summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Clean up and simplify EC_KEY handling, mostly from a BN_CTX perspective.jsing2023-01-141-59/+80
| | | | | | | | | If we have a BN_CTX available, make use of it rather than calling BN_new(). Always allocate a new priv_key and pub_key, rather than having complex reuse dances on entry and exit. Add missing BN_CTX_start()/BN_CTX_end() calls. ok tb@
* Move all data tables from .text section to .rodata, and update the code tomiod2023-01-138-39/+104
| | | | | | | fetch them correctly when building PIC. Also drop unused data, and remove --no-execute-only from linker flags. ok kettenis@
* Move all data tables from .text section to .rodata, and update the code tomiod2023-01-137-78/+54
| | | | | | | fetch them correctly when building PIC. Also drop unused data, and remove --no-execute-only from linker flags. ok jsing@ kettenis@
* Prevent 1-byte out-of-bounds read in i2c_ASN1_BIT_STRINGtb2023-01-131-2/+4
| | | | | | | | | | If an ASN.1 BIT STRING a of length > 0 contains only zero bytes in a->data, this old code would end up reading from a->data[-1]. This may or may not crash. Luckily, anton observed two openssl-ruby regress test failures in the last few days, which could eventually be traced back to this (after a lot of painful digging due to coredumps not working properly). ok jsing
* based upon inspection of obj/*.S ...deraadt2023-01-111-1/+3
| | | | | | | | temporarily force sparc64 libcrypto to be built --no-execute-only because perlasm is still putting tables (intended to be rodata) into text. This will help dynamic executables, but static executables won't be saved by this. But this is temporary because we hope the perlasm problem is fixed soon.
* temporarily force hppa libcrypto to be built --no-execute-only becausederaadt2023-01-111-1/+3
| | | | | | | | perlasm is still putting tables (intended to be rodata) into text. This will help dynamic executables, but static executables won't be saved by this. But this is temporary because we hope the perlasm problem is fixed soon. ok miod
* Clean up and simplify BIGNUM handling in DSA code.jsing2023-01-113-96/+116
| | | | | | | | | | | This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls BN_free() instead of BN_clear_free() (which does the same thing). Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the BN_CTX that is already available. ok tb@
* Simplify BIGNUM handling in dsa_builtin_keygen().jsing2023-01-111-18/+17
| | | | | | | Rather than having complicated "attempt to reuse" dances, always allocate priv_key/pub_key, then free and assign on success. ok tb@
* Replace BN_lshift1()/BN_rshift1() with calls to BN_lshift()/BN_rshift().jsing2023-01-111-125/+42
| | | | | | | | | | | | | | | | | | | Currently, BN_lshift1() and BN_rshift1() are separate implementations that are intended to be faster since the shift is known (and only one bit crosses a word boundary). However, with the rewrite of BN_lshift() and BN_rshift(), they are either slower or only minimally faster (depending on architecture). Avoid duplication and turn BN_lshift1()/BN_rshift1() into functions that call inlined versions of BN_lshift()/BN_rshift(), making BN_lshift() and BN_rshift() call the same inlined implementation. This results in a single implementation and BN_lshift1()/BN_rshift1() that out perform the previous versions (in part due to compiler optimisation). Now that none of the original code exists, replace the license and copyright for this file. ok tb@
* Rewrite BN_lshift()jsing2023-01-101-26/+57
| | | | | | | | This improves readability and eliminates special handling for various cases, making the code cleaner and closer to constant time. Basic benchmarking shows a performance gain on modern 64 bit architectures. ok tb@
* Rewrite/simplify BN_free().jsing2023-01-071-10/+12
| | | | ok tb@
* Flip BN_clear_free() and BN_free()jsing2023-01-071-4/+4
| | | | | | | | All of our BIGNUMs are cleared when we free them - move the code to BN_free() and have BN_clear_free() call BN_free(), rather than the other way around. ok tb@
* Use calloc() in BN_new(), rather than malloc() and then manually zeroing.jsing2023-01-071-10/+7
| | | | ok tb@
* Fix previous.jsing2023-01-071-3/+9
|
* tlsfuzzer: hook up new connection abort tests while skipping the NSTtb2023-01-061-1/+5
| | | | tests for TLSv1.3 since that's not currently handled.
