summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Inline initial hash data values for SHA1.jsing2023-03-291-13/+9
| | | | | | This follows what is done for other SHA implementations. ok miod@ tb@
* Reorder functions/code.jsing2023-03-271-238/+238
| | | | No intended functional change.
* Replace the remaining BN_copy() with bn_copy()tb2023-03-2719-116/+116
| | | | ok jsing
* Convert BN_copy() with missing error checks to bn_copy()tb2023-03-274-11/+18
| | | | ok jsing
* Convert BN_copy() with explicit comparison against NULL to bn_copy()tb2023-03-277-25/+25
| | | | ok jsing
* Use bn_copy() rather than inlining ittb2023-03-271-2/+2
| | | | ok jsing
* Tidy includes.jsing2023-03-271-5/+4
|
* Avoid errno is EINVAL after OpenSSL initializationjan2023-03-271-1/+5
| | | | ok tb@
* Drop unnecessary parentheses.tb2023-03-271-3/+3
| | | | ok jsing
* Convert bn_nist.c to BN_copy()tb2023-03-271-6/+6
| | | | | | | Like everything else in this file, the use of BN_copy() needs to be ... special. Simplify using the new bn_copy(). ok jsing
* Add bn_copy(), a sane wrapper of BN_copy() for internal usetb2023-03-272-2/+10
| | | | ok jsing
* Replace HASH_BLOCK_DATA_ORDER with sha1_block_data_order.jsing2023-03-261-4/+4
| | | | | The only reason to use HASH_BLOCK_DATA_ORDER in the implementation is to make the code harder to read.
* Remove unnecessary HIDDEN_DECLS.jsing2023-03-261-6/+1
|
* Removes some unwanted spaces.jsing2023-03-261-7/+7
|
* Whack sha1dgst.c with the style(9) stick again.jsing2023-03-261-193/+246
|
* Minor whitespace tidyingtb2023-03-262-6/+7
|
* Tidy up includes.jsing2023-03-261-9/+5
|
* Inline sha_local.h in sha1dgst.c.jsing2023-03-261-3/+360
| | | | | Nothing other than sha1dst.c uses this header - pull it in to sha1dgst.c directly (sha_local.h will be removed at a later date).
* Make several calls to BN_nnmod() unconditionaltb2023-03-261-19/+10
| | | | | | | | This removes a potential branch in a sensitive function and makes the code a lot simpler. It is a really bad idea optimize here for what davidben aptly calls "calculator" purposes. ok jsing
* Correctly reduce negative inpot to BN_mod_exp2_mont()tb2023-03-261-3/+3
| | | | | | | | | | Negative bases could result in a negative modulus being returned. This is not strictly speaking incorrect but slightly surprising. This is all a consequence of the shortcut of defining BN_mod() as a macro using BN_div(). Fixes ossfuzz #55997 ok jsing
* Add license to sha256.c/sha512.c.jsing2023-03-262-6/+100
|
* Use multiple statements instead of comma separated expressions.jsing2023-03-261-24/+33
| | | | No change to generated assembly.
* Add blank lines for readability.jsing2023-03-261-1/+4
|
* Add some blank lines for readability, along with some more style(9) tweaks.jsing2023-03-262-7/+24
|
* Whack sha with a style(9) stick.jsing2023-03-264-505/+706
| | | | No change in generated assembly.
