| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
and fix a typo: s/content objects/content octets/.
|
| |
|
|
|
| |
OBJ_get0_data(3) and OBJ_length(3). Document them.
Feedback and OK tb@.
|
| |
|
|
|
|
|
|
|
|
| |
Instead of CRYPTO_THREADID, which passes pthread_via through unsigned long,
we can use pthread_self() and pthread_equal() directly. This commit keeps
using the awkward 'local' nomenclature as that is used throughout the rsa
code. This will be changed after the blinding code will have been fully
merged into rsa_blinding.c.
ok jsing
|
| |
|
|
|
| |
Most of these are one line wrappers around methods implemented in rsa_eay.c
by default.
|
| | |
|
| | |
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
| |
Also, make mod const.
|
| | |
|
| |
|
|
|
|
|
| |
Only call BN_BLINDING_setup() from BN_BLINDING_update(). This allows
another simplification of the counter logic.
ok jsing
|
| |
|
|
|
|
|
| |
If we generate a non-invertible blinding, we have accidentally factored
the modulus. This won't happen, so get rid of this ugly complication.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
If the blinding is non-NULL, Ai is set on it, so no need to check for
that. Also, we can get away with a single call to BN_mod_mul().
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
Both the function return type and the function name are so long
that for displaying the function prototype,
a line break is needed after the function return type.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Pass e and mod into BN_BLINDING_new() for now and unconditionally allocate
A and Ai. This way non-NULL blindings always have these four members set.
This allows removing several unnecessary checks in the update, convert and
parameter creation code paths.
Fix exit BN_BLINDING_create_param() so as to signal errors to the caller
if a non-NULL blinding was passed. This fixes a long standing bug.
ok jsing
|
| |
|
|
|
|
|
| |
Make this look a bit more like other code we cleaned up avoiding nesting
and unnecessary else branches.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
This was a workaround due to the historically non-constant time scalar
multiplication in the EC code. Since Brumley and Tuveri implemented the
Montgomery ladder, this is no longer useful and should have been removed
a long time ago, as it now does more harm than good.
Keep the preallocations as they still help hiding some timing info.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
tb@ removed the following macros from the public API:
_DECLARE_OBJ_BSEARCH_CMP_FN
DECLARE_OBJ_BSEARCH_CMP_FN DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN
IMPLEMENT_OBJ_BSEARCH_CMP_FN IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN
OBJ_bsearch OBJ_bsearch_ex
In objects.h rev. 1.20 (Nov 11, 2022), jsing@ unifdef'ed USE_OBJ_MAC.
Stop marking these names as intentionally undocumented.
|
| |
|
|
|
|
|
|
| |
In bn.h rev. 1.75 (July 31, 2023), tb@ removed it from the public API.
While here, stop marking BN_prime_checks as obsolete.
In BN_generate_prime.3 rev. 1.23 (May 11, 2023), tb@ documented
the constant BN_prime_checks in that manual page.
|
| |
|
|
|
| |
In bio.h rev. 1.59 (July 28, 2023), tb@ removed the last four functions
that took function pointers of this type from the public API.
|
| |
|
|
|
| |
In asn1.h rev. 1.80 (July 28, 2023), tb@ removed the last three
functions that were using this data type from the public API.
|
| |
|
|
| |
fixed in bio_lib.c r1.47 as confirmed by ASAN.
|
| |
|
|
|
|
|
|
| |
If CRYPTO_dup_ex_data() fails, the new_bio is leaked. If an error occurs
after the first iteration, all members of the new chain except the head
are leaked.
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Exception needed since the test expects an unexpected_message alert, while
we throw a decode_error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().
Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.
ok jsing
|
| |
|
|
|
|
| |
This test was never particularly useful. An upcoming API change for
the internal bn_rand_interval() API would require some adjustments.
It's not worth it.
|
| |
|
|
| |
ok jsing miod
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
Nothing sets this, so remove it along with BN_BLINDING_NO_{UPDATE,RECREATE}
and some checks that are always true.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
The mod member of BN_BLINDING hasn't been /* just a reference */ since
the branch prediction mitigations in OpenSSL bd31fb21 from March 2007.
|
| | |
|
| |
|
|
|
|
|
| |
The public symbols were removed. Some prototypes and in the case of DES
even the implementation remained.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
Due to some historic accident, HAVE_FUNOPEN was grouped with DSO_DLFCN
and HAVE_DLFCN_H inside !defined(NOPIC). While the two DLFCN bits belong
there, HAVE_FUNOPEN doesn't.
ok jsing, millert agrees
|
| |
|
|
| |
build tested by miod
|
| | |
|
| |
|
|
|
| |
Some *_options() prototypes were left behind in headers. I will remove
them after my amd64 ports bulk completes.
|
