summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Remove a pesky space.jsing2023-03-111-2/+2
|
* Add regress coverage for BN_{add,sub,mul,div,mod}_word().jsing2023-03-112-1/+619
| | | | | | | This also provides some indirect coverage for BN_hex2bn(), BN_bn2hex() and BN_get_word(). Two of these tests are currently failing and will be fixed shortly.
* Mark test table as static const.jsing2023-03-111-2/+2
|
* Crankl libcrypto/libssl/libtls minors after symbol additiontb2023-03-103-3/+3
|
* Update Symbols.listtb2023-03-101-0/+18
|
* Expose various X509_STORE_*check_issued()tb2023-03-101-3/+1
|
* Expose X509_CRL_get0_sigalg() and X509_get0_uidstb2023-03-101-5/+1
|
* Expose UI_null()tb2023-03-101-3/+1
|
* Expose the EVP_CIPHER_meth_* API (setter only) in evp.htb2023-03-101-3/+1
|
* ASN.1 BIO: properly wire up prefix_free and suffix_freetb2023-03-101-1/+7
| | | | | | | | | | | | | | If something goes wrong before the ASN.1 BIO state machine has passed both flushing states, asn1_bio_free() forgets to free the ndef_aux and the ex_arg since the prefix_free() and suffix_free callbacks are not called. This can lead to leaks, notably in streaming bios. Part of https://github.com/openssl/openssl/pull/15999 I have a regress covering this but it is not yet ready to land. ok beck jsing
* Return the correct type for ASN.1 BOOLEANstb2023-03-101-5/+9
| | | | | | | | | | | | | ASN.1 BOOLEANs and ASN.1 NULL are handled specially in the ASN.1 sausage factory and they are special in that they don't have a->value.ptr set. Both need to be special cased here since they fail the a->type.ptr != NULL check. Apart from fixing an obvious bug in ASN1_TYPE_get(), this fixes another crash in openssl(1) asn1parse. There is more to do in the vicinity, but that is more complex and will have to wait for OpenBSD 7.3-current. with/ok jsing
* openssl(1) asn1parse: avoid crash with ASN.1 BOOLEANStb2023-03-101-3/+4
| | | | | | | | | | | | | When pointing openssl asn1parse -strparse at DER octets 01 01, it crashes: $ printf '<\x01\x01>' | openssl asn1parse -inform der -strparse 1 Refuse to parse BOOLEAN types instead, which avoids a crash in hensonian /* hmm... this is a little evil, but it works */ code. Found while poking at CMS timestamps to understand one of job's diffs. with/ok jsing
* Add missing error checking in PKCS7tb2023-03-091-3/+11
| | | | | | | | Check the return value of BIO_set_md(). Prompted by OpenSSL's fix for CVE-2023-0401 (the crash in that bug is an OpenSSL 3-only problem due to provider design). ok beck jsing
* Use BN_free() instead of BN_clear_free()tb2023-03-081-2/+2
|
* Fix a EC_GROUP_clear_free() that snuck through.jsing2023-03-081-2/+2
| | | | Thanks to Mark Patruck for reporting.
* Fix previous.jsing2023-03-081-5/+5
|
* reduce number of tests in bn_rand_interval.tb2023-03-081-2/+2
| | | | | This is only testing basic functionality anyway, so 10000 tests are more than enough.
* bn_isqrt: reduce number of tests to 100.tb2023-03-081-2/+2
| | | | | | The runtime is roughly quadratic in N_TESTS. While it only takes 1-2s on modern machines, this test takes a long time on slow machines. A reduction of runtime by a factor of ~16 is significant.
* Process up to four test vector files concurrently.jsing2023-03-081-4/+30
| | | | | | | | | This avoids having a slow down when processing test vector files that only have a single group. Note that the processing of test vector files is in turn going to be rate limited by the number of concurrent test groups, which means we do not need variable limits for vectors. Reduces a Wycheproof regress run down to ~8 seconds on an Apple M1.
