| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly
instead.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
If we have a BN_CTX available, make use of it rather than calling BN_new().
Always allocate a new priv_key and pub_key, rather than having complex
reuse dances on entry and exit. Add missing BN_CTX_start()/BN_CTX_end()
calls.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
|
|
| |
Dealing with elliptic curves makes some people think that it would be kind
of neat to multiply types with variable names. Sometimes. Only in function
definitions.
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b
ok jsing
|
| |
|
|
|
|
| |
This commit adds missing API for ECDH/ECDSA_verify.
from markus
|
| |
|
|
|
|
|
| |
This commit adds init/free, support for signing, setting and
getting the method, engine support as well as extra data.
from markus
|
| |
|
|
|
|
| |
CID 184282
ok beck jsing mestre
|
| |
|
|
| |
ok beck jsing
|
| | |
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
| |
freeing and indent nearby labels.
ok beck jsing
|
| |
|
|
| |
breakage.
|
| |
|
|
|
|
|
|
| |
after the constant time commits various regress tests started failing
on sparc64 ssh t9, libcrypto ec ecdh ecdsa and trying to ssh out
resulted in 'invalid elliptic curve value'
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
reduces conditional logic (-218, +82).
MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c
wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and
BN_FLG_STATIC_DATA where the condition cannot be collapsed completely.
Passes regress. ok beck
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| |
|
|
| |
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are currently cases where the return from each call is checked,
the return from only the last call is checked and cases where it is not
checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will
continue to return NULL. However, in order to be consistent check each
call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom -
these will be handled separately.
ok beck@ doug@
|
| |
|
|
|
|
| |
EC_POINT_is_at_infinity() and EC_POINT_is_on_curve(), for they may return -1
should an error arise.
ok doug@ jsing@
|
| |
|
|
|
|
|
| |
Improves readability, keeps the code smaller so that it is warmer in your
cache.
review & ok deraadt@
|
| |
|
|
|
|
|
|
|
| |
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
| | |
|
| |
|
|
| |
ok miod
|
| | |
|
| |
|
|
| |
ok miod
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| |
|
|
|
| |
meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
