| Age | Commit message (Collapse) | Author |
|---|
|
This file primarily contains the various BN_bn2*() and BN_*2bn() functions
(along with BN_print() and BN_options()). More function shuffling will
follow.
Discussed with tb@
|
|
This is simpler than the current code, while still being well optimised by
compilers, across a range of architectures. In many cases we even get a
performance gain for the BN sizes that we primarily care about.
Joint work with tb@
|
|
This adds support for SHA512/224 and SHA512/256, as specified in FIPS
FIPS 180-4. These are truncated versions of the SHA512 hash.
ok tb@
|
|
ok tb@
|
|
ok tb@
|
|
Silences a few -Wdeprecated-non-prototype warnings emitted by clang 15.
ok bluhm miod
|
|
|
|
|
|
(experts disagree whether they ever did)
|
|
|
|
discussed with jsing
|
|
Discussed with jsing
|
|
Discussed with jsing
|
|
discussed with jsing
|
|
|
|
A large mechanical diff led to sloppy review and gave coverity an
opportunity to be right for once. First time in a good many weeks.
same diff/ok jsing
|
|
|
|
|
|
Various code in libcrypto needs bitwise rotation - rather than defining
different versions across the code base, provide a common set that can
be reused. Any sensible compiler optimises these to a single instruction
where the architecture supports it, which means we can ditch the inline
assembly.
On the chance that we need to provide a platform specific versions, this
follows the approach used in BN where a MD crypto_arch.h header could be
added in the future, which would then provide more specific versions of
these functions.
ok tb@
|
|
It is common to need to store data in a specific endianness - rather than
handrolling and deduplicating code to do this, provide a
crypto_store_htobe64() function that converts from host endian to big
endian, before storing the data to a location with unknown alignment.
ok tb@
|
|
The EC API allows callers to optionally pass in a BN_CTX, which means that
any code needing a BN_CTX has to check if one was provided, allocate one if
not, then free it again. Rather than doing this dance throughout the EC
code, handle the BN_CTX existance at the EC API boundary. This means that
lower level implementation code can simply assume that the BN_CTX is
available.
ok tb@
|
|
|
|
for the various BIO types.
|
|
Use htobe64() instead of testing BYTE_ORDER and then handrolling htobe64().
Thanks to tobhe for providing most of the fix via openiked-portable
|
|
values are only part of the ABI and not of the API, so delete them
from the SYNOPSIS: application programmers must not rely on the
specific values.
Instead of listing the specific values, properly describe the meaning
of all these constants.
However, the values of BIO_TYPE_NONE and BIO_TYPE_START are hard-coded
into the API and application programmers need to be aware of their
values, so those remain in the SYNOPSIS.
|
|
ok jsing
|
|
|
|
|
|
Rather than sprinkling BYTE_ORDER checks throughout the implementation,
always define PULL64 - on big endian platforms it just becomes a no-op.
ok tb@
|
|
ok tb@
|
|
In the case that the pure C implementation of SHA512 is being used, the
prototype is unnecessary as the function is declared static and exists
in dependency order. Simply omit the prototype rather than using #ifndef
to toggle the static prefix.
ok tb@
|
|
ok tb@
|
|
This is a reimplementation from scratch of the Tonelli-Shanks algorithm
based on Henri Cohen "A Course in Computational Algebraic Number Theory",
Springer GTM 138, section 1.5.1. It is API compatible with the previous
implementation, so no documentation change is required.
Contrary to the old implementation, this does not have any infinite loops
and has various additional sanity checks to prevent misbehavior in case
the input modulus is not a prime. It contains extensive comments and the
individual parts of the algorithm are split into digestible chunks instead
of having one huge function.
One difference of note is that it BN_mod_sqrt() now always returns the
smaller of the two possible answers. In other words, while its core is
non-deterministic, its answer is not.
ok jsing
|
|
No change according to diff -w
|
|
This function is no longer used directly by regress, so it can now be local
to this file.
|
|
OK jmc@ and Ted Bullock
|
|
Clarify that the variables only affect the event_base structure currently
being created. They do not disable "library support" as a whole.
Sort the variables alphabetically.
OK jmc@ and Ted Bullock
|
|
Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.
ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.
Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.
Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.
ok beck jsing
|
|
|
|
The TLS signer isn't exposed in public API (we should finally fix it...)
and it supports X9.31, a standard that has been retired and deprecated for
a very long time. libcrypto will stop supporting it soon, this step is
needed to prepare userland.
ok jsing
|
|
Improve readability and consistency by providing and using functions named
for the specific hash, rather than reusing the sha256/sha512 update and
final functions.
No functional change.
ok tb@
|
|
Also remove some unnecessary parentheses.
No functional change.
ok tb@
|
|
1. The values of #define'd constants are part of the ABI, but not of the API.
Programmers need not worry about them and must not rely on them.
Consequently, do not list these values in the SYNOPSIS.
2. libevent can be used for any event loop, not only for the main loop
of a program.
3. No need to state numbers of arguments, they are obvious from the SYNOPSIS.
4. If a function is documented to require a pointer to a specific kind of
object as an argument, there is no need to say passing NULL is undefined.
OK jmc@ and Ted Bullock
|
|
in one place, not in two places, reducing duplication of text.
Joint work with Ted Bullock. OK jmc@.
|
|
|
|
providing more information and in a more systematic way
than the current event(3) manual page.
Not yet linked to the tree.
Using input from nicm@ and jmc@.
|
|
|
|
undocumented because they are unused according to codesearch.debian.net
and would cause nothing but obfuscation if they were used.
|
|
1. The function event_base_free(3) does reset the global variable
to the initial state when needed.
2. The CAVEATS section got the issue backwards: multiple threads
per base cause trouble, whereas multiples bases per thread do not.
While here, also avoid the plural when talking about the global
variable used by event_init(3): there is only one.
Using input from jmc@ and from Ted Bullock.
|
|
BIO_get_info_callback(3), and BIO_info_cb(3) have on connect BIOs.
|
