- Jul 12, 2018
-
-
Patrick Steuer authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
Note that exported functions maintain original behaviour, so that external callers won't observe difference. While internally we can now perform Montogomery multiplication on fixed-length vectors, fixed at modulus size. The new functions, bn_to_mont_fixed_top and bn_mul_mont_fixed_top, are declared in bn_int.h, because one can use them even outside bn, e.g. in RSA, DSA, ECDSA... Reviewed-by:
David Benjamin <davidben@google.com> (Merged from https://github.com/openssl/openssl/pull/6662)
-
Andy Polyakov authored
The new flag marks vectors that were not treated with bn_correct_top, in other words such vectors are permitted to be zero padded. For now it's BN_DEBUG-only flag, as initial use case for zero-padded vectors would be controlled Montgomery multiplication/exponentiation, not general purpose. For general purpose use another type might be more appropriate. Advantage of this suggestion is that it's possible to back-port it... bn/bn_div.c: fix memory sanitizer problem. bn/bn_sqr.c: harmonize with BN_mul. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Trouble is that addition is postponing expansion till carry is calculated, and if addition carries, top word can be zero, which triggers assertion in bn_check_top. Reviewed-by:
-
- Jul 10, 2018
-
-
Pauli authored
Fix the NULL check lack in a different way that is more compatible with non-NULL branch. Refer #6632 Also mark and pop the error stack instead of clearing all errors when something goes awry in CONF_get_number. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
-
- Jul 09, 2018
-
-
Conrad Meyer authored
The sense of the check for build-time support for most hashes was inverted. CLA: trivial Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
DesWurstes authored
CLA: trivial Reviewed-by:
-
- Jul 07, 2018
-
-
Matt Caswell authored
Also avoids calling EVP_MD_size() and a missing negative result check. Issue found by Coverity. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Check for a negative EVP_MD_size(). Don't dereference group until we've checked if it is NULL. Reviewed-by:
-
Matt Caswell authored
Issue found by Coverity Reviewed-by:
-
- Jul 06, 2018
-
-
Andy Polyakov authored
Improvement coefficients vary with TLS fragment length and platform, on most Intel processors maximum improvement is ~50%, while on Ryzen - 80%. The "secret" is new dedicated ChaCha20_128 code path and vectorized xor helpers. Reviewed-by:
-
- Jul 04, 2018
-
-
Billy Brumley authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6648)
-
- Jul 03, 2018
-
-
Andy Polyakov authored
The 128-byte vectors are extensively used in chacha20_poly1305_tls_cipher and dedicated code path is ~30-50% faster on most platforms. Reviewed-by:
-
Andy Polyakov authored
Hexadecimals were erroneously recognized as symbols in .xdata. Reviewed-by:
-
Pauli authored
The problematic case falls back to a NULL conf which returns the result of getenv(2). If this returns NULL, everything was good. If this returns a string an attempt to convert it to a number is made using the function pointers from conf. This fix uses the strtol(3) function instead, we don't have the configuration settings and this behaves as the default would. Reviewed-by:
-
- Jul 01, 2018
-
-
Pauli authored
The issue was discovered on the x86/64 when attempting to include libcrypto inside another shared library. A relocation of type R_X86_64_PC32 was generated which causes a linker error. Reviewed-by:
-
Andy Polyakov authored
Occasionally, e.g. when compiling for elderly glibc, you end up passing -D_GNU_SOURCE on command line, and doing so triggered warning... Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- Jun 29, 2018
-
-
Andy Polyakov authored
Inputs not longer than 64 bytes are processed ~10% faster, longer lengths not divisble by 64, e.g. 255, up to ~20%. Unfortunately it's impossible to measure with apps/speed.c, -aead benchmarks TLS-like call sequence, but not exact. It took specially crafted code path... Reviewed-by:
-
- Jun 28, 2018
-
-
Rich Salz authored
Fixes uninitialized memory read reported by Nick Mathewson Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6603)
-
- Jun 27, 2018
-
-
Matt Caswell authored
Currently if you encounter application data while waiting for a close_notify from the peer, and you have called SSL_shutdown() then you will get a -1 return (fatal error) and SSL_ERROR_SYSCALL from SSL_get_error(). This isn't accurate (it should be SSL_ERROR_SSL) and isn't persistent (you can call SSL_shutdown() again and it might then work). We change this into a proper fatal error that is persistent. Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6340)
-
- Jun 26, 2018
-
-
Pauli authored
This allows operation inside a chroot environment without having the random device present. A new call, RAND_keep_random_devices_open(), has been introduced that can be used to control file descriptor use by the random seed sources. Some seed sources maintain open file descriptors by default, which allows such sources to operate in a chroot(2) jail without the associated device nodes being available. Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6432)
-
Matt Caswell authored
Implement support for stateful TLSv1.3 tickets, and use them if SSL_OP_NO_TICKET is set. Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6563)
-
- Jun 25, 2018
-
-
Andy Polyakov authored
This happens on systems that perform is* character classifictions as array lookup, e.g. NetBSD. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Unlike other ELF systems, HP-UX run-time linker fails to detect symbol availability through weak declaration. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Nicola Tuveri authored
Reviewed-by:
-
Nicola Tuveri authored
Internal submodules of libcrypto may require non-public functions from the EC submodule. In preparation to use `ec_group_do_inverse_ord()` (from #6116) inside the SM2 submodule to apply a SCA mitigation on the modular inversion, this commit moves the `ec_group_do_inverse_ord()` prototype declaration from the EC-local `crypto/ec/ec_lcl.h` header to the `crypto/include/internal/ec_int.h` inter-module private header. Reviewed-by:
-
- Jun 24, 2018
-
-
Bernd Edlinger authored
Reviewed-by:
-
- Jun 22, 2018
-
-
Benjamin Kaduk authored
BN_CTX_end() does not handle NULL input, so we must manually check before calling from the cleanup handler. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Nicola Tuveri authored
These headers are internal and never exposed to a cpp compiler, hence no need for the preamble. Reviewed-by:
-
Nicola Tuveri authored
Fix prototype warnings triggered by -Wstrict-prototypes when configuring with `enable-ec_nistp_64_gcc_128` Reviewed-by:
-
- Jun 21, 2018
-
-
Shane Lontis authored
Fixed range of random produced in BN_is_prime_fasttest_ex() to be 1 < rand < w-1. It was using 1<= rand < w (which is wrong by 1 on both ends) Reviewed-by:
-
