| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
| |
This is currently pulled in via dsa.h and ecdsa.h, but only when
OPENSSL_NO_DEPRECATED is not defined. We should fix this in the
public header, too - let's wait a bit with that.
|
| |
|
|
|
|
|
| |
BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly
instead.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
|
|
|
|
|
|
|
| |
Change DSA_sign() to single exit and check the signed i2d_DSA_SIG() return
value before assigning it to an unsigned int.
In DSA_verify() let d2i_DSA_SIG() handle the allocation, split error check
of i2d_DSA_SIG() from signature check and change an unnecessary freezero()
to free.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
| |
CBIGNUM_it is supposed to be the "clear bignum" or "secure" bignum - that
is one which zeros its memory after use and ensures that the constant time
flags are set... in LibreSSL we always do both of these things for BIGNUMs,
so just use BIGNUM_it instead.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was obtained by porting the OpenSSL commit below and then using
expand_crypto_asn1.go to unroll the new ASN.1 macros - actually the
ones from 987157f6f63 which fixed the omission of dsa_cb() in the
first commit.
ok inoguchi jsing
commit ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Thu Mar 26 14:35:49 2015 +0000
Simplify DSA public key handling.
DSA public keys could exist in two forms: a single Integer type or a
SEQUENCE containing the parameters and public key with a field called
"write_params" deciding which form to use. These forms are non standard
and were only used by functions containing "DSAPublicKey" in the name.
Simplify code to only use the parameter form and encode the public key
component directly in the DSA public key method.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
| |
including the local header where it will be needed.
discussed with jsing
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
reduces conditional logic (-218, +82).
MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c
wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and
BN_FLG_STATIC_DATA where the condition cannot be collapsed completely.
Passes regress. ok beck
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| | |
|
| |
|
|
|
|
| |
ASN1_item_{d2i,i2d}_* equivalents.
ok guenther@ miod@
|
| |
|
|
|
|
|
|
|
| |
data structures visible and easier to review, without having to wade
through layers and layers of asn1t.h macros.
Change has been scripted and there is no change to the generated assembly.
Discussed with beck@ miod@ tedu@
|
| |
|
|
|
|
|
|
| |
the code is visible and functions can be readily located.
Change has been scripted and there is no change to the generated assembly.
Discussed with beck@ miod@ tedu@
|
| |
|
|
|
|
| |
from OpenSSL with a hint of boring and some things done here. Addresses
CVE-2014-8275 for OpenSSL fully
ok miod@ doug@
|
| | |
|
| |
|
|
|
|
|
|
| |
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| |
|
|
|
|
|
|
|
|
| |
2. Even passing a digest in as entropy is sloppy.
But apparently the OpenSSL guys could find no objects of lesser value to
pass to the pluggable random subsystem, and had to resort to private keys
and digests. Classy.
ok djm
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
| |
|