* bn_prime.pl: fix shebang and a couple more whitespace tweakstb2023-03-261-3/+4
|
* Last arg is also a pointer, so pass NULL instead of 0; ok deraadt@otto2023-03-251-2/+2
|
* Change malloc chunk sizes to be fine grained.otto2023-03-251-102/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The basic idea is simple: one of the reasons the recent sshd bug is potentially exploitable is that a (erroneously) freed malloc chunk gets re-used in a different role. malloc has power of two chunk sizes and so one page of chunks holds many different types of allocations. Userland malloc has no knowledge of types, we only know about sizes. So I changed that to use finer-grained chunk sizes. This has some performance impact as we need to allocate chunk pages in more cases. Gain it back by allocation chunk_info pages in a bundle, and use less buckets is !malloc option S. The chunk sizes used are 16, 32, 48, 64, 80, 96, 112, 128, 160, 192, 224, 256, 320, 384, 448, 512, 640, 768, 896, 1024, 1280, 1536, 1792, 2048 (and a few more for sparc64 with its 8k sized pages and loongson with its 16k pages). If malloc option S (or rather cache size 0) is used we use strict multiple of 16 sized chunks, to get as many buckets as possible. ssh(d) enabled malloc option S, in general security sensitive programs should. See the find_bucket() and bin_of() functions. Thanks to Tony Finch for pointing me to code to compute nice bucket sizes. ok tb@
* Use strict and warningstb2023-03-251-1/+6
|
* Make an attempt at reducing the eyebleed in bn_prime.pltb2023-03-251-24/+18
| | | | | Use a style more resembling KNF and drop lots of parentheses. Simplify a few things. No change in generated output on success.
* Use Eric Young's usual license in the proper place rather than a weirdtb2023-03-251-12/+57
| | | | commented-out license stub in a HERE document.
* Add RCSIDtb2023-03-251-1/+1
|
* Add checks to ensure the uint16_t array isn't overflowed when thistb2023-03-251-0/+4
| | | | | script is run. This is more of an issue with uint16_t now than it was with prime_t aka BN_ULONG before r1.6.
* Zap an empty linetb2023-03-251-2/+1
|
* Drop unnecessary casts from and to void *tb2023-03-251-8/+6
|
* Unindent asn1_bio_get_ex()tb2023-03-251-6/+7
|
* Pull in <openssl/rsa.h> directlytb2023-03-251-1/+2
| | | | | | This is needed for many reasons. It is currently pulled in via x509.h but only when OPENSSL_NO_DEPRECATED is undefined. Again this should be fixed in the public header as well.
* BN_free() is defined in <openssl/bn.h>tb2023-03-252-4/+7
| | | | | | This is currently pulled in via dsa.h and ecdsa.h, but only when OPENSSL_NO_DEPRECATED is not defined. We should fix this in the public header, too - let's wait a bit with that.
* fixes for mandoc -Tlintjsg2023-03-181-5/+5
| | | | ok tb@
* Consistent phrasing: function -> function pointerjob2023-03-161-2/+2
|
* Add X509_STORE_{set,get}_check_issued and X509_STORE_CTX_get_check_issued to ↵job2023-03-161-3/+75
| | | | | | manpage with and OK tb@
* Install EVP_CIPHER_meth_new.3tb2023-03-161-1/+2
|
* Add EVP_CIPHER_meth_* documentation from OpenSSL 1.1tb2023-03-161-0/+335
| | | | | | | | This is essentially the original text with a few tweaks and fixes by me, removing parts inapplicable to LibreSSL. There are dangling references to EVP_CIPHER_CTX_copy(3) and EVP_CIPHER_CTX_get_cipher_data(3). This all isn't great, but it's better than nothing. Probably good enough for these rarely used functions.
* Update manpage for X509_CRL_get0_tbs_sigalg()libressl-v3.7.1job2023-03-161-4/+18
| | | | OK tb@
* Bump LibreSSL version to 3.7.2tb2023-03-161-3/+3
|
* Fix a number of out of bound reads in DNS response parsing.millert2023-03-151-1/+7
| | | | Originally from djm@. OK deraadt@ florian@ bluhm@
* Return the signature length after successful signing operationtb2023-03-151-1/+3
| | | | | | | | | This is required behavior of the EVP_DigestSign() API, but seemingly almost nothing uses this. Well, turns out ldns does. Reported by Stephane. Helpful comments by sthen. ok jsing
* Add comments that explain why things are done in this strange order.tb2023-03-151-3/+13
| | | | | | There's some method to this madness. ok jsing
* Push calloc() of ndef_aux down as far as possible andtb2023-03-151-7/+8
| | | | | | | pull the setting of the ex_arg up, so we can do error checking. ok jsing
* Error check BIO_asn1_set_{prefix,suffix}() callstb2023-03-151-3/+5
| | | | ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-08 11:02:07 +0000