- Jan 07, 2018
-
-
Patrick Steuer authored
Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4634)
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
Andy Polyakov authored
SPARC ISA doesn't have provisions to back up 128-bit multiplications and additions. And so multiplications are done with library calls and carries with comparisons and conditional moves. As result base 2^51 code is >40% slower... Reviewed-by: -
Andy Polyakov authored
[and improve formatting] Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5001)
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
This is based on RT#3810, which added dedicated modular inversion. ECDSA verify results improves as well, but not as much. Reviewed-by:
-
Rich Salz authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5028)
-
- Jan 06, 2018
-
-
Bernd Edlinger authored
Reviewed-by:
-
- Jan 04, 2018
-
-
Rich Salz authored
Reviewed-by:
-
Dr. Matthias St. Pierre authored
The DRGB concept described in NIST SP 800-90A provides for having different algorithms to generate random output. In fact, the FIPS object module used to implement three of them, CTR DRBG, HASH DRBG and HMAC DRBG. When the FIPS code was ported to master in #4019, two of the three algorithms were dropped, and together with those the entire code that made RAND_DRBG generic was removed, since only one concrete implementation was left. This commit restores the original generic implementation of the DRBG, making it possible again to add additional implementations using different algorithms (like RAND_DRBG_CHACHA20) in the future. Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
-
Dr. Matthias St. Pierre authored
The generic part of the FIPS DRBG was implemented in fips_drbg_lib.c and the algorithm specific parts in fips_drbg_<alg>.c for <alg> in {ctr, hash, hmac}. Additionally, there was the module fips_drbg_rand.c which contained 'gluing' code between the RAND_METHOD api and the FIPS DRBG. When the FIPS code was ported to master in #4019, for some reason the ctr-drbg implementation from fips_drbg_ctr.c ended up in drbg_rand.c instead of drbg_ctr.c. This commit renames the module drbg_rand.c back to drbg_ctr.c, thereby restoring a simple relationship between the original fips modules and the drbg modules in master: fips_drbg_lib.c => drbg_lib.c /* generic part of implementation */ fips_drbg_<alg>.c => drbg_<alg>.c /* algorithm specific implementations */ Reviewed-by:
-
- Jan 02, 2018
-
-
Daniel Bevenius authored
Similar to commit 17b60280 ( "Remove extra `the` in SSL_SESSION_set1_id.pod"), this commit removes typos where additional 'the' have been added. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4999)
-
- Dec 28, 2017
-
-
Andy Polyakov authored
"Double" is in quotes because improvement coefficient varies significantly depending on platform and compiler. You're likely to measure ~2x improvement on popular desktop and server processors, but not so much on mobile ones, even minor regression on ARM Cortex series. Latter is because they have rather "weak" umulh instruction. On low-end x86_64 problem is that contemporary gcc and clang tend to opt for double-precision shift for >>51, which can be devastatingly slow on some processors. Just in case for reference, trick is to use 2^51 radix [currently only for DH]. Reviewed-by:
-
- Dec 27, 2017
-
-
Andy Polyakov authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4974)
-
- Dec 23, 2017
-
-
Andy Polyakov authored
Hardware used for benchmarking courtesy of Atos, experiments run by Romain Dolbeau <romain.dolbeau@atos.net>. Kudos! Reviewed-by:
-
- Dec 22, 2017
-
-
Andy Polyakov authored
Reviewed-by:
-
- Dec 18, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
- Dec 17, 2017
-
-
Dr. Matthias St. Pierre authored
Previously, the RAND_DRBG_uninstantiate() call was not exactly inverse to RAND_DRBG_instantiate(), because some important member values of the drbg->ctr member where cleared. Now these values are restored internally. Signed-off-by:
Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
-
Dr. Matthias St. Pierre authored
Signed-off-by:
-
Dr. Matthias St. Pierre authored
Every DRBG now supports automatic reseeding not only after a given number of generate requests, but also after a specified time interval. Signed-off-by:
-
Dr. Matthias St. Pierre authored
