| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Make message() print and clear the error stack. This way we can know
what test errored. To make this work also clear the error stack after
a handful of xfail tests.
|
|
This is not only simpler but also required by an upcoming change.
|
|
|
|
in the entire code base it also has a few parentheses too many
|
|
Various test functions had bugs due to the fact that the return code
would be set to 1 at the top so that each error would have to set rc = 0.
This is silly. Fail closed instead by setting rc = 0 at the top and only
flipping to 1 before the err label
|
|
lst[] can be converted from a bit string to a hex string. Use BN_hex2bn()
isntead of BN_bin2bn(). Handle this inside test_lshift() rather than doing
artistic ownership dances.
|
|
|
|
Those are not useful because such a BIO type neither exists
in LibreSSL nor in OpenSSL 1.1.1.
Not adding the deprecation notice to some manual page
because there is no manual page that is even vaguely related.
|
|
* ignore lines defining "__bounded__()"
* ignore whitespace between "#" and "include"
|
|
undocumented because they are unused according to codesearch.debian.net
and would cause nothing but obfuscation if they were used.
|
|
BIO_get_info_callback(3), and BIO_info_cb(3) have on connect BIOs.
|
|
which where mentioned below SYNOPSIS and HISTORY but not described.
Also document the command constant BIO_CTRL_SET_CALLBACK
and the deprecated function type name bio_info_cb(3).
Mention that callbacks installed using BIO_set_callback_ex(3)
and BIO_set_callback(3) can tamper with *all* the return values.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok jsing
|
|
As observed by Bernd Edlinger, the main part of the RSA timing leak that was
recently made public is that the initial blinding isn't done with Montgomery
exponentiation but rather with plain exponentiation.
Pull up the initialization of the cached Montgomery context to ensure we use
Montgomery exponentiation. Do this for private_{de,en}crypt(). Interestingly,
the latter was fixed in OpenSSL a while ago by Andy Polyakov as part of the
"smooth CRT-RSA" addition.
If this code was anything but completely insane this would never have been
an issue in the first place. But it's libcrypto...
ok jsing
|
|
-mmark-bti-property to indicate those now have BTI support.
ok jsing@, deraadt@
|
|
|
|
This now covers all the main branches of both the old and new
BN_mod_sqrt() implementation except for negative p.
|
|
|
|
|
|
Regress coverage of all of BN_mod_sqrt() is still lacking after this.
This will improve in forthcoming commits.
|
|
|
|
named constants accidentally dropped an instruction causing detection of
eXtended operations (XOP) on AMD hardware to break.
ok miod@ tb@
|
|
description of BIO_ctrl(3) and its three siblings. Given the vast range
of effects these functions can have, the text is unavoidably still
vague, but at least some information can be provided.
While here, fix one wrong parameter type and three inconsistent
parameter names in the SYNOPSIS.
|
|
This makes it look a bit more like other tests and also prepares the
addition of further test cases and different tests.
|
|
This function is spread out over way too many lines and has too much
repetition. Once this is made a little more compact, it becomes clearer
that this is a somewhat obfuscated version of binary gcd (it is not
constant time therefore cryptographically unsound. It is not used
internally). This will likely go away later.
ok jsing
|
|
|
