| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
No change according to diff -w
|
|
This function is no longer used directly by regress, so it can now be local
to this file.
|
|
|
|
We can use the undocumented functions {i2s,s2i}_ASN1_INTEGER(3) to
exercise bn_to_string(). This way we use public API and remove the
need of linking statically.
|
|
Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.
ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.
Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.
Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.
ok beck jsing
|
|
|
|
The X9.31 standard has long been retired and deprecated and libcrypto will
drop support for it soon. This prepares userland.
ok jsing
|
|
The TLS signer isn't exposed in public API (we should finally fix it...)
and it supports X9.31, a standard that has been retired and deprecated for
a very long time. libcrypto will stop supporting it soon, this step is
needed to prepare userland.
ok jsing
|
|
Unwrap a few awkwardly wrapped lines, drop redundant parentheses and
add empty lines after some variable declarations. No change in the
generated assembly.
|
|
Improve readability and consistency by providing and using functions named
for the specific hash, rather than reusing the sha256/sha512 update and
final functions.
No functional change.
ok tb@
|
|
Also remove some unnecessary parentheses.
No functional change.
ok tb@
|
|
|
|
|
|
|
|
|
|
There is a BN_CTX at program scope. Pass it into all test functions.
This simplifies memory management at the end of the functions quite a bit.
|
|
|
|
|
|
Make message() print and clear the error stack. This way we can know
what test errored. To make this work also clear the error stack after
a handful of xfail tests.
|
|
This is not only simpler but also required by an upcoming change.
|
|
|
|
in the entire code base it also has a few parentheses too many
|
|
Various test functions had bugs due to the fact that the return code
would be set to 1 at the top so that each error would have to set rc = 0.
This is silly. Fail closed instead by setting rc = 0 at the top and only
flipping to 1 before the err label
|
|
lst[] can be converted from a bit string to a hex string. Use BN_hex2bn()
isntead of BN_bin2bn(). Handle this inside test_lshift() rather than doing
artistic ownership dances.
|
|
|
|
Those are not useful because such a BIO type neither exists
in LibreSSL nor in OpenSSL 1.1.1.
Not adding the deprecation notice to some manual page
because there is no manual page that is even vaguely related.
|
|
* ignore lines defining "__bounded__()"
* ignore whitespace between "#" and "include"
|
|
undocumented because they are unused according to codesearch.debian.net
and would cause nothing but obfuscation if they were used.
|
|
BIO_get_info_callback(3), and BIO_info_cb(3) have on connect BIOs.
|
|
which where mentioned below SYNOPSIS and HISTORY but not described.
Also document the command constant BIO_CTRL_SET_CALLBACK
and the deprecated function type name bio_info_cb(3).
Mention that callbacks installed using BIO_set_callback_ex(3)
and BIO_set_callback(3) can tamper with *all* the return values.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok jsing
|
|
As observed by Bernd Edlinger, the main part of the RSA timing leak that was
recently made public is that the initial blinding isn't done with Montgomery
exponentiation but rather with plain exponentiation.
Pull up the initialization of the cached Montgomery context to ensure we use
Montgomery exponentiation. Do this for private_{de,en}crypt(). Interestingly,
the latter was fixed in OpenSSL a while ago by Andy Polyakov as part of the
"smooth CRT-RSA" addition.
If this code was anything but completely insane this would never have been
an issue in the first place. But it's libcrypto...
ok jsing
|
|
-mmark-bti-property to indicate those now have BTI support.
ok jsing@, deraadt@
|
|
|
|
This now covers all the main branches of both the old and new
BN_mod_sqrt() implementation except for negative p.
|
|
|
|
|
|
Regress coverage of all of BN_mod_sqrt() is still lacking after this.
This will improve in forthcoming commits.
|
|
|
|
named constants accidentally dropped an instruction causing detection of
eXtended operations (XOP) on AMD hardware to break.
ok miod@ tb@
|
|
description of BIO_ctrl(3) and its three siblings. Given the vast range
of effects these functions can have, the text is unavoidably still
vague, but at least some information can be provided.
While here, fix one wrong parameter type and three inconsistent
parameter names in the SYNOPSIS.
|
|
This makes it look a bit more like other tests and also prepares the
addition of further test cases and different tests.
|
|
This function is spread out over way too many lines and has too much
repetition. Once this is made a little more compact, it becomes clearer
that this is a somewhat obfuscated version of binary gcd (it is not
constant time therefore cryptographically unsound. It is not used
internally). This will likely go away later.
ok jsing
|
