summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Rename pkctx to pkey_ctx in rsa_{cms,item}_sign()tb2023-11-071-26/+26
|
* Trivial cleanup in rsa_cms_sign()tb2023-11-071-5/+5
| | | | | Check and assign the EVP_PKEY_CTX and move the extraction of the algorithm identifier from the signer info a few lines down.
* Rework RSA_PKCS1_PSS_PADDING handling in rsa_item_sign()tb2023-11-071-14/+4
| | | | | | | | | | The current convoluted mess can be handled with two calls to the new rsa_alg_set_pss_padding() helper. Not that this would be obvious at all. This fixes two more leaks in case of X509_ALGOR_set0() failure. ok jsing
* Add a helper to set RSASSA-PSS padding parameterstb2023-11-071-10/+29
| | | | | | | | | | | | This sets the AlgorithmIdentifier's algorithm to id-RSASSA-PSS with appropriate RSASSA-PSS parameters. This pulls a chunk of code out of rsa_cms_sign() and rewrites it with proper error checking, thereby fixing a long-standing leak. This helper can also be used in rsa_item_sign(), but that part is a bit special, and will therefore be commmitted separately. ok jsing
* Add a helper to set RSA PKCS #1 v1.5 padding OIDtb2023-11-071-12/+15
| | | | | | | | This removes a few duplicated and unchecked X509_ALGOR_set0() calls and factors them into a helper function that sets the AlgorithmIdentifier on the recipient info or signer info to rsaEncryption with null parameters. ok jsing
* Pull everything except the actual run call out of the closuretb2023-11-061-11/+9
| | | | | | | | The determination of the test group type and the JSON unmarshalling can be done before the closure without performance impact. This is more readable and eliminates the need of a temporary variable again. Suggested by jsing
* Introduce testGroupFromAlgorithm()tb2023-11-061-50/+54
| | | | | This factors another ugly switch into a helper function. This should probably become a map eventually, but for now keep things straightforward.
* Add a wycheproofTestGroupRunner interfacetb2023-11-061-72/+26
| | | | | This allows us to use a simpler way of running the individual test groups and gets rid of an ugly mostly copy-pasted switch inside a closure.
* Add aliases for AES AEAD constructions and ChaChatb2023-11-061-9/+12
| | | | | These used the wycheproofTestGroupAead type but an upcoming change requires to change this. Introduce the aliases now to make the next diff cleaner.
* Fix a for loop bug introduced in the concurrency refactortb2023-11-061-3/+4
| | | | | | | | | | | | | Due to Go's idiosyncratic semantics of for loops, tests would only run some of the test groups in the JSON file because by the time the closure is called, the array index could be changed. For example, on fast 8 core machines, the CMAC tests would run the last test group with key size 320 eight times rather than each of the eight test groups once. Make a copy of the pointer before passing it to the closure to avoid this issue. Simpler version of my initial fix from jsing
* Uncomment json webcrypto line. Packages will have caught up...tb2023-11-061-3/+2
|
* KNF plus fixed a few signed vs unsigned compares (that we actuallyotto2023-11-041-22/+33
| | | | not real problems)
* Fix a few bizarre line wraps in x509.htb2023-11-021-8/+5
|
* Use X509_ALGOR_set0_by_nid() in X509_ALGOR_set_evp_md()tb2023-11-011-6/+6
| | | | ok jsing
* Add X509_ALGOR_set0_by_nid()tb2023-11-012-2/+33
| | | | | | | | | | | | | X509_ALGOR_set0() is annoyingly unergonomic since it takes an ASN1_OBJECT rather than a nid. This means that almost all callers call OBJ_obj2nid() and they often do this inline without error checking so that the resulting X509_ALGOR object is corrupted and may lead to incorrect encodings. Provide an internal alternative X509_ALGOR_set0_by_nid() that takes a nid instead of an ASN1_OBJECT and performs proper error checking. This will be used to convert callers of X509_ALGOR_set0() in the library. ok jsing
* Explain the weird order of doing things in X509_ALGOR_set0()tb2023-11-011-1/+2
|
* Rename ptype and pval to parameter_type and parameter_valuetb2023-11-011-7/+9
| | | | ok jsing
* Unindent X509_ALGOR_set0_parameter()tb2023-11-011-8/+11
| | | | ok jsing
* Split X509_ALGOR_set0_parameter() out of X509_ALGOR_set0()tb2023-11-011-6/+15
| | | | ok jsing
* Split X509_ALGOR_set0_obj() out of X509_ALGOR_set0()tb2023-11-011-3/+12
| | | | ok jsing
* Remove 3 expected failures those got fixed in the regress code.claudio2023-10-311-4/+1
|
* unlink("/") just needs to error. Checking for a specific errno makesclaudio2023-10-311-2/+2
| | | | | | little sense here since there are multiple possible errnos that could be returned. On OpenBSD this returns EISDIR and not EBUSY. OK mbuhl@ millert@
* When creating a file in a directory the file gid is inherited fromclaudio2023-10-311-2/+2
| | | | | the directory and so checking against getgid() makes no sense. OK mbuhl@ millert@
* Ignore closefrom() failure. This fails normally since fd 4 and up are allclaudio2023-10-311-3/+2
| | | | | closed. OK mbuhl@ millert@
* Add support for OpenSSL 3.1 interop teststb2023-10-308-11/+74
| | | | | | Until OpenSSL 3.1 has replaced OpenSSL 3.0 on most architectures, run both tests. Installed packages of OpenSSL 3.0 will update automatically to 3.1, so regress runners should not need to do anything.