* Always clear EC groups and points on free.jsing2023-03-0810-114/+35
| | | | | | | | | | Rather than sometimes clearing, turn the free functions into ones that always clear (as we've done elsewhere). Turn the EC_GROUP_clear_free() and EC_POINT_clear_free() functions into wrappers that call the *_free() version. Do similar for the EC_METHOD implementations, removing the group_clear_finish() and point_clear_finish() hooks in the process. ok tb@
* Run test groups concurrently.jsing2023-03-081-144/+151
| | | | | | | Add a basic test coordinator, that allows for Wycheproof test groups to be run concurrently. This can be further improved (especially for vectors that have limited test groups), however it already reduces the regress duration by about half on an Apple M1.
* zap more audit remnantstb2023-03-081-6/+1
|
* Stop trying to use EC_GFp_nist_method().jsing2023-03-081-76/+20
| | | | | | | | | | | | | | | | | | | | | | | | Currently, if compiled without OPENSSL_BN_ASM_MONT, EC_GROUP_new_curve_GFp() tries to use EC_GFp_nist_method(), falling back to EC_GFp_mont_method() if it is not a NIST curve (if OPENSSL_BN_ASM_MONT is defined we use EC_GFp_mont_method() unconditionally). Now that we have a reasonable non-assembly Montgomery implementation, the performance of EC_GFp_nist_method() is either similar or slower than EC_GFp_mont_method() (the exception being P-521, however if you're using that you're not doing it for performance reasons anyway). The EC_GFp_nist_method() uses rather scary BN NIST code (which would probably already be removed, if not for the BN and EC public APIs), it uses code paths that are currently less constant time, and there is additional overhead in checking to see if the curve is actually supported. Stop trying to use EC_GFp_nist_method() and unconditionally use EC_GFp_mont_method() in all cases. While here, factor out the common setup code and call it from both EC_GROUP_new_curve_GFp() and EC_GROUP_new_curve_GF2m(). ok beck@ tb@
* Remove acceptable audit.jsing2023-03-081-94/+1
| | | | | | | This code would need changes to be safe to use concurrently - remove it since it is somewhat incomplete and needs reworking. Requested by tb@
* Remove EC_FLAGS_DEFAULT_OCT.jsing2023-03-086-79/+27
| | | | | | | | | | | | | | The EC code has an amazing array of function pointer hooks, such that a method can hook into almost any operation... and then there is the EC_FLAGS_DEFAULT_OCT flag, which adds a bunch of complex code and #ifdef so you can avoid setting three of those function pointers! Remove EC_FLAGS_DEFAULT_OCT, the now unused flags field from EC_METHOD, along with the various code that was wrapped in EC_FLAGS_DEFAULT_OCT, setting the three function pointers that need to be set in each of the EC_METHODs. ok beck@ tb@
* Improve bn_montgomery_multiply_words().jsing2023-03-071-10/+13
| | | | | | | | | | | | | Rather than calling bn_mul_add_words() twice - once to multiply and once to reduce - perform the multiplication and reduction in a single pass using bn_mulw_addw_addw() directly. Also simplify the addition of the resulting carries, which in turn allows us to avoid zeroing the top half of the temporary words. This provides a ~20-25% performance improvement for RSA operations on aarch64. ok tb@
* Slightly rework bn_mulw_addtw().jsing2023-03-071-5/+3
| | | | | | | | | Call bn_mulw_addw() rather than doing bn_mulw() follow by bn_addw(). This simplifies the code slightly, plus on some platforms bn_mulw_addw() can be optimised (and bn_mulw_addtw() will then benefit from such an optimisation). ok tb@
* Call BN_free() instead of BN_clear_free().jsing2023-03-0715-79/+79
| | | | | | | BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly instead. ok tb@
* Fix another return value check for CMS_SharedInfo_encode()tb2023-03-071-2/+2
| | | | This should have been included in a previous diff/commit...