A third shared DRBG is added, the so called master DRBG. Its sole purpose is to reseed the two other shared DRBGs, the public and the private DRBG. The randomness for the master DRBG is either pulled from the os entropy sources, or added by the application using the RAND_add() call. The master DRBG reseeds itself automatically after a given number of generate requests, but can also be reseeded using RAND_seed() or RAND_add(). A reseeding of the master DRBG is automatically propagated to the public and private DRBG. This construction fixes the problem, that up to now the randomness provided by RAND_add() was added only to the public and not to the private DRBG. Signed-off-by:
-
Daniel Bevenius authored
This commit adds comments to bio_method_st definitions where the function pointers are defined as NULL. Most of the structs have comments but some where missing and not all consitent. CLA: trivial Reviewed-by:
-
- Dec 15, 2017
-
-
Bernd Edlinger authored
Rename bio_info_cb to BIO_info_cb. Reviewed-by:
-
- Dec 14, 2017
-
-
Todd Short authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Clients will send a "fake" session id and servers must echo it back. Reviewed-by:
-
Matt Caswell authored
The new ServerHello format is essentially now the same as the old TLSv1.2 one, but it must additionally include supported_versions. The version field is fixed at TLSv1.2, and the version negotiation happens solely via supported_versions. Reviewed-by:
-
- Dec 13, 2017
-
-
Bernd Edlinger authored
Reduce RSA_MAX_PRIME_NUM to 5. Remove no longer used RSA_MIN_PRIME_SIZE. Make rsa_multip_cap honor RSA_MAX_PRIME_NUM. Reviewed-by:
-
- Dec 12, 2017
-
-
Ben Kaduk authored
Fix a typo for "retrieve" and some indentation. Reviewed-by:
-
Patrick Steuer authored
Signed-off-by:
-
Richard Levitte authored
If OPENSSL_init_crypto() hasn't been called yet when ERR_get_state() is called, it need to be called early, so the base initialization is done. On some platforms (those who support DSO functionality and don't define OPENSSL_USE_NODELETE), that includes a call of ERR_set_mark(), which calls this function again. Furthermore, we know that ossl_init_thread_start(), which is called later in ERR_get_state(), calls OPENSSL_init_crypto(0, NULL), except that's too late. Here's what happens without an early call of OPENSSL_init_crypto(): => ERR_get_state(): => CRYPTO_THREAD_get_local(): <= NULL; # no state is found, so it gets allocated. => ossl_init_thread_start(): => OPENSSL_init_crypto(): # Here, base_inited is set to 1 # before ERR_set_mark() call => ERR_set_mark(): => ERR_get_state(): => CRYPTO_THREAD_get_local(): <= NULL; # no state is found, so it gets allocated!!!!! => ossl_init_thread_start(): => OPENSSL_init_crypto(): # base_inited is 1, # so no more init to be done <= 1 <= => CRYPTO_thread_set_local(): <= <= <= <= 1 <= => CRYPTO_thread_set_local() # previous value removed! <= Result: double allocation, and we have a leak. By calling the base OPENSSL_init_crypto() early, we get this instead: => ERR_get_state(): => OPENSSL_init_crypto(): # Here, base_inited is set to 1 # before ERR_set_mark() call => ERR_set_mark(): => ERR_get_state(): => OPENSSL_init_crypto(): # base_inited is 1, # so no more init to be done <= 1 => CRYPTO_THREAD_get_local(): <= NULL; # no state is found, so it gets allocated # let's assume we got 0xDEADBEEF => ossl_init_thread_start(): => OPENSSL_init_crypto(): # base_inited is 1, # so no more init to be done <= 1 <= 1 => CRYPTO_thread_set_local(): <= <= <= <= 1 => CRYPTO_THREAD_get_local(): <= 0xDEADBEEF <= 0xDEADBEEF Result: no leak. Reviewed-by:
-
- Dec 11, 2017
-
-
Sebastian Andrzej Siewior authored
As per documentation, the RSA keys should not be smaller than 64bit (the documentation mentions something about a quirk in the prime generation algorithm). I am adding check into the code which used to be 16 for some reason. My primary motivation is to get rid of the last sentence in the documentation which suggest that typical keys have 1024 bits (instead updating it to the now default 2048). I *assume* that keys less than the 2048 bits (say 512) are used for education purposes. The 512 bits as the minimum have been suggested by Bernd Edlinger. Signed-off-by:
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
-
- Dec 09, 2017
-
-
Daniel Bevenius authored
I noticed that some of the BIO_METHOD structs are placing the name on the same line as the type and some don't. This commit places the name on a separate line for consistency (which looks like what the majority do) CLA: trivial Reviewed-by:
-
- Dec 08, 2017
-
-
Matt Caswell authored
Reviewed-by:
-
FdaSilvaYY authored
Expression '...' is always true. The 'b->init' variable is assigned values twice successively Reviewed-by:
-
FdaSilvaYY authored
Pointer 'o' is set inside a local buffer, so it can't be NULL. Also fix coding style and add comments Reviewed-by:
-
