summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Provide benchmarks for BN_copy()jsing2023-04-102-1/+184
|
* Fix indentation of structs and unions in x509v3.htb2023-04-101-87/+87
| | | | No change according to diff -w
* Make bn_to_string() statictb2023-04-101-3/+3
| | | | | This function is no longer used directly by regress, so it can now be local to this file.
* bn_to_string no longer needs to be linked staticallytb2023-04-101-2/+1
|
* Rework the bn_to_string() to use public APItb2023-04-101-73/+213
| | | | | | We can use the undocumented functions {i2s,s2i}_ASN1_INTEGER(3) to exercise bn_to_string(). This way we use public API and remove the need of linking statically.
* Move a few functions out of OPENSSL_NO_DEPRECATEDtb2023-04-098-29/+19
| | | | | | | | | | | | | | | | | | | | | | | | Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope was that at some point some functions can be dropped. Most of the functions marked deprecated are actually unused nowadays but unfortunately some of them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED so we can define it without breaking the consumers in the next bump. ERR_remove_state() is still used by a dozen or so ports. This isn't a big deal since it is just a stupid wrapper for the not quite as deprecated ERR_remove_thread_state(). It's not worth patching these ports. Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still used. They "make use" of the old-style BN_GENCB callback, which is therefore more difficult to remove - in case you don't know know: that's the thing responsible for printing pretty '.', '+' and '*' when you generate keys. Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020 for "advanced DH support". This is very unfortunate since cargo bundles a rust-openssl and updates it only every few years or so. As a consequence we're going to be stuck with this nonsense for a good while. ok beck jsing
* Remove some doubled empty linestb2023-04-091-7/+1
|
* Remove X9.31 support from openssl(1)tb2023-04-092-18/+7
| | | | | | | The X9.31 standard has long been retired and deprecated and libcrypto will drop support for it soon. This prepares userland. ok jsing
* Drop X9.31 support from libtlstb2023-04-092-7/+2
| | | | | | | | | The TLS signer isn't exposed in public API (we should finally fix it...) and it supports X9.31, a standard that has been retired and deprecated for a very long time. libcrypto will stop supporting it soon, this step is needed to prepare userland. ok jsing
* Minor code cleanuptb2023-04-091-42/+31
| | | | | | Unwrap a few awkwardly wrapped lines, drop redundant parentheses and add empty lines after some variable declarations. No change in the generated assembly.
* Provide and use sha{224,384}_{update,final} functions.jsing2023-04-091-28/+54
| | | | | | | | | | Improve readability and consistency by providing and using functions named for the specific hash, rather than reusing the sha256/sha512 update and final functions. No functional change. ok tb@
* Rename SHA functions to have sha{1,224,256,384,512}_ prefix.jsing2023-04-091-31/+31
| | | | | | | | Also remove some unnecessary parentheses. No functional change. ok tb@
* fix double wordsjsg2023-04-091-3/+3
|
* bn_test: two minor style tweakstb2023-04-081-6/+3
|
* bn_mont: fix typo in comment divisable -> divisibletb2023-04-071-2/+2
|
* bn_test: rename rc into ret as per usualtb2023-04-071-91/+91
|
* bn_test: pass BN_CTX into all functionstb2023-04-071-364/+297
| | | | | There is a BN_CTX at program scope. Pass it into all test functions. This simplifies memory management at the end of the functions quite a bit.
* bn_test: drop a few braces that are now unnecessarytb2023-04-071-33/+17
|
* bn_test: move rc initialization to its own linetb2023-04-071-9/+17
|
* bn_test: keep the error stack cleantb2023-04-071-1/+13
| | | | | | Make message() print and clear the error stack. This way we can know what test errored. To make this work also clear the error stack after a handful of xfail tests.
* bn_test: use bn_copy() instead of BN_free/BN_duptb2023-04-071-3/+2
| | | | This is not only simpler but also required by an upcoming change.
* bn_test: a few early return would leak. goto err insteadtb2023-04-071-5/+5
|
* bn_test: rand_neg() is not only one of the most stupidly named functionstb2023-04-071-2/+2
| | | | in the entire code base it also has a few parentheses too many
* bn_test: handle rc consistentlytb2023-04-071-111/+134
| | | | | | | Various test functions had bugs due to the fact that the return code would be set to 1 at the top so that each error would have to set rc = 0. This is silly. Fail closed instead by setting rc = 0 at the top and only flipping to 1 before the err label
* bn_test: inline the only use of lst[]tb2023-04-071-14/+12
| | | | | | lst[] can be converted from a bit string to a hex string. Use BN_hex2bn() isntead of BN_bin2bn(). Handle this inside test_lshift() rather than doing artistic ownership dances.
* Improve some test failure reportingtb2023-04-071-5/+12
|
* Ignore ten getter and setter control macros related to proxy BIOs.schwarze2023-04-071-0/+6
| | | | | | | Those are not useful because such a BIO type neither exists in LibreSSL nor in OpenSSL 1.1.1. Not adding the deprecation notice to some manual page because there is no manual page that is even vaguely related.
* Two minor tweaks that are useful for processing bio.h, among other headers:schwarze2023-04-071-1/+2
| | | | | * ignore lines defining "__bounded__()" * ignore whitespace between "#" and "include"
* Mark BIO_CB_return(), BIO_cb_pre(), and BIO_cb_post() as intentionallyschwarze2023-04-071-2/+7
| | | | | undocumented because they are unused according to codesearch.debian.net and would cause nothing but obfuscation if they were used.
* Document the effects that BIO_set_info_callback(3), BIO_callback_ctrl(3),schwarze2023-04-061-3/+54
| | | | BIO_get_info_callback(3), and BIO_info_cb(3) have on connect BIOs.
* Properly document BIO_set_info_callback(3) and BIO_get_info_callback(3)schwarze2023-04-061-8/+96
| | | | | | | | which where mentioned below SYNOPSIS and HISTORY but not described. Also document the command constant BIO_CTRL_SET_CALLBACK and the deprecated function type name bio_info_cb(3). Mention that callbacks installed using BIO_set_callback_ex(3) and BIO_set_callback(3) can tamper with *all* the return values.
* Use RCS tag instead of an incorrect path.tb2023-04-061-1/+1
|
* Move a comment to the proper placetb2023-04-061-6/+5
|
* wycheproof: fix copy-paste error in previoustb2023-04-061-2/+2
|
* wycheproof: use EVP_MD instead of importing "hash"tb2023-04-061-70/+52
|
* Check and assign on one linetb2023-04-061-3/+2
|
* Zap extra empty linetb2023-04-061-2/+1
|
* Add a few missing bracestb2023-04-051-4/+7
| | | | ok jsing
* Set up the RSA's _method_mod_n before the initial blindingtb2023-04-051-11/+13
| | | | | | | | | | | | | | | | As observed by Bernd Edlinger, the main part of the RSA timing leak that was recently made public is that the initial blinding isn't done with Montgomery exponentiation but rather with plain exponentiation. Pull up the initialization of the cached Montgomery context to ensure we use Montgomery exponentiation. Do this for private_{de,en}crypt(). Interestingly, the latter was fixed in OpenSSL a while ago by Andy Polyakov as part of the "smooth CRT-RSA" addition. If this code was anything but completely insane this would never have been an issue in the first place. But it's libcrypto... ok jsing
* Sprinkle a few BTI instructions into the arm64 assembly files and passkettenis2023-04-052-1/+8
| | | | | | -mmark-bti-property to indicate those now have BTI support. ok jsing@, deraadt@
* bn_mod_sqrt: Improve a handful of comments and a printftb2023-04-051-5/+9
|
* Improve regress coverage for BN_mod_sqrt()tb2023-04-051-3/+2783
| | | | | This now covers all the main branches of both the old and new BN_mod_sqrt() implementation except for negative p.
* Simplify mod_sqrt_test() a bittb2023-04-051-35/+16
|
* bn_mod_sqrt test: Use a #define rather than hard coded 100tb2023-04-051-3/+5
|
* Add coverage for the truly non-deterministic path of Tonelli-Shankstb2023-04-051-4/+1625
| | | | | Regress coverage of all of BN_mod_sqrt() is still lacking after this. This will improve in forthcoming commits.
* Introduce variation in location of junked bytes; ok tb@otto2023-04-051-3/+8
|
* A refactoring back in 2016 in which magic numbers where extracted intoanton2023-04-041-0/+1
| | | | | | | named constants accidentally dropped an instruction causing detection of eXtended operations (XOP) on AMD hardware to break. ok miod@ tb@
* In preparation for better documenting BIO info callbacks, improve theschwarze2023-04-041-9/+115
| | | | | | | | | description of BIO_ctrl(3) and its three siblings. Given the vast range of effects these functions can have, the text is unavoidably still vague, but at least some information can be provided. While here, fix one wrong parameter type and three inconsistent parameter names in the SYNOPSIS.
* Clean bn_mod_sqrt up a littletb2023-04-041-28/+53
| | | | | This makes it look a bit more like other tests and also prepares the addition of further test cases and different tests.
* Compress euclid() a littletb2023-04-031-49/+28
| | | | | | | | | | This function is spread out over way too many lines and has too much repetition. Once this is made a little more compact, it becomes clearer that this is a somewhat obfuscated version of binary gcd (it is not constant time therefore cryptographically unsound. It is not used internally). This will likely go away later. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-24 22:45:00 +0000