| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Feedback and OK tb@.
|
| |
|
|
| |
In bn_test.c include bn_local.h instead of using copy-pasted prototypes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and next_bio fields of all BIO objects in all affected chains, no
matter what the arguments are.
In particular, if the second argument (the one to be appended) is
not at the beginning of its chain, properly detach the beginning
of its chain before appending.
We have weak indications that this bug might affect real-world code.
For example, in FreeRDP, file libfreerdp/crypto/tls.c, function
bio_rdp_tls_ctrl(), case BIO_C_SET_SSL, BIO_push(3) is definitely
called with a second argument that is *not* at the beginning of its
chain. Admittedly, that code is hard to fathom, but it does appear
to result in a bogus prev_bio pointer without this patch.
The practical impact of this bug in this and other software remains
unknown; the consequences might possibly escalate up to use-after-free
issues if BIO_pop(3) is afterwards called on corrupted BIO objects.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
invariants of the prev_bio and next_bio fields of all BIO objects
in all involved chains, no matter which arguments this function is
called with.
Both real-world uses of this function (in libssl and freerdp) have
been audited to make sure this makes nothing worse. We believe libssl
behaves correctly before and after the patch (mostly because the second
argument is NULL there), and we believe the code in freerdp behaves
incorrectly before and after the patch, leaving a prev_bio pointer in
place that is becoming bogus, only in a different object before and
after the patch. But after the patch, that bogus pointer is due to a
separate bug in BIO_push(3), which we are planning to fix afterwards.
Joint work with and OK tb@.
|
| | |
|
| |
|
|
|
| |
For the test compilation using the CC crate, base clang is good enough,
so we don't need to pull in another heavy dependency just for this test.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
|
| | |
|
| |
|
|
|
|
|
|
| |
The issue is likely that the build is trying to compile some generated
C code with the prehistoric gcc from base, so add a tentative workaround
for that. Since I don't currently have access to a sparc64 box where I
could validate this easily and check if the workaround is enough, let's
not waste lots of cycles on this.
|
| | |
|
| |
|
|
| |
Should have been part of the previous commit
|
| | |
|
| |
|
|
|
| |
Drop unnecessary loading of error strings, fix error path and consistently
print to stdout.
|
| |
|
|
|
|
|
|
|
|
|
| |
The amount of copy-paste in this test led to a few bugs and it was hard to
spot them since things were done in random order. Use a different approach:
compute the result of a^b (mod m) according to BN_mod_exp_simple(), then
compare the results of all the other *_mod_exp* functions to that.
Reuse the test structure from bn_mod_exp_zero.c to loop over the list of
functions. This way we test more functions and don't forget to check some
crucial bits.
|
| |
|
|
|
|
| |
Someone added a few more functions to test, but forgot to check their
results, so if they would not do the expected thing that would only be
noticed if one of the already tested functions would break.
|
| |
|
|
|
|
|
| |
For nearly 25 years this test has attempted to generate random numbers of
bit length between 192 and 319 bits. Unfortunately, it used an unsigned
char so instead of generating numbers in the interval [-64..63] and add
them to 256, it used numbers in the intervals [0..63] and [192..255]...
|
| |
|
|
|
| |
BIO_push() and BIO_pop() are misnamed. No need to gently and politely
suggest that their 'names [...] are perhaps a little misleading'.
|
| |
|
|
|
|
|
|
|
| |
As schwarze points out, you can pop any BIO in a chain, not just the first
one (bonus points for a great name for this API).
The internal doubly linked was used to fix up the BIO chain bio was part
of when you BIO_pop() a bio that wasn't in the first position, which is
explicitly allowed in our documentation and implied by OpenSSL's.
|
| | |
|
| |
|
|
| |
Use BN_CTX_get() instead of BN_new()/BN_free().
|
| |
|
|
|
| |
CID 430848
CID 430849
|
| | |
|
| |
|
|
| |
compute a^0 = 0 (mod 1) for all a from scratch.
|
| |
|
|
|
| |
The previous change had the undesired side effect of running the super
verbose run-regress-bn_test.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
bn_isqrt -C generates code included in lib/libcrypto/lib/bn_isqrt.c. The
regress tests already ensure that the content of the tables don't change.
Ensure further that the code generation doesn't get out of sync.
|
| | |
|
| |
|
|
|
|
|
| |
Move exp/exptest.c to bn/bn_mod_exp.c. This is a BN test that mostly tests
a variety of BN_mod_exp*() API behavior and correctness.
Commit stolen from jsing
|
| |
|
|
|
| |
This test is fast enough even on very slow machines that printing dots
doesn't seem necessary.
|
| |
|
|
|
|
|
|
|
| |
The bn tests were distributed into three subdirectories rather randomly.
It's cleaner and easier to maintain if all this is in a single directory.
Use consistent names for the .c files, unify handling of the tests with
the exception of bn_test, which is special.
Discussed with jsing
|
| |
|
|
|
| |
Run the prime constants exposed in BN_get0_nist_prime_*() and
BN_get_rfc3526_prime_*() through Ballie-PSW.
|
| |
|
|
| |
Also, run all x25519 tests, don't stop on first failure.
|
| |
|
|
| |
Silence is good. On failure, the regress framework will make it clear.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This flag has been deprecated in OpenSSL 1.1 and has not had an effect
since. This way we can simplify the default check_issued() callback,
which helpfully has its arguments reversed compared to the public API
X509_check_issued().
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along
with X509_STORE_{get,set}_check_issued(). As you would expect, they all
return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const
in OpenSSL 1.1, but they now are in OpenSSL 3...
These will be made available in the next minor bump and will ship in the
stable release of LibreSSL 3.7
Part of OpenSSL commit 1060a50b
See also https://github.com/libressl-portable/portable/issues/748
ok beck jsing
|
| | |
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
bn_correct_top() is currently a macro and far more complex than it needs
to be - rewrite it as a function.
ok tb@
|
| |
|
|
|
|
|
|
| |
BN_ucmp() is supposed to return -1/0/1 on a < b, a == b and a > b, however
it currently returns other negative and positive values when the top of
a and b differ. Correct this.
ok tb@
|
| |
|
|
|
| |
Some tests current fail due to a bug in BN_ucmp(), which will be fixed
soon.
|
