summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ui/ui_util.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2023-05-11Document recent changes in primality testingtb1-8/+23
With input from beck and jsing
2023-05-10Use is_pseudoprime instead of is_prime in bn_bpsw.ctb1-30/+33
This is more accurate and improves readability a bit. Apart from a comment tweak this is sed + knfmt (which resulted in four wrapped lines). Discussed with beck and jsing
2023-05-10switch two ASN1_STRING_data() to ASN1_STRING_get0_data()op1-5/+5
and while here mark as const data. This diff is actually from gilles@, in OpenSMTPD-portable bundled libtls. ok tb@, jsing@
2023-05-10Add Miller-Rabin test for random bases to BPSWtb3-33/+130
The behavior of the BPSW primality test for numbers > 2^64 is not very well understood. While there is no known composite that passes the test, there are heuristics that indicate that there are likely infinitely many. Therefore it seems appropriate to harden the test. Having a settable number of MR rounds before doing a version of BPSW is also the approach taken by Go's primality check in math/big. This adds a new implementation of the old MR test that runs before running the strong Lucas test. I like to imagine that it's slightly cleaner code. We're effectively at about twice the cost of what we had a year ago. In addition, it adds some non-determinism in case there actually are false positives for the BPSW test. The implementation is straightforward. It could easily be tweaked to use the additional gcds in the "enhanced" MR test of FIPS 186-5, but as long as we are only going to throw away the additional info, that's not worth much. This is a first step towards incorporating some of the considerations in "A performant misuse-resistant API for Primality Testing" by Massimo and Paterson. Further work will happen in tree. In particular, there are plans to crank the number of Miller-Rabin tests considerably so as to have a guaranteed baseline. The manual will be updated shortly. positive feedback beck ok jsing
2023-05-10As mmap(2) is no longer a LOCK syscall, do away with the extraotto1-23/+1
unlock-lock dance it serves no real purpose any more. Confirmed by a small performance increase in tests. ok @tb
2023-05-09Make malloc tests that set flags more robust against the user alsootto2-15/+19
having flags set.
2023-05-09Make failure mode of EVP_AEAD_CTX_new() more explicittb1-4/+9
Pointed out and ok by dlg
2023-05-09Add regress coverage for -1 modulus as well.tb1-25/+38
2023-05-09bn_exp: also special case -1 modulustb1-6/+6
Anything taken to the power of 0 is 1, and then reduced mod 1 or mod -1 it will be 0. If "anything" includes 0 or not is a matter of convention, but it should not depend on the sign of the modulus... Reported by Guido Vranken ok jsing (who had the same diff)
2023-05-09Rewrite BN_bn2hex() using CBB/CBS.jsing1-25/+35
ok tb@
2023-05-09Rewrite BN_bn2dec() using CBB/CBS.jsing1-63/+61
ok tb@
2023-05-08Rename the other_ctx in X509_STORE_CTX into trustedtb2-12/+12
The other_ctx is a strong contender for the worst name of a struct member in OpenSSL. It's a void * member whose only purpose ever was to be set to a STACK_OF(X509) * via X509_STORE_CTX_trusted_stack() (yes, this is obviously a setter, why do you ask?) and then to be used by the get_issuer() callback (which of course isn't there to find any old issuer, but only to look for issuers among the 'trusted' certs). Anyway, we may want to rename untrusted into intermediates and trusted into roots later on, but for now let's match the lovely public API. While there rename get_issuer_sk() into get_trusted_issuer() which is a more accurate and slightly less silly name. ok jsing
2023-05-08Add RCS tagtb1-0/+1
2023-05-08Enable malloc_errs testotto1-2/+2
2023-05-08Add a regress test to test various malloc API and heap mismanagementotto2-0/+291
errors which should cause abort. A few are not enabled yet, they will be once the corresponding diffs in malloc are committed.
2023-05-08X509_verify_cert(): Garbage collect the unused roots variabletb1-4/+1
roots was used to store the trusted stack or pull the roots out of the X509_STORE before beck unmooned Ethel in x509_vfy.c r1.88. Since then this variable is effectively unused. It seems the STACK_OF(3) madness is too complicated for -Wunused-but-set-variable to notice. ok miod
2023-05-08Avoid trailing whitespace in extension printingtb1-2/+2
If an extension is non-critical, X509V3_extensions_print() would leave trailing whitespace. This can be trivially avoided. ok miod
2023-05-07Recommit -Wshadow now that the warning on BIG_ENDIAN is fixedtb1-2/+2
2023-05-07xts128 mode: avoid two -Wshadow warnings in the BIG_ENDIAN code path.tb1-5/+5
Found by, compile tested & ok bluhm.
2023-05-07Backout -Wshadow, it breaks build on powerpc64.bluhm1-2/+2
2023-05-07Remove a misplaced empty linetb1-2/+1
2023-05-06Regen cert.pemtb1-419/+402
This drops a few certs per the CA's request and TrustCor because of drama. Certainly, a new CA, is added as well as new certs for DigiCert, SECOM and E-Tugra. Unizeto still haven't fixed one of their certs and we still don't want the alternative Firmaprofesional with sha1WithRSAEncryption. ok sthen
2023-05-05Use -Wshadow with clangtb3-6/+6
ok jsing (a very long time ago)
2023-05-05Reinstate X9.31 padding mode support in rsautltb2-7/+18
2023-05-05Fix error handling in tls_check_common_name()tb1-6/+10
A calloc failure should be a fatal error, so make it return -1. Also switch the default rv to -1 and distinguish error cases with acceptable situations with goto err/goto done. ok jsing
2023-05-05Salt shares the blame of the continued existence of the X9.31 padding modetb1-2/+2
2023-05-05Reinstate documentation of RSA_X931_PADDINGtb1-7/+6
2023-05-05Add back support for RSA_X931_PADDINGtb3-65/+127
This makes the custom stalt stack work again. Tested by robert as part of a larger diff ok jsing
2023-05-05Link rsa_x931.c to buildtb1-1/+2