| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
| |
No functional change.
|
| |
|
|
|
|
|
|
| |
Copy the update, transform and final functions from md32_common.h, manually
expanding the macros for MD5. This will allow for further clean up to
occur.
No change in generated assembly.
|
| | |
|
| |
|
|
|
|
|
| |
MD32_XARRAY was added as a workaround for a broken HP C compiler (circa
1999). Clean it up to simplify the code.
No change in generated assembly.
|
| |
|
|
| |
Discussed with tb@
|
| |
|
|
|
|
|
|
|
| |
Inline the WL and WR defines, which only add yet another layer of
abstraction and make the code harder to follow.
No change to generated assembly.
Discussed with tb@
|
| |
|
|
|
|
|
|
| |
Inline the SL and SR defines, which only makes the code harder to follow.
No change to generated assembly.
Discussed with tb@
|
| |
|
|
| |
No change in generated assembly.
|
| |
|
|
|
|
|
|
|
|
| |
Avoid creating an ASN1_STRING with negative length, set type, data
and length via ASN1_STRING_type_new() and ASN1_STRING_set0() instead
of doing this manually. Check return value for i2d_ASN1_INTEGER()
and use an intermediate ASN1_OBJECT instead of nested function calls.
Finally, clear sensitive data with freezero().
ok jsing
|
| |
|
|
|
|
| |
Change the code to use safer idioms and avoid nested function calls.
ok jsing
|
| |
|
|
|
|
| |
Replace a pile of byte order handling mess with htobe*() and be*toh().
ok tb@
|
| |
|
|
|
|
|
|
|
| |
This is a hack that is only enabled on a handful of 64 bit platforms, as
a workaround for poor compiler optimisation. If you're running an archiac
compiler on an archiac architecture, then you can deal with slightly lower
performance.
ok tb@
|
| |
|
|
| |
and fix a typo: s/content objects/content octets/.
|
| |
|
|
|
| |
OBJ_get0_data(3) and OBJ_length(3). Document them.
Feedback and OK tb@.
|
| |
|
|
|
|
|
|
|
|
| |
Instead of CRYPTO_THREADID, which passes pthread_via through unsigned long,
we can use pthread_self() and pthread_equal() directly. This commit keeps
using the awkward 'local' nomenclature as that is used throughout the rsa
code. This will be changed after the blinding code will have been fully
merged into rsa_blinding.c.
ok jsing
|
| |
|
|
|
| |
Most of these are one line wrappers around methods implemented in rsa_eay.c
by default.
|
| | |
|
| | |
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
| |
Also, make mod const.
|
| | |
|
| |
|
|
|
|
|
| |
Only call BN_BLINDING_setup() from BN_BLINDING_update(). This allows
another simplification of the counter logic.
ok jsing
|
| |
|
|
|
|
|
| |
If we generate a non-invertible blinding, we have accidentally factored
the modulus. This won't happen, so get rid of this ugly complication.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
If the blinding is non-NULL, Ai is set on it, so no need to check for
that. Also, we can get away with a single call to BN_mod_mul().
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Pass e and mod into BN_BLINDING_new() for now and unconditionally allocate
A and Ai. This way non-NULL blindings always have these four members set.
This allows removing several unnecessary checks in the update, convert and
parameter creation code paths.
Fix exit BN_BLINDING_create_param() so as to signal errors to the caller
if a non-NULL blinding was passed. This fixes a long standing bug.
ok jsing
|
| |
|
|
|
|
|
| |
Make this look a bit more like other code we cleaned up avoiding nesting
and unnecessary else branches.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
This was a workaround due to the historically non-constant time scalar
multiplication in the EC code. Since Brumley and Tuveri implemented the
Montgomery ladder, this is no longer useful and should have been removed
a long time ago, as it now does more harm than good.
Keep the preallocations as they still help hiding some timing info.
ok jsing
|
| |
|
|
|
|
|
|
| |
If CRYPTO_dup_ex_data() fails, the new_bio is leaked. If an error occurs
after the first iteration, all members of the new chain except the head
are leaked.
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().
Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.
ok jsing
|
| |
|
|
| |
ok jsing miod
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
Nothing sets this, so remove it along with BN_BLINDING_NO_{UPDATE,RECREATE}
and some checks that are always true.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
The mod member of BN_BLINDING hasn't been /* just a reference */ since
the branch prediction mitigations in OpenSSL bd31fb21 from March 2007.
|
| |
|
|
|
|
|
| |
The public symbols were removed. Some prototypes and in the case of DES
even the implementation remained.
ok jsing
|
| |
|
|
|
|
|
|
| |
Due to some historic accident, HAVE_FUNOPEN was grouped with DSO_DLFCN
and HAVE_DLFCN_H inside !defined(NOPIC). While the two DLFCN bits belong
there, HAVE_FUNOPEN doesn't.
ok jsing, millert agrees
|