* Enable ISO C11 APIs when building libc, even with an older compiler.millert2023-10-291-1/+9
| | | | | Otherwise, the prototypes for timespec_get() and aligned_alloc() are not visible. OK guenther@
* Fix an error exit in X509v3_addr_validate_path()tb2023-10-291-3/+6
| | | | | | | | If the topmost cert is invalid, this should result in a validation failure. Do the same dance as elsewhere permitting the verify callback to intercept the error but ensuring that we throw an error. ok jsing
* Include wait(2) status in error message, in the hopes of providing cluesanton2023-10-271-2/+2
| | | | on why this occasionally fails.
* A few micro-optimizations; ok asou@otto2023-10-261-20/+15
|
* Tidy includestb2023-10-261-2/+2
|
* Hide X509_ALGOR_set_md() for LIBRESSL_INTERNALtb2023-10-261-1/+3
|
* Provide prototype for X509_ALGOR_set_md()tb2023-10-261-1/+3
| | | | | | Once we remove X509_ALGOR_set_md() we can link this test statically and use X509_ALGOR_set_evp_md() but for now make sure the documented workaround for this garbage API works.
* Rework the MD setting in the RSA ASN.1 methodtb2023-10-261-45/+95
| | | | | | | | | | | This streamlines the code to use safer idioms, do proper error checking and be slightly less convoluted. Sprinkle a few references to RFC 8017 and explain better what we are doing and why. Clarify ownership and use more consistent style. This removes the last internal use of X509_ALGOR_set_md(). ok jsing
* Add chacha aliases for OpenSSL compatibilitytb2023-10-241-1/+3
| | | | | | | | | | | OpenSSL has the 20 in the long and short names, so add aliases to the existing names to make things work. In particular, EVP_get_cipherbyname() will now return EVP_chacha20() for both 'ChaCha20' and 'chacha20'. Found by Facundo Tuesca when trying to add LibreSSL support for ChaCha20 in https://github.com/pyca/cryptography/pull/9209 ok jsing
* correct Va in previous;jmc2023-10-221-2/+3
|
* A few more testsotto2023-10-221-1/+15
|
* When option D is active, store callers for all chunks; this avoidsotto2023-10-222-86/+178
| | | | | | | the 0x0 call sites for leak reports. Also display more info on detected write of free chunks: print the info about where the chunk was allocated, and for the preceding chunk as well. ok asou@
* Remove mention of alg_section. This never worked in LibreSSL.tb2023-10-211-3/+2
|
* style tweak: avoid double conjunction to make it read betterschwarze2023-10-211-4/+4
| | | | OK tb@
* Rename the modulus from n into mtb2023-10-191-9/+12
| | | | | This matches what other pages use. Also rewrite the definition of the modular inverse to be less ugly.
* Add a few more test cases for mod_exp aliasingtb2023-10-191-33/+78
|
* Garbage collect weird /* 1 */ and /* 2 */ commentstb2023-10-191-7/+7
| | | | | | If they ever had any meaning, that's long been lost. Requested by jsing
* The bn_mod_exp test is no longer an expected failuretb2023-10-191-3/+1
|
* Fix aliasing of result and exponent in the internal BN_mod_exp_recp()tb2023-10-191-12/+19
| | | | This is basically the same fix as the one applied in BN_mod_exp_simple().
* Fix aliasing of result with exponent or modulus in BN_mod_exp_simple()tb2023-10-191-10/+22
| | | | | | Reported and reminded by Guido Vranken in OpenSSL issue #21110 ok jsing
* Add test case checking aliasing of the result with other argumentstb2023-10-192-2/+108
| | | | | These are expected failures for BN_mod_exp_simple() and the internal BN_mod_exp_recp(), which will be fixed shortly.
* Make libssl interop server/client tests less flaky by ensuring theanton2023-10-181-1/+3
| | | | server has terminated before examining the outcome.
* Remove EVP_add_alg_module() prototypetb2023-10-181-3/+1
| | | | | | | | | | | | | | | | This function was the unfortunate protagonist in a series of tragic merge errors resulting in only a short stint of a year and nine months between OpenSSL 0.9.8j and 1.0.0a actually present in OpenBSD. Then it said good bye for good, but somehow a prototype came back with 1.0.1g, a famous version released when there were slightly more pressing things to be taken care of than a function supporting a config knob whose only purpose was to turn off fips mode or to error. from schwarze PS: The mechanism that it was supposed to provide is still documented in openssl.cnf(5). I am going remove the relevant bit at some point, but not today.
* Use X509_ALGOR_set_evp_md() in CMS_add1_signer()tb2023-10-181-16/+24
| | | | | | | | | | Contrary to X509_ALGOR_set_md() this allows for error checking. Avoid local complications by freeing in the exit path and use a const version of X509_ALGOR for walking a STACK_OF() to avoid a bad free. Clean up includes ok jsing
* cms_DigestedData_create() use X509_ALGOR_set_evp_md()tb2023-10-181-6/+8
| | | | | | | | | Our internal version allows for error checking and this avoids a silent failure leading to corruption later on. Clean up includes while there. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 19:47:57 +0000