| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
There are no accessors to set them, so this has been involved in a bunch
of dead logic ever since we made DSA opaque a few years ago.
ok jsing
|
| |
|
|
| |
ok djm
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().
Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
Rather than having complicated "attempt to reuse" dances, always allocate
priv_key/pub_key, then free and assign on success.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| | |
|
| |
|
|
|
|
| |
including the local header where it will be needed.
discussed with jsing
|
| |
|
|
| |
ok beck jsing mestre
|
| |
|
|
| |
ok beck jsing
|
| | |
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
| |
freeing and indent nearby labels.
ok beck jsing
|
| |
|
|
|
|
| |
takes care of this internally.
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
matter for constant time, and make the public interface only used
external to the library.
This moves us to a model where the important things are constant time
versions unless you ask for them not to be, rather than the opposite.
I'll continue with this method by method.
Add regress tests for same.
ok jsing@
|
| |
|
|
|
|
|
|
| |
This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.
Based on the original patch by César Pereid. ok beck@
|
| |
|
|
|
|
|
| |
Improved patch from Cesar Pereida. See
https://github.com/libressl-portable/openbsd/pull/61 for more details.
ok beck@
|
| | |
|
| |
|
|
|
|
|
| |
Improves readability, keeps the code smaller so that it is warmer in your
cache.
review & ok deraadt@
|
| |
|
|
|
|
|
|
| |
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
| |
|
|
|
|
|
|
|
| |
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
| | |
|
| | |
|
| |
|
|
|
| |
meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|
|
functionality for shared libs.
Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.
Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.
|
