summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dh (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* call BN_init on temporaries to avoid use-before-set warningsbcook2016-07-071-1/+2
| | | | ok beck@
* On systems where we do not have BN_ULLONG defined (most 64-bit systems),bcook2016-07-051-1/+5
| | | | | | | | | | | | | | BN_mod_word() can return incorrect results if the supplied modulus is too big, so we need to fall back to BN_div_word. Now that BN_mod_word may fail, handle errors properly update the man page. Thanks to Brian Smith for pointing out these fixes from BoringSSL: https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89 https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be ok beck@
* Remove flags for disabling constant-time operations.bcook2016-06-302-34/+12
| | | | | | | | This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally constant-time. Based on the original patch by César Pereid. ok beck@
* Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making thejsing2015-02-141-6/+42
| | | | | | | | | data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Enable building with -DOPENSSL_NO_DEPRECATED.doug2015-02-111-1/+2
| | | | | | | | | | | | | | | If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
* Expand the -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_(const_)?fname macros so thatjsing2015-02-101-2/+14
| | | | | | | | the code is visible and functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* BN_CTX_get() can fail - consistently check its return value.jsing2015-02-092-6/+7
| | | | | | | | | | | | | | | There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@
* This is neither code not proper documentation.miod2015-02-097-157/+0
|
* Delete a lot of #if 0 code in libressl.doug2015-02-072-16/+2
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* Avoid a double-free in an error path.doug2015-01-081-1/+2
| | | | ok jsing@ beck@
* None of these need to include <openssl/rand.h>jsing2014-10-181-2/+1
|
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-124-30/+17
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-119-26/+31
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-103-4/+12
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-101-2/+4
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* ASN1_STRING_free can handle NULL, so callers don't need to check. ok miodtedu2014-07-091-7/+4
|
* Simplify error path of DH_check_pub_key()miod2014-07-091-8/+4
|
* KNFmiod2014-07-099-567/+599
|
* remove unused, private version strings except SSL_version_strbcook2014-07-091-3/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* simplify and unobfuscate a variable to fix a mem leak.tedu2014-06-301-6/+9
| | | | original diff by logan
* replace atoi() calls with strtol(). Follow the idiomatic pattern in ourderaadt2014-06-121-12/+30
| | | | | | | | | manual page strictly. Return -2 if the strings are not strict numbers. The numbers remain in the range of "int". Range checking for these parameters is done later in the pkey_*_ctl() functions, or sometimes in functions much further downstream... but not always!!! ok millert miod mikeb
* tags as requested by miod and teduderaadt2014-06-1211-9/+11
|
* Remove various test stubs. The good ones have been moved by jsingderaadt2014-06-073-257/+0
| | | | | | and others to the regress framework. These remaining ones just muddle us up when re-reading code repeatedly. ok jsing
* malloc() result does not need a cast.deraadt2014-06-071-1/+1
| | | | ok miod
* more: no need to null check before free; ok guentherderaadt2014-05-301-1/+1
|
* more: no need for null check before freederaadt2014-05-301-2/+1
| | | | ok tedu guenther
* no need for null check before free. from Brendan MacDonelltedu2014-05-301-1/+1
|
* Everything sane has stdio, and FILE *. we don't need ifdefs for this.beck2014-05-292-4/+0
| | | | ok to firebomb from tedu@
* Almost nothing actually needs to include <openssl/e_os2.h>, however byjsing2014-05-241-1/+1
| | | | | | | including it they get <openssl/opensslconf.h>. So instead of pulling in <openssl/e_os2.h>, just pull in <openssl/opensslconf.h>. "go ahead" miod@
* if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefullymiod2014-05-222-4/+2
| | | | eyeballed before applying. Contributed by Cyril Roelandt on tech@
* Stop being a dummy... presumably these are left overs from pedantic modejsing2014-05-151-2/+0
| | | | | | that were not wrapped with #if PEDANTIC. ok miod@
* Use C99 initializers for the various FOO_METHOD structs. More readable, andmiod2014-04-273-71/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | avoid unreadable/unmaintainable constructs like that: const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { EVP_PKEY_CMAC, EVP_PKEY_CMAC, 0, "CMAC", "OpenSSL CMAC method", 0,0,0,0, 0,0,0, cmac_size, 0, 0,0,0,0,0,0,0, cmac_key_free, 0, 0,0 }; ok matthew@ deraadt@
* kill REF_PRINT/REF_CHECK debugging framework noone would usederaadt2014-04-171-20/+0
| | | | ok miod
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-173-12/+12
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* we don't use these files for buildingtedu2014-04-151-77/+0
|
* remove FIPS mode support. people who require FIPS can buy something thattedu2014-04-153-44/+0
| | | | | meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
* Moved to regress/lib/libcrypto.miod2014-04-151-226/+0
|
* remove auto-generated dependencies from the old unused build system, soderaadt2014-04-141-103/+0
| | | | | that it is easier to find code pieces. They are getting in the way. ok miod
* resolve conflictsdjm2012-10-135-4/+88
|
* This commit was generated by cvs2git to track changes on a CVS vendordjm2012-10-131-0/+1
|\ | | | | branch.
| * import OpenSSL-1.0.1cdjm2012-10-136-4/+89
| |
* | resolve conflicts, fix local changesdjm2010-10-018-179/+105
| |
* | This commit was generated by cvs2git to track changes on a CVS vendordjm2010-10-013-0/+834
|\| | | | | branch.
| * import OpenSSL-1.0.0adjm2010-10-019-35/+887
| |
| * import openssl-0.9.8jdjm2009-01-096-2/+29
| |
* | resolve conflictsdjm2009-04-062-5/+1
| |
* | resolve conflictsdjm2009-01-097-11/+38
| |
* | update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-051-7/+13
| |
* | resolve conflictsdjm2008-09-067-92/+108
| |
* | This commit was generated by cvs2git to track changes on a CVS vendordjm2008-09-061-0/+83
|\| | | | | branch.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 09:54:38 +0000