summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/bn/bn_blind.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Move bn_blind.c to rsa_blinding.ctb2023-08-091-259/+0
| | | | discussed with jsing
* Make declaration and definition of BN_BLINDING_new() match.tb2023-08-091-2/+2
| | | | Also, make mod const.
* Merge BN_BLINDING_create_param() into BN_BLINDING_new()tb2023-08-091-26/+10
|
* Set up the blinding factors on first usetb2023-08-091-27/+14
| | | | | | | Only call BN_BLINDING_setup() from BN_BLINDING_update(). This allows another simplification of the counter logic. ok jsing
* Remove retry loop in BN_BLINDING_setup()tb2023-08-091-24/+5
| | | | | | | If we generate a non-invertible blinding, we have accidentally factored the modulus. This won't happen, so get rid of this ugly complication. ok jsing
* Compute a square using BN_mod_sqr() instead of BN_mod_mul()tb2023-08-091-3/+3
| | | | ok jsing
* Simplify BN_BLINDING_invert()tb2023-08-091-14/+5
| | | | | | | If the blinding is non-NULL, Ai is set on it, so no need to check for that. Also, we can get away with a single call to BN_mod_mul(). ok jsing
* Unwrap a linetb2023-08-081-3/+2
|
* Drop the unused BN_BLINDING argument of BN_BLINDING_create_param()tb2023-08-081-7/+4
|
* Rename ret into b in BN_BLINDING_setup()tb2023-08-081-8/+8
|
* Factor the actual setup step for the blinding into a helpertb2023-08-081-30/+43
| | | | ok jsing
* Make BN_BLINDING respect some invariantstb2023-08-081-48/+17
| | | | | | | | | | | | Pass e and mod into BN_BLINDING_new() for now and unconditionally allocate A and Ai. This way non-NULL blindings always have these four members set. This allows removing several unnecessary checks in the update, convert and parameter creation code paths. Fix exit BN_BLINDING_create_param() so as to signal errors to the caller if a non-NULL blinding was passed. This fixes a long standing bug. ok jsing
* More whitespace fixes from knfmttb2023-08-021-7/+7
|
* Remove extraneous parentheses and fix weird whitespace.tb2023-08-021-16/+15
|
* Drop the _ex from BN_BLINDING_{convert,invert}_ex()tb2023-08-021-3/+3
|
* Remove the unused BN_BLINDING_{convert,invert}()tb2023-08-021-13/+1
| | | | ok jsing
* Make BN_BLINDING_{new,update}() static in bn_blind.ctb2023-08-021-3/+3
| | | | ok jsing
* Remove the unused flags member of BN_BLINDINGtb2023-08-021-5/+3
| | | | | | | Nothing sets this, so remove it along with BN_BLINDING_NO_{UPDATE,RECREATE} and some checks that are always true. ok jsing
* Remove the unused flags accessors for BN_BLINDINGtb2023-08-021-13/+1
| | | | ok jsing
* Remove a 16 year old confusing lietb2023-08-021-2/+2
| | | | | The mod member of BN_BLINDING hasn't been /* just a reference */ since the branch prediction mitigations in OpenSSL bd31fb21 from March 2007.
* Make BN_BLINDING internaltb2023-07-281-12/+1
| | | | | | | | | | RSA is pretty bad. In my most optimistic moments I dream of a world that stopped using it. That won't happen during my lifetime, unfortunately. Blinding is one way of making it a little less leaky. Unfortunately this side-channel leak mitigation leaked out of the library for no good reason. Let's at least fix that aspect of it. ok jsing
* Hide symbols in bnbeck2023-07-081-1/+12
| | | | ok tb@
* Remove the deprecated API from BNtb2023-04-251-19/+1
|
* Replace the remaining BN_copy() with bn_copy()tb2023-03-271-2/+2
| | | | ok jsing
* Call BN_free() instead of BN_clear_free().jsing2023-03-071-5/+5
| | | | | | | BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly instead. ok tb@
* Make internal header file names consistenttb2022-11-261-2/+2
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Remove BIGNUM consistency macros.jsing2022-11-261-5/+1
| | | | | | | | | | | | Compiling with BN_DEBUG (and if you want to take it further, BN_DEBUG_RAND) supposedly adds consistency checks to the BN code. These are rarely if ever used and introduce a bunch of clutter in the code. Furthermore, there are hacks in place to undo things that the debugging code does. Remove all of this mess and instead rely on always enabled checks, more readable code and proper regress coverage to ensure correct behaviour. "Good riddance." tb@
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-7/+6
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Add ct and nonct versions of BN_mod_inverse for internal usebeck2017-01-211-2/+2
| | | | ok jsing@
* Make explicit _ct and _nonct versions of bn_mod_exp funcitons thatbeck2017-01-211-2/+2
| | | | | | | | | | | | matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-11/+6
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-2/+3
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-101-1/+4
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* calloc instead of malloc/memset. from Benjamin Baiertedu2014-05-251-2/+1
|
* Emergency knfectomie requested by tedu@.jsing2014-05-081-143/+148
|
* Lacking a proof that--for this implementation--exposure of Montgomeryguenther2014-04-191-4/+4
| | | | | | | | multiplication or RSA blinding parameters doesn't permit retroactive timing analysis of the secrets, we'll do the stupidly cheap thing and cleanse them before freeing them. ok deraadt@
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-2/+2
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* OpenSSL 1.0.0f: mergedjm2012-01-051-14/+23
|
* resolve conflicts, fix local changesdjm2010-10-011-3/+14
|
* resolve conflictsdjm2008-09-061-14/+235
|
* openssl-engine-0.9.6 mergebeck2000-12-151-2/+2
|
* OpenSSL 0.9.4 mergebeck1999-09-291-21/+22
|
* Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD buildryker1998-10-051-0/+143
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-18 23:27:09 +0000