summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/rand.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2023-07-20Remove ECDSA_{do_,}sign_ex() and ECDSA_sign_setup()tb4-103/+20
These very poorly designed interfaces will go away, so stop documenting them.
2023-07-20Cap the size of numbers we check for primalitytb1-1/+12
We refuse to generate RSA keys larger than 16k and DH keys larger than 10k. Primality checking with adversarial input is a DoS vector, so simply don't do this. Introduce a cap of 32k for numbers we try to test for primality, which should be more than large enough for use withing a non-toolkit crypto library. This is one way of mitigating the DH_check()/EVP_PKEY_param_check() issue. ok jsing miod
2023-07-19Don't rely on the libssl headers pulling in stdio.h somehowtb1-1/+3
2023-07-19Add missing commas to test vectorsjoshua1-26/+26
ok tb@
2023-07-19Add test coverage for SHA3joshua1-27/+344
ok tb@
2023-07-19Fix two aliases in libcrypto spotted by the new symbols testtb2-3/+4
ok jsing
2023-07-16ecc_cdh: plug leak of peer public keytb1-1/+2
2023-07-16ecdhtest: Drop unnecessary constant and unneeded includestb1-10/+6
2023-07-16ecdhtest: fix a couple bugs plus some cosmetic tweakstb1-6/+6
2023-07-15fix include directive - this is make, not Ctb1-2/+2
2023-07-15Rework the ecdhtesttb1-260/+252
Test keyshare for all built-in curves and simplify, especially printing on failure. Incorporate known answer tests from RFC 5114 and RFC 5903. All in all, this is a lot less code and a lot more test coverage and hopefully a little less eyebleed. Very loosely based on OpenSSL b438f0ed by Billy Brumley
2023-07-15Fix return value check for ECDH_compute_key()tb1-5/+5
ECDH_compute_key() usually returns -1 on error (but sometimes 0). This was also the case in OpenSSL when these tests were written. This will soon change. The check for <= 0 will still be correct.
2023-07-15Add test coverage for cofactor ECDH using NIST test vectorstb2-2/+2509
Since all non-binary NIST curves have cofactor 1, this is in effect plain ECDH. Current regress coverage of ECDH is quite lacking on architectures where Go isn't available. This fixes that. Actual cofactor ECDH support may be added soon to libcrypto, at which point I will also add testcases with cofactor > 1.
2023-07-15Link symbols test to buildtb1-1/+2
2023-07-15remove accidentally imported files againtb3-2713/+0
2023-07-15Import a version of libcrypto's symbols test for libssltb5-0/+2798
2023-07-15Mop up MD32_XARRAY from md5.jsing1-91/+84
MD32_XARRAY was added as a workaround for a broken HP C compiler (circa 1999). Clean it up to simplify the code. No change in generated assembly.
2023-07-15Mop up MD32_XARRAY from md4.jsing1-75/+68
MD32_XARRAY was added as a workaround for a broken HP C compiler (circa 1999). Clean it up to simplify the code. No change in generated assembly.
2023-07-13Refactor ASN1_item_sign_ctx()tb1-54/+89
Oh, joy! The muppets had a feast: they could combine the horrors of EVP with X.509... Return values between -1 and 3 indicating how much work needs to be done, depending on whether methods are present or absent. Needless to say that RSA and EdDSA had inconsistent return values until recently. Instead of interleaving if/else branches, split out two helper functions that do essentially independent things, which results in something that isn't entirely bad. Well, at least not compared to the surrounding code. asn1_item_set_algorithm_identifiers() extracts the signature algorithm from the digest and pkey if known, and sets it on the two X509_ALGOR that may or may not have been passed in. asn1_item_sign() converts data into der and signs. Of course there were also a few leaks and missing error checks. ok jsing
2023-07-12Revert accidental addition of cofactor ECDH supporttb1-16/+2
This snuck in with ech_key.c r1.33 because I committed from a dirty tree.
2023-07-12Reenable clienttest and servertesttb1-3/+3
2023-07-11Fix last bit of the clienttest, needs ssl_pkt.c r1.66tb1-2/+2
2023-07-11Remove old workaround for F5tb1-13/+2
F5 is well-known for needing workaround (go read RFC 8446). In this particular case, it required implementation sending CHs larger than 255 bytes to 0x0300 otherwise their server would hang. This is the same hang that required the CH padding extension which broke other implementations. The CH padding extension was removed ~6 years ago, so hopefully this kludge will no longer needed either. ok jsing
2023-07-11Keep servertest silent and align with clienttesttb1-2/+3
2023-07-11Neuter expected server test failures with SSLv2tb1-1/+6
This test should either be extended or retired. As it is it is useless.
2023-07-11Fix most of the clienttest. With this only test cases 9 and 13 fail.tb1-23/+39
2023-07-10Add test case for negative number with highest bit of top octet settb1-1/+13
This currently adds an incorrect 00: padding, consistent with OpenSSL's behavior.
2023-07-10Rename EC_KEY from r to key like in the rest of the filetb1-4/+4
2023-07-10Pull BIGNUM constants out of get_* function bodiestb1-315/+331
The get_rfc*_prime_* functions will be removed. The constants will remain for the BN_get_rfc*_prime_* functions. Make the latter call BN_bin2bn() directly on these constants rather than going through get_*. This avoids some overlong lines. Also KNF for some comments. Reduces the diff I currently carry by quite a bit.
2023-07-10BIO_indent: use %*s rather than puts in a looptb1-6/+5
ok beck jsing millert
2023-07-10bn_print: string.h is no longer neededtb1-2/+1
2023-07-09Fix ndef_{prefix,suffix}()tb1-11/+12
These functions inline a poor version of asn1_item_flags_i2d() without error checks. This can be replaced with a single correct call to ASN1_item_ndef_i2d(). Mechanically adding malloc checks and checks for negative did not really improve things all that much in a related project. ok beck jsing
2023-07-09Reimplement BN_print() and BN_print_fp()tb2-47/+45
These can now use the internal version of BN_bn2hex() and be direct wrappers of BIO_printf() and fprintf() as they should have been all along. ok jsing
2023-07-09Simplify bn_print()tb1-5/+3
We no longer need to do weird things as taking the length of the hex string and jumping over a sign we didn't need. ok jsing
2023-07-09Refactor BN_bn2hex()tb2-8/+57
Various outputting functions are variants of BN_bn2hex(). They do not want a sign or they display the BIGNUM at nibble granularity instead of byte granularity. So add this functionality to an internal variant of BN_bn2hex(). with/ok jsing
2023-07-09Provide optimised bn_subw() for riscv64.jsing1-1/+18
2023-07-09Provide optimised bn_addw() for riscv64.jsing1-1/+18
2023-07-09Add Xr to EVP_MD_meth_new to top level librarytb1-2/+3
2023-07-09Fix OpenBSD releasetb1-3/+3
2023-07-09ASN1_bn_print() will be removed soon. Remove docs.tb5-130/+7
2023-07-08fix comment to unbreak things that care about warningsbeck1-2/+2
ok tb@ krw@
2023-07-08link EVP_MD_meth_new.3 to buildtb1-1/+2