* Limit bn_mul_mont() usage to sizes less than or equal to 8192 bits.jsing2023-03-071-1/+9
| | | | | | | | | | | | The assembly bn_mul_mont() implementations effectively use alloca() to allocate space for computation (at up to 8x the input size), without any limitation. This means that sufficiently large inputs lead to the stack being blown. Prevent this by using the C based implementation instead. Thanks to Jiayi Lin <jlin139 at asu dot edu> for reporting this to us. ok beck@ tb@
* Implement bn_montgomery_multiply()jsing2023-03-071-3/+86
| | | | | | | | | | | Provide a constant-time-style Montgomery multiplication implementation. Use this in place of the assembly bn_mul_mont() on platforms that either do not have an assembly implementation or have not compiled it in. Also use this as the fallback version for bn_mul_mont(), rather than falling back to a non-constant time implementation. ok beck@ tb@
* Refactor BN_mod_mul_montgomery().jsing2023-03-071-20/+48
| | | | | | | | | | Pull out the simplistic implementation (using BN_mul() or BN_sqr()) into a bn_mod_mul_montgomery_simple() function. Provide bn_mod_mul_montgomery() with an implementation that changes depending on if the assembly bn_mul_mont() is available or not. Turn BN_mod_mul_montgomery() and BN_to_montgomery() into callers of bn_mod_mul_montgomery(). ok beck@ tb@
* Make order of pub_key and priv_key the same everywheretb2023-03-071-6/+6
|
* Fix OpenSSL version in HISTORY sectiontb2023-03-071-3/+3
|
* Delete unused and unsafe bn_mul_mont() example code.jsing2023-03-071-54/+1
| | | | | | This came from bn_asm.c and did not even compile until recently. ok beck@ tb@
* Fix comment for bn_mul2_mulw_addtw()jsing2023-03-071-5/+5
|
* Move EC_GFp_simple_method() to the bottom of the file.jsing2023-03-071-75/+51
| | | | | | | | Most of the implemeentation functions for EC_GFp_simple_method() are reused by other code, hence they cannot be made static. However, this keeps the pattern consistent. ok tb@
* Basic cleanup in asn1pars.ctb2023-03-071-26/+16
| | | | Drop extra parentheses, unwrap some lines, compare pointers against NULL.
* Use static functions for EC_GF2m_simple_method() implementation.jsing2023-03-072-131/+74
| | | | | | | Move the EC_METHOD to the bottom of the file, which allows implementation functions to become static. Remove unneeded prototypes. ok tb@
* Use static functions for EC_GFp_nist_method() implementation.jsing2023-03-072-63/+53
| | | | | | | Move the EC_METHOD to the bottom of the file, which allows implementation functions to become static. Remove unneeded prototypes. ok tb@
* Use static functions for EC_GFp_mont_method() implementation.jsing2023-03-072-86/+62
| | | | | | | Move the EC_METHOD to the bottom of the file, which allows all implementation functions to become static. Remove unneeded prototypes. ok tb@
* Fix formatting of comments.jsing2023-03-071-14/+27
|
* Consolidate clear code for EC_GFp_mont_method.jsing2023-03-071-23/+18
| | | | | | | Use a fang dangled thing (known as a function) to avoid duplicating the same code in five places. ok tb@
* Clean up ndef_{prefix,suffix}_free()tb2023-03-061-8/+13
| | | | | | | | These functions are rather similar, so there's no need for the code to be wildly different. Add a missing NULL check to ndef_prefix_free() since that will be needed in a subsequent commit. ok jsing
* Rename struct ${app}_config to plain cfgtb2023-03-0644-3260/+3260
| | | | | | | | | All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road. Discussed with jsing
* Document ECDSA_SIG_get0_{r,s}()tb2023-03-061-2/+35
|
* Document DH_get0_* for individual DH members.tb2023-03-061-3/+78
|
* Document DSA_get0_* for individual DSA memberstb2023-03-061-3/+77
|
* Document RSA_get0_* for individual RSA members.tb2023-03-061-3/+106
| | | | | | Loosely based on OpenSSL commit 6692ff77. Prodded by job
* Rework asn1_item_flags_i2d()tb2023-03-061-19/+20
| | | | | | | | Flip the logic of NULL checks on out and *out to unindent, use calloc() instead of malloc() and check on assign. Also drop the newly added len2 again, it isn't needed. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 03:02:28 +0000