summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* x509_utl.c: fix some style nits.tb2023-05-121-4/+3
|
* Rewrite string_to_hex() and hex_to_string() using CBB/CBStb2023-05-121-70/+124
| | | | | | | | | | | These helpers used to contain messy pointer bashing some with weird logic for NUL termination. This can be written more safely and cleanly using CBB/CBS, so do that. The result is nearly but not entirely identical to code used elsewhere due to some strange semantics. Apart from errors pushed on the stack due to out-of-memory conditions, care was taken to preserve error codes. ok jsing
* asn1oct: add a couple more teststb2023-05-121-1/+10
|
* Reduce the number of SHA-512 C implementations from three to one.jsing2023-05-121-134/+1
| | | | | | | | | | | | | | | | | We currently have three C implementations for SHA-512 - a version that is optimised for CPUs with minimal registers (specifically i386), a regular implementation and a semi-unrolled implementation. Testing on a ~15 year old i386 CPU, the fastest version is actually the semi-unrolled version (not to mention that we still currently have an i586 assembly implementation that is used on i386 instead...). More decent architectures do not seem to care between the regular and semi-unrolled version, presumably since they are effectively doing the same thing in hardware during execution. Remove all except the semi-unrolled version. ok tb@
* asn1oct: minor tweak in error messagetb2023-05-121-3/+3
|
* Add regress coverage for {s2i,i2s}_ASN1_OCTET_STRINGtb2023-05-122-1/+271
|
* primility -> primalityjsg2023-05-121-3/+3
| | | | ok tb@
* Be a bit more precise on how s2i_ASN1_OCTET_STRING handles colonstb2023-05-121-5/+6
|
* tls_verify.c: give up on variable alignment in this filetb2023-05-111-6/+6
| | | | | | The previous commit resulted in misalignment, which impacts my OCD worse than no alignment at all. Alignment wasn't consistently done in this file anyway. op tells me it won't affect current efforts in reducing the diff.
* Document recent changes in primality testingtb2023-05-111-8/+23
| | | | With input from beck and jsing
* Use is_pseudoprime instead of is_prime in bn_bpsw.ctb2023-05-101-30/+33
| | | | | | | This is more accurate and improves readability a bit. Apart from a comment tweak this is sed + knfmt (which resulted in four wrapped lines). Discussed with beck and jsing
* switch two ASN1_STRING_data() to ASN1_STRING_get0_data()op2023-05-101-5/+5
| | | | | | | | | and while here mark as const data. This diff is actually from gilles@, in OpenSMTPD-portable bundled libtls. ok tb@, jsing@
* Add Miller-Rabin test for random bases to BPSWtb2023-05-103-33/+130
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The behavior of the BPSW primality test for numbers > 2^64 is not very well understood. While there is no known composite that passes the test, there are heuristics that indicate that there are likely infinitely many. Therefore it seems appropriate to harden the test. Having a settable number of MR rounds before doing a version of BPSW is also the approach taken by Go's primality check in math/big. This adds a new implementation of the old MR test that runs before running the strong Lucas test. I like to imagine that it's slightly cleaner code. We're effectively at about twice the cost of what we had a year ago. In addition, it adds some non-determinism in case there actually are false positives for the BPSW test. The implementation is straightforward. It could easily be tweaked to use the additional gcds in the "enhanced" MR test of FIPS 186-5, but as long as we are only going to throw away the additional info, that's not worth much. This is a first step towards incorporating some of the considerations in "A performant misuse-resistant API for Primality Testing" by Massimo and Paterson. Further work will happen in tree. In particular, there are plans to crank the number of Miller-Rabin tests considerably so as to have a guaranteed baseline. The manual will be updated shortly. positive feedback beck ok jsing
* As mmap(2) is no longer a LOCK syscall, do away with the extraotto2023-05-101-23/+1
| | | | | unlock-lock dance it serves no real purpose any more. Confirmed by a small performance increase in tests. ok @tb
* Make malloc tests that set flags more robust against the user alsootto2023-05-092-15/+19
| | | | having flags set.
* Make failure mode of EVP_AEAD_CTX_new() more explicittb2023-05-091-4/+9
| | | | Pointed out and ok by dlg
* Add regress coverage for -1 modulus as well.tb2023-05-091-25/+38
|
* bn_exp: also special case -1 modulustb2023-05-091-6/+6
| | | | | | | | | | Anything taken to the power of 0 is 1, and then reduced mod 1 or mod -1 it will be 0. If "anything" includes 0 or not is a matter of convention, but it should not depend on the sign of the modulus... Reported by Guido Vranken ok jsing (who had the same diff)
* Rewrite BN_bn2hex() using CBB/CBS.jsing2023-05-091-25/+35
| | | | ok tb@
* Rewrite BN_bn2dec() using CBB/CBS.jsing2023-05-091-63/+61
| | | | ok tb@
* Rename the other_ctx in X509_STORE_CTX into trustedtb2023-05-082-12/+12
| | | | | | | | | | | | | | | | The other_ctx is a strong contender for the worst name of a struct member in OpenSSL. It's a void * member whose only purpose ever was to be set to a STACK_OF(X509) * via X509_STORE_CTX_trusted_stack() (yes, this is obviously a setter, why do you ask?) and then to be used by the get_issuer() callback (which of course isn't there to find any old issuer, but only to look for issuers among the 'trusted' certs). Anyway, we may want to rename untrusted into intermediates and trusted into roots later on, but for now let's match the lovely public API. While there rename get_issuer_sk() into get_trusted_issuer() which is a more accurate and slightly less silly name. ok jsing
* Add RCS tagtb2023-05-081-0/+1
|
* Enable malloc_errs testotto2023-05-081-2/+2
|
* Add a regress test to test various malloc API and heap mismanagementotto2023-05-082-0/+291
| | | | | errors which should cause abort. A few are not enabled yet, they will be once the corresponding diffs in malloc are committed.
