| Commit message (Collapse) | Author | Files | Lines |
|---|
|
As schwarze points out, you can pop any BIO in a chain, not just the first
one (bonus points for a great name for this API).
The internal doubly linked was used to fix up the BIO chain bio was part
of when you BIO_pop() a bio that wasn't in the first position, which is
explicitly allowed in our documentation and implied by OpenSSL's.
|
|
|
|
Use BN_CTX_get() instead of BN_new()/BN_free().
|
|
CID 430848
CID 430849
|
|
|
|
compute a^0 = 0 (mod 1) for all a from scratch.
|
|
The previous change had the undesired side effect of running the super
verbose run-regress-bn_test.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bn_isqrt -C generates code included in lib/libcrypto/lib/bn_isqrt.c. The
regress tests already ensure that the content of the tables don't change.
Ensure further that the code generation doesn't get out of sync.
|
|
|
|
Move exp/exptest.c to bn/bn_mod_exp.c. This is a BN test that mostly tests
a variety of BN_mod_exp*() API behavior and correctness.
Commit stolen from jsing
|
|
This test is fast enough even on very slow machines that printing dots
doesn't seem necessary.
|
|
The bn tests were distributed into three subdirectories rather randomly.
It's cleaner and easier to maintain if all this is in a single directory.
Use consistent names for the .c files, unify handling of the tests with
the exception of bn_test, which is special.
Discussed with jsing
|
|
Run the prime constants exposed in BN_get0_nist_prime_*() and
BN_get_rfc3526_prime_*() through Ballie-PSW.
|
|
Also, run all x25519 tests, don't stop on first failure.
|
|
Silence is good. On failure, the regress framework will make it clear.
|
|
|
|
|
|
This flag has been deprecated in OpenSSL 1.1 and has not had an effect
since. This way we can simplify the default check_issued() callback,
which helpfully has its arguments reversed compared to the public API
X509_check_issued().
ok jsing
|
|
Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along
with X509_STORE_{get,set}_check_issued(). As you would expect, they all
return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const
in OpenSSL 1.1, but they now are in OpenSSL 3...
These will be made available in the next minor bump and will ship in the
stable release of LibreSSL 3.7
Part of OpenSSL commit 1060a50b
See also https://github.com/libressl-portable/portable/issues/748
ok beck jsing
|
|
|
|
ok tb@
|
|
bn_correct_top() is currently a macro and far more complex than it needs
to be - rewrite it as a function.
ok tb@
|
|
BN_ucmp() is supposed to return -1/0/1 on a < b, a == b and a > b, however
it currently returns other negative and positive values when the top of
a and b differ. Correct this.
ok tb@
|
|
Some tests current fail due to a bug in BN_ucmp(), which will be fixed
soon.
|
|
For various historical reasons, there are a number of cases where our
BIO_read() and BIO_write() return slightly different values to what
OpenSSL 3.x does (of course OpenSSL 1.0 differs from OpenSSL 1.1 which
differs from OpenSSL 3.x). Mostly align these - some further work will be
needed.
Issue raised by tb@ who also wrote some test code.
|
|
|
|
|
|
X509_verify_cert_error_string() is now thread safe as it no longer returns
a static buffer. Document X509_V_ERR_UNSPECIFIED. Stop asserting that the
X509_V_ERR_CERT_CHAIN_TOO_LONG code is unused, the new verifier can set it.
Add commented versions of various missing error codes in the proper spots
and move X509_V_ERR_UNNESTED_RESOURCE where it belongs.
prompted by claudio
|
|
|
|
|
|
No need for errno, stdio, time, asn1, buffer, evp, lhash, objects, x509
for a switch containing string constants. We do need x509_vfy instead.
|
|
|
|
Requested by claudio
|
|
Stop returning a pointer to a static buffer containing the error code on
unknown error. While this might be helpful, it's not going to end well.
ok beck claudio jsing
|
|
ok jsing
|
|
While BIO chains are doubly linked lists, nothing has ever made use of this
fact internally. Even libssl has failed to maintain prev_bio properly in
two places for a long time. When BIO was made opaque, the opportunity to
fix that was missed. Instead, BIO_set_next() now allows breaking the lists
from outside the library, which freerdp has long done.
Problem found by schwarze while trying to document BIO_set_next().
schwarze likes the idea
ok jsing
|
|
fixed in x509_constraints.c r1.29.
|
|
When called from v2i, hostpart in x509_constraints_uri_host() is NULL, so
add a NULL check before storing the strdup result in it.
From Anton Borowka
ok jsing miod
|
|
Merge the documentation from the OpenSSL 1.1.1 branch, which is still
under a free license, tweaked by me.
|
|
Not all of them, only those that didn't leak into a public header...
Yes.
|
|
|
|
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
