| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
Like everything else in this file, the use of BN_copy() needs to be ...
special. Simplify using the new bn_copy().
ok jsing
|
| |
|
|
| |
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Lower the number of rounds. These tests are expensive.
|
| | |
|
| | |
|
| |
|
|
|
| |
The only reason to use HASH_BLOCK_DATA_ORDER in the implementation is to
make the code harder to read.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Nothing other than sha1dst.c uses this header - pull it in to sha1dgst.c
directly (sha_local.h will be removed at a later date).
|
| | |
|
| | |
|
| |
|
|
|
| |
This prepares for consistency with an upcoming diff. While here fix an
argument order bug.
|
| | |
|
| |
|
|
|
|
|
|
| |
This removes a potential branch in a sensitive function and makes the
code a lot simpler. It is a really bad idea optimize here for what
davidben aptly calls "calculator" purposes.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
Negative bases could result in a negative modulus being returned. This is
not strictly speaking incorrect but slightly surprising. This is all a
consequence of the shortcut of defining BN_mod() as a macro using BN_div().
Fixes ossfuzz #55997
ok jsing
|
| |
|
|
|
|
|
|
| |
by Guido Vranken in ossfuzz #55997. This test currently fails and
will be fixed momentarily.
This also checks sensible behavior with respect to zero exponents for
this functions.
|
| |
|
|
| |
primes table in directly.
|
| | |
|
| |
|
|
| |
No change to generated assembly.
|
| | |
|
| | |
|
| |
|
|
| |
No change in generated assembly.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The basic idea is simple: one of the reasons the recent sshd bug
is potentially exploitable is that a (erroneously) freed malloc
chunk gets re-used in a different role. malloc has power of two
chunk sizes and so one page of chunks holds many different types
of allocations. Userland malloc has no knowledge of types, we only
know about sizes. So I changed that to use finer-grained chunk
sizes.
This has some performance impact as we need to allocate chunk pages
in more cases. Gain it back by allocation chunk_info pages in a
bundle, and use less buckets is !malloc option S. The chunk sizes
used are 16, 32, 48, 64, 80, 96, 112, 128, 160, 192, 224, 256, 320,
384, 448, 512, 640, 768, 896, 1024, 1280, 1536, 1792, 2048 (and a
few more for sparc64 with its 8k sized pages and loongson with its
16k pages).
If malloc option S (or rather cache size 0) is used we use strict
multiple of 16 sized chunks, to get as many buckets as possible.
ssh(d) enabled malloc option S, in general security sensitive
programs should.
See the find_bucket() and bin_of() functions. Thanks to Tony Finch
for pointing me to code to compute nice bucket sizes.
ok tb@
|
| | |
|
| |
|
|
|
| |
Use a style more resembling KNF and drop lots of parentheses. Simplify
a few things. No change in generated output on success.
|
| |
|
|
| |
commented-out license stub in a HERE document.
|
| | |
|
| |
|
|
|
| |
script is run. This is more of an issue with uint16_t now than it
was with prime_t aka BN_ULONG before r1.6.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This was previously disabled because tb apparently can't grep. Exercise
this curve as well as part of the new test cases in ECDH wycheproof.
|
| |
|
|
|
| |
A copy-paste error would have resulted in a modified msg in case ctLen == 0
or msgLen == 0. So obviously this is unreachable code.
|
| |
|
|
|
|
| |
This is needed for many reasons. It is currently pulled in via x509.h
but only when OPENSSL_NO_DEPRECATED is undefined. Again this should be
fixed in the public header as well.
|
| |
|
|
|
|
| |
This is currently pulled in via dsa.h and ecdsa.h, but only when
OPENSSL_NO_DEPRECATED is not defined. We should fix this in the
public header, too - let's wait a bit with that.
|
| | |
|
| | |
|
| |
|
|
| |
Its is fully covered by bn_mod_exp_zero now.
|
