| Commit message (Collapse) | Author | Files | Lines |
|---|
|
ok & "happy pirate day" beck
|
|
It is hard to get your return values right if you choose them to be a
random subset of {-2, ..., 3}. The item_verify() and the digestverify()
methods don't return 0 on error, but -1. Here 0 means "failed to verify",
obviously.
ok jsing
|
|
Use static inline functions instead of macros to implement SHA-512. At
the same time, make two key changes - firstly, rather than trying to
outsmart the compiler and shuffle variables around, write the algorithm
the way it is documented and actually swap the variable contents. Secondly,
instead of interleaving the message schedule update and the round, do the
full message schedule update first, then process the round.
Overall, we get safer and more readable code. Additionally, the compiler
can generate smaller and faster code (with a gain of 5-10% across a range
of architectures).
ok beck@ tb@
|
|
|
|
... since ASN1_bn_print() is stupid.
ok jsing
|
|
This function has two entirely independent parts, so instead of a huge
if/else just use two functions. In ecpk_print_explicity parameters() do
some additional boring cleanup such as switching to actually using the
local BN_CTX and shuffling things into a slightly more sensible order.
ok jsing
|
|
Both these functions use a BN_CTX internally to deal with the EC API
that usually requires one. However, they don't actually make use of it.
Get the BIGNUMs from the BN_CTX instead, which simplifies the cleanup.
Also defer allocation of the ECDSA_SIG to the very end. Instead of using
its internal r and s, use two local r and s variables and transfer those
to the ECDSA_SIG on success.
ok beck jsing
|
|
|
|
suggested by jsing
|
|
In order to implement efficient squaring, we compute the sum of products
(omitting the squares), double the sum of products and then finally
compute and add in the squares. However, for reasons unknown the final
calculation was implemented as two separate steps.
Replace bn_sqr_words() with bn_sqr_add_words() such that we do the
computation in one step, avoid the need for temporary BN and remove
needless overhead. This gives us a performance gain across most
architectures (even with the loss of sse2 on i386, for example).
ok tb@
|
|
|
|
|
|
This avoids some silly dances in ECDSA signature generation by replacing
them with a single API call. Also garbage collect the now unnecessary
range.
ok beck jsing
|
|
While memset() is quite expensive, we can afford zeroing a few extra bytes
to make this code more readable.
ok beck jsing
|
|
This adds a few logic curlies to end up setting the EVP_MD to EVP_md_null()
as required by the API. This way ASN1_item_sign() now knows how to behave.
"ok = (rv == 2);" beck
|
|
After a few things in libcrypto were adjusted, this diff makes issuing
certificate requests with Ed25519 work.
ok beck
|
|
With this change any requests from configurations to request
versions of tls before tls 1.2 will use tls 1.2. This prepares
us to deprecate tls 1.0 and tls 1.1 support from libssl.
ok tb@
|
|
|
|
|
|
|
|
We need stdint.h for uintptr_t, stdlib.h for malloc, ec.h for various
things, but there's no need for objects. or sha.h.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok jsing
|
|
|
|
ok jsing
|
|
As ugly as the BN_bn2binpad() internals are, what it does is quite handy
with all sorts of EC stuff. So use it here too and eliminate some ugly
manual pointer zeroing and offsets. Also switch len and buflen from size_t
to int to remove an iffy cast: both are set by functions that return a
non-negative int.
ok jsing
|
|
ok jsing
|
|
The other public headers have function and reason codes at the end because
the error header was inlined. This was also the case here, too, until the
automatic library initialization was appended.
|
|
ASN1_bn_print() doesn't print anything if the BIGNUM passed in is NULL.
Also simplify the handling of the point conversion form of the generator.
ok jsing
|
|
|
|
malloc options"
Now only enabled for platforms where it's know to work and written
as a inline functions instead of a macro.
|
|
ok miod
|
|
These formerly public symbols are the last things hidden by
LIBRESSL_CRYPTO_INTERNAL. Most of their use is in evp/names.c
Unfortunately, check_defer() needs to know about NUM_NIDS, so
its implementation needs to remain in obj_dat.c, the only file
that can include obj_dat.h due to NID tables.
ok miod
|
|
After the GF2m removal, this function always returns 0, so adjust the
documentation and remove EC_GROUP_get_{trinomial,pentanomial}_basis()
that were left behind. Also add a tiny grammar tweak in the HISTORY
section.
|
|
|
|
The existence of the public get_rfc*() API is a historic curiosity that may
soon be corrected. We inherited its use and it survived in libssl until now.
Switch to the better named BN_get_rfc*() wrappers.
ok jsing
|
|
This code is unreachable since binary curve support was removed.
There is a lot more to clean up in here...
ok jsing
|
|
This was needed for defining the multiplication over binary fields. Since
that code is gone, this is no longer needed.
ok jsing
|
|
The remaining EC_METHODs in libcrypto all have a field type of
NID_X9_62_prime_field, so this function always returns 0. Make
that more obvious.
ok jsing
|
|
For some reason there is no NULL check on setting the HKDF key for p2 like
in the other cases in the switch, instead OpenSSL fail in memdup, nulling
out the key but leaving he key_len at the old value. This looks accidental
but our behavior makes some haproxy regress tests segfault. So mimic weird
OpenSSL semantics but in addition set the key_len to 0.
Reported by Ilya Shipitsin
ok jsing
|
|
|
|
|
|
|
|
|
|
|
