|  | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  |  | 
|  |  | 
|  | ok jsing | 
|  | Both the function return type and the function name are so long
that for displaying the function prototype,
a line break is needed after the function return type. | 
|  | Pass e and mod into BN_BLINDING_new() for now and unconditionally allocate
A and Ai. This way non-NULL blindings always have these four members set.
This allows removing several unnecessary checks in the update, convert and
parameter creation code paths.
Fix exit BN_BLINDING_create_param() so as to signal errors to the caller
if a non-NULL blinding was passed. This fixes a long standing bug.
ok jsing | 
|  | Make this look a bit more like other code we cleaned up avoiding nesting
and unnecessary else branches.
ok jsing | 
|  | This was a workaround due to the historically non-constant time scalar
multiplication in the EC code. Since Brumley and Tuveri implemented the
Montgomery ladder, this is no longer useful and should have been removed
a long time ago, as it now does more harm than good.
Keep the preallocations as they still help hiding some timing info.
ok jsing | 
|  | tb@ removed the following macros from the public API:
_DECLARE_OBJ_BSEARCH_CMP_FN
DECLARE_OBJ_BSEARCH_CMP_FN DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN
IMPLEMENT_OBJ_BSEARCH_CMP_FN IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN
OBJ_bsearch OBJ_bsearch_ex
In objects.h rev. 1.20 (Nov 11, 2022), jsing@ unifdef'ed USE_OBJ_MAC.
Stop marking these names as intentionally undocumented. | 
|  | In bn.h rev. 1.75 (July 31, 2023), tb@ removed it from the public API.
While here, stop marking BN_prime_checks as obsolete.
In BN_generate_prime.3 rev. 1.23 (May 11, 2023), tb@ documented
the constant BN_prime_checks in that manual page. | 
|  | In bio.h rev. 1.59 (July 28, 2023), tb@ removed the last four functions
that took function pointers of this type from the public API. | 
|  | In asn1.h rev. 1.80 (July 28, 2023), tb@ removed the last three
functions that were using this data type from the public API. | 
|  | fixed in bio_lib.c r1.47 as confirmed by ASAN. | 
|  | If CRYPTO_dup_ex_data() fails, the new_bio is leaked. If an error occurs
after the first iteration, all members of the new chain except the head
are leaked.
ok jsing | 
|  |  | 
|  |  | 
|  |  | 
|  | Exception needed since the test expects an unexpected_message alert, while
we throw a decode_error. | 
|  | Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().
Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.
ok jsing | 
|  | This test was never particularly useful. An upcoming API change for
the internal bn_rand_interval() API would require some adjustments.
It's not worth it. | 
|  | ok jsing miod | 
|  |  | 
|  |  | 
|  |  | 
|  | ok jsing | 
|  | ok jsing | 
|  | Nothing sets this, so remove it along with BN_BLINDING_NO_{UPDATE,RECREATE}
and some checks that are always true.
ok jsing | 
|  | ok jsing | 
|  | The mod member of BN_BLINDING hasn't been /* just a reference */ since
the branch prediction mitigations in OpenSSL bd31fb21 from March 2007. | 
|  |  | 
|  | The public symbols were removed. Some prototypes and in the case of DES
even the implementation remained.
ok jsing | 
|  |  | 
|  | Due to some historic accident, HAVE_FUNOPEN was grouped with DSO_DLFCN
and HAVE_DLFCN_H inside !defined(NOPIC). While the two DLFCN bits belong
there, HAVE_FUNOPEN doesn't.
ok jsing, millert agrees | 
|  | build tested by miod | 
|  |  | 
|  | Some *_options() prototypes were left behind in headers. I will remove
them after my amd64 ports bulk completes. | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | These headers are now reduced to #include <openssl/ec.h> and are provided
for compatiblity only. There's no point in using them. At the same time
garbage collect the last uses of OPENSSL_NO_{ECDSA,ECDH} in our tree.
ok jsing | 
|  | By API misdesign, it cannot be opaque. The incorrect documentation was
added as a part of a huge commit with a lot of churn. CRYPTO_EX_DATA
typically lives as an embedded struct of an opaque struct, but it can
also be used by applications, for example to initialize libssl.
documentation error pointed out by jsing | 
|  | public symbol removed in April
ok tb@ | 
|  | CID 463174 | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | Various, ancient ciphers exposed some of their innards via an _options()
API. Apart from openssl version/speed, only some lua thingie in nmap ever
looked at these. Go figure.
hppa testing by miod, i386 testing by sthen. Thanks!
ok jsing |