| Age | Commit message (Collapse) | Author |
|---|
|
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
|
by Alejandro Cabrera <aldaya@gmail.com> to avoid the possibility of a
sidechannel timing attack during RSA private key generation.
Modify BN_gcd to become not visible under LIBRESSL_INTERNAL and force
the use of the _ct or _nonct versions of the function only within
the library.
ok jsing@
|
|
ok jsing@
|
|
ok jsing@
|
|
matter for constant time, and make the public interface only used
external to the library.
This moves us to a model where the important things are constant time
versions unless you ask for them not to be, rather than the opposite.
I'll continue with this method by method.
Add regress tests for same.
ok jsing@
|
|
|
|
Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting
the bn_* symbols. These are documented as only being intended for internal
use, so why they were placed in a public header is beyond me...
This hides 363 previously exported symbols, most of which exist in headers
that are not installed and were never intended to be public. This also
removes a few crusty old things that should have died long ago (like
_ossl_old_des_read_pw). But don't worry... there are still 3451 symbols
exported from the library.
With input and testing from inoguchi@.
ok beck@ inoguchi@
|
|
|
|
No change in preprocessed output, ignoring whitespace and line numbers.
|
|
ok bcook
|
|
ok beck@
|
|
This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.
Based on the original patch by César Pereid. ok beck@
|
|
ok krw@
|
|
|
|
ok miod@
|
|
not 16-bit MS-DOS anymore.
ok bcook@ tedu@
|
|
ok doug@ deraadt@
|
|
ok deraadt@ jsing@ miod@
|
|
jsg@ noticed that some of the lines in libssl and libcrypto are not
indented properly. At a quick glance, it looks like it has a different
control flow than it really does. I checked the history in our tree and
in OpenSSL to make sure these were simple mistakes.
ok miod@ jsing@
|
|
|
|
ok jsing@
|
|
data structures visible and easier to review, without having to wade
through layers and layers of asn1t.h macros.
Change has been scripted and there is no change to the generated assembly.
Discussed with beck@ miod@ tedu@
|
|
|
|
ok miod@
|
|
If you didn't enable deprecated code, there were missing err.h and
bn.h includes. This commit allows building with or without deprecated
code.
This was not derived from an OpenSSL commit. However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.
Verified with clang that this only changes line numbers in the generated
asm.
ok miod@
|
|
the code is visible and functions can be readily located.
Change has been scripted and there is no change to the generated assembly.
Discussed with beck@ miod@ tedu@
|
|
functions can be readily located.
Change has been scripted and there is no change to the generated assembly.
Discussed with beck@ miod@ tedu@
|
|
There are currently cases where the return from each call is checked,
the return from only the last call is checked and cases where it is not
checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will
continue to return NULL. However, in order to be consistent check each
call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom -
these will be handled separately.
ok beck@ doug@
|
|
arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.
ok deraadt@
|
|
|
|
EVP_MD_CTX_cleanup() to be called.
|
|
Improves readability, keeps the code smaller so that it is warmer in your
cache.
review & ok deraadt@
|
|
PR #3418 via OpenSSL trunk
|
|
|
|
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
|
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
|
are needed in the source files that actually require them.
ok beck@ miod@
|
|
if it fails, then never uses it anymore, and may invoke a function which
needs more than one BN from the BN_CTX anyway, so this is pointless - remove
the BN_CTX_get() call and the test.
ok jsing
|
|
added 10+ years ago (they're kinda somewhat stale by now...)
|
|
ok miod@
|
|
|
|
sthen@ confirmed that no ports are referencing it.
ok miod@.
|
|
all have implicit NULL checks, so we do not need them here.
ok miod@
|
|
ok miod@ tedu@
|
|
|
|
|
|
|
|
|
|
to get overwritten by a known value, ever.
|
|
Also remove unused des_ver.h, which exports some of these strings, but is not installed.
ok miod@ tedu@
|
