto to be built --no-execute-only becausederaadt2023-01-111-1/+3
| | | | | | | | perlasm is still putting tables (intended to be rodata) into text. This will help dynamic executables, but static executables won't be saved by this. But this is temporary because we hope the perlasm problem is fixed soon. ok miod
* Clean up and simplify BIGNUM handling in DSA code.jsing2023-01-113-96/+116
| | | | | | | | | | | This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls BN_free() instead of BN_clear_free() (which does the same thing). Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the BN_CTX that is already available. ok tb@
* Simplify BIGNUM handling in dsa_builtin_keygen().jsing2023-01-111-18/+17
| | | | | | | Rather than having complicated "attempt to reuse" dances, always allocate priv_key/pub_key, then free and assign on success. ok tb@
* Replace BN_lshift1()/BN_rshift1() with calls to BN_lshift()/BN_rshift().jsing2023-01-111-125/+42
| | | | | | | | | | | | | | | | | | | Currently, BN_lshift1() and BN_rshift1() are separate implementations that are intended to be faster since the shift is known (and only one bit crosses a word boundary). However, with the rewrite of BN_lshift() and BN_rshift(), they are either slower or only minimally faster (depending on architecture). Avoid duplication and turn BN_lshift1()/BN_rshift1() into functions that call inlined versions of BN_lshift()/BN_rshift(), making BN_lshift() and BN_rshift() call the same inlined implementation. This results in a single implementation and BN_lshift1()/BN_rshift1() that out perform the previous versions (in part due to compiler optimisation). Now that none of the original code exists, replace the license and copyright for this file. ok tb@
* Rewrite BN_lshift()jsing2023-01-101-26/+57
| | | | | | | | This improves readability and eliminates special handling for various cases, making the code cleaner and closer to constant time. Basic benchmarking shows a performance gain on modern 64 bit architectures. ok tb@
* Rewrite/simplify BN_free().jsing2023-01-071-10/+12
| | | | ok tb@
* Flip BN_clear_free() and BN_free()jsing2023-01-071-4/+4
| | | | | | | | All of our BIGNUMs are cleared when we free them - move the code to BN_free() and have BN_clear_free() call BN_free(), rather than the other way around. ok tb@
* Use calloc() in BN_new(), rather than malloc() and then manually zeroing.jsing2023-01-071-10/+7
| | | | ok tb@
* Fix previous.jsing2023-01-071-3/+9
|
* tlsfuzzer: hook up new connection abort tests while skipping the NSTtb2023-01-061-1/+5
| | | | tests for TLSv1.3 since that's not currently handled.
* Rewrite BN_rshift()jsing2023-01-051-37/+42
| | | | | | | | | | | | This improves readability and eliminates special handling for various cases, making the code cleaner and closer to constant time. Basic benchmarking shows a performance gain on modern 64 bit architectures, while there is a decrease on legacy 32 bit architectures (i386), particularly for the zero bit shift case (which is now handled in the same code path). ok tb@
* Add additional shift benchmarks that are useful on BN_BITS2 == 32 platformsjsing2023-01-051-2/+56
|
* ugly white spacederaadt2023-01-041-2/+2
|
* Add explicit LL suffixes to large constants to appease some compilers onmiod2023-01-011-3/+3
| | | | 32-bit systems.
* Add explicit LL suffixes to large constants to appease some compilers onmiod2023-01-011-6/+6
| | | | 32-bit systems.
* Add explicit LL suffixes to large constants to appease some compilers onmiod2023-01-011-2/+3
| | | | | | 32-bit platforms; NFCI ok tb@
* spelling fixes; from paul tagliamontejmc2022-12-281-2/+2
| | | | any parts of his diff not taken are noted on tech
* succcess -> successjsg2022-12-281-3/+3
|
* Change the way malloc_init() works so that the main data structuresotto2022-12-271-65/+66
| | | | | | | can be made immutable to provide extra protection. Also init pools on-demand: only pools that are actually used are initialized. Tested by many
* spelling fixes; from paul tagliamontejmc2022-12-278-15/+15
| | | | | any changes not taken noted on tech, but chiefly here i did not take the cancelation - cancellation changes;
* spelling fix; from paul tagliamontejmc2022-12-261-2/+2
| | | | ok tb
* Prepare to provide X509_CRL_get0_sigalg()tb2022-12-262-2/+12
| | | | | | | | | This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which does not provide a way to access the tbs sigalg of a CRL. This is needed in security/pivy. From Alex Wilson ok jsing
* fix another typo in comment in a line touched by the last commit (thissthen2022-12-261-1/+1
| | | | one wouldn't have triggered a spell checker though)
* spelling fixes; from paul tagliamontejmc2022-12-2610-23/+23
| | | | ok tb
* spelling fixes; from paul tagliamontejmc2022-12-26100-265/+265
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Zap trailing whitespace in license and add some empty linestb2022-12-245-10/+18
|
* Add the missing Copyright and license headers in the libcrypto/comp directory.schwarze2022-12-236-9/+570
| | | | | | | | | | | | | | | | | | | Requested some time ago by tb@. According to OpenSSL git history, the original version of this code appeared in SSLeay 0.9.1b (July 6, 1998). The LICENSE file in that release states that the Copyright of SSLeay belongs to Eric Young, and we believe that Eric still maintained SSLeay himself at that time. We have seen a small number of examples where Eric credited outside contributors for code that he included in his distribution, including citing Copyright notices and license headers as appropriate. We found no such hints regarding this code, so it is reasonable to assume that he wrote this code himself. Regarding subsequent changes and additions, i inspected the OpenSSL git repository. No code change; only Copyright and license comments are added.
* Document the deprecated wrappers BIO_set_app_data(3) and BIO_get_app_data(3).schwarze2022-12-231-5/+36
| | | | Some code roams the wild still calling them.