* X509_verify_cert(): Garbage collect the unused roots variabletb2023-05-081-4/+1
| | | | | | | | | roots was used to store the trusted stack or pull the roots out of the X509_STORE before beck unmooned Ethel in x509_vfy.c r1.88. Since then this variable is effectively unused. It seems the STACK_OF(3) madness is too complicated for -Wunused-but-set-variable to notice. ok miod
* Avoid trailing whitespace in extension printingtb2023-05-081-2/+2
| | | | | | | If an extension is non-critical, X509V3_extensions_print() would leave trailing whitespace. This can be trivially avoided. ok miod
* Recommit -Wshadow now that the warning on BIG_ENDIAN is fixedtb2023-05-071-2/+2
|
* xts128 mode: avoid two -Wshadow warnings in the BIG_ENDIAN code path.tb2023-05-071-5/+5
| | | | Found by, compile tested & ok bluhm.
* Backout -Wshadow, it breaks build on powerpc64.bluhm2023-05-071-2/+2
|
* Remove a misplaced empty linetb2023-05-071-2/+1
|
* Regen cert.pemtb2023-05-061-419/+402
| | | | | | | | | This drops a few certs per the CA's request and TrustCor because of drama. Certainly, a new CA, is added as well as new certs for DigiCert, SECOM and E-Tugra. Unizeto still haven't fixed one of their certs and we still don't want the alternative Firmaprofesional with sha1WithRSAEncryption. ok sthen
* Use -Wshadow with clangtb2023-05-053-6/+6
| | | | ok jsing (a very long time ago)
* Reinstate X9.31 padding mode support in rsautltb2023-05-052-7/+18
|
* Fix error handling in tls_check_common_name()tb2023-05-051-6/+10
| | | | | | | | A calloc failure should be a fatal error, so make it return -1. Also switch the default rv to -1 and distinguish error cases with acceptable situations with goto err/goto done. ok jsing
* Salt shares the blame of the continued existence of the X9.31 padding modetb2023-05-051-2/+2
|
* Reinstate documentation of RSA_X931_PADDINGtb2023-05-051-7/+6
|
* Add back support for RSA_X931_PADDINGtb2023-05-053-65/+127
| | | | | | | This makes the custom stalt stack work again. Tested by robert as part of a larger diff ok jsing
* Link rsa_x931.c to buildtb2023-05-051-1/+2
|
* Bring back the X9.31 padding helperstb2023-05-051-0/+164
| | | | | | | | | | Nothing should be using this anymore, except that salt decided to use it in its home-cooked protocol, which already had its share of issues. Hopefully the efforts to switch salt to something more reasonable and standardized like mTLS will succeed sooner rather than later. tested as part of a larger patch by robert ok jsing
* symbols.awk: Remove cfb dancetb2023-05-041-4/+2
| | | | With e_old.c gone, we no longer need this.
* Rewrite ECParameters_dup()tb2023-05-041-7/+12
| | | | | | | This should leak slightly less than the direct expansion of ASN1_dup_of(). Use freezero() since the DER could contain a private key. ok jsing
* sigh. typotb2023-05-041-2/+2
|
* Let ecdsatest exercise ECParameters_dup() a bittb2023-05-041-2/+3
| | | | This currently leaks, which will fixed in a follow-on commit.
* Remove x9_62_test_internal()tb2023-05-041-72/+1
| | | | | | This test depends on RAND_set_rand_method() allowing stupid things like making ECDSA signatures deterministic. This was gutted a long time ago and the function should have followed its wrappers into the attic.
* Use size_t instead of int in EC_POINT_point2oct()tb2023-05-041-2/+2
| | | | | | | An int would be perfectly sufficient for this, but then again there would be fewer traps. ok jsing
* Fix line wrappingtb2023-05-041-3/+3
|
* Fix function name in doc commenttb2023-05-041-2/+2
|
* Revert utf-8 fix for X509_NAME_get_index_by_NID to avoid libtlsbeck2023-05-033-124/+22
| | | | | | | regress for the moment. this will come back after we rethink the failure versus not there case. ok tb@ jsing@
* Bring back length check tb ok'ed and I managed to remove whilebeck2023-05-031-2/+2
| | | | | | changing tests. ok tb@
* Fix a few KNF/whitespace issuestb2023-05-031-9/+5
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 18:12:14 +0000