* Rewrite BN_rshift()jsing2023-01-051-37/+42
| | | | | | | | | | | | This improves readability and eliminates special handling for various cases, making the code cleaner and closer to constant time. Basic benchmarking shows a performance gain on modern 64 bit architectures, while there is a decrease on legacy 32 bit architectures (i386), particularly for the zero bit shift case (which is now handled in the same code path). ok tb@
* Add additional shift benchmarks that are useful on BN_BITS2 == 32 platformsjsing2023-01-051-2/+56
|
* ugly white spacederaadt2023-01-041-2/+2
|
* Add explicit LL suffixes to large constants to appease some compilers onmiod2023-01-011-3/+3
| | | | 32-bit systems.
* Add explicit LL suffixes to large constants to appease some compilers onmiod2023-01-011-6/+6
| | | | 32-bit systems.
* Add explicit LL suffixes to large constants to appease some compilers onmiod2023-01-011-2/+3
| | | | | | 32-bit platforms; NFCI ok tb@
* spelling fixes; from paul tagliamontejmc2022-12-281-2/+2
| | | | any parts of his diff not taken are noted on tech
* succcess -> successjsg2022-12-281-3/+3
|
* Change the way malloc_init() works so that the main data structuresotto2022-12-271-65/+66
| | | | | | | can be made immutable to provide extra protection. Also init pools on-demand: only pools that are actually used are initialized. Tested by many
* spelling fixes; from paul tagliamontejmc2022-12-278-15/+15
| | | | | any changes not taken noted on tech, but chiefly here i did not take the cancelation - cancellation changes;
* spelling fix; from paul tagliamontejmc2022-12-261-2/+2
| | | | ok tb
* Prepare to provide X509_CRL_get0_sigalg()tb2022-12-262-2/+12
| | | | | | | | | This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which does not provide a way to access the tbs sigalg of a CRL. This is needed in security/pivy. From Alex Wilson ok jsing
* fix another typo in comment in a line touched by the last commit (thissthen2022-12-261-1/+1
| | | | one wouldn't have triggered a spell checker though)
* spelling fixes; from paul tagliamontejmc2022-12-2610-23/+23
| | | | ok tb
* spelling fixes; from paul tagliamontejmc2022-12-26100-265/+265
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Zap trailing whitespace in license and add some empty linestb2022-12-245-10/+18
|
* Add the missing Copyright and license headers in the libcrypto/comp directory.schwarze2022-12-236-9/+570
| | | | | | | | | | | | | | | | | | | Requested some time ago by tb@. According to OpenSSL git history, the original version of this code appeared in SSLeay 0.9.1b (July 6, 1998). The LICENSE file in that release states that the Copyright of SSLeay belongs to Eric Young, and we believe that Eric still maintained SSLeay himself at that time. We have seen a small number of examples where Eric credited outside contributors for code that he included in his distribution, including citing Copyright notices and license headers as appropriate. We found no such hints regarding this code, so it is reasonable to assume that he wrote this code himself. Regarding subsequent changes and additions, i inspected the OpenSSL git repository. No code change; only Copyright and license comments are added.
* Document the deprecated wrappers BIO_set_app_data(3) and BIO_get_app_data(3).schwarze2022-12-231-5/+36
| | | | Some code roams the wild still calling them.
* Mark BIO_buffer_get_num_lines(3) as intentionally undocumented.schwarze2022-12-231-2/+5
| | | | | | | Contrary to what bio.h says, it does not *not* retrieve some "IO type", whatever that is supposed to be, but it is a NOOP, and nothing uses it. Despite its name, it is unrelated to BIO_f_buffer(3), and please be careful to not confuse it with BIO_get_buffer_num_lines(3).
* Mark BIO_f_nbio_test(3) as intentionally undocumented.schwarze2022-12-231-2/+5
| | | | | It exposes absurd functionality, and according to codesearch.debian.net, it is unused except in openssl(1) s_client/s_server -nbio_test.
* new manual page BIO_s_datagram(3);schwarze2022-12-233-3/+577
| | | | feedback and OK tb@
* Simplify BN_cmp() and BN_ucmp().jsing2022-12-231-46/+15
| | | | | | | | | | The only real difference between BN_cmp() and BN_ucmp() is that one has to respect the sign of the BN (although BN_cmp() also gets to deal with some insanity from accepting NULLs). Rewrite/cleanup BN_ucmp() and turn BN_cmp() into code that handles differences in sign, before calling BN_ucmp(). ok tb@
* Consistently check for NULL early.jsing2022-12-231-64/+89
| | | | | | Also be more consistent with variable naming. ok tb@
* Fix an unchecked strdup() in UI_create_method().jsing2022-12-231-6/+15
| | | | ok tb@
* Make UI_destroy_method() NULL safe.jsing2022-12-231-5/+7
| | | | ok tb@
* Remove unhelpful comment.jsing2022-12-231-6/+1
| | | | | | | Remove a comment that tells you not to call a function that internally calls free, with a stack allocated pointer... ok tb@
* Remove compatibility "glue" for des_read_pw{_string}()jsing2022-12-232-35/+2
| | | | | | | Nothing can be actually using these as the symbols are not exported from libcrypto... hopefully ui_compat.h can also go away entirely. ok tb@
* Add regress coverage for shifts of zero bits.jsing2022-12-231-1/+38
|
* Do similar setup for lshift and rshift benchmarks.jsing2022-12-231-1/+13
| | | | This prevents realloc from unnecessarily impacting the lshift benchmarks.
* new manual page BIO_accept(3)schwarze2022-12-223-3/+387
|
* in case of failure, always report the error with BIOerror();schwarze2022-12-221-4/+14
| | | | OK tb@
* Denote multiple arguments with 'arg ...' not 'args'kn2022-12-221-4/+4
| | | | | | | | | | | | | | | | | | | | A few programs used the plural in their synopsis which doesn't read as clear as the obvious triple-dot notation. mdoc(7) .Ar defaults to "file ..." if no arguments are given and consistent use of 'arg ...' matches that behaviour. Cleanup a few markups of the same argument so the text keeps reading naturally; omit unhelpful parts like 'if optional arguments are given, they are passed along' for tools like time(1) and timeout(1) that obviously execute commands with whatever arguments where given -- just like doas(1) which doesn't mention arguments in its DESCRIPTION in the first place. For expr(1) the difference between 'expressions' and 'expression ...' is crucial, as arguments must be passed as individual words. Feedback millert jmc schwarze deraadt OK jmc
* Mark BIO_s_log(3) as intentionally undocumented.schwarze2022-12-221-3/+4
| | | | | | | | Ben Laurie invented the system logging BIO in 1999 and yet, nothing whatsoever uses it according to codesearch.debian.net. Besides, it is poorly designed and a crypto library is absolutely not the place for putting a clumsy system logging facility. Not everything needs to be a BIO!
* Mark BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), and BIO_nwrite(3)schwarze2022-12-211-2/+8
| | | | | | | | | | | as intentionally undocumented. Bodo Moeller invented this "non-copying I/O" API in 1999, but according to codesearch.debian.net, it is still completely unused by anything. On top of that, it appears to be inflexible in so far as it only supports BIO pairs and no other BIO types and fragile in so far as it exposes pointers to internal storage and runs contrary to expectations of how BIO objects are supposed to work.
* Mark BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented.schwarze2022-12-201-2/+5
| | | | | | It appears Richard Levitte succumbed to everything-needs-a-callback-paranoia in 2004, but nobody is going to be surprised that nothing whatsoever wants to use this particular callback, according to codesearch.debian.net.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 12:17:05 